integrate for services, now services are running ok (#54)

## Purpose  * ... ## Does this introduce a breaking change?  ``` [ ] Yes [ ] No ``` ## Pull Request Type What kind of change does this Pull Request introduce?  ``` [ ] Bugfix [ ] Feature [ ] Code style update (formatting, local variables) [ ] Refactoring (no functional changes, no api changes) [ ] Documentation content changes [ ] Other... Please describe: ``` ## How to Test * Get the code ``` git clone [repo-address] cd [repo-name] git checkout [branch-name] npm install ``` * Test the code  ``` ``` ## What to Check Verify that the following are valid * ... ## Other Information
Azure-Samples · Sep 25, 2024 · 0da2665 · 0da2665
1 parent 93439b3
commit 0da2665
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 42 deletions.
diff --git a/config/application-passwordless.yml b/config/application-passwordless.yml
@@ -1,5 +1,7 @@
 server:
   port: 8080
+
+spring:
   sql:
     init:
       schema-locations: classpath*:db/mysql/schema.sql

diff --git a/infra/bicep/main.bicep b/infra/bicep/main.bicep
@@ -46,12 +46,14 @@ param acrSubscription string = ''
 
 @description('Enable OpenAI components')
 param enableOpenAi bool = false
+@description('Name of the Open AI name')
+param openAiName string = ''
 @description('Resource group of the Open AI')
-param openAiResourceGroup string
+param openAiResourceGroup string = ''
 @description('Location of the Open AI')
-param openAiLocation string
+param openAiLocation string = ''
 @description('Subscription of the Open AI')
-param openAiSubscription string
+param openAiSubscription string = ''
 
 @description('Name of the log analytics server. Default la-{environmentName}')
 param logAnalyticsName string = ''
@@ -225,9 +227,11 @@ module openai 'modules/ai/openai.bicep' = if (enableOpenAi) {
   ]
   scope: resourceGroup(openAiSubscription, openAiResourceGroup)
   params: {
-    accountName: 'openai-${environmentName}'
+    accountName: !empty(openAiName) ? openAiName : 'openai-${environmentName}'
     location: openAiLocation
     appPrincipalId: umiApps.outputs.principalId
+    tags: tags
+    newOrExisting: 'existing'
   }
 }
 
@@ -238,8 +242,9 @@ module applications 'modules/app/petclinic.bicep' = {
     managedEnvironmentsName: managedEnvironment.outputs.containerAppsEnvironmentName
     eurekaId: javaComponents.outputs.eurekaId
     configServerId: javaComponents.outputs.configServerId
-    mysqlDBId: mysql.outputs.databaseId
-    mysqlUserAssignedIdentityClientId: umiApps.outputs.clientId
+    mysqlDatabaseId: mysql.outputs.databaseId
+    umiAppsClientId: umiApps.outputs.clientId
+    umiAppsIdentityId: umiApps.outputs.id
     acrRegistry: '${acrRoleAssignments.outputs.registryName}.azurecr.io' // add dependency to make sure roles are assigned
     acrIdentityId: umiAcrPull.outputs.id
     apiGatewayImage: !empty(apiGatewayImage) ? apiGatewayImage : placeholderImage
@@ -251,8 +256,8 @@ module applications 'modules/app/petclinic.bicep' = {
     targetPort: 8080
     applicationInsightsConnString: applicationInsights.outputs.connectionString
     enableOpenAi: enableOpenAi
-    azureOpenAiEndpoint: openai.outputs.endpoint
-    openAiClientId: umiApps.outputs.id
+    openAiEndpoint: openai.outputs.endpoint
+    openAiClientId: umiApps.outputs.clientId
   }
 }
 

diff --git a/infra/bicep/main.parameters.json b/infra/bicep/main.parameters.json
@@ -38,6 +38,9 @@
         "enableOpenAi": {
             "value": true
         },
+        "openAiName": {
+            "value": "openai-petclinic"
+        },
         "openAiResourceGroup": {
             "value": "rg-openai"
         },

diff --git a/infra/bicep/modules/ai/openai.bicep b/infra/bicep/modules/ai/openai.bicep
@@ -10,7 +10,7 @@ param location string
 param modelTextEmbeddingAda002 string = 'text-embedding-ada-002'
 
 @description('Optional. model name for the gpt-4 language model. ')
-param modelGpt4 string = 'gpt-4'
+param modelGpt4 string = 'gpt-4o'
 
 @description('Optional. model format for the language models. ')
 param modelFormat string = 'OpenAI'
@@ -22,21 +22,32 @@ param appPrincipalId string
 // https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning#cognitive-services-openai-user
 param roleDefinitionId string = '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd'
 
-resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
+@description('Optional. Tags of the resource.')
+param tags object = {}
+
+@description('Optional. Determines whether or not new ApplicationInsights should be provisioned.')
+@allowed([
+  'new'
+  'existing'
+])
+param newOrExisting string = 'new'
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = if (newOrExisting == 'new') {
   name: accountName
   location: location
   sku: {
     name: 'S0'
   }
   kind: 'OpenAI'
+  tags: tags
   properties: {
     customSubDomainName: accountName
     publicNetworkAccess: 'Enabled'
     disableLocalAuth: true
   }
 }
 
-resource modelDeploymentTextEmbeddingAda002 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = {
+resource modelDeploymentTextEmbeddingAda002 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = if (newOrExisting == 'new') {
   name: modelTextEmbeddingAda002
   parent: account
   properties: {
@@ -52,24 +63,24 @@ resource modelDeploymentTextEmbeddingAda002 'Microsoft.CognitiveServices/account
   }
 }
 
-resource modelDeploymentGpt4 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = {
+resource modelDeploymentGpt4 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = if (newOrExisting == 'new') {
   name: modelGpt4
   dependsOn: [ modelDeploymentTextEmbeddingAda002 ]
   parent: account
   properties: {
     model: {
       name: modelGpt4
-      version: '0613'
+      version: '2024-05-13'
       format: modelFormat
     }
   }
   sku: {
-    name: 'GlobalBatch'
+    name: 'GlobalStandard'
     capacity: 1
   }
 }
 
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (newOrExisting == 'new') {
   name: guid(resourceGroup().id, appPrincipalId, roleDefinitionId)
   scope: account
   dependsOn: [
@@ -82,5 +93,21 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   }
 }
 
-output endpoint string = account.properties.endpoint
-output resourceId string = account.id
+resource accountExist 'Microsoft.CognitiveServices/accounts@2023-05-01' existing = if (newOrExisting == 'existing') {
+  name: accountName
+}
+
+resource roleAssignmentExist 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (newOrExisting == 'existing') {
+  name: guid(resourceGroup().id, appPrincipalId, roleDefinitionId)
+  scope: accountExist
+  properties: {
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+    principalId: appPrincipalId
+  }
+}
+
+@description('Endpoint of the Azure OpenAI service account.')
+output endpoint string = (newOrExisting == 'new') ? account.properties.endpoint : accountExist.properties.endpoint
+
+@description('Resource Id of the Azure OpenAI service account.')
+output resourceId string = (newOrExisting == 'new') ? account.id : accountExist.id
diff --git a/infra/bicep/modules/app/petclinic.bicep b/infra/bicep/modules/app/petclinic.bicep
@@ -4,12 +4,14 @@ param managedEnvironmentsName string
 param eurekaId string
 param configServerId string
 
-param mysqlDBId string
-param mysqlUserAssignedIdentityClientId string
+param mysqlDatabaseId string
 
 param acrRegistry string
 param acrIdentityId string
 
+param umiAppsClientId string
+param umiAppsIdentityId string
+
 param apiGatewayImage string
 param customersServiceImage string
 param vetsServiceImage string
@@ -21,7 +23,7 @@ param applicationInsightsConnString string = ''
 
 param enableOpenAi bool
 
-param azureOpenAiEndpoint string
+param openAiEndpoint string
 param openAiClientId string
 
 param targetPort int = 8080
@@ -42,7 +44,8 @@ module apiGateway '../containerapps/containerapp.bicep' = {
     configServerId: configServerId
     registry: acrRegistry
     image: apiGatewayImage
-    containerRegistryUserAssignedIdentityId: acrIdentityId
+    acrIdentityId: acrIdentityId
+    umiAppsIdentityId: umiAppsIdentityId
     external: true
     targetPort: targetPort
     createSqlConnection: false
@@ -69,12 +72,13 @@ module customersService '../containerapps/containerapp.bicep' = {
     configServerId: configServerId
     registry: acrRegistry
     image: customersServiceImage
-    containerRegistryUserAssignedIdentityId: acrIdentityId
+    acrIdentityId: acrIdentityId
     external: false
     targetPort: targetPort
     createSqlConnection: true
-    mysqlDBId: mysqlDBId
-    mysqlUserAssignedIdentityClientId: mysqlUserAssignedIdentityClientId
+    mysqlDatabaseId: mysqlDatabaseId
+    umiAppsClientId: umiAppsClientId
+    umiAppsIdentityId: umiAppsIdentityId
     readinessProbeInitialDelaySeconds: 20
     livenessProbeInitialDelaySeconds: 40
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
@@ -100,12 +104,13 @@ module vetsService '../containerapps/containerapp.bicep' = {
     configServerId: configServerId
     registry: acrRegistry
     image: vetsServiceImage
-    containerRegistryUserAssignedIdentityId: acrIdentityId
+    acrIdentityId: acrIdentityId
     external: false
     targetPort: targetPort
     createSqlConnection: true
-    mysqlDBId: mysqlDBId
-    mysqlUserAssignedIdentityClientId: mysqlUserAssignedIdentityClientId
+    mysqlDatabaseId: mysqlDatabaseId
+    umiAppsClientId: umiAppsClientId
+    umiAppsIdentityId: umiAppsIdentityId
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
       {
         name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
@@ -129,12 +134,13 @@ module visitsService '../containerapps/containerapp.bicep' = {
     configServerId: configServerId
     registry: acrRegistry
     image: visitsServiceImage
-    containerRegistryUserAssignedIdentityId: acrIdentityId
+    acrIdentityId: acrIdentityId
     external: false
     targetPort: targetPort
     createSqlConnection: true
-    mysqlDBId: mysqlDBId
-    mysqlUserAssignedIdentityClientId: mysqlUserAssignedIdentityClientId
+    mysqlDatabaseId: mysqlDatabaseId
+    umiAppsClientId: umiAppsClientId
+    umiAppsIdentityId: umiAppsIdentityId
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
       {
         name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
@@ -158,7 +164,8 @@ module chatAgent '../containerapps/containerapp.bicep' = if (enableOpenAi) {
     configServerId: configServerId
     registry: acrRegistry
     image: chatAgentImage
-    containerRegistryUserAssignedIdentityId: acrIdentityId
+    acrIdentityId: acrIdentityId
+    umiAppsIdentityId: umiAppsIdentityId
     external: true
     targetPort: targetPort
     createSqlConnection: false
@@ -176,7 +183,7 @@ module chatAgent '../containerapps/containerapp.bicep' = if (enableOpenAi) {
       !enableOpenAi ? [] : [
       {
         name: 'SPRING_AI_AZURE_OPENAI_ENDPOINT'
-        value: azureOpenAiEndpoint
+        value: openAiEndpoint
       }
       {
         name: 'SPRING_AI_AZURE_OPENAI_CLIENT_ID'
@@ -196,7 +203,8 @@ module adminServer '../containerapps/containerapp.bicep' = {
     configServerId: configServerId
     registry: acrRegistry
     image: adminServerImage
-    containerRegistryUserAssignedIdentityId: acrIdentityId
+    acrIdentityId: acrIdentityId
+    umiAppsIdentityId: umiAppsIdentityId
     external: true
     targetPort: targetPort
     createSqlConnection: false

diff --git a/infra/bicep/modules/containerapps/containerapp.bicep b/infra/bicep/modules/containerapps/containerapp.bicep
@@ -6,12 +6,13 @@ param appName string
 param eurekaId string
 param configServerId string
 param external bool = false
-param containerRegistryUserAssignedIdentityId string
+param acrIdentityId string
+param umiAppsIdentityId string
+param umiAppsClientId string = ''
 param env array = []
 param targetPort int
 param createSqlConnection bool = false
-param mysqlDBId string = ''
-param mysqlUserAssignedIdentityClientId string = ''
+param mysqlDatabaseId string = ''
 param readinessProbeInitialDelaySeconds int = 10
 param livenessProbeInitialDelaySeconds int = 30
 
@@ -21,7 +22,8 @@ resource app 'Microsoft.App/containerApps@2024-02-02-preview' = {
   identity: {
     type: 'UserAssigned'
     userAssignedIdentities: {
-      '${containerRegistryUserAssignedIdentityId}': {}
+      '${acrIdentityId}': {}
+      '${umiAppsIdentityId}': {}
     }
   }
   properties: {
@@ -31,10 +33,10 @@ resource app 'Microsoft.App/containerApps@2024-02-02-preview' = {
         external: external
         targetPort: targetPort
       }
-      registries: containerRegistryUserAssignedIdentityId == null ? null : [
+      registries: empty(acrIdentityId) ? null : [
         {
           server: registry
-          identity: containerRegistryUserAssignedIdentityId
+          identity: acrIdentityId
         }
       ]
       runtime: {
@@ -108,7 +110,7 @@ resource app 'Microsoft.App/containerApps@2024-02-02-preview' = {
   }
 }
 
-var mysqlToken = !empty(mysqlDBId) ? split(mysqlDBId, '/') : array('')
+var mysqlToken = !empty(mysqlDatabaseId) ? split(mysqlDatabaseId, '/') : array('')
 var mysqlSubscriptionId = length(mysqlToken) > 2 ? mysqlToken[2] : ''
 
 var connectionName = 'mysql_conn'
@@ -121,13 +123,13 @@ resource connectDB 'Microsoft.ServiceLinker/linkers@2023-04-01-preview' = if (cr
     clientType: 'springBoot'
     authInfo: {
       authType: 'userAssignedIdentity'
-      clientId: mysqlUserAssignedIdentityClientId
+      clientId: umiAppsClientId
       subscriptionId: mysqlSubscriptionId
       userName: 'aad_${connectionName}'
     }
     targetService: {
       type: 'AzureResource'
-      id: mysqlDBId
+      id: mysqlDatabaseId
     }
   }
 }