V2.0.0 alpha

.github/dependabot.yml

@@ -8,11 +8,13 @@ updates:
   - package-ecosystem: "terraform" 
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "monday"
+      time: "00:00"
       timezone: "Europe/London"
 
-  - package-ecosystem: "github-actions" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "github-actions" 
+    directory: "/" 
     schedule:
       interval: "weekly"
       day: "sunday"

.github/workflows/manual-test-release.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Checkout
         uses: actions/[email protected]
 
-      - name: Run Dependency Tests - Plan AND Apply AND Destroy
+      - name: Plan AND Apply AND Destroy
         uses: Pwd9000-ML/[email protected]
         with:
           test_type: plan-apply-destroy      ## (Required) Valid options are "plan", "plan-apply", "plan-apply-destroy". Default="plan"

.github/workflows/manual-test.yml

@@ -11,7 +11,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  manual_plan_apply_destroy:
+  manual_plan_apply:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
@@ -21,7 +21,7 @@ jobs:
       - name: Checkout
         uses: actions/[email protected]
 
-      - name: Run Dependency Tests - Plan AND Apply AND Destroy
+      - name: Plan AND Apply Only
         uses: Pwd9000-ML/[email protected]
         with:
           test_type: plan-apply              ## (Required) Valid options are "plan", "plan-apply", "plan-apply-destroy". Default="plan"

01_resource_group.tf

@@ -0,0 +1,6 @@
+# Create Solution Resource Group
+resource "azurerm_resource_group" "az_openai_rg" {
+  name     = var.resource_group_name
+  location = var.location
+  tags     = var.tags
+}

02_networking.tf

@@ -0,0 +1,33 @@
+# Create Solution Virtual Network
+resource "azurerm_virtual_network" "az_openai_vnet" {
+  name                = var.virtual_network_name
+  location            = var.location
+  resource_group_name = azurerm_resource_group.az_openai_rg.name
+  address_space       = var.vnet_address_space
+  tags                = var.tags
+}
+
+# Azure Virtual Network Subnets
+resource "azurerm_subnet" "az_openai_subnet" {
+  resource_group_name                           = azurerm_resource_group.az_openai_rg.name
+  virtual_network_name                          = azurerm_virtual_network.az_openai_vnet.name
+  name                                          = var.subnet_config.subnet_name
+  address_prefixes                              = var.subnet_config.subnet_address_space
+  service_endpoints                             = var.subnet_config.service_endpoints
+  private_link_service_network_policies_enabled = var.subnet_config.private_link_service_network_policies_enabled
+  private_endpoint_network_policies_enabled     = var.subnet_config.private_endpoint_network_policies_enabled
+
+  dynamic "delegation" {
+    for_each = var.subnet_config.subnets_delegation_settings
+    content {
+      name = delegation.key
+      dynamic "service_delegation" {
+        for_each = toset(delegation.value)
+        content {
+          name    = service_delegation.value.name
+          actions = service_delegation.value.actions
+        }
+      }
+    }
+  }
+}

03_keyvault.tf

@@ -0,0 +1,27 @@
+# Key Vault - Create Key Vault to save cognitive account, cosmosDB, App details
+resource "azurerm_key_vault" "az_openai_kv" {
+  resource_group_name = azurerm_resource_group.az_openai_rg.name
+  location            = var.location
+  #values from variable kv_config object
+  name                      = lower(var.kv_name)
+  sku_name                  = var.kv_sku
+  enable_rbac_authorization = true
+  tenant_id                 = data.azurerm_client_config.current.tenant_id
+  network_acls {
+    default_action             = var.kv_fw_default_action
+    bypass                     = var.kv_fw_bypass
+    ip_rules                   = var.kv_fw_allowed_ips
+    virtual_network_subnet_ids = var.kv_fw_network_subnet_ids != null ? var.kv_fw_network_subnet_ids : azurerm_subnet.az_openai_subnet.*.id
+  }
+  tags       = var.tags
+  depends_on = [azurerm_subnet.az_openai_subnet]
+}
+
+
+# Add "self" permission to key vault RBAC (to manange key vault secrets)
+resource "azurerm_role_assignment" "kv_role_assigment" {
+  for_each             = toset(["Key Vault Administrator"])
+  role_definition_name = each.key
+  scope                = azurerm_key_vault.az_openai_kv.id
+  principal_id         = data.azurerm_client_config.current.object_id
+}

04_az_openai.tf

@@ -0,0 +1,92 @@
+# Create OpenAI Cognitive Account
+resource "azurerm_cognitive_account" "az_openai" {
+  kind                               = "OpenAI"
+  location                           = var.location
+  name                               = var.oai_account_name
+  resource_group_name                = azurerm_resource_group.az_openai_rg.name
+  sku_name                           = var.oai_sku_name
+  custom_subdomain_name              = var.oai_custom_subdomain_name
+  dynamic_throttling_enabled         = var.oai_dynamic_throttling_enabled
+  fqdns                              = var.oai_fqdns
+  local_auth_enabled                 = var.oai_local_auth_enabled
+  outbound_network_access_restricted = var.oai_outbound_network_access_restricted
+  public_network_access_enabled      = var.oai_public_network_access_enabled
+  tags                               = var.tags
+
+  dynamic "customer_managed_key" {
+    for_each = var.oai_customer_managed_key != null ? [var.oai_customer_managed_key] : []
+    content {
+      key_vault_key_id   = customer_managed_key.value.key_vault_key_id
+      identity_client_id = customer_managed_key.value.identity_client_id
+    }
+  }
+
+  dynamic "identity" {
+    for_each = var.oai_identity != null ? [var.oai_identity] : []
+    content {
+      type         = identity.value.type
+      identity_ids = identity.value.identity_ids
+    }
+  }
+
+  dynamic "network_acls" {
+    for_each = var.oai_network_acls != null ? [var.oai_network_acls] : []
+    content {
+      default_action = network_acls.value.default_action
+      ip_rules       = network_acls.value.ip_rules
+
+      dynamic "virtual_network_rules" {
+        for_each = network_acls.value.virtual_network_rules != null ? network_acls.value.virtual_network_rules : []
+        content {
+          subnet_id                            = virtual_network_rules.value.subnet_id
+          ignore_missing_vnet_service_endpoint = virtual_network_rules.value.ignore_missing_vnet_service_endpoint
+        }
+      }
+    }
+  }
+
+  dynamic "storage" {
+    for_each = var.oai_storage
+    content {
+      storage_account_id = storage.value.storage_account_id
+      identity_client_id = storage.value.identity_client_id
+    }
+  }
+}
+
+# Create OpenAI Cognitive Account Model Deployments
+resource "azurerm_cognitive_deployment" "az_openai_models" {
+  for_each = { for each in var.oai_model_deployment : each.deployment_id => each }
+
+  cognitive_account_id = azurerm_cognitive_account.az_openai.id
+  name                 = each.value.deployment_id
+  rai_policy_name      = each.value.rai_policy_name
+
+  model {
+    format  = each.value.model_format
+    name    = each.value.model_name
+    version = each.value.model_version
+  }
+  scale {
+    type     = each.value.scale_type
+    tier     = each.value.scale_tier
+    size     = each.value.scale_size
+    family   = each.value.scale_family
+    capacity = each.value.scale_capacity
+  }
+}
+
+# Save OpenAI Cognitive Account details to Key Vault for consumption by other services
+resource "azurerm_key_vault_secret" "openai_endpoint" {
+  name         = "${var.oai_account_name}-openai-endpoint"
+  value        = azurerm_cognitive_account.az_openai.endpoint
+  key_vault_id = azurerm_key_vault.az_openai_kv.id
+  depends_on   = [azurerm_role_assignment.kv_role_assigment]
+}
+
+resource "azurerm_key_vault_secret" "openai_primary_key" {
+  name         = "${var.oai_account_name}-openai-key"
+  value        = azurerm_cognitive_account.az_openai.primary_access_key
+  key_vault_id = azurerm_key_vault.az_openai_kv.id
+  depends_on   = [azurerm_role_assignment.kv_role_assigment]
+}

05_cosmosdb.tf

@@ -0,0 +1,51 @@
+# Create CosmosDB Account running MongoDB
+resource "azurerm_cosmosdb_account" "az_openai_mongodb" {
+  name                      = var.cosmosdb_name
+  resource_group_name       = azurerm_resource_group.az_openai_rg.name
+  location                  = var.location
+  offer_type                = var.cosmosdb_offer_type
+  kind                      = var.cosmosdb_kind
+  enable_automatic_failover = var.cosmosdb_automatic_failover
+  enable_free_tier          = var.use_cosmosdb_free_tier
+  tags                      = var.tags
+
+  consistency_policy {
+    consistency_level       = var.cosmosdb_consistency_level
+    max_interval_in_seconds = var.cosmosdb_max_interval_in_seconds
+    max_staleness_prefix    = var.cosmosdb_max_staleness_prefix
+  }
+
+  dynamic "geo_location" {
+    for_each = var.cosmosdb_geo_locations
+    content {
+      location          = geo_location.value.location
+      failover_priority = geo_location.value.failover_priority
+    }
+  }
+
+  dynamic "capabilities" {
+    for_each = var.cosmosdb_capabilities
+    content {
+      name = capabilities.value
+    }
+  }
+
+  dynamic "virtual_network_rule" {
+    for_each = var.cosmosdb_virtual_network_subnets != null ? var.cosmosdb_virtual_network_subnets : azurerm_subnet.az_openai_subnet.*.id
+    content {
+      id = virtual_network_rule.value
+    }
+  }
+
+  is_virtual_network_filter_enabled = var.cosmosdb_is_virtual_network_filter_enabled
+  public_network_access_enabled     = var.cosmosdb_public_network_access_enabled
+  depends_on                        = [azurerm_subnet.az_openai_subnet]
+}
+
+### Save MongoDB URI details to Key Vault for consumption by other services (e.g. LibreChat App)
+resource "azurerm_key_vault_secret" "openai_cosmos_uri" {
+  name         = "${var.cosmosdb_name}-cosmos-uri"
+  value        = azurerm_cosmosdb_account.az_openai_mongodb.primary_mongodb_connection_string
+  key_vault_id = azurerm_key_vault.az_openai_kv.id
+  depends_on   = [azurerm_role_assignment.kv_role_assigment]
+}