Merge remote-tracking branch 'origin/main' into vNext-Dev

Author: dayland-ms

Makefile

@@ -24,7 +24,7 @@ build-containers: extract-env
 infrastructure: check-subscription ## Deploy infrastructure
 	@./scripts/inf-create.sh
 
-extract-env: extract-env-debug-webapp extract-env-debug-functions ## Extract infrastructure.env file from TF output
+extract-env: extract-env-debug-webapp extract-env-debug-functions ## Extract infrastructure.env file from Terraform output
 	 @./scripts/json-to-env.sh < inf_output.json > ./scripts/environments/infrastructure.env
 
 deploy-webapp: extract-env ## Deploys the web app code to Azure App Service
@@ -39,10 +39,10 @@ deploy-enrichments: extract-env ## Deploys the web app code to Azure App Service
 deploy-search-indexes: extract-env ## Deploy search indexes
 	@./scripts/deploy-search-indexes.sh
 
-extract-env-debug-webapp: ## Extract infrastructure.debug.env file from TF output
+extract-env-debug-webapp: ## Extract infrastructure.debug.env file from Terraform output
 	@./scripts/json-to-env.webapp.debug.sh < inf_output.json > ./scripts/environments/infrastructure.debug.env
 
-extract-env-debug-functions: ## Extract local.settings.json to debug functions from TF output
+extract-env-debug-functions: ## Extract local.settings.json to debug functions from Terraform output
 	@./scripts/json-to-env.function.debug.sh < inf_output.json > ./functions/local.settings.json
 
 # Utils (used by other Makefile rules)
@@ -87,4 +87,4 @@ run-data-migration: ## Run the data migration moving data from one resource grou
 	python ./scripts/extract-content.py
 
 manual-inf-destroy: ## A command triggered by a user to destroy a resource group, associated resources, and related Entra items
-	@./scripts/inf-manual-destroy.sh 
+	@./scripts/inf-manual-destroy.sh 

docs/deployment/autoscale_sku.md

@@ -9,8 +9,6 @@ You may find better settings to fit your needs. This document explains how this
 
 The Azure Functions Service Plan Autoscale settings are defined in the file located at `/infra/core/host/functions/functions.tf`. These settings enable automatic scaling of the Azure Functions Service Plan based on CPU usage metrics.
 
-
-
  **File Location:** `/infra/core/host/functions/functions.tf`
 
 #### Scaling Rules
@@ -29,7 +27,6 @@ The Azure Functions Service Plan Autoscale settings are defined in the file loca
    - **Time Window:** `5 minutes`
    - **Scaling Action:** Decrease capacity by `2` with a cooldown of `2 minutes`.
 
-
 ## App Service Plan Autoscale for Enrichment App
 
 ### Overview
@@ -58,50 +55,41 @@ The App Service Plan Autoscale settings for the enrichment app are defined in th
 
 ### Customization
 
-To customize the App Service Plan Autoscale settings, modify the parameters mentioned above in the specified Terraform file. And Run the `make infrastructure` command.
-
-
+To customize the App Service Plan Autoscale settings, modify the parameters mentioned above in the specified terraform files. And Run the `make infrastructure` command.
 
 # SKU Settings Documentation
 
 ### Overview
 
-The SKU settings for all Service Plans are defined in the file located at `/infra/main.tf`.  The SKU (Stock Keeping Unit) represents the pricing tier or plan for your App Service. It defines the performance, features, and capacity of the App Service. 
+The SKU settings for all Service Plans are defined in the file located at `/infra/variables.tf`.  The SKU (Stock Keeping Unit) represents the pricing tier or plan for your App Service. It defines the performance, features, and capacity of the App Service. 
 More information can be found [here.](https://azure.microsoft.com/en-us/pricing/details/app-service/windows/#purchase-options)
 
 ## Web App Service Plan SKU
 
+**File Location:** `/infra/variables.tf`
 
-**File Location:** `/infra/main.tf`
-
-#### SKU Settings
-
-- **Name:** `S1`
-- **Capacity:** `3`
+### SKU Settings
 
+- **appServiceSkuSize** `S1`
+- **appServiceSkuTier** `Standard`
 
 ## Functions Service Plan SKU
 
+**File Location:** `/infra/variables.tf`
 
-**File Location:** `/infra/main.tf`
-
-#### SKU Settings
+### SKU Settings
 
-- **Name:** `S2`
-- **Capacity:** `2`
+- **functionsAppSkuSize** `S2`
+- **functionsAppSkuTie:** `Standard`
 
 ## Enrichment App Service Plan SKU
 
+**File Location:** `/infra/variables.tf`
 
-**File Location:** `/infra/main.tf`
+### SKU Settings
 
-#### SKU Settings
-
-- **Name:** `P1v3`
-- **Tier:** `PremiumV3`
-- **Size:** `P1v3`
-- **Family:** `Pv3`
-- **Capacity:** `1`
+- **enrichmentAppServiceSkuSize** `P1v3`
+- **enrichmentAppServiceSkuTier** `PremiumV3`
 
 ### Enrichment Message Dequeue Parameter
 There exist a property that can be set in the local.env file called `DEQUEUE_MESSAGE_BATCH_SIZE` and is defaulted in the `infra/main.tf` and `app/enrichment/app.py` to the value of **3**. This means the app will process 3 messages from the queue at a time. This is found to be the most optimal with the existing configuration but can be increased if you also increase the enrichment app service SKU. It is important to note that there will be issues if it is increased more than the app service SKU can handle.
@@ -114,30 +102,25 @@ This can also be adjusted in the Azure Portal.
 
 **Note:** Adjusting the scale or Tier can cause outages until the redeployment occurs.
 
-
-### Steps to Scale Up:
+### Steps to Scale Up
 
 >1. **Sign in to the Azure Portal:**
 >   - Open a web browser and navigate to the [Azure Portal](https://portal.azure.com/).
 >   - Log in with your Azure account credentials.
-
 >2. **Navigate to the App Service:**
 >   - In the left navigation pane, select "App Services."
 >   - Click on the specific App Service you want to scale.
-
 >3. **Access the Scale Up Blade:**
 >   - In the App Service menu, find and click on "Scale up (App Service plan)" in the left sidebar.
-
 >4. **Choose a New Pricing Tier:**
 >   - On the "Scale Up" blade, you'll see different pricing tiers representing various levels of resources.
 >   - Select the desired pricing tier that corresponds to the scale you need.
-
 >5. **Review and Apply Changes:**
 >   - Review the information about the selected pricing tier, including its features and costs.
 >   - Click the "Apply" or "Save" button to apply the changes.
 
+### Considerations
 
-### Considerations:
 - **Cost Implications:**
   - Be aware of the cost implications associated with higher pricing tiers. Review the Azure Pricing documentation for details on costs.
 
@@ -146,4 +129,3 @@ This can also be adjusted in the Azure Portal.
 
 - **Performance Impact:**
   - Scaling up provides additional resources, potentially improving performance. However, it's essential to assess whether your application benefits from the increased resources.
-

docs/deployment/deployment.md

@@ -29,7 +29,7 @@ Once you have the completed setting up a GitHub Codespaces, please move on to th
 
  The IA Accelerator needs to be sized appropriately based on your use case. Please review our [Sizing Estimator](/docs/costestimator.md) to help find the configuration that fits your needs.
 
- To change the size of components deployed, make changes in the [Main Terraform](/infra/main.tf) file.
+ To change the size of components deployed, make changes in the [Terraform Variables](/infra/variables.tf) file.
 
 Once you have completed the Sizing Estimator and sized your deployment appropriately, please move on to the Configuring your Environment step.
 
@@ -85,9 +85,9 @@ ENABLE_CUSTOMER_USAGE_ATTRIBUTION <br>CUSTOMER_USAGE_ATTRIBUTION_ID | No | By de
 ENABLE_DEV_CODE | No | Defaults to `false`. It is not recommended to enable this flag, it is for development testing scenarios only.
 APPLICATION_TITLE | No | Defaults to "". Providing a value for this parameter will replace the Information Assistant's title in the black banner at the top of the UX.
 ENTRA_OWNERS | No | Defaults to "". Additional user id's you wish to assign as owners of created Azure Entra objects by way of assign to a security group.
-MAX_CSV_FILE_SIZE | No | Defaults to 20 (MB's) for the maximum file size for an uploaded CSV
 SERVICE_MANAGEMENT_REFERENCE | No | Defaults to "". Sets the service management reference value on Azure Entra objects created by Information Assistant if required by your organization.
-
+MAX_CSV_FILE_SIZE | Yes | Defaults to 20. This value limits the size of CSV files in MBs that will be supported for upload in the Tabular Data Assistant UX feature.
+PASSWORD_LIFETIME | No | Defaults to 365. The number of days that passwords associated with created identities are set to expire after creation. Change this setting if needed to conform to you policy requirements
 
 ## Log into Azure using the Azure CLI
 
@@ -149,13 +149,13 @@ help                         Show this help
 deploy                       Deploy infrastructure and application code
 build                        Build application code
 infrastructure               Deploy infrastructure
-extract-env                  Extract infrastructure.env file from TF output
+extract-env                  Extract infrastructure.env file from Terraform output
 deploy-webapp                Deploys the web app code to Azure App Service
 deploy-functions             Deploys the function code to Azure Function Host
 deploy-enrichments           Deploys the web app code to Azure App Service
 deploy-search-indexes        Deploy search indexes
-extract-env-debug-webapp     Extract infrastructure.debug.env file from TF output
-extract-env-debug-functions  Extract local.settings.json to debug functions from TF output
+extract-env-debug-webapp     Extract infrastructure.debug.env file from Terraform output
+extract-env-debug-functions  Extract local.settings.json to debug functions from Terraform output
 functional-tests             Run functional tests to check the processing pipeline is working
 merge-databases              Upgrade from bicep to terraform
 import-state                 import state of current services to TF state

docs/features/architectural_decisions.md

@@ -23,7 +23,7 @@ In Retrieval Augmented Generation applications, a thorough grasp of context is e
 
 Initially, we explored Azure AI Search's built-in skillset for tasks like entity recognition and key phrase extraction. However, due to the additional overhead of utilizing the skillset from Azure AI Search, we opted for custom data processing to extract key phrases and entities such as organizations, locations, and events. This approach enriched the search index by providing additional metadata and context, thereby enhancing retrieval effectiveness. Additionally, we employed embeddings to capture semantic relationships and contextual nuances, improving our understanding of textual data.
 
-To generate embeddings, we empowered users to choose the embedding model that best suits their content and use case, acknowledging that a one-size-fits-all approach is not ideal. Users have the flexibility to opt for the closed-source Azure Open AI embedding or one of the open-source embedding models, including the multilingual embedding model.
+To generate embeddings, we empowered users to choose the embedding model that best suits their content and use case, acknowledging that a one-size-fits-all approach is not ideal. Users have the flexibility to opt for the closed-source Azure OpenAI embedding or one of the open-source embedding models, including the multilingual embedding model.
 
 ## Document Indexing (Vector Store)
 

docs/images/app_registration.png

@@ -206,4 +206,18 @@ Image search is currently only supported with regions that support dense caption
 ### Solution
 These are only in the Logic App Preview Designer. Switching to the Generally Available Designer will resolve these errors. They are purely visual errors in the Preview Designer and have no impact on how the Logic App functions.
 
-![Image of Logic App Error](./images/sharepoint-preview-designer-known-issue.png)
+![Image of Logic App Error](./images/sharepoint-preview-designer-known-issue.png)
+
+---
+
+## Error: CredentialInvalidLifetimeAsPerAppPolicy: Credential lifetime exceeds the max value allowed as per assigned
+### Solution
+Your organization's policy places a limit on the lifetime of an identities password. In your copy of Local.env there is a setting called PASSWORD_LIFETIME. This value is used when creating or updating the identity password and has a default value of the number of days the password will exist before expiring. Change this value to a number of days that your organization allows.
+
+To view the value after deploying go the Microsoft Entra ID page from the Azure Portal home page. Then search your tenant for infoasst_mgmt_access_<your-5-character-suffix> as shown in the image below.
+
+![Image of Entra App Registration](./images/credential-lifespan.png)
+
+Next click on the App Registration value, and then the page will open for that applciuation registration. Then select Clients & Secrets from the left menu. You will then see the expiry date of the password that was applied through Terraform.
+
+![Image of Entra App Registration](./images/app_registration.png)

docs/images/credential-lifespan.png

@@ -24,13 +24,13 @@ help                         Show this help
 deploy                       Deploy infrastructure and application code
 build                        Build application code
 infrastructure               Deploy infrastructure
-extract-env                  Extract infrastructure.env file from TF output
+extract-env                  Extract infrastructure.env file from Terraform output
 deploy-webapp                Deploys the web app code to Azure App Service
 deploy-functions             Deploys the function code to Azure Function Host
 deploy-enrichments           Deploys the web app code to Azure App Service
 deploy-search-indexes        Deploy search indexes
-extract-env-debug-webapp     Extract infrastructure.debug.env file from TF output
-extract-env-debug-functions  Extract local.settings.json to debug functions from TF output
+extract-env-debug-webapp     Extract infrastructure.debug.env file from Terraform output
+extract-env-debug-functions  Extract local.settings.json to debug functions from Terraform output
 functional-tests             Run functional tests to check the processing pipeline is working
 merge-databases              Upgrade from bicep to terraform
 import-state                 import state of current services to TF state

docs/knownissues.md

@@ -43,6 +43,7 @@ resource "azuread_application_password" "aad_mgmt_app_password" {
   count           = var.isInAutomation ? 0 : 1
   application_id  = azuread_application.aad_mgmt_app[0].id
   display_name    = "infoasst-mgmt"
+  end_date_relative = "${var.password_lifetime * 24}h"
 }
 
 resource "azuread_service_principal" "aad_mgmt_sp" {

infra/README.md

@@ -42,4 +42,8 @@ variable "entraOwners" {
 variable "serviceManagementReference" {
   type      = string
   sensitive = true
+}
+
+variable "password_lifetime" {
+  type      = number
 }

infra/core/aad/entra.tf

@@ -32,6 +32,7 @@ module "entraObjects" {
   aadMgmtClientSecret               = var.aadMgmtClientSecret
   entraOwners                       = var.entraOwners
   serviceManagementReference        = var.serviceManagementReference
+  password_lifetime                 = var.password_lifetime
 }
 
 module "logging" {

infra/core/aad/variables.tf

@@ -512,4 +512,10 @@ variable "entraOwners" {
 variable "serviceManagementReference" {
   type    = string
   default = ""
+}
+
+variable "password_lifetime" {
+  type    = number
+  default = 365
+  description = "The number of days used as the lifetime for passwords"  
 }

infra/main.tf

@@ -151,3 +151,7 @@ export ENTRA_OWNERS=""
 
 # Set a value here if you are required to apply a value in Entra for Service management references
 export SERVICE_MANAGEMENT_REFERENCE=""
+
+# A value used in terraform deployment to set the expiry of passwords measure in days.
+# Change this setting if needed to conform to you policy requirements
+export PASSWORD_LIFETIME=365

infra/variables.tf

@@ -88,6 +88,4 @@ export ENABLE_DEV_CODE=false
 # Video Indexer API Version used in ARM deployment of Azure Video Indexer
 export VIDEO_INDEXER_API_VERSION="2024-01-01"
 
-# If you are using the Bing Search API, you can set the following values to enable safe search.
-# Defaults to true if not defined.
-export ENABLE_BING_SAFE_SEARCH=true
+export PASSWORD_LIFETIME=365

scripts/environments/local.env.example

@@ -88,6 +88,4 @@ export ENABLE_DEV_CODE=false
 # Video Indexer API Version used in ARM deployment of Azure Video Indexer
 export VIDEO_INDEXER_API_VERSION="2024-01-01"
 
-# If you are using the Bing Search API, you can set the following values to enable safe search.
-# Defaults to true if not defined.
-export ENABLE_BING_SAFE_SEARCH=true
+export PASSWORD_LIFETIME=365

scripts/environments/shared-ia-dev.env

@@ -86,4 +86,6 @@ export CUSTOMER_USAGE_ATTRIBUTION_ID=""
 export ENABLE_DEV_CODE=false
 
 # Video Indexer API Version used in ARM deployment of Azure Video Indexer
-export VIDEO_INDEXER_API_VERSION="2024-01-01"
+export VIDEO_INDEXER_API_VERSION="2024-01-01"
+
+export PASSWORD_LIFETIME=365

scripts/environments/shared-ia.env

@@ -87,6 +87,4 @@ export ENABLE_DEV_CODE=false
 # Video Indexer API Version used in ARM deployment of Azure Video Indexer
 export VIDEO_INDEXER_API_VERSION="2024-01-01"
 
-# If you are using the Bing Search API, you can set the following values to enable safe search.
-# Defaults to true if not defined.
-export ENABLE_BING_SAFE_SEARCH=true
+export PASSWORD_LIFETIME=365

scripts/environments/tmp-ia.env

@@ -44,4 +44,5 @@ export TF_VAR_enableTabularDataAssistant=$ENABLE_TABULAR_DATA_ASSISTANT
 export TF_VAR_enableSharePointConnector=$ENABLE_SHAREPOINT_CONNECTOR
 export TF_VAR_enableMultimedia=$ENABLE_MULTIMEDIA
 export TF_VAR_maxCsvFileSize=$MAX_CSV_FILE_SIZE
-export TF_VAR_serviceManagementReference=$SERVICE_MANAGEMENT_REFERENCE
+export TF_VAR_serviceManagementReference=$SERVICE_MANAGEMENT_REFERENCE
+export TF_VAR_password_lifetime=$PASSWORD_LIFETIME