Merge pull request #6 from debuggerXi/networkinjection

deeikele · web-flow · commit 6fc4741580b9 · 2025-04-29T21:05:58.000-07:00
Add network injection support
diff --git a/use-cases/agents/setup/standard-setup/main.bicep b/use-cases/agents/setup/standard-setup/main.bicep
@@ -39,6 +39,12 @@ param azureCosmosDBAccountResourceId string = ''
 param projectCapHost string = 'caphostproj'
 param accountCapHost string = 'caphostacc'
 
+@allowed([
+  'false'
+  'true'
+])
+param enableNetworkInjection string = 'false'
+
 // Create a short, unique suffix, that will be unique to each resource group
 param deploymentTimestamp string = utcNow('yyyyMMddHHmmss')
 var uniqueSuffix = substring(uniqueString('${resourceGroup().id}-${deploymentTimestamp}'), 0, 4)
@@ -67,6 +73,7 @@ var storageParts = split(azureStorageAccountResourceId, '/')
 var azureStorageSubscriptionId = storagePassedIn ? storageParts[2] : subscription().subscriptionId
 var azureStorageResourceGroupName = storagePassedIn ? storageParts[4] : resourceGroup().name
 
+var virtualNetwork = toLower('${aiServices}${uniqueSuffix}vnet')
 /*
   Validate existing resources
   This module will check if the AI Search Service, Storage Account, and Cosmos DB Account already exist.
@@ -108,6 +115,10 @@ module aiDependencies 'modules-standard/standard-dependent-resources.bicep' = {
     // Cosmos DB Account
     cosmosDBResourceId: azureCosmosDBAccountResourceId
     cosmosDBExists: validateExistingResources.outputs.cosmosDBExists
+	
+	// vnet injection
+    vnetName: virtualNetwork
+    networkInjection: enableNetworkInjection
     }
 }
 
@@ -126,6 +137,9 @@ module aiAccount 'modules-standard/ai-account-identity.bicep' = {
     modelVersion: modelVersion
     modelSkuName: modelSkuName
     modelCapacity: modelCapacity
+	
+    subnetId: aiDependencies.outputs.subnetId
+    networkInjection: enableNetworkInjection
   }
   dependsOn: [
     validateExistingResources, aiDependencies
@@ -211,9 +225,10 @@ module addProjectCapabilityHost 'modules-standard/add-project-capability-host.bi
     cosmosDBConnection: aiProject.outputs.cosmosDBConnection 
     azureStorageConnection: aiProject.outputs.azureStorageConnection
     aiSearchConnection: aiProject.outputs.aiSearchConnection
-
     projectCapHost: projectCapHost
     accountCapHost: accountCapHost
+    subnetId: aiDependencies.outputs.subnetId
+    networkInjection: enableNetworkInjection
   }
   dependsOn: [
     aiSearchRoleAssignments, cosmosAccountRoleAssignments, storageAccountRoleAssignment
diff --git a/use-cases/agents/setup/standard-setup/modules-standard/add-project-capability-host.bicep b/use-cases/agents/setup/standard-setup/modules-standard/add-project-capability-host.bicep
@@ -5,6 +5,8 @@ param projectName string
 param accountName string
 param projectCapHost string
 param accountCapHost string
+param subnetId string
+param networkInjection string
 
 var threadConnections = ['${cosmosDBConnection}']
 var storageConnections = ['${azureStorageConnection}']
@@ -15,6 +17,7 @@ var vectorStoreConnections = ['${aiSearchConnection}']
 resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' existing = {
    name: accountName
 }
+
 #disable-next-line BCP081
 resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-preview' existing = {
   name: projectName
@@ -23,7 +26,7 @@ resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-previ
 
 
 #disable-next-line BCP081
- resource accountCapabilityHost 'Microsoft.CognitiveServices/accounts/capabilityHosts@2025-04-01-preview' = {
+ resource accountCapabilityHost 'Microsoft.CognitiveServices/accounts/capabilityHosts@2025-04-01-preview' = if (networkInjection == 'false') {
    name: accountCapHost
    parent: account
    properties: {
@@ -32,7 +35,6 @@ resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-previ
    }
 }
 
-
 #disable-next-line BCP081
 resource projectCapabilityHost 'Microsoft.CognitiveServices/accounts/projects/capabilityHosts@2025-04-01-preview' = {
   name: projectCapHost
diff --git a/use-cases/agents/setup/standard-setup/modules-standard/ai-account-identity.bicep b/use-cases/agents/setup/standard-setup/modules-standard/ai-account-identity.bicep
@@ -5,7 +5,9 @@ param modelName string
 param modelFormat string 
 param modelVersion string 
 param modelSkuName string 
-param modelCapacity int 
+param modelCapacity int
+param subnetId string
+param networkInjection string
 
 #disable-next-line BCP081
 resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
@@ -27,7 +29,13 @@ resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
       ipRules: []
     }
     publicNetworkAccess: 'Enabled'
-
+    networkInjections:((networkInjection == 'true') ? [
+    {
+      scenario: 'agent'
+      subnetArmId: subnetId
+      useMicrosoftManagedNetwork: false
+    }
+    ] : [])
     // true is not supported today
     disableLocalAuth: false
   }
diff --git a/use-cases/agents/setup/standard-setup/modules-standard/standard-dependent-resources.bicep b/use-cases/agents/setup/standard-setup/modules-standard/standard-dependent-resources.bicep
@@ -29,6 +29,9 @@ param aiSearchExists bool
 param azureStorageExists bool
 param cosmosDBExists bool
 
+@description('Name of the new virtual network')
+param vnetName string
+param networkInjection string
 
 var cosmosParts = split(cosmosDBResourceId, '/')
 
@@ -188,6 +191,44 @@ resource storage 'Microsoft.Storage/storageAccounts@2023-05-01' = if(!azureStora
   }
 }
 
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (networkInjection == 'true'){
+  name: vnetName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '192.168.0.0/16'
+      ]
+    }
+    subnets: [
+      {
+        name: 'default'
+        properties: {
+          addressPrefix: '192.168.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = if (networkInjection == 'true'){
+  parent: virtualNetwork
+  name: 'default'
+  properties: {
+    addressPrefix: '192.168.0.0/24'
+	delegations: [
+      {
+        id: '${virtualNetwork.id}/subnets/default"'
+        name: 'Microsoft.App/environments'
+        properties: {
+          serviceName: 'Microsoft.App/environments'
+        }
+        type: 'Microsoft.Network/virtualNetworks/subnets/delegations'
+      }
+    ]
+  }
+}
+
 // output aiServicesName string =  aiServiceExists ? existingAIServiceAccount.name : aiServicesName
 // output aiservicesID string = aiServiceExists ? existingAIServiceAccount.id : aiServices.id
 // output aiservicesTarget string = aiServiceExists ? existingAIServiceAccount.properties.endpoint : aiServices.properties.endpoint
@@ -209,4 +250,5 @@ output cosmosDBId string = cosmosDBExists ? existingCosmosDB.id : cosmosDB.id
 output cosmosDBResourceGroupName string = cosmosDBExists ? cosmosParts[4] : resourceGroup().name
 output cosmosDBSubscriptionId string = cosmosDBExists ? cosmosParts[2] : subscription().subscriptionId
 
+output subnetId string = subnet.id
 // output keyvaultId string = keyVault.id
