Azure-Samples · tonybaloney · Jul 3, 2024 · Jul 4, 2024
diff --git a/infra/abbreviations.json b/infra/abbreviations.json
@@ -14,6 +14,7 @@
     "cognitiveServicesAccounts": "cog-",
     "cognitiveServicesFormRecognizer": "cog-fr-",
     "cognitiveServicesTextAnalytics": "cog-ta-",
+    "cognitiveServicesSpeech": "cog-sp-",
     "computeAvailabilitySets": "avail-",
     "computeCloudServices": "cld-",
     "computeDiskEncryptionSets": "des",
@@ -133,4 +134,4 @@
     "webSitesAppServiceEnvironment": "ase-",
     "webSitesFunctions": "func-",
     "webStaticSites": "stapp-"
-}
+}
diff --git a/infra/core/ai/cognitiveservices.bicep b/infra/core/ai/cognitiveservices.bicep
@@ -4,6 +4,7 @@ param location string = resourceGroup().location
 param tags object = {}
 @description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
 param customSubDomainName string = name
+param disableLocalAuth bool = false
 param deployments array = []
 param kind string = 'OpenAI'
 
@@ -30,6 +31,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
     customSubDomainName: customSubDomainName
     publicNetworkAccess: publicNetworkAccess
     networkAcls: networkAcls
+    disableLocalAuth: disableLocalAuth
   }
   sku: sku
 }

diff --git a/infra/core/ai/hub-dependencies.bicep b/infra/core/ai/hub-dependencies.bicep
@@ -7,15 +7,16 @@ param keyVaultName string
 param storageAccountName string
 @description('Name of the OpenAI cognitive services')
 param openAiName string
+@description('Array of OpenAI model deployments')
 param openAiModelDeployments array = []
 @description('Name of the Log Analytics workspace')
 param logAnalyticsName string = ''
 @description('Name of the Application Insights instance')
-param appInsightsName string = ''
+param applicationInsightsName string = ''
 @description('Name of the container registry')
 param containerRegistryName string = ''
 @description('Name of the Azure Cognitive Search service')
-param searchName string = ''
+param searchServiceName string = ''
 
 module keyVault '../security/keyvault.bicep' = {
   name: 'keyvault'
@@ -102,13 +103,13 @@ module logAnalytics '../monitor/loganalytics.bicep' =
     }
   }
 
-module appInsights '../monitor/applicationinsights.bicep' =
-  if (!empty(appInsightsName) && !empty(logAnalyticsName)) {
-    name: 'appInsights'
+module applicationInsights '../monitor/applicationinsights.bicep' =
+  if (!empty(applicationInsightsName) && !empty(logAnalyticsName)) {
+    name: 'applicationInsights'
     params: {
       location: location
       tags: tags
-      name: appInsightsName
+      name: applicationInsightsName
       logAnalyticsWorkspaceId: !empty(logAnalyticsName) ? logAnalytics.outputs.id : ''
     }
   }
@@ -134,17 +135,13 @@ module cognitiveServices '../ai/cognitiveservices.bicep' = {
   }
 }
 
-// NN: Location hardcoded for Azure AI Search (semantic ranker)
-//     TODO: refactor into environment variables
-module search '../search/search-services.bicep' =
-  if (!empty(searchName)) {
-    name: 'search'
+module searchService '../search/search-services.bicep' =
+  if (!empty(searchServiceName)) {
+    name: 'searchService'
     params: {
-      location: 'eastus'
+      location: location
       tags: tags
-      name: searchName
-      semanticSearch: 'free'
-      disableLocalAuth: true
+      name: searchServiceName
     }
   }
 
@@ -159,15 +156,15 @@ output containerRegistryId string = !empty(containerRegistryName) ? containerReg
 output containerRegistryName string = !empty(containerRegistryName) ? containerRegistry.outputs.name : ''
 output containerRegistryEndpoint string = !empty(containerRegistryName) ? containerRegistry.outputs.loginServer : ''
 
-output appInsightsId string = !empty(appInsightsName) ? appInsights.outputs.id : ''
-output appInsightsName string = !empty(appInsightsName) ? appInsights.outputs.name : ''
+output applicationInsightsId string = !empty(applicationInsightsName) ? applicationInsights.outputs.id : ''
+output applicationInsightsName string = !empty(applicationInsightsName) ? applicationInsights.outputs.name : ''
 output logAnalyticsWorkspaceId string = !empty(logAnalyticsName) ? logAnalytics.outputs.id : ''
 output logAnalyticsWorkspaceName string = !empty(logAnalyticsName) ? logAnalytics.outputs.name : ''
 
 output openAiId string = cognitiveServices.outputs.id
 output openAiName string = cognitiveServices.outputs.name
 output openAiEndpoint string = cognitiveServices.outputs.endpoints['OpenAI Language Model Instance API']
 
-output searchId string = !empty(searchName) ? search.outputs.id : ''
-output searchName string = !empty(searchName) ? search.outputs.name : ''
-output searchEndpoint string = !empty(searchName) ? search.outputs.endpoint : ''
+output searchServiceId string = !empty(searchServiceName) ? searchService.outputs.id : ''
+output searchServiceName string = !empty(searchServiceName) ? searchService.outputs.name : ''
+output searchServiceEndpoint string = !empty(searchServiceName) ? searchService.outputs.endpoint : ''
diff --git a/infra/core/ai/hub.bicep b/infra/core/ai/hub.bicep
@@ -7,13 +7,17 @@ param storageAccountId string
 @description('The key vault ID to use for the AI Studio Hub Resource')
 param keyVaultId string
 @description('The application insights ID to use for the AI Studio Hub Resource')
-param appInsightsId string = ''
+param applicationInsightsId string = ''
 @description('The container registry ID to use for the AI Studio Hub Resource')
 param containerRegistryId string = ''
 @description('The OpenAI Cognitive Services account name to use for the AI Studio Hub Resource')
 param openAiName string
+@description('The OpenAI Cognitive Services account connection name to use for the AI Studio Hub Resource')
+param openAiConnectionName string
 @description('The Azure Cognitive Search service name to use for the AI Studio Hub Resource')
 param aiSearchName string = ''
+@description('The Azure Cognitive Search service connection name to use for the AI Studio Hub Resource')
+param aiSearchConnectionName string
 
 @description('The SKU name to use for the AI Studio Hub Resource')
 param skuName string = 'Basic'
@@ -27,8 +31,7 @@ param publicNetworkAccess string = 'Enabled'
 param location string = resourceGroup().location
 param tags object = {}
 
-// NN:TODO resource hub 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' = {
-resource hub 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
+resource hub 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' = {
   name: name
   location: location
   tags: tags
@@ -44,18 +47,16 @@ resource hub 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
     friendlyName: displayName
     storageAccount: storageAccountId
     keyVault: keyVaultId
-    applicationInsights: !empty(appInsightsId) ? appInsightsId : null
+    applicationInsights: !empty(applicationInsightsId) ? applicationInsightsId : null
     containerRegistry: !empty(containerRegistryId) ? containerRegistryId : null
     hbiWorkspace: false
     managedNetwork: {
       isolationMode: 'Disabled'
     }
     v1LegacyMode: false
     publicNetworkAccess: publicNetworkAccess
-    discoveryUrl: 'https://${location}.api.azureml.ms/discovery'
   }
 
-/* NN:TODO
   resource contentSafetyDefaultEndpoint 'endpoints' = {
     name: 'Azure.ContentSafety'
     properties: {
@@ -64,25 +65,16 @@ resource hub 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
       associatedResourceId: openAi.id
     }
   }
-*/
 
-/*
-  NN:TODO
-  Connections are not in the GA Swagger - they are only in public preview of 2024-04-01-preview version
-  That is what you specify with the workspace@ version for AML API version
-  The ApiVersion specified in the metadata is for the Azure Cognitive Services version (that wraps the OpenAPI call)
- */
-
-  resource openAiConnection 'connections@2024-04-01-preview' = { // NN:TODO Add @version to ensure resource is correctly versioned
-    name: 'aoai-connection'
+  resource openAiConnection 'connections' = {
+    name: openAiConnectionName
     properties: {
       category: 'AzureOpenAI'
       authType: 'ApiKey'
       isSharedToAll: true
       target: openAi.properties.endpoints['OpenAI Language Model Instance API']
       metadata: {
-        //ApiVersion: '2023-07-01-preview'
-        ApiVersion: '2024-02-01'
+        ApiVersion: '2023-07-01-preview'
         ApiType: 'azure'
         ResourceId: openAi.id
       }
@@ -94,7 +86,7 @@ resource hub 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
 
   resource searchConnection 'connections' =
     if (!empty(aiSearchName)) {
-      name: 'contoso-search'
+      name: aiSearchConnectionName
       properties: {
         category: 'CognitiveSearch'
         authType: 'ApiKey'

diff --git a/infra/core/ai/project.bicep b/infra/core/ai/project.bicep
@@ -36,8 +36,6 @@ resource project 'Microsoft.MachineLearningServices/workspaces@2024-01-01-previe
     hbiWorkspace: false
     v1LegacyMode: false
     publicNetworkAccess: publicNetworkAccess
-    discoveryUrl: 'https://${location}.api.azureml.ms/discovery'
-    // most properties are not allowed for a project workspace: "Project workspace shouldn't define ..."
     hubResourceId: hub.id
   }
 }

diff --git a/infra/core/config/configstore.bicep b/infra/core/config/configstore.bicep
diff --git a/infra/core/database/cosmos/cosmos-account.bicep b/infra/core/database/cosmos/cosmos-account.bicep
@@ -9,7 +9,7 @@ param keyVaultName string
 @allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
 param kind string
 
-resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
   name: name
   kind: kind
   location: location
@@ -28,6 +28,7 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
     enableMultipleWriteLocations: false
     apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {}
     capabilities: [ { name: 'EnableServerless' } ]
+    minimalTlsVersion: 'Tls12'
   }
 }
 

diff --git a/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep b/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep
diff --git a/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep b/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep
diff --git a/infra/core/database/cosmos/sql/cosmos-sql-db.bicep b/infra/core/database/cosmos/sql/cosmos-sql-db.bicep
@@ -7,7 +7,6 @@ param tags object = {}
 param containers array = []
 param keyVaultName string
 param principalIds array = []
-param aiServicePrincipalId string
 
 module cosmos 'cosmos-sql-account.bicep' = {
   name: 'cosmos-sql-account'
@@ -67,19 +66,6 @@ module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalId
   ]
 }]
 
-module userRoleForProject 'cosmos-sql-role-assign.bicep' = {
-  name: 'cosmos-sql-user-role-${uniqueString(aiServicePrincipalId)}'
-  params: {
-    accountName: accountName
-    roleDefinitionId: roleDefinition.outputs.id
-    principalId: aiServicePrincipalId
-  }
-  dependsOn: [
-    cosmos
-    database
-  ]
-}
-
 output accountId string = cosmos.outputs.id
 output accountName string = cosmos.outputs.name
 output connectionStringKey string = cosmos.outputs.connectionStringKey