Refactor Azure OpenAI setup by moving to Bicep module.

azd-hooks/postprovision.sh

@@ -7,8 +7,6 @@ fi
 
 export HELM_REPO_URL="https://azure-javaee.github.io/cargotracker-liberty-aks"
 export HELM_REPO_NAME="cargotracker-liberty-aks"
-export AZURE_OPENAI_MODEL_NAME="gpt-4o"
-export AZURE_OPENAI_MODEL_VERSION="2024-08-06"
 export ACR_NAME=$(az acr list  -g ${RESOURCE_GROUP_NAME} --query [0].name -o tsv)
 export ACR_SERVER=$(az acr show -n $ACR_NAME -g ${RESOURCE_GROUP_NAME} --query 'loginServer' -o tsv)
 export AKS_NAME=$(az aks list -g ${RESOURCE_GROUP_NAME} --query \[0\].name -o tsv)
@@ -26,8 +24,6 @@ fi
 
 helm repo add ${HELM_REPO_NAME} ${HELM_REPO_URL}
 
-
-
 az aks enable-addons \
   --addons monitoring \
   --name ${AKS_NAME} \
@@ -63,45 +59,6 @@ az postgres flexible-server firewall-rule create \
 az postgres flexible-server parameter set --name max_prepared_transactions --value 10 -g ${RESOURCE_GROUP_NAME} --server-name ${DB_RESOURCE_NAME}
 az postgres flexible-server restart -g ${RESOURCE_GROUP_NAME} --name ${DB_RESOURCE_NAME}
 
-az cognitiveservices account create \
-    --name ${AZURE_OPENAI_NAME} \
-    --resource-group ${RESOURCE_GROUP_NAME} \
-    --location ${LOCATION} \
-    --kind OpenAI \
-    --custom-domain $AZURE_OPENAI_NAME \
-    --sku s0
-
-resourceId=$(az cognitiveservices account show \
-    --resource-group ${RESOURCE_GROUP_NAME} \
-    --name ${AZURE_OPENAI_NAME} \
-    --query id --output tsv | tr -d '\r')
-
-az resource update \
-    --ids ${resourceId} \
-    --set properties.networkAcls="{'defaultAction':'Allow', 'ipRules':[],'virtualNetworkRules':[]}"
-
-az cognitiveservices account deployment create \
-    --name ${AZURE_OPENAI_NAME} \
-    --resource-group ${RESOURCE_GROUP_NAME} \
-    --deployment-name ${AZURE_OPENAI_MODEL_NAME} \
-    --model-name ${AZURE_OPENAI_MODEL_NAME} \
-    --model-version ${AZURE_OPENAI_MODEL_VERSION} \
-    --model-format OpenAI \
-    --sku Standard \
-    --capacity 10
-
-AZURE_OPENAI_KEY=$(az cognitiveservices account keys list \
-    --name ${AZURE_OPENAI_NAME} \
-    --resource-group ${RESOURCE_GROUP_NAME} \
-    --query key1 \
-    --output tsv)
-
-AZURE_OPENAI_ENDPOINT=$(az cognitiveservices account show \
-    --name ${AZURE_OPENAI_NAME} \
-    --resource-group ${RESOURCE_GROUP_NAME} \
-    --query "properties.endpoint" \
-    --output tsv)
-
 run_maven_command() {
     mvn -q -Dexec.executable=echo -Dexec.args="$1" --non-recursive exec:exec 2>/dev/null | sed -e 's/\x1b\[[0-9;]*m//g' | tr -d '\r\n'
 }

infra/main.bicep

@@ -47,6 +47,9 @@ param administratorLogin string = 'azureroot'
 @secure()
 param administratorLoginPassword string
 
+@description('The Model name for OpenAI')
+param openAIModelName string = 'gpt-4o'
+
 // Tags that should be applied to all resources.
 //
 // Note that 'azd-service-name' tags should be applied separately to service host resources.
@@ -95,13 +98,34 @@ module monitoring './shared/monitoring.bicep' = {
  scope: rg
 }
 
+module cognitiveservices './shared/cognitiveservices.bicep' = {
+  name: 'openai'
+  scope: rg
+  params: {
+    location: location
+    name: 'openai-${suffix}'
+    customSubDomainName: 'openai-${suffix}'
+    deployments: [
+      {
+        name: 'openai-deployment-${suffix}'
+        model: {
+          name: openAIModelName
+          version: '2024-08-06'
+        }
+      }
+    ]
+  }
+}
+
+output AZURE_OPENAI_KEY string =cognitiveservices.outputs.key
+output AZURE_OPENAI_ENDPOINT string =cognitiveservices.outputs.endpoint
+output AZURE_OPENAI_MODEL_NAME string = openAIModelName
 output AZURE_AKS_CLUSTER_NAME string = openLibertyOnAks.outputs.clusterName
 output AZURE_RESOURCE_GROUP string = rg.name
 output DB_NAME string = 'liberty-db-${suffix}'
 output DB_RESOURCE_NAME string = 'liberty-server-${suffix}'
 output DB_USER_NAME string = administratorLogin
 output DB_USER_PASSWORD string = administratorLoginPassword
-output AZURE_OPENAI_NAME string = 'openai-${suffix}'
 output LOCATION string = location
 output RESOURCE_GROUP_NAME string = rg.name
 output WORKSPACE_ID string = monitoring.outputs.logAnalyticsWorkspaceId

infra/shared/cognitiveservices.bicep

@@ -0,0 +1,59 @@
+metadata description = 'Creates an Azure Cognitive Services instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
+param customSubDomainName string = name
+param disableLocalAuth bool = false
+param deployments array = []
+param kind string = 'OpenAI'
+
+@allowed([ 'Enabled', 'Disabled' ])
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+  name: 'S0'
+}
+
+param allowedIpRules array = []
+param networkAcls object = empty(allowedIpRules) ? {
+  defaultAction: 'Allow'
+} : {
+  ipRules: allowedIpRules
+  defaultAction: 'Deny'
+}
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    customSubDomainName: customSubDomainName
+    publicNetworkAccess: publicNetworkAccess
+    networkAcls: networkAcls
+    disableLocalAuth: disableLocalAuth
+  }
+  sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
+  parent: account
+  name: deployment.name
+  properties: {
+   model: {
+      format: 'OpenAI'
+      name: deployment.model.name
+      version: deployment.model.version
+     }
+  }
+  sku: contains(deployment, 'sku') ? deployment.sku : {
+    name: 'Standard'
+    capacity: 20
+  }
+}]
+
+output endpoint string = account.properties.endpoint
+output key string = listKeys(account.id, '2023-05-01').key1
+output id string = account.id
+output name string = account.name