Merge pull request #18 from mattchenderson/main

Updating infrastructure for readability and testing

Author: thegovind

.vscode/settings.json

@@ -4,5 +4,11 @@
     "azureFunctions.projectLanguage": "Python",
     "azureFunctions.projectRuntime": "~4",
     "debug.internalConsoleOptions": "neverOpen",
-    "azureFunctions.projectLanguageModel": 2
+    "azureFunctions.projectLanguageModel": 2,
+    "files.exclude": {
+        "__azurite*": true,
+        "__blobstorage__": true,
+        "__queuestorage__": true,
+        "AzuriteConfig": true
+    }
 }

infra/core/ai/ai-project.bicep infra/app/ai/ai-project.bicepinfra/core/ai/ai-project.bicep renamed to infra/app/ai/ai-project.bicep

@@ -25,9 +25,6 @@ param aiProjectDescription string = 'AI Project for Snippy code analysis'
 @description('Resource ID of the storage account')
 param storageAccountId string
 
-@description('Resource ID of the key vault')
-param keyVaultId string
-
 @description('Resource ID of the AI Services')
 param aiServicesId string
 
@@ -37,6 +34,18 @@ param aiServicesEndpoint string
 @description('AI Services name')
 param aiServicesName string
 
+@description('key vault name')
+param keyVaultName string
+
+
+module keyVault 'br/public:avm/res/key-vault/vault:0.12.1' = {
+  name: 'keyVault'
+  scope: resourceGroup()
+  params: {
+    location: location
+    name: keyVaultName
+  }
+}
 
 resource aiServices 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' existing = {
   name: aiServicesName
@@ -54,7 +63,7 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2025-01-01-preview'
     friendlyName: aiHubFriendlyName
     description: aiHubDescription
     storageAccount: storageAccountId
-    keyVault: keyVaultId
+    keyVault: keyVault.outputs.resourceId
   }
   kind: 'hub'
 

infra/core/ai/cognitive-services.bicep infra/app/ai/cognitive-services.bicepinfra/core/ai/cognitive-services.bicep renamed to infra/app/ai/cognitive-services.bicep

@@ -2,10 +2,7 @@ param name string
 param location string = resourceGroup().location
 param tags object = {}
 param applicationInsightsName string = ''
-param appServicePlanId string
 param appSettings object = {}
-param runtimeName string 
-param runtimeVersion string 
 param serviceName string = 'api'
 param storageAccountName string
 param deploymentStorageContainerName string
@@ -15,34 +12,96 @@ param maximumInstanceCount int = 100
 param identityId string = ''
 param identityClientId string = ''
 param aiServicesId string
+param resourceToken string
+
+param runtimeName string = 'python'
+param runtimeVersion string = '3.11'
+
+@allowed(['SystemAssigned', 'UserAssigned'])
+param identityType string = 'UserAssigned'
+
+import * as regionSelector from './util/region-selector.bicep'
+var abbrs = loadJsonContent('../abbreviations.json')
 
 var applicationInsightsIdentity = 'ClientId=${identityClientId};Authorization=AAD'
 
-module api '../core/host/functions-flexconsumption.bicep' = {
+// The application backend is a function app
+module appServicePlan 'br/public:avm/res/web/serverfarm:0.1.1' = {
+  name: 'appserviceplan'
+  params: {
+    name: '${abbrs.webServerFarms}${resourceToken}'
+    location: regionSelector.getFlexConsumptionRegion(location)
+    tags: tags
+    sku: {
+      name: 'FC1'
+      tier: 'FlexConsumption'
+    }
+    reserved: true
+  }
+}
+
+resource stg 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
+  name: storageAccountName
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
+  name: applicationInsightsName
+}
+
+module api 'br/public:avm/res/web/site:0.15.1' = {
   name: '${serviceName}-functions-module'
   params: {
     name: name
     location: location
+    kind: 'functionapp,linux'
     tags: union(tags, { 'azd-service-name': serviceName })
-    identityType: 'UserAssigned'
-    identityId: identityId
-    appSettings: union(appSettings,
+    managedIdentities: {
+      systemAssigned: identityType == 'SystemAssigned'
+      userAssignedResourceIds: [
+        '${identityId}'
+      ]
+    }
+    serverFarmResourceId: appServicePlan.outputs.resourceId
+    functionAppConfig: {
+      location: location
+      deployment: {
+        storage: {
+          type: 'blobContainer'
+          value: '${stg.properties.primaryEndpoints.blob}${deploymentStorageContainerName}'
+          authentication: {
+            type: identityType == 'SystemAssigned' ? 'SystemAssignedIdentity' : 'UserAssignedIdentity'
+            userAssignedIdentityResourceId: identityType == 'UserAssigned' ? identityId : '' 
+          }
+        }
+      }
+      scaleAndConcurrency: {
+        instanceMemoryMB: instanceMemoryMB
+        maximumInstanceCount: maximumInstanceCount
+      }
+      runtime: {
+        name: runtimeName
+        version: runtimeVersion
+      }
+    }
+    appSettingsKeyValuePairs: union(appSettings,
       {
+        AzureWebJobsStorage__blobServiceUri: stg.properties.primaryEndpoints.blob
+        AzureWebJobsStorage__queueServiceUri: stg.properties.primaryEndpoints.queue
+        AzureWebJobsStorage__tableServiceUri: stg.properties.primaryEndpoints.table
+        AzureWebJobsStorage__credential: 'managedidentity'
         AzureWebJobsStorage__clientId : identityClientId
+        APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString
         APPLICATIONINSIGHTS_AUTHENTICATION_STRING: applicationInsightsIdentity
+        AzureWebJobsFeatureFlags: 'EnableWorkerIndexing'
         AZURE_OPENAI_KEY: listKeys(aiServicesId, '2025-04-01-preview').key1
+        PYTHON_ENABLE_WORKER_EXTENSIONS: '1'
       })
-    applicationInsightsName: applicationInsightsName
-    appServicePlanId: appServicePlanId
-    runtimeName: runtimeName
-    runtimeVersion: runtimeVersion
-    storageAccountName: storageAccountName
-    deploymentStorageContainerName: deploymentStorageContainerName
-    virtualNetworkSubnetId: virtualNetworkSubnetId
-    instanceMemoryMB: instanceMemoryMB 
-    maximumInstanceCount: maximumInstanceCount
+    virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : null
+    siteConfig: {
+      alwaysOn: false
+    }
   }
 }
 
 output SERVICE_API_NAME string = api.outputs.name
-output SERVICE_API_IDENTITY_PRINCIPAL_ID string = api.outputs.identityPrincipalId
+output SERVICE_API_IDENTITY_PRINCIPAL_ID string = identityType == 'SystemAssigned' ? api.outputs.?systemAssignedMIPrincipalId ?? '' : ''

infra/app/api.bicep

@@ -8,13 +8,12 @@ param tags object
 param accountName string
 
 @description('Database name')
-param databaseName string = 'snippy'
+param databaseName string
 
 @description('Container name for snippets')
-param containerName string = 'snippets'
+param containerName string
 
-@description('AI Services name')
-param aiServicesName string
+param dataContributorIdentityIds string[] = []
 
 resource account 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
   name: accountName
@@ -48,7 +47,7 @@ resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2023-11-15
   }
 }
 
-resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2023-11-15' = {
+resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-11-15' = {
   parent: database
   name: containerName
   properties: {
@@ -73,13 +72,40 @@ resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/container
             path: '/"_etag"/?'
           }
         ]
+        vectorIndexes: [
+          {
+            path: '/embedding'
+            type: 'diskANN'
+          }
+        ]
+      }
+      vectorEmbeddingPolicy: {
+        vectorEmbeddings: [
+          {
+            path: '/embedding'
+            distanceFunction: 'cosine'
+            dataType: 'float32'
+            dimensions: 1536
+          }
+        ]
       }
     }
   }
 }
 
+var CosmosDbDataContributor = '00000000-0000-0000-0000-000000000002'
+
+resource assignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-05-15' = [for identityId in dataContributorIdentityIds: {
+  name: guid(CosmosDbDataContributor, identityId, account.id)
+  parent: account
+  properties: {
+    principalId: identityId
+    roleDefinitionId: '${subscription().id}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${accountName}/sqlRoleDefinitions/${CosmosDbDataContributor}'
+    scope: account.id
+  }
+}]
+
 output accountName string = account.name
 output databaseName string = database.name
 output containerName string = container.name
 output documentEndpoint string = account.properties.documentEndpoint
-output connectionString string = 'AccountEndpoint=${account.properties.documentEndpoint};AccountKey=${listKeys(account.id, account.apiVersion).primaryMasterKey}'

infra/core/database/cosmos-db.bicep infra/app/cosmos-db.bicepinfra/core/database/cosmos-db.bicep renamed to infra/app/cosmos-db.bicep

@@ -4,7 +4,7 @@ param location string = resourceGroup().location
 param tags object = {}
 param disableLocalAuth bool = false
 
-module logAnalytics 'loganalytics.bicep' = {
+module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.7.0' = {
   name: 'loganalytics'
   params: {
     name: logAnalyticsName
@@ -13,19 +13,19 @@ module logAnalytics 'loganalytics.bicep' = {
   }
 }
 
-module applicationInsights 'applicationinsights.bicep' = {
+module applicationInsights 'br/public:avm/res/insights/component:0.4.1'  = {
   name: 'applicationinsights'
   params: {
     name: applicationInsightsName
     location: location
     tags: tags
-    logAnalyticsWorkspaceId: logAnalytics.outputs.id
+    workspaceResourceId: logAnalytics.outputs.resourceId
     disableLocalAuth: disableLocalAuth
   }
 }
 
 output applicationInsightsConnectionString string = applicationInsights.outputs.connectionString
 output applicationInsightsInstrumentationKey string = applicationInsights.outputs.instrumentationKey
 output applicationInsightsName string = applicationInsights.outputs.name
-output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
+output logAnalyticsWorkspaceId string = logAnalytics.outputs.resourceId
 output logAnalyticsWorkspaceName string = logAnalytics.outputs.name