From 97ced9f21921be19fbedd1d9572ce0cd031fd93d Mon Sep 17 00:00:00 2001 From: Roopan-Microsoft <168007406+Roopan-Microsoft@users.noreply.github.com> Date: Mon, 25 Nov 2024 16:02:34 +0530 Subject: [PATCH] fix: SFI Fixes & scope reverted to subscription (#1513) --- infra/app/function.bicep | 1 + infra/app/web.bicep | 36 +- .../database/cosmos-sql-role-assign.bicep | 19 + infra/core/host/functions.bicep | 18 +- infra/core/storage/storage-account.bicep | 3 +- infra/main.bicep | 101 +- infra/main.bicepparam | 6 +- infra/main.json | 1056 +++++++++++------ 8 files changed, 846 insertions(+), 394 deletions(-) create mode 100644 infra/core/database/cosmos-sql-role-assign.bicep diff --git a/infra/app/function.bicep b/infra/app/function.bicep index b3e70b816..8a0739e7d 100644 --- a/infra/app/function.bicep +++ b/infra/app/function.bicep @@ -42,6 +42,7 @@ module function '../core/host/functions.bicep' = { runtimeName: runtimeName runtimeVersion: runtimeVersion dockerFullImageName: dockerFullImageName + useKeyVault: useKeyVault appSettings: union(appSettings, { WEBSITES_ENABLE_APP_SERVICE_STORAGE: 'false' AZURE_AUTH_TYPE: authType diff --git a/infra/app/web.bicep b/infra/app/web.bicep index c1734cd2a..65588b2e7 100644 --- a/infra/app/web.bicep +++ b/infra/app/web.bicep @@ -122,16 +122,16 @@ module web '../core/host/appservice.bicep' = { '2023-05-01' ).key1 AZURE_COSMOSDB_ACCOUNT_KEY: (useKeyVault || cosmosDBKeyName == '') - ? cosmosDBKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.DocumentDB/databaseAccounts', - cosmosDBKeyName - ), - '2022-08-15' - ).primaryMasterKey + ? cosmosDBKeyName + : listKeys( + resourceId( + subscription().subscriptionId, + resourceGroup().name, + 'Microsoft.DocumentDB/databaseAccounts', + cosmosDBKeyName + ), + '2022-08-15' + ).primaryMasterKey }) keyVaultName: keyVaultName runtimeName: runtimeName @@ -192,6 +192,22 @@ module webaccess '../core/security/keyvault-access.bicep' = if (useKeyVault) { } } +resource cosmosRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2024-05-15' existing = { + name: '${json(appSettings.AZURE_COSMOSDB_INFO).accountName}/00000000-0000-0000-0000-000000000002' +} + +module cosmosUserRole '../core/database/cosmos-sql-role-assign.bicep' = { + name: 'cosmos-sql-user-role-${web.name}' + params: { + accountName: json(appSettings.AZURE_COSMOSDB_INFO).accountName + roleDefinitionId: cosmosRoleDefinition.id + principalId: web.outputs.identityPrincipalId + } + dependsOn: [ + cosmosRoleDefinition + ] +} + output FRONTEND_API_IDENTITY_PRINCIPAL_ID string = web.outputs.identityPrincipalId output FRONTEND_API_NAME string = web.outputs.name output FRONTEND_API_URI string = web.outputs.uri diff --git a/infra/core/database/cosmos-sql-role-assign.bicep b/infra/core/database/cosmos-sql-role-assign.bicep new file mode 100644 index 000000000..3949efef0 --- /dev/null +++ b/infra/core/database/cosmos-sql-role-assign.bicep @@ -0,0 +1,19 @@ +metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.' +param accountName string + +param roleDefinitionId string +param principalId string = '' + +resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = { + parent: cosmos + name: guid(roleDefinitionId, principalId, cosmos.id) + properties: { + principalId: principalId + roleDefinitionId: roleDefinitionId + scope: cosmos.id + } +} + +resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = { + name: accountName +} diff --git a/infra/core/host/functions.bicep b/infra/core/host/functions.bicep index 4f2033117..fac21a7d6 100644 --- a/infra/core/host/functions.bicep +++ b/infra/core/host/functions.bicep @@ -9,6 +9,7 @@ param appServicePlanId string param keyVaultName string = '' param managedIdentity bool = !empty(keyVaultName) param storageAccountName string +param useKeyVault bool // Runtime Properties @allowed([ @@ -67,10 +68,14 @@ module functions 'appservice.bicep' = { appSettings: union( appSettings, { - AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}' FUNCTIONS_EXTENSION_VERSION: extensionVersion }, - !useDocker ? { FUNCTIONS_WORKER_RUNTIME: runtimeName } : {} + !useDocker ? { FUNCTIONS_WORKER_RUNTIME: runtimeName } : {}, + useKeyVault + ? { + AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}' + } + : { AzureWebJobsStorage__accountName: storage.name } ) clientAffinityEnabled: clientAffinityEnabled enableOryxBuild: enableOryxBuild @@ -90,6 +95,15 @@ module functions 'appservice.bicep' = { } } +module storageBlobRoleFunction '../security/role.bicep' = { + name: 'storage-blob-role-function' + params: { + principalId: functions.outputs.identityPrincipalId + roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' + principalType: 'ServicePrincipal' + } +} + resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { name: storageAccountName } diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep index 43b4ce2c5..5e7a9e60e 100644 --- a/infra/core/storage/storage-account.bicep +++ b/infra/core/storage/storage-account.bicep @@ -11,7 +11,8 @@ param tags object = {} param accessTier string = 'Hot' param allowBlobPublicAccess bool = false param allowCrossTenantReplication bool = true -param allowSharedKeyAccess bool = true +param useKeyVault bool +param allowSharedKeyAccess bool = useKeyVault param containers array = [] param defaultToOAuthAuthentication bool = false param deleteRetentionPolicy object = {} diff --git a/infra/main.bicep b/infra/main.bicep index 61aa0aa2c..d828187c6 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,4 +1,14 @@ -param resourceToken string = toLower(uniqueString(subscription().id, resourceGroup().name, resourceGroup().location)) +targetScope = 'subscription' + +@minLength(1) +@maxLength(20) +@description('Name of the the environment which is used to generate a short unique hash used in all resources.') +param environmentName string + +param resourceToken string = toLower(uniqueString(subscription().id, environmentName, location)) + +@description('Location for all resources.') +param location string @description('Name of App Service plan') param hostingPlanName string = 'hosting-plan-${resourceToken}' @@ -305,9 +315,8 @@ var blobContainerName = 'documents' var queueName = 'doc-processing' var clientKey = '${uniqueString(guid(subscription().id, deployment().name))}${newGuidString}' var eventGridSystemTopicName = 'doc-processing' -var resourceGroupName = resourceGroup().name -var tags = { 'azd-env-name': resourceGroupName } -var location = resourceGroup().location +var tags = { 'azd-env-name': environmentName } +var rgName = 'rg-${environmentName}' var keyVaultName = 'kv-${resourceToken}' var azureOpenAIModelInfo = string({ model: azureOpenAIModel @@ -320,19 +329,26 @@ var azureOpenAIEmbeddingModelInfo = string({ modelVersion: azureOpenAIEmbeddingModelVersion }) +// Organize resources in a resource group +resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: rgName + location: location + tags: tags +} + module cosmosDBModule './core/database/cosmosdb.bicep' = { name: 'deploy_cosmos_db' params: { name: azureCosmosDBAccountName location: location } - scope: resourceGroup() + scope: rg } // Store secrets in a keyvault module keyvault './core/security/keyvault.bicep' = if (useKeyVault || authType == 'rbac') { name: 'keyvault' - scope: resourceGroup() + scope: rg params: { name: keyVaultName location: location @@ -390,7 +406,7 @@ var openAiDeployments = concat( module openai 'core/ai/cognitiveservices.bicep' = { name: azureOpenAIResourceName - scope: resourceGroup() + scope: rg params: { name: azureOpenAIResourceName location: location @@ -405,7 +421,7 @@ module openai 'core/ai/cognitiveservices.bicep' = { module computerVision 'core/ai/cognitiveservices.bicep' = if (useAdvancedImageProcessing) { name: 'computerVision' - scope: resourceGroup() + scope: rg params: { name: computerVisionName kind: 'ComputerVision' @@ -419,7 +435,7 @@ module computerVision 'core/ai/cognitiveservices.bicep' = if (useAdvancedImagePr // Search Index Data Reader module searchIndexRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() + scope: rg name: 'search-index-role-openai' params: { principalId: openai.outputs.identityPrincipalId @@ -430,7 +446,7 @@ module searchIndexRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac' // Search Service Contributor module searchServiceRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() + scope: rg name: 'search-service-role-openai' params: { principalId: openai.outputs.identityPrincipalId @@ -441,7 +457,7 @@ module searchServiceRoleOpenai 'core/security/role.bicep' = if (authType == 'rba // Storage Blob Data Reader module blobDataReaderRoleSearch 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() + scope: rg name: 'blob-data-reader-role-search' params: { principalId: search.outputs.identityPrincipalId @@ -452,7 +468,7 @@ module blobDataReaderRoleSearch 'core/security/role.bicep' = if (authType == 'rb // Cognitive Services OpenAI User module openAiRoleSearchService 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() + scope: rg name: 'openai-role-searchservice' params: { principalId: search.outputs.identityPrincipalId @@ -462,7 +478,7 @@ module openAiRoleSearchService 'core/security/role.bicep' = if (authType == 'rba } module speechService 'core/ai/cognitiveservices.bicep' = { - scope: resourceGroup() + scope: rg name: speechServiceName params: { name: speechServiceName @@ -476,7 +492,7 @@ module speechService 'core/ai/cognitiveservices.bicep' = { module storekeys './app/storekeys.bicep' = if (useKeyVault) { name: 'storekeys' - scope: resourceGroup() + scope: rg params: { keyVaultName: keyVaultName azureOpenAIName: openai.outputs.name @@ -487,13 +503,13 @@ module storekeys './app/storekeys.bicep' = if (useKeyVault) { speechServiceName: speechServiceName computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' cosmosAccountName: cosmosDBModule.outputs.cosmosOutput.cosmosAccountName - rgName: resourceGroupName + rgName: rgName } } module search './core/search/search-services.bicep' = { name: azureAISearchName - scope: resourceGroup() + scope: rg params: { name: azureAISearchName location: location @@ -514,7 +530,7 @@ module search './core/search/search-services.bicep' = { module hostingplan './core/host/appserviceplan.bicep' = { name: hostingPlanName - scope: resourceGroup() + scope: rg params: { name: hostingPlanName location: location @@ -535,7 +551,7 @@ var azureCosmosDBInfo = string({ module web './app/web.bicep' = if (hostingModel == 'code') { name: websiteName - scope: resourceGroup() + scope: rg params: { name: websiteName location: location @@ -618,12 +634,12 @@ module web './app/web.bicep' = if (hostingModel == 'code') { module web_docker './app/web.bicep' = if (hostingModel == 'container') { name: '${websiteName}-docker' - scope: resourceGroup() + scope: rg params: { name: '${websiteName}-docker' location: location tags: union(tags, { 'azd-service-name': 'web-docker' }) - dockerFullImageName: 'fruoccopublic.azurecr.io/rag-webapp' + dockerFullImageName: 'fruoccopublic.azurecr.io/rag-webapp:latest' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName healthCheckPath: '/api/health' @@ -700,7 +716,7 @@ module web_docker './app/web.bicep' = if (hostingModel == 'container') { module adminweb './app/adminweb.bicep' = if (hostingModel == 'code') { name: adminWebsiteName - scope: resourceGroup() + scope: rg params: { name: adminWebsiteName location: location @@ -778,12 +794,12 @@ module adminweb './app/adminweb.bicep' = if (hostingModel == 'code') { module adminweb_docker './app/adminweb.bicep' = if (hostingModel == 'container') { name: '${adminWebsiteName}-docker' - scope: resourceGroup() + scope: rg params: { name: '${adminWebsiteName}-docker' location: location tags: union(tags, { 'azd-service-name': 'adminweb-docker' }) - dockerFullImageName: 'fruoccopublic.azurecr.io/rag-adminwebapp' + dockerFullImageName: 'fruoccopublic.azurecr.io/rag-adminwebapp:latest' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName azureOpenAIName: openai.outputs.name @@ -855,7 +871,7 @@ module adminweb_docker './app/adminweb.bicep' = if (hostingModel == 'container') module monitoring './core/monitor/monitoring.bicep' = { name: 'monitoring' - scope: resourceGroup() + scope: rg params: { applicationInsightsName: applicationInsightsName location: location @@ -869,7 +885,7 @@ module monitoring './core/monitor/monitoring.bicep' = { module workbook './app/workbook.bicep' = { name: 'workbook' - scope: resourceGroup() + scope: rg params: { workbookDisplayName: workbookDisplayName location: location @@ -889,7 +905,7 @@ module workbook './app/workbook.bicep' = { module function './app/function.bicep' = if (hostingModel == 'code') { name: functionName - scope: resourceGroup() + scope: rg params: { name: functionName location: location @@ -953,12 +969,12 @@ module function './app/function.bicep' = if (hostingModel == 'code') { module function_docker './app/function.bicep' = if (hostingModel == 'container') { name: '${functionName}-docker' - scope: resourceGroup() + scope: rg params: { name: '${functionName}-docker' location: location tags: union(tags, { 'azd-service-name': 'function-docker' }) - dockerFullImageName: 'fruoccopublic.azurecr.io/rag-backend' + dockerFullImageName: 'fruoccopublic.azurecr.io/rag-backend:latest' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName azureOpenAIName: openai.outputs.name @@ -1016,7 +1032,7 @@ module function_docker './app/function.bicep' = if (hostingModel == 'container') module formrecognizer 'core/ai/cognitiveservices.bicep' = { name: formRecognizerName - scope: resourceGroup() + scope: rg params: { name: formRecognizerName location: location @@ -1027,7 +1043,7 @@ module formrecognizer 'core/ai/cognitiveservices.bicep' = { module contentsafety 'core/ai/cognitiveservices.bicep' = { name: contentSafetyName - scope: resourceGroup() + scope: rg params: { name: contentSafetyName location: location @@ -1038,7 +1054,7 @@ module contentsafety 'core/ai/cognitiveservices.bicep' = { module eventgrid 'app/eventgrid.bicep' = { name: eventGridSystemTopicName - scope: resourceGroup() + scope: rg params: { name: eventGridSystemTopicName location: location @@ -1050,10 +1066,11 @@ module eventgrid 'app/eventgrid.bicep' = { module storage 'core/storage/storage-account.bicep' = { name: storageAccountName - scope: resourceGroup() + scope: rg params: { name: storageAccountName location: location + useKeyVault: useKeyVault sku: { name: 'Standard_GRS' } @@ -1086,8 +1103,8 @@ module storage 'core/storage/storage-account.bicep' = { // USER ROLES // Storage Blob Data Contributor -module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() +module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { + scope: rg name: 'storage-role-user' params: { principalId: principalId @@ -1097,8 +1114,8 @@ module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac') { } // Cognitive Services User -module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() +module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { + scope: rg name: 'openai-role-user' params: { principalId: principalId @@ -1108,8 +1125,8 @@ module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac') { } // Contributor -module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() +module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { + scope: rg name: 'openai-role-user-contributor' params: { principalId: principalId @@ -1119,8 +1136,8 @@ module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'r } // Search Index Data Contributor -module searchRoleUser 'core/security/role.bicep' = if (authType == 'rbac') { - scope: resourceGroup() +module searchRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { + scope: rg name: 'search-role-user' params: { principalId: principalId @@ -1130,7 +1147,7 @@ module searchRoleUser 'core/security/role.bicep' = if (authType == 'rbac') { } module machineLearning 'app/machinelearning.bicep' = if (orchestrationStrategy == 'prompt_flow') { - scope: resourceGroup() + scope: rg name: azureMachineLearningName params: { location: location @@ -1173,7 +1190,7 @@ output AZURE_OPENAI_API_VERSION string = azureOpenAIApiVersion output AZURE_OPENAI_RESOURCE string = azureOpenAIResourceName output AZURE_OPENAI_EMBEDDING_MODEL_INFO string = azureOpenAIEmbeddingModelInfo output AZURE_OPENAI_API_KEY string = useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' -output AZURE_RESOURCE_GROUP string = resourceGroupName +output AZURE_RESOURCE_GROUP string = rgName output AZURE_SEARCH_KEY string = useKeyVault ? storekeys.outputs.SEARCH_KEY_NAME : '' output AZURE_SEARCH_SERVICE string = search.outputs.endpoint output AZURE_SEARCH_USE_SEMANTIC_SEARCH bool = azureSearchUseSemanticSearch diff --git a/infra/main.bicepparam b/infra/main.bicepparam index ce0418abb..860a4520e 100644 --- a/infra/main.bicepparam +++ b/infra/main.bicepparam @@ -1,6 +1,7 @@ using './main.bicep' -var location = readEnvironmentVariable('AZURE_LOCATION', 'location') +param environmentName = readEnvironmentVariable('AZURE_ENV_NAME', 'env_name') +param location = readEnvironmentVariable('AZURE_LOCATION', 'location') param principalId = readEnvironmentVariable('AZURE_PRINCIPAL_ID', 'principal_id') @@ -67,8 +68,7 @@ param computerVisionVectorizeImageModelVersion = readEnvironmentVariable('AZURE_ // We need the resourceToken to be unique for each deployment (copied from the main.bicep) var subscriptionId = readEnvironmentVariable('AZURE_SUBSCRIPTION_ID', 'subscription_id') -var resourceGroupName = readEnvironmentVariable('AZURE_RESOURCE_GROUP', 'azure_resource_group') -param resourceToken = toLower(uniqueString(subscriptionId, resourceGroupName, location)) +param resourceToken = toLower(uniqueString(subscriptionId, environmentName, location)) // Retrieve the Search Name from the Search Endpoint which will be in the format diff --git a/infra/main.json b/infra/main.json index ac292309b..078e47499 100644 --- a/infra/main.json +++ b/infra/main.json @@ -1,17 +1,31 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "4843965256692050769" + "templateHash": "1979304756377536912" } }, "parameters": { + "environmentName": { + "type": "string", + "minLength": 1, + "maxLength": 20, + "metadata": { + "description": "Name of the the environment which is used to generate a short unique hash used in all resources." + } + }, "resourceToken": { "type": "string", - "defaultValue": "[toLower(uniqueString(subscription().id, resourceGroup().name, resourceGroup().location))]" + "defaultValue": "[toLower(uniqueString(subscription().id, parameters('environmentName'), parameters('location')))]" + }, + "location": { + "type": "string", + "metadata": { + "description": "Location for all resources." + } }, "hostingPlanName": { "type": "string", @@ -622,11 +636,10 @@ "queueName": "doc-processing", "clientKey": "[format('{0}{1}', uniqueString(guid(subscription().id, deployment().name)), parameters('newGuidString'))]", "eventGridSystemTopicName": "doc-processing", - "resourceGroupName": "[resourceGroup().name]", "tags": { - "azd-env-name": "[variables('resourceGroupName')]" + "azd-env-name": "[parameters('environmentName')]" }, - "location": "[resourceGroup().location]", + "rgName": "[format('rg-{0}', parameters('environmentName'))]", "keyVaultName": "[format('kv-{0}', parameters('resourceToken'))]", "azureOpenAIModelInfo": "[string(createObject('model', parameters('azureOpenAIModel'), 'modelName', parameters('azureOpenAIModelName'), 'modelVersion', parameters('azureOpenAIModelVersion')))]", "azureOpenAIEmbeddingModelInfo": "[string(createObject('model', parameters('azureOpenAIEmbeddingModel'), 'modelName', parameters('azureOpenAIEmbeddingModelName'), 'modelVersion', parameters('azureOpenAIEmbeddingModelVersion')))]", @@ -659,10 +672,18 @@ "openAiDeployments": "[concat(variables('defaultOpenAiDeployments'), if(parameters('useAdvancedImageProcessing'), createArray(createObject('name', parameters('azureOpenAIVisionModel'), 'model', createObject('format', 'OpenAI', 'name', parameters('azureOpenAIVisionModelName'), 'version', parameters('azureOpenAIVisionModelVersion')), 'sku', createObject('name', 'Standard', 'capacity', parameters('azureOpenAIVisionModelCapacity')))), createArray()))]" }, "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", + "name": "[variables('rgName')]", + "location": "[parameters('location')]", + "tags": "[variables('tags')]" + }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "deploy_cosmos_db", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -673,7 +694,7 @@ "value": "[parameters('azureCosmosDBAccountName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" } }, "template": { @@ -815,13 +836,17 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "condition": "[or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "keyvault", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -832,7 +857,7 @@ "value": "[variables('keyVaultName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[variables('tags')]" @@ -901,12 +926,16 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('azureOpenAIResourceName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -917,7 +946,7 @@ "value": "[parameters('azureOpenAIResourceName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[variables('tags')]" @@ -1060,13 +1089,17 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "condition": "[parameters('useAdvancedImageProcessing')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "computerVision", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1079,7 +1112,7 @@ "kind": { "value": "ComputerVision" }, - "location": "[if(not(equals(parameters('computerVisionLocation'), '')), createObject('value', parameters('computerVisionLocation')), createObject('value', variables('location')))]", + "location": "[if(not(equals(parameters('computerVisionLocation'), '')), createObject('value', parameters('computerVisionLocation')), createObject('value', parameters('location')))]", "tags": { "value": "[variables('tags')]" }, @@ -1215,13 +1248,17 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-index-role-openai", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1229,7 +1266,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.identityPrincipalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "1407120a-92aa-4202-b7e9-c0e197c71c8f" @@ -1283,7 +1320,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" ] }, { @@ -1291,6 +1329,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-service-role-openai", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1298,7 +1337,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.identityPrincipalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "7ca78c08-252a-4471-8644-bb5ff32d4ba0" @@ -1352,7 +1391,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" ] }, { @@ -1360,6 +1400,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "blob-data-reader-role-search", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1367,7 +1408,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.identityPrincipalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" @@ -1421,7 +1462,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]" ] }, { @@ -1429,6 +1471,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-searchservice", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1436,7 +1479,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.identityPrincipalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd" @@ -1490,13 +1533,15 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('speechServiceName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1507,7 +1552,7 @@ "value": "[parameters('speechServiceName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "sku": { "value": { @@ -1644,13 +1689,17 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "condition": "[parameters('useKeyVault')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storekeys", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1661,29 +1710,29 @@ "value": "[variables('keyVaultName')]" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { "value": "[parameters('speechServiceName')]" }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "cosmosAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName]" }, "rgName": { - "value": "[variables('resourceGroupName')]" + "value": "[variables('rgName')]" } }, "template": { @@ -1874,19 +1923,21 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db')]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('azureAISearchName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1897,7 +1948,7 @@ "value": "[parameters('azureAISearchName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": { @@ -2050,12 +2101,16 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('hostingPlanName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2066,7 +2121,7 @@ "value": "[parameters('hostingPlanName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "sku": { "value": { @@ -2143,13 +2198,17 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "condition": "[equals(parameters('hostingModel'), 'code')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('websiteName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2160,7 +2219,7 @@ "value": "[parameters('websiteName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[union(variables('tags'), createObject('azd-service-name', 'web'))]" @@ -2172,45 +2231,45 @@ "value": "3.11" }, "appServicePlanId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, "applicationInsightsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, "healthCheckPath": { "value": "/api/health" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "cosmosDBKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" + }, + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", + "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", + "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", + "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", + "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", + "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", + "cosmosDBKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", "useKeyVault": { "value": "[parameters('useKeyVault')]" }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "authType": { "value": "[parameters('authType')]" }, @@ -2218,11 +2277,11 @@ "value": { "AZURE_BLOB_ACCOUNT_NAME": "[parameters('storageAccountName')]", "AZURE_BLOB_CONTAINER_NAME": "[variables('blobContainerName')]", - "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", + "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": "[parameters('computerVisionVectorizeImageApiVersion')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION": "[parameters('computerVisionVectorizeImageModelVersion')]", - "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", - "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", "AZURE_OPENAI_RESOURCE": "[parameters('azureOpenAIResourceName')]", "AZURE_OPENAI_MODEL_INFO": "[variables('azureOpenAIModelInfo')]", "AZURE_OPENAI_TEMPERATURE": "[parameters('azureOpenAITemperature')]", @@ -2254,14 +2313,14 @@ "AZURE_SEARCH_URL_COLUMN": "[parameters('azureSearchUrlColumn')]", "AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION": "[parameters('azureSearchUseIntegratedVectorization')]", "AZURE_SPEECH_SERVICE_NAME": "[parameters('speechServiceName')]", - "AZURE_SPEECH_SERVICE_REGION": "[variables('location')]", + "AZURE_SPEECH_SERVICE_REGION": "[parameters('location')]", "AZURE_SPEECH_RECOGNIZER_LANGUAGES": "[parameters('recognizedLanguages')]", "USE_ADVANCED_IMAGE_PROCESSING": "[parameters('useAdvancedImageProcessing')]", "ADVANCED_IMAGE_PROCESSING_MAX_IMAGES": "[parameters('advancedImageProcessingMaxImages')]", "ORCHESTRATION_STRATEGY": "[parameters('orchestrationStrategy')]", "CONVERSATION_FLOW": "[parameters('conversationFlow')]", "LOGLEVEL": "[parameters('logLevel')]", - "AZURE_COSMOSDB_INFO": "[string(createObject('accountName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'databaseName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'containerName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName))]", + "AZURE_COSMOSDB_INFO": "[string(createObject('accountName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'databaseName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'containerName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName))]", "AZURE_COSMOSDB_ENABLE_FEEDBACK": true, "CHAT_HISTORY_ENABLED": "[parameters('chatHistoryEnabled')]" } @@ -2274,7 +2333,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15380721951101386205" + "templateHash": "7601006508127321967" } }, "parameters": { @@ -3080,6 +3139,67 @@ "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('cosmos-sql-user-role-{0}', format('{0}-app-module', parameters('name')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "accountName": { + "value": "[json(parameters('appSettings').AZURE_COSMOSDB_INFO).accountName]" + }, + "roleDefinitionId": { + "value": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', split(format('{0}/00000000-0000-0000-0000-000000000002', json(parameters('appSettings').AZURE_COSMOSDB_INFO).accountName), '/')[0], split(format('{0}/00000000-0000-0000-0000-000000000002', json(parameters('appSettings').AZURE_COSMOSDB_INFO).accountName), '/')[1])]" + }, + "principalId": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "15143196747373993262" + }, + "description": "Creates a SQL role assignment under an Azure Cosmos DB account." + }, + "parameters": { + "accountName": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments", + "apiVersion": "2022-05-15", + "name": "[format('{0}/{1}', parameters('accountName'), guid(parameters('roleDefinitionId'), parameters('principalId'), resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))))]", + "properties": { + "principalId": "[parameters('principalId')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" + ] } ], "outputs": { @@ -3099,18 +3219,19 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db')]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, { @@ -3118,6 +3239,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-docker', parameters('websiteName'))]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3128,54 +3250,54 @@ "value": "[format('{0}-docker', parameters('websiteName'))]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[union(variables('tags'), createObject('azd-service-name', 'web-docker'))]" }, "dockerFullImageName": { - "value": "fruoccopublic.azurecr.io/rag-webapp" + "value": "fruoccopublic.azurecr.io/rag-webapp:latest" }, "appServicePlanId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, "applicationInsightsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, "healthCheckPath": { "value": "/api/health" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "cosmosDBKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" + }, + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", + "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", + "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", + "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", + "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", + "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", + "cosmosDBKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", "useKeyVault": { "value": "[parameters('useKeyVault')]" }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "authType": { "value": "[parameters('authType')]" }, @@ -3183,11 +3305,11 @@ "value": { "AZURE_BLOB_ACCOUNT_NAME": "[parameters('storageAccountName')]", "AZURE_BLOB_CONTAINER_NAME": "[variables('blobContainerName')]", - "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", + "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": "[parameters('computerVisionVectorizeImageApiVersion')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION": "[parameters('computerVisionVectorizeImageModelVersion')]", - "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", - "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", "AZURE_OPENAI_RESOURCE": "[parameters('azureOpenAIResourceName')]", "AZURE_OPENAI_MODEL_INFO": "[variables('azureOpenAIModelInfo')]", "AZURE_OPENAI_TEMPERATURE": "[parameters('azureOpenAITemperature')]", @@ -3219,14 +3341,14 @@ "AZURE_SEARCH_URL_COLUMN": "[parameters('azureSearchUrlColumn')]", "AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION": "[parameters('azureSearchUseIntegratedVectorization')]", "AZURE_SPEECH_SERVICE_NAME": "[parameters('speechServiceName')]", - "AZURE_SPEECH_SERVICE_REGION": "[variables('location')]", + "AZURE_SPEECH_SERVICE_REGION": "[parameters('location')]", "AZURE_SPEECH_RECOGNIZER_LANGUAGES": "[parameters('recognizedLanguages')]", "USE_ADVANCED_IMAGE_PROCESSING": "[parameters('useAdvancedImageProcessing')]", "ADVANCED_IMAGE_PROCESSING_MAX_IMAGES": "[parameters('advancedImageProcessingMaxImages')]", "ORCHESTRATION_STRATEGY": "[parameters('orchestrationStrategy')]", "CONVERSATION_FLOW": "[parameters('conversationFlow')]", "LOGLEVEL": "[parameters('logLevel')]", - "AZURE_COSMOSDB_INFO": "[string(createObject('accountName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'databaseName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'containerName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName))]", + "AZURE_COSMOSDB_INFO": "[string(createObject('accountName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'databaseName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'containerName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName))]", "AZURE_COSMOSDB_ENABLE_FEEDBACK": true, "CHAT_HISTORY_ENABLED": "[parameters('chatHistoryEnabled')]" } @@ -3239,7 +3361,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15380721951101386205" + "templateHash": "7601006508127321967" } }, "parameters": { @@ -4045,6 +4167,67 @@ "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('cosmos-sql-user-role-{0}', format('{0}-app-module', parameters('name')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "accountName": { + "value": "[json(parameters('appSettings').AZURE_COSMOSDB_INFO).accountName]" + }, + "roleDefinitionId": { + "value": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', split(format('{0}/00000000-0000-0000-0000-000000000002', json(parameters('appSettings').AZURE_COSMOSDB_INFO).accountName), '/')[0], split(format('{0}/00000000-0000-0000-0000-000000000002', json(parameters('appSettings').AZURE_COSMOSDB_INFO).accountName), '/')[1])]" + }, + "principalId": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "15143196747373993262" + }, + "description": "Creates a SQL role assignment under an Azure Cosmos DB account." + }, + "parameters": { + "accountName": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments", + "apiVersion": "2022-05-15", + "name": "[format('{0}/{1}', parameters('accountName'), guid(parameters('roleDefinitionId'), parameters('principalId'), resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))))]", + "properties": { + "principalId": "[parameters('principalId')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" + ] } ], "outputs": { @@ -4064,18 +4247,19 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db')]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, { @@ -4083,6 +4267,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('adminWebsiteName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4093,7 +4278,7 @@ "value": "[parameters('adminWebsiteName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[union(variables('tags'), createObject('azd-service-name', 'adminweb'))]" @@ -4105,41 +4290,41 @@ "value": "3.11" }, "appServicePlanId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, "applicationInsightsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" + }, + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", + "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", + "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", + "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", + "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", + "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", "useKeyVault": { "value": "[parameters('useKeyVault')]" }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "authType": { "value": "[parameters('authType')]" }, @@ -4147,11 +4332,11 @@ "value": { "AZURE_BLOB_ACCOUNT_NAME": "[parameters('storageAccountName')]", "AZURE_BLOB_CONTAINER_NAME": "[variables('blobContainerName')]", - "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", + "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": "[parameters('computerVisionVectorizeImageApiVersion')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION": "[parameters('computerVisionVectorizeImageModelVersion')]", - "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", - "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", "AZURE_OPENAI_RESOURCE": "[parameters('azureOpenAIResourceName')]", "AZURE_OPENAI_MODEL_INFO": "[variables('azureOpenAIModelInfo')]", "AZURE_OPENAI_TEMPERATURE": "[parameters('azureOpenAITemperature')]", @@ -5014,17 +5199,18 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, { @@ -5032,6 +5218,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-docker', parameters('adminWebsiteName'))]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5042,50 +5229,50 @@ "value": "[format('{0}-docker', parameters('adminWebsiteName'))]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[union(variables('tags'), createObject('azd-service-name', 'adminweb-docker'))]" }, "dockerFullImageName": { - "value": "fruoccopublic.azurecr.io/rag-adminwebapp" + "value": "fruoccopublic.azurecr.io/rag-adminwebapp:latest" }, "appServicePlanId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, "applicationInsightsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" + }, + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", + "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", + "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", + "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", + "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", + "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", "useKeyVault": { "value": "[parameters('useKeyVault')]" }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "authType": { "value": "[parameters('authType')]" }, @@ -5093,11 +5280,11 @@ "value": { "AZURE_BLOB_ACCOUNT_NAME": "[parameters('storageAccountName')]", "AZURE_BLOB_CONTAINER_NAME": "[variables('blobContainerName')]", - "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", + "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": "[parameters('computerVisionVectorizeImageApiVersion')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION": "[parameters('computerVisionVectorizeImageModelVersion')]", - "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", - "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", "AZURE_OPENAI_RESOURCE": "[parameters('azureOpenAIResourceName')]", "AZURE_OPENAI_MODEL_INFO": "[variables('azureOpenAIModelInfo')]", "AZURE_OPENAI_TEMPERATURE": "[parameters('azureOpenAITemperature')]", @@ -5960,23 +6147,25 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "monitoring", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5987,7 +6176,7 @@ "value": "[parameters('applicationInsightsName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": { @@ -7494,12 +7683,16 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "workbook", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7510,28 +7703,28 @@ "value": "[parameters('workbookDisplayName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "hostingPlanName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, - "functionName": "[if(equals(parameters('hostingModel'), 'container'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('functionName'))), '2022-09-01').outputs.functionName.value), createObject('value', reference(resourceId('Microsoft.Resources/deployments', parameters('functionName')), '2022-09-01').outputs.functionName.value))]", - "websiteName": "[if(equals(parameters('hostingModel'), 'container'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName'))), '2022-09-01').outputs.FRONTEND_API_NAME.value), createObject('value', reference(resourceId('Microsoft.Resources/deployments', parameters('websiteName')), '2022-09-01').outputs.FRONTEND_API_NAME.value))]", - "adminWebsiteName": "[if(equals(parameters('hostingModel'), 'container'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName'))), '2022-09-01').outputs.WEBSITE_ADMIN_NAME.value), createObject('value', reference(resourceId('Microsoft.Resources/deployments', parameters('adminWebsiteName')), '2022-09-01').outputs.WEBSITE_ADMIN_NAME.value))]", + "functionName": "[if(equals(parameters('hostingModel'), 'container'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('functionName'))), '2022-09-01').outputs.functionName.value), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('functionName')), '2022-09-01').outputs.functionName.value))]", + "websiteName": "[if(equals(parameters('hostingModel'), 'container'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName'))), '2022-09-01').outputs.FRONTEND_API_NAME.value), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('websiteName')), '2022-09-01').outputs.FRONTEND_API_NAME.value))]", + "adminWebsiteName": "[if(equals(parameters('hostingModel'), 'container'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName'))), '2022-09-01').outputs.WEBSITE_ADMIN_NAME.value), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('adminWebsiteName')), '2022-09-01').outputs.WEBSITE_ADMIN_NAME.value))]", "eventGridSystemTopicName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', variables('eventGridSystemTopicName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', variables('eventGridSystemTopicName')), '2022-09-01').outputs.name.value]" }, "logAnalyticsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.logAnalyticsWorkspaceName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.logAnalyticsWorkspaceName.value]" }, "azureOpenAIResourceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" } }, "template": { @@ -7694,18 +7887,19 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', parameters('adminWebsiteName'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName')))]", - "[resourceId('Microsoft.Resources/deployments', variables('eventGridSystemTopicName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('functionName'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('functionName')))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('websiteName'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('adminWebsiteName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', variables('eventGridSystemTopicName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('functionName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('functionName')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('websiteName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName')))]" ] }, { @@ -7713,6 +7907,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('functionName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7723,7 +7918,7 @@ "value": "[parameters('functionName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[union(variables('tags'), createObject('azd-service-name', 'function'))]" @@ -7735,44 +7930,44 @@ "value": "3.11" }, "appServicePlanId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, "applicationInsightsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "clientKey": { "value": "[variables('clientKey')]" }, - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", + "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", + "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", + "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", + "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", + "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", + "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", "useKeyVault": { "value": "[parameters('useKeyVault')]" }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "authType": { "value": "[parameters('authType')]" }, @@ -7780,11 +7975,11 @@ "value": { "AZURE_BLOB_ACCOUNT_NAME": "[parameters('storageAccountName')]", "AZURE_BLOB_CONTAINER_NAME": "[variables('blobContainerName')]", - "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", + "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": "[parameters('computerVisionVectorizeImageApiVersion')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION": "[parameters('computerVisionVectorizeImageModelVersion')]", - "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", - "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", "AZURE_OPENAI_MODEL_INFO": "[variables('azureOpenAIModelInfo')]", "AZURE_OPENAI_EMBEDDING_MODEL_INFO": "[variables('azureOpenAIEmbeddingModelInfo')]", "AZURE_OPENAI_RESOURCE": "[parameters('azureOpenAIResourceName')]", @@ -7818,7 +8013,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "17585935035261876784" + "templateHash": "15069678415784012390" } }, "parameters": { @@ -8000,6 +8195,9 @@ "dockerFullImageName": { "value": "[parameters('dockerFullImageName')]" }, + "useKeyVault": { + "value": "[parameters('useKeyVault')]" + }, "appSettings": { "value": "[union(parameters('appSettings'), createObject('WEBSITES_ENABLE_APP_SERVICE_STORAGE', 'false', 'AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1)))]" } @@ -8011,7 +8209,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15094851132007588437" + "templateHash": "4952443870482085522" }, "description": "Creates an Azure Function in an existing Azure App Service plan." }, @@ -8045,6 +8243,9 @@ "storageAccountName": { "type": "string" }, + "useKeyVault": { + "type": "bool" + }, "runtimeName": { "type": "string", "allowedValues": [ @@ -8166,7 +8367,7 @@ "value": "[parameters('appServicePlanId')]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value, environment().suffixes.storage), 'FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()))]" + "value": "[union(parameters('appSettings'), createObject('FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()), if(parameters('useKeyVault'), createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value, environment().suffixes.storage)), createObject('AzureWebJobsStorage__accountName', parameters('storageAccountName'))))]" }, "clientAffinityEnabled": { "value": "[parameters('clientAffinityEnabled')]" @@ -8495,6 +8696,74 @@ } } } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "storage-blob-role-function", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" + }, + "roleDefinitionId": { + "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + "principalType": { + "value": "ServicePrincipal" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "12421327006867392541" + }, + "description": "Creates a role assignment for a service principal." + }, + "parameters": { + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "roleDefinitionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(subscription().id, resourceGroup().id, parameters('principalId'), parameters('roleDefinitionId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name')))]" + ] } ], "outputs": { @@ -8945,17 +9214,18 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, { @@ -8963,6 +9233,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-docker', parameters('functionName'))]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -8973,53 +9244,53 @@ "value": "[format('{0}-docker', parameters('functionName'))]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[union(variables('tags'), createObject('azd-service-name', 'function-docker'))]" }, "dockerFullImageName": { - "value": "fruoccopublic.azurecr.io/rag-backend" + "value": "fruoccopublic.azurecr.io/rag-backend:latest" }, "appServicePlanId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName')), '2022-09-01').outputs.name.value]" }, "applicationInsightsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "storageAccountName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, "formRecognizerName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" }, "contentSafetyName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" }, "speechServiceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "clientKey": { "value": "[variables('clientKey')]" }, - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", + "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", + "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", + "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", + "searchKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", + "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", + "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", + "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", "useKeyVault": { "value": "[parameters('useKeyVault')]" }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "authType": { "value": "[parameters('authType')]" }, @@ -9027,11 +9298,11 @@ "value": { "AZURE_BLOB_ACCOUNT_NAME": "[parameters('storageAccountName')]", "AZURE_BLOB_CONTAINER_NAME": "[variables('blobContainerName')]", - "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", + "AZURE_COMPUTER_VISION_ENDPOINT": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": "[parameters('computerVisionVectorizeImageApiVersion')]", "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION": "[parameters('computerVisionVectorizeImageModelVersion')]", - "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", - "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_CONTENT_SAFETY_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]", + "AZURE_FORM_RECOGNIZER_ENDPOINT": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]", "AZURE_OPENAI_MODEL_INFO": "[variables('azureOpenAIModelInfo')]", "AZURE_OPENAI_EMBEDDING_MODEL_INFO": "[variables('azureOpenAIEmbeddingModelInfo')]", "AZURE_OPENAI_RESOURCE": "[parameters('azureOpenAIResourceName')]", @@ -9065,7 +9336,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "17585935035261876784" + "templateHash": "15069678415784012390" } }, "parameters": { @@ -9247,6 +9518,9 @@ "dockerFullImageName": { "value": "[parameters('dockerFullImageName')]" }, + "useKeyVault": { + "value": "[parameters('useKeyVault')]" + }, "appSettings": { "value": "[union(parameters('appSettings'), createObject('WEBSITES_ENABLE_APP_SERVICE_STORAGE', 'false', 'AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1)))]" } @@ -9258,7 +9532,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15094851132007588437" + "templateHash": "4952443870482085522" }, "description": "Creates an Azure Function in an existing Azure App Service plan." }, @@ -9292,6 +9566,9 @@ "storageAccountName": { "type": "string" }, + "useKeyVault": { + "type": "bool" + }, "runtimeName": { "type": "string", "allowedValues": [ @@ -9413,7 +9690,7 @@ "value": "[parameters('appServicePlanId')]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value, environment().suffixes.storage), 'FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()))]" + "value": "[union(parameters('appSettings'), createObject('FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()), if(parameters('useKeyVault'), createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value, environment().suffixes.storage)), createObject('AzureWebJobsStorage__accountName', parameters('storageAccountName'))))]" }, "clientAffinityEnabled": { "value": "[parameters('clientAffinityEnabled')]" @@ -9742,6 +10019,74 @@ } } } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "storage-blob-role-function", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" + }, + "roleDefinitionId": { + "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + "principalType": { + "value": "ServicePrincipal" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "12421327006867392541" + }, + "description": "Creates a role assignment for a service principal." + }, + "parameters": { + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "roleDefinitionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(subscription().id, resourceGroup().id, parameters('principalId'), parameters('roleDefinitionId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name')))]" + ] } ], "outputs": { @@ -10192,23 +10537,25 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'computerVision')]", - "[resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('hostingPlanName'))]", - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[resourceId('Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('formRecognizerName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10219,7 +10566,7 @@ "value": "[parameters('formRecognizerName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[variables('tags')]" @@ -10354,12 +10701,16 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('contentSafetyName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10370,7 +10721,7 @@ "value": "[parameters('contentSafetyName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "tags": { "value": "[variables('tags')]" @@ -10505,12 +10856,16 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[variables('eventGridSystemTopicName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10521,10 +10876,10 @@ "value": "[variables('eventGridSystemTopicName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "storageAccountId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.id.value]" }, "queueName": { "value": "[variables('queueName')]" @@ -10613,13 +10968,15 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('storageAccountName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10630,7 +10987,10 @@ "value": "[parameters('storageAccountName')]" }, "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" + }, + "useKeyVault": { + "value": "[parameters('useKeyVault')]" }, "sku": { "value": { @@ -10668,7 +11028,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "6009030871838517804" + "templateHash": "453102945109500908" }, "description": "Creates an Azure storage account." }, @@ -10701,9 +11061,12 @@ "type": "bool", "defaultValue": true }, + "useKeyVault": { + "type": "bool" + }, "allowSharedKeyAccess": { "type": "bool", - "defaultValue": true + "defaultValue": "[parameters('useKeyVault')]" }, "containers": { "type": "array", @@ -10859,13 +11222,17 @@ } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", + "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-role-user", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10925,13 +11292,17 @@ } ] } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", + "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-user", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10991,13 +11362,17 @@ } ] } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", + "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-user-contributor", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11057,13 +11432,17 @@ } ] } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", + "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-user", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11123,13 +11502,17 @@ } ] } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]" + ] }, { "condition": "[equals(parameters('orchestrationStrategy'), 'prompt_flow')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[parameters('azureMachineLearningName')]", + "resourceGroup": "[variables('rgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11137,29 +11520,29 @@ "mode": "Incremental", "parameters": { "location": { - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "workspaceName": { "value": "[parameters('azureMachineLearningName')]" }, "storageAccountId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.id.value]" }, - "keyVaultId": "[if(parameters('useKeyVault'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.id.value), createObject('value', ''))]", + "keyVaultId": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.id.value), createObject('value', ''))]", "applicationInsightsId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsId.value]" }, "azureOpenAIName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" }, "azureAISearchName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value]" }, "azureAISearchEndpoint": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.endpoint.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.endpoint.value]" }, "azureOpenAIEndpoint": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.endpoint.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.endpoint.value]" } }, "template": { @@ -11265,18 +11648,19 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[resourceId('Microsoft.Resources/deployments', parameters('storageAccountName'))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]" ] } ], "outputs": { "APPLICATIONINSIGHTS_CONNECTION_STRING": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsConnectionString.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsConnectionString.value]" }, "AZURE_APP_SERVICE_HOSTING_MODEL": { "type": "string", @@ -11292,19 +11676,19 @@ }, "AZURE_BLOB_ACCOUNT_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value, '')]" }, "AZURE_COMPUTER_VISION_ENDPOINT": { "type": "string", - "value": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]" + "value": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, '')]" }, "AZURE_COMPUTER_VISION_LOCATION": { "type": "string", - "value": "[if(parameters('useAdvancedImageProcessing'), reference(resourceId('Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.location.value, '')]" + "value": "[if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.location.value, '')]" }, "AZURE_COMPUTER_VISION_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value, '')]" }, "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION": { "type": "string", @@ -11316,31 +11700,31 @@ }, "AZURE_CONTENT_SAFETY_ENDPOINT": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value]" }, "AZURE_CONTENT_SAFETY_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value, '')]" }, "AZURE_FORM_RECOGNIZER_ENDPOINT": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value]" }, "AZURE_FORM_RECOGNIZER_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value, '')]" }, "AZURE_KEY_VAULT_ENDPOINT": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.endpoint.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.endpoint.value, '')]" }, "AZURE_KEY_VAULT_NAME": { "type": "string", - "value": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value, '')]" + "value": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value, '')]" }, "AZURE_LOCATION": { "type": "string", - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "AZURE_OPENAI_MODEL_INFO": { "type": "string", @@ -11384,19 +11768,19 @@ }, "AZURE_OPENAI_API_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value, '')]" }, "AZURE_RESOURCE_GROUP": { "type": "string", - "value": "[variables('resourceGroupName')]" + "value": "[variables('rgName')]" }, "AZURE_SEARCH_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value, '')]" }, "AZURE_SEARCH_SERVICE": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.endpoint.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.endpoint.value]" }, "AZURE_SEARCH_USE_SEMANTIC_SEARCH": { "type": "bool", @@ -11464,11 +11848,11 @@ }, "AZURE_SPEECH_SERVICE_REGION": { "type": "string", - "value": "[variables('location')]" + "value": "[parameters('location')]" }, "AZURE_SPEECH_SERVICE_KEY": { "type": "string", - "value": "[if(parameters('useKeyVault'), reference(resourceId('Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value, '')]" + "value": "[if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value, '')]" }, "AZURE_SPEECH_RECOGNIZER_LANGUAGES": { "type": "string", @@ -11492,11 +11876,11 @@ }, "FRONTEND_WEBSITE_NAME": { "type": "string", - "value": "[if(equals(parameters('hostingModel'), 'code'), reference(resourceId('Microsoft.Resources/deployments', parameters('websiteName')), '2022-09-01').outputs.FRONTEND_API_URI.value, reference(resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName'))), '2022-09-01').outputs.FRONTEND_API_URI.value)]" + "value": "[if(equals(parameters('hostingModel'), 'code'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('websiteName')), '2022-09-01').outputs.FRONTEND_API_URI.value, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName'))), '2022-09-01').outputs.FRONTEND_API_URI.value)]" }, "ADMIN_WEBSITE_NAME": { "type": "string", - "value": "[if(equals(parameters('hostingModel'), 'code'), reference(resourceId('Microsoft.Resources/deployments', parameters('adminWebsiteName')), '2022-09-01').outputs.WEBSITE_ADMIN_URI.value, reference(resourceId('Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName'))), '2022-09-01').outputs.WEBSITE_ADMIN_URI.value)]" + "value": "[if(equals(parameters('hostingModel'), 'code'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('adminWebsiteName')), '2022-09-01').outputs.WEBSITE_ADMIN_URI.value, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName'))), '2022-09-01').outputs.WEBSITE_ADMIN_URI.value)]" }, "LOGLEVEL": { "type": "string", @@ -11516,7 +11900,7 @@ }, "AZURE_ML_WORKSPACE_NAME": { "type": "string", - "value": "[if(equals(parameters('orchestrationStrategy'), 'prompt_flow'), reference(resourceId('Microsoft.Resources/deployments', parameters('azureMachineLearningName')), '2022-09-01').outputs.workspaceName.value, '')]" + "value": "[if(equals(parameters('orchestrationStrategy'), 'prompt_flow'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', parameters('azureMachineLearningName')), '2022-09-01').outputs.workspaceName.value, '')]" }, "RESOURCE_TOKEN": { "type": "string", @@ -11524,7 +11908,7 @@ }, "AZURE_COSMOSDB_INFO": { "type": "string", - "value": "[string(createObject('accountName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'databaseName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'containerName', reference(resourceId('Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName))]" + "value": "[string(createObject('accountName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'databaseName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'containerName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName))]" } } } \ No newline at end of file