Update environment infrastructure deployment to use AI Studio/Services

Author: jamesmcroft

Setup-Environment.ps1

@@ -22,15 +22,15 @@ param
     [string]$DeploymentName,
     [Parameter(Mandatory = $true)]
     [string]$Location,
-    [Parameter(Mandatory = $true)]
-    [string]$IsLocal,
-    [Parameter(Mandatory = $true)]
-    [string]$SkipInfrastructure
+    [Parameter(Mandatory = $false)]
+    [bool]$IsLocal,
+    [Parameter(Mandatory = $false)]
+    [bool]$SkipInfrastructure
 )
 
 Write-Host "Starting environment setup..."
 
-if ($SkipInfrastructure -eq '$false' || -not (Test-Path -Path './infra/InfrastructureOutputs.json')) {
+if ($SkipInfrastructure -eq $false) {
     Write-Host "Deploying infrastructure..."
     $InfrastructureOutputs = (./infra/Deploy-Infrastructure.ps1 `
             -DeploymentName $DeploymentName `
@@ -42,10 +42,8 @@ else {
     $InfrastructureOutputs = Get-Content -Path './infra/InfrastructureOutputs.json' -Raw | ConvertFrom-Json
 }
 
-$OpenAIEndpoint = $InfrastructureOutputs.openAIInfo.value.endpoint
-$OpenAICompletionDeployment = $InfrastructureOutputs.openAIInfo.value.completionModelDeploymentName
-$OpenAIVisionCompletionDeployment = $InfrastructureOutputs.openAIInfo.value.visionCompletionModelDeploymentName
-$DocumentIntelligenceEndpoint = $InfrastructureOutputs.documentIntelligenceInfo.value.endpoint
+$OpenAIEndpoint = $InfrastructureOutputs.aiServicesInfo.value.openAIEndpoint
+$OpenAICompletionDeployment = $InfrastructureOutputs.aiServicesInfo.value.modelDeploymentName
 $StorageAccountName = $InfrastructureOutputs.storageAccountInfo.value.name
 
 Write-Host "Updating local settings..."
@@ -54,12 +52,10 @@ $LocalSettingsPath = './src/AIDocumentPipeline/local.settings.json'
 $LocalSettings = Get-Content -Path $LocalSettingsPath -Raw | ConvertFrom-Json
 $LocalSettings.Values.OPENAI_ENDPOINT = $OpenAIEndpoint
 $LocalSettings.Values.OPENAI_COMPLETION_DEPLOYMENT = $OpenAICompletionDeployment
-$LocalSettings.Values.OPENAI_VISION_COMPLETION_DEPLOYMENT = $OpenAIVisionCompletionDeployment
-$LocalSettings.Values.DOCUMENT_INTELLIGENCE_ENDPOINT = $DocumentIntelligenceEndpoint
 $LocalSettings.Values.INVOICES_STORAGE_ACCOUNT_NAME = $StorageAccountName
 $LocalSettings | ConvertTo-Json | Out-File -FilePath $LocalSettingsPath -Encoding utf8
 
-if ($IsLocal -eq '$true') {
+if ($IsLocal -eq $true) {
     Write-Host "Starting local environment..."
 
     docker-compose up

infra/Deploy-Infrastructure.ps1

@@ -26,12 +26,13 @@ Write-Host "Starting infrastructure deployment..."
 
 Push-Location -Path $PSScriptRoot
 
-az --version
+$UserPrincipalId = ((az rest --method GET --uri "https://graph.microsoft.com/v1.0/me") | ConvertFrom-Json).id
 
 $DeploymentOutputs = (az deployment sub create --name $DeploymentName --location $Location --template-file './main.bicep' `
         --parameters './main.parameters.json' `
         --parameters workloadName=$DeploymentName `
         --parameters location=$Location `
+        --parameters userPrincipalId=$UserPrincipalId `
         --query properties.outputs -o json) | ConvertFrom-Json
 $DeploymentOutputs | ConvertTo-Json | Out-File -FilePath './InfrastructureOutputs.json' -Encoding utf8
 

infra/abbreviations.json

@@ -18,7 +18,8 @@
     "languageService": "lang-",
     "speechService": "spch-",
     "translator": "trsl-",
-    "aiHub": "aih-"
+    "aiHub": "aih-",
+    "aiHubProject": "aihp-"
   },
   "analytics": {
     "analysisServicesServer": "as",
@@ -223,4 +224,4 @@
     "virtualDesktopWorkspace": "vdws-",
     "virtualDesktopScalingPlan": "vdscaling-"
   }
-}
+}

infra/ai_ml/ai-hub-connection.bicep

@@ -0,0 +1,56 @@
+@export()
+@description('Connection information for the AI Hub/Project workspace.')
+type connectionInfo = {
+  @description('Name of the connection.')
+  name: string
+  @description('Category of the connection.')
+  category: string
+  @description('Indicates whether the connection is shared to all projects.')
+  isSharedToAll: bool
+  @description('Target of the connection.')
+  target: string?
+  @description('Authentication type for the connection target.')
+  authType:
+    | 'AAD'
+    | 'AccessKey'
+    | 'AccountKey'
+    | 'ApiKey'
+    | 'CustomKeys'
+    | 'ManagedIdentity'
+    | 'None'
+    | 'OAuth2'
+    | 'PAT'
+    | 'SAS'
+    | 'ServicePrincipal'
+    | 'UsernamePassword'
+  @description('Credentials for the connection target.')
+  credentials: object?
+  @description('Metadata for the connection target.')
+  metadata: object?
+}
+
+@description('Name of the AI Hub/Project workspace associated with the connection.')
+param aiHubName string
+@description('Connection information.')
+param connection connectionInfo
+
+resource hub 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' existing = {
+  name: aiHubName
+
+  resource hubConnection 'connections@2024-01-01-preview' = {
+    name: connection.name
+    properties: {
+      category: connection.category
+      target: connection.target
+      isSharedToAll: connection.isSharedToAll
+      authType: connection.authType
+      credentials: connection.credentials
+      metadata: connection.metadata
+    }
+  }
+}
+
+@description('ID for the deployed AI Hub/Project workspace connection resource.')
+output id string = hub::hubConnection.id
+@description('Name for the deployed AI Hub/Project workspace connection resource.')
+output name string = hub::hubConnection.name

infra/ai_ml/ai-hub-model-serverless-endpoint.bicep

@@ -0,0 +1,110 @@
+@description('Name of the resource.')
+param name string
+@description('Location to deploy the resource. Defaults to the location of the resource group.')
+param location string = resourceGroup().location
+@description('Tags for the resource.')
+param tags object = {}
+
+@export()
+@description('Key Vault configuration information for storing keys for serverless endpoint deployments.')
+type keyVaultConfigInfo = {
+  @description('Name of the key vault.')
+  name: string
+  @description('Name of the key for the primary key.')
+  primaryKeySecretName: string
+  @description('Name of the key for the secondary key.')
+  secondaryKeySecretName: string
+}
+
+@export()
+@description('Serverless model information for serverless endpoint deployments.')
+type serverlessModelInfo = {
+  @description('Name of the model. The model ID will be determined by the template.')
+  name: 'Phi-3-mini-128k-instruct' | null
+  @description('Model ID. Optional override if the expected model name is not supported. Value may start with azureml://.')
+  id: string?
+}
+
+@export()
+@description('Serverless model deployment information.')
+type serverlessModelDeploymentInfo = {
+  @description('Name for the serverless model deployment.')
+  name: string
+  @description('Serverless model information.')
+  model: serverlessModelInfo
+  @description('Key Vault configuration for the serverless model deployment.')
+  keyVaultConfig: keyVaultConfigInfo
+}
+
+@export()
+@description('Output information for serverless endpoint deployments.')
+type serverlessModelDeploymentOutputInfo = {
+  @description('ID for the deployed AI model serverless endpoint resource.')
+  id: string
+  @description('Name for the deployed AI model serverless endpoint resource.')
+  name: string
+  @description('Inference endpoint for the deployed AI model serverless endpoint resource.')
+  endpoint: string
+  @description('Primary key secret name for the deployed AI model serverless endpoint resource.')
+  primaryKeySecretName: string
+  @description('Secondary key secret name for the deployed AI model serverless endpoint resource.')
+  secondaryKeySecretName: string
+}
+
+@description('Name for the AI Hub resource to deploy the serverless endpoint to.')
+param aiHubName string
+@description('Model to deploy as a serverless endpoint.')
+param model serverlessModelInfo
+@description('Key Vault configuration to store endpoint keys.')
+param keyVaultConfig keyVaultConfigInfo?
+
+var models = loadJsonContent('./models.json')
+var modelId = contains(model, 'id') ? model.id! : models.serverless[model.name!]
+
+resource aiHub 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' existing = {
+  name: aiHubName
+}
+
+resource modelServerlessEndpoint 'Microsoft.MachineLearningServices/workspaces/serverlessEndpoints@2024-04-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  parent: aiHub
+  sku: {
+    name: 'Consumption'
+  }
+  properties: {
+    modelSettings: {
+      modelId: modelId
+    }
+  }
+}
+
+module primaryKeySecret '../security/key-vault-secret.bicep' = if (keyVaultConfig != null) {
+  name: keyVaultConfig!.primaryKeySecretName
+  params: {
+    name: keyVaultConfig!.primaryKeySecretName
+    keyVaultName: keyVaultConfig!.name
+    value: modelServerlessEndpoint.listKeys().primaryKey
+  }
+}
+
+module secondaryKeySecret '../security/key-vault-secret.bicep' = if (keyVaultConfig != null) {
+  name: keyVaultConfig!.secondaryKeySecretName
+  params: {
+    name: keyVaultConfig!.secondaryKeySecretName
+    keyVaultName: keyVaultConfig!.name
+    value: modelServerlessEndpoint.listKeys().secondaryKey
+  }
+}
+
+@description('ID for the deployed AI model serverless endpoint resource.')
+output id string = modelServerlessEndpoint.id
+@description('Name for the deployed AI model serverless endpoint resource.')
+output name string = modelServerlessEndpoint.name
+@description('Inference endpoint for the deployed AI model serverless endpoint resource.')
+output endpoint string = modelServerlessEndpoint.properties.inferenceEndpoint.uri
+@description('Primary key secret name for the deployed AI model serverless endpoint resource.')
+output primaryKeySecretName string = keyVaultConfig != null ? keyVaultConfig!.primaryKeySecretName : ''
+@description('Secondary key secret name for the deployed AI model serverless endpoint resource.')
+output secondaryKeySecretName string = keyVaultConfig != null ? keyVaultConfig!.secondaryKeySecretName : ''

infra/ai_ml/ai-hub-project.bicep

@@ -0,0 +1,119 @@
+import { roleAssignmentInfo } from '../security/managed-identity.bicep'
+import { serverlessModelDeploymentInfo, serverlessModelDeploymentOutputInfo } from './ai-hub-model-serverless-endpoint.bicep'
+import { connectionInfo } from 'ai-hub-connection.bicep'
+
+@description('Name of the resource.')
+param name string
+@description('Location to deploy the resource. Defaults to the location of the resource group.')
+param location string = resourceGroup().location
+@description('Tags for the resource.')
+param tags object = {}
+
+@description('Name for the AI Hub resource associated with the AI Hub project.')
+param aiHubName string
+@description('Friendly name for the AI Hub project.')
+param friendlyName string = name
+@description('Description for the AI Hub project.')
+param descriptionInfo string = 'Azure AI Hub Project'
+@description('Whether to enable public network access. Defaults to Enabled.')
+@allowed([
+  'Enabled'
+  'Disabled'
+])
+param publicNetworkAccess string = 'Enabled'
+@description('Whether or not to use credentials for the system datastores of the workspace. Defaults to identity.')
+@allowed([
+  'accessKey'
+  'identity'
+])
+param systemDatastoresAuthMode string = 'identity'
+@description('ID for the Managed Identity associated with the AI Hub project. Defaults to the system-assigned identity.')
+param identityId string?
+@description('Serverless model deployments for the AI Hub project.')
+param serverlessModels serverlessModelDeploymentInfo[] = []
+@description('Resource connections associated with the AI Hub project.')
+param connections connectionInfo[] = []
+@description('Role assignments to create for the AI Hub project instance.')
+param roleAssignments roleAssignmentInfo[] = []
+
+resource aiHub 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' existing = {
+  name: aiHubName
+}
+
+resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  kind: 'Project'
+  identity: {
+    type: identityId == null ? 'SystemAssigned' : 'UserAssigned'
+    userAssignedIdentities: identityId == null
+      ? null
+      : {
+          '${identityId}': {}
+        }
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Basic'
+  }
+  properties: {
+    friendlyName: friendlyName
+    description: descriptionInfo
+    hubResourceId: aiHub.id
+    publicNetworkAccess: publicNetworkAccess
+    systemDatastoresAuthMode: systemDatastoresAuthMode
+    primaryUserAssignedIdentity: identityId
+  }
+}
+
+module aiHubConnections 'ai-hub-connection.bicep' = [
+  for connection in connections: {
+    name: connection.name
+    params: {
+      aiHubName: aiHubProject.name
+      connection: connection
+    }
+  }
+]
+
+module serverlessModelEndpoints 'ai-hub-model-serverless-endpoint.bicep' = [
+  for serverlessModel in serverlessModels: {
+    name: serverlessModel.name
+    params: {
+      name: serverlessModel.name
+      aiHubName: aiHubProject.name
+      model: serverlessModel.model
+      keyVaultConfig: serverlessModel.keyVaultConfig
+    }
+  }
+]
+
+resource assignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
+  for roleAssignment in roleAssignments: {
+    name: guid(aiHubProject.id, roleAssignment.principalId, roleAssignment.roleDefinitionId)
+    scope: aiHubProject
+    properties: {
+      principalId: roleAssignment.principalId
+      roleDefinitionId: roleAssignment.roleDefinitionId
+      principalType: roleAssignment.principalType
+    }
+  }
+]
+
+@description('ID for the deployed AI Hub project resource.')
+output id string = aiHubProject.id
+@description('Name for the deployed AI Hub project resource.')
+output name string = aiHubProject.name
+@description('Identity principal ID for the deployed AI Hub project resource.')
+output identityPrincipalId string? = identityId == null ? aiHubProject.identity.principalId : identityId
+@description('Serverless model deployments for the AI Hub project.')
+output serverlessModelDeployments serverlessModelDeploymentOutputInfo[] = [
+  for (item, index) in serverlessModels: {
+    id: serverlessModelEndpoints[index].outputs.id
+    name: serverlessModelEndpoints[index].outputs.name
+    endpoint: serverlessModelEndpoints[index].outputs.endpoint
+    primaryKeySecretName: serverlessModelEndpoints[index].outputs.primaryKeySecretName
+    secondaryKeySecretName: serverlessModelEndpoints[index].outputs.secondaryKeySecretName
+  }
+]