-
Notifications
You must be signed in to change notification settings - Fork 83
Expand file tree
/
Copy pathmain.bicep
More file actions
161 lines (143 loc) · 5.05 KB
/
main.bicep
File metadata and controls
161 lines (143 loc) · 5.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
targetScope = 'subscription'
@minLength(1)
@maxLength(64)
@description('Name of the the environment which is used to generate a short unique hash used in all resources.')
param environmentName string
@minLength(1)
@description('Primary location for all resources (filtered on available regions for Azure Open AI Service).')
@allowed([
'eastus2'
'swedencentral'
])
param location string
var abbrs = loadJsonContent('./abbreviations.json')
param useApplicationInsights bool = true
param useContainerRegistry bool = true
param appExists bool
@description('The OpenAI model name')
param modelName string = ' gpt-4o-mini'
@description('Id of the user or app to assign application roles. If ommited will be generated from the user assigned identity.')
param principalId string = ''
@secure()
@description('Twilio Auth Token for webhook signature validation')
param twilioAuthToken string = ''
var useTwilio = !empty(twilioAuthToken)
var uniqueSuffix = substring(uniqueString(subscription().id, environmentName), 0, 5)
var tags = {'azd-env-name': environmentName }
var rgName = 'rg-${environmentName}-${uniqueSuffix}'
resource rg 'Microsoft.Resources/resourceGroups@2024-11-01' = {
name: rgName
location: location
tags: tags
}
// [ User Assigned Identity for App to avoid circular dependency ]
module appIdentity './modules/identity.bicep' = {
name: 'uami'
scope: rg
params: {
location: location
environmentName: environmentName
uniqueSuffix: uniqueSuffix
}
}
var sanitizedEnvName = toLower(replace(replace(replace(replace(environmentName, ' ', '-'), '--', '-'), '[^a-zA-Z0-9-]', ''), '_', '-'))
var logAnalyticsName = take('log-${sanitizedEnvName}-${uniqueSuffix}', 63)
var appInsightsName = take('insights-${sanitizedEnvName}-${uniqueSuffix}', 63)
module monitoring 'modules/monitoring/monitor.bicep' = {
name: 'monitor'
scope: rg
params: {
logAnalyticsName: logAnalyticsName
appInsightsName: appInsightsName
tags: tags
}
}
module registry 'modules/containerregistry.bicep' = {
name: 'registry'
scope: rg
params: {
location: location
environmentName: environmentName
uniqueSuffix: uniqueSuffix
identityName: appIdentity.outputs.name
tags: tags
}
dependsOn: [ appIdentity ]
}
module aiServices 'modules/aiservices.bicep' = {
name: 'ai-foundry-deployment'
scope: rg
params: {
environmentName: environmentName
uniqueSuffix: uniqueSuffix
identityId: appIdentity.outputs.identityId
tags: tags
}
dependsOn: [ appIdentity ]
}
module acs 'modules/acs.bicep' = if (!useTwilio) {
name: 'acs-deployment'
scope: rg
params: {
environmentName: environmentName
uniqueSuffix: uniqueSuffix
tags: tags
}
}
var keyVaultName = toLower(replace('kv-${environmentName}-${uniqueSuffix}', '_', '-'))
var sanitizedKeyVaultName = take(toLower(replace(replace(replace(replace(keyVaultName, '--', '-'), '_', '-'), '[^a-zA-Z0-9-]', ''), '-$', '')), 24)
module keyvault 'modules/keyvault.bicep' = {
name: 'keyvault-deployment'
scope: rg
params: {
location: location
keyVaultName: sanitizedKeyVaultName
tags: tags
#disable-next-line BCP327
acsConnectionString: !useTwilio ? acs.outputs.acsConnectionString : ''
twilioAuthToken: twilioAuthToken
}
dependsOn: [ appIdentity ]
}
// Add role assignments
module RoleAssignments 'modules/roleassignments.bicep' = {
scope: rg
name: 'role-assignments'
params: {
identityPrincipalId: appIdentity.outputs.principalId
aiServicesId: aiServices.outputs.aiServicesId
keyVaultName: sanitizedKeyVaultName
}
dependsOn: [ keyvault, appIdentity ]
}
module containerapp 'modules/containerapp.bicep' = {
name: 'containerapp-deployment'
scope: rg
params: {
location: location
environmentName: environmentName
uniqueSuffix: uniqueSuffix
tags: tags
exists: appExists
identityId: appIdentity.outputs.identityId
identityClientId: appIdentity.outputs.clientId
containerRegistryName: registry.outputs.name
aiServicesEndpoint: aiServices.outputs.aiServicesEndpoint
modelDeploymentName: modelName
acsConnectionStringSecretUri: keyvault.outputs.acsConnectionStringUri
twilioAuthTokenSecretUri: keyvault.outputs.twilioAuthTokenUri
logAnalyticsWorkspaceName: logAnalyticsName
imageName: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
}
dependsOn: [keyvault, RoleAssignments]
}
// OUTPUTS will be saved in azd env for later use
output AZURE_LOCATION string = location
output AZURE_TENANT_ID string = tenant().tenantId
output AZURE_RESOURCE_GROUP string = rg.name
output AZURE_USER_ASSIGNED_IDENTITY_ID string = appIdentity.outputs.identityId
output AZURE_USER_ASSIGNED_IDENTITY_CLIENT_ID string = appIdentity.outputs.clientId
output AZURE_CONTAINER_REGISTRY_ENDPOINT string = registry.outputs.loginServer
output SERVICE_API_ENDPOINTS array = !useTwilio ? ['https://${containerapp.outputs.containerAppFqdn}/acs/incomingcall'] : ['https://${containerapp.outputs.containerAppFqdn}/voice']
output AZURE_VOICE_LIVE_ENDPOINT string = aiServices.outputs.aiServicesEndpoint
output AZURE_VOICE_LIVE_MODEL string = modelName