diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index 8c022360da..1ab13c964a 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -401,6 +401,8 @@ jobs: BUNDLE_DIR: "./templates/workspace_services/ohdsi"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "./templates/workspace_services/azuresql"} + - {BUNDLE_TYPE: "workspace_service", + BUNDLE_DIR: "./templates/workspace_services/openai"} - {BUNDLE_TYPE: "user_resource", BUNDLE_DIR: "./templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm"} - {BUNDLE_TYPE: "user_resource", diff --git a/CHANGELOG.md b/CHANGELOG.md index a5bbe62148..71469af663 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ COMPONENTS: FEATURES: * Azure SQL Workspace Service ([#3969](https://github.com/microsoft/AzureTRE/issues/3969)) +* OpenAI Workspace Service ([#3810](https://github.com/microsoft/AzureTRE/issues/3810)) ENHANCEMENTS: * Add Case Study Docs ([#1366](https://github.com/microsoft/AzureTRE/issues/1366)) diff --git a/core/terraform/dns_zones_non_core.tf b/core/terraform/dns_zones_non_core.tf index d2b044b349..0f6ee7338e 100644 --- a/core/terraform/dns_zones_non_core.tf +++ b/core/terraform/dns_zones_non_core.tf @@ -32,6 +32,26 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azuresql" { lifecycle { ignore_changes = [tags] } } +resource "azurerm_private_dns_zone_virtual_network_link" "openai" { + resource_group_name = azurerm_resource_group.core.name + virtual_network_id = module.network.core_vnet_id + private_dns_zone_name = azurerm_private_dns_zone.non_core["privatelink.openai.azure.com"].name + name = azurerm_private_dns_zone.non_core["privatelink.openai.azure.com"].name + registration_enabled = false + tags = local.tre_core_tags + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_private_dns_zone_virtual_network_link" "cognitivesearch" { + resource_group_name = azurerm_resource_group.core.name + virtual_network_id = module.network.core_vnet_id + private_dns_zone_name = azurerm_private_dns_zone.non_core["privatelink.cognitiveservices.azure.com"].name + name = azurerm_private_dns_zone.non_core["privatelink.cognitiveservices.azure.com"].name + registration_enabled = false + tags = local.tre_core_tags + lifecycle { ignore_changes = [tags] } +} + # Once the deployment of the app gateway is complete, we can proceed to include the required DNS zone for Nexus, which is dependent on the FQDN of the app gateway. resource "azurerm_private_dns_zone" "nexus" { name = "nexus-${module.appgateway.app_gateway_fqdn}" diff --git a/core/terraform/locals.tf b/core/terraform/locals.tf index 8937bf980d..c3539c9fb3 100644 --- a/core/terraform/locals.tf +++ b/core/terraform/locals.tf @@ -33,7 +33,9 @@ locals { "privatelink.postgres.database.azure.com", "privatelink.mysql.database.azure.com", "privatelink.database.windows.net", - "privatelink.azuredatabricks.net" + "privatelink.azuredatabricks.net", + "privatelink.openai.azure.com", + "privatelink.cognitiveservices.azure.com" ]) # The followig regex extracts different parts of the service bus endpoint: scheme, fqdn, port, path, query and fragment. This allows us to extract the needed fqdn part. diff --git a/core/terraform/main.tf b/core/terraform/main.tf index 4e8fa6932f..d35cabd876 100644 --- a/core/terraform/main.tf +++ b/core/terraform/main.tf @@ -179,6 +179,6 @@ module "resource_processor_vmss_porter" { } module "terraform_azurerm_environment_configuration" { - source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.5.0" + source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.6.0" arm_environment = var.arm_environment } diff --git a/core/version.txt b/core/version.txt index daecfa5151..5b0f7f2fcf 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.10.6" +__version__ = "0.10.7" diff --git a/docs/tre-templates/workspace-services/openai.md b/docs/tre-templates/workspace-services/openai.md new file mode 100644 index 0000000000..5ad0b57395 --- /dev/null +++ b/docs/tre-templates/workspace-services/openai.md @@ -0,0 +1,22 @@ +# OpenAI Workspace Service + +See: [Azure OpenAI Service](https://learn.microsoft.com/en-us/azure/ai-services/openai/overview) + +## Prerequisites + +- [A base workspace deployed](../workspaces/base.md) + +- The OpenAI workspace service container image needs building and pushing: + + `make workspace_service_bundle BUNDLE=openai` + +## Authenticating + +1. The open AI domain and deployment id can be found from the details tab. +2. When communicating with the API, an "api_key" is required. This can be found in the Key Vault. + +## Properties +- `is_exposed_externally` - If `True`, the OpenAI workspace is accessible from outside of the workspace virtual network. +- `openai_model` - The model to use for the OpenAI deployment ` | `. The default is `gpt-35-turbo | 0301`. +- Important note: Models are subject to different quota and region availability and the deployment may fail if you don't have the correct quota. +Please review this link on current limits and how to request increases: [Open AI Quotas](https://learn.microsoft.com/en-us/azure/ai-services/openai/quotas-limits) diff --git a/e2e_tests/resources/strings.py b/e2e_tests/resources/strings.py index 2821407a68..8e690aa6a5 100644 --- a/e2e_tests/resources/strings.py +++ b/e2e_tests/resources/strings.py @@ -20,6 +20,7 @@ MYSQL_SERVICE = "tre-workspace-service-mysql" HEALTH_SERVICE = "tre-workspace-service-health" AZURESQL_SERVICE = "tre-workspace-service-azuresql" +OPENAI_SERVICE = "tre-workspace-service-openai" FIREWALL_SHARED_SERVICE = "tre-shared-service-firewall" GITEA_SHARED_SERVICE = "tre-shared-service-gitea" diff --git a/e2e_tests/test_workspace_services.py b/e2e_tests/test_workspace_services.py index c6d8f1429b..cd48910817 100644 --- a/e2e_tests/test_workspace_services.py +++ b/e2e_tests/test_workspace_services.py @@ -13,7 +13,8 @@ strings.MLFLOW_SERVICE, strings.MYSQL_SERVICE, strings.HEALTH_SERVICE, - strings.AZURESQL_SERVICE + strings.AZURESQL_SERVICE, + strings.OPENAI_SERVICE ] diff --git a/mkdocs.yml b/mkdocs.yml index b1b2679ce3..edd9c4da74 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -104,6 +104,7 @@ nav: - OHDSI: tre-templates/workspace-services/ohdsi.md - MySQL: tre-templates/workspace-services/mysql.md - Azure SQL: tre-templates/workspace-services/azuresql.md + - Open AI: tre-templates/workspace-services/openai.md - Shared Services: - Gitea (Source Mirror): tre-templates/shared-services/gitea.md - Nexus (Package Mirror): tre-templates/shared-services/nexus.md diff --git a/templates/workspace_services/openai/.env.sample b/templates/workspace_services/openai/.env.sample new file mode 100644 index 0000000000..4123a21e4d --- /dev/null +++ b/templates/workspace_services/openai/.env.sample @@ -0,0 +1,4 @@ +ID="__CHANGE_ME__" +WORKSPACE_ID="__CHANGE_ME__" +IS_EXPOSED_EXTERNALLY="__CHANGE_ME__" +OPENAI_MODEL="__CHANGE_ME__" diff --git a/templates/workspace_services/openai/Dockerfile.tmpl b/templates/workspace_services/openai/Dockerfile.tmpl new file mode 100644 index 0000000000..c584174140 --- /dev/null +++ b/templates/workspace_services/openai/Dockerfile.tmpl @@ -0,0 +1,15 @@ +# syntax=docker/dockerfile-upstream:1.4.0 +FROM --platform=linux/amd64 debian:bullseye-slim + +# PORTER_INIT + +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache + +# Git is required for terraform_azurerm_environment_configuration +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && apt-get install -y git --no-install-recommends + +# PORTER_MIXINS + +# Use the BUNDLE_DIR build argument to copy files into the bundle +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/openai/parameters.json b/templates/workspace_services/openai/parameters.json new file mode 100644 index 0000000000..9ba32fb8e1 --- /dev/null +++ b/templates/workspace_services/openai/parameters.json @@ -0,0 +1,62 @@ +{ + "schemaType": "ParameterSet", + "schemaVersion": "1.0.0", + "namespace": "", + "name": "tre-workspace-service-openai", + "parameters": [ + { + "name": "tre_id", + "source": { + "env": "TRE_ID" + } + }, + { + "name": "id", + "source": { + "env": "ID" + } + }, + { + "name": "tfstate_container_name", + "source": { + "env": "TERRAFORM_STATE_CONTAINER_NAME" + } + }, + { + "name": "tfstate_resource_group_name", + "source": { + "env": "MGMT_RESOURCE_GROUP_NAME" + } + }, + { + "name": "tfstate_storage_account_name", + "source": { + "env": "MGMT_STORAGE_ACCOUNT_NAME" + } + }, + { + "name": "workspace_id", + "source": { + "env": "WORKSPACE_ID" + } + }, + { + "name": "arm_environment", + "source": { + "env": "ARM_ENVIRONMENT" + } + }, + { + "name": "is_exposed_externally", + "source": { + "env": "IS_EXPOSED_EXTERNALLY" + } + }, + { + "name": "openai_model", + "source": { + "env": "OPENAI_MODEL" + } + } + ] +} diff --git a/templates/workspace_services/openai/porter.yaml b/templates/workspace_services/openai/porter.yaml new file mode 100644 index 0000000000..a65c75f8df --- /dev/null +++ b/templates/workspace_services/openai/porter.yaml @@ -0,0 +1,122 @@ +--- +schemaVersion: 1.0.0 +name: tre-workspace-service-openai +version: 1.0.0 +description: "An OpenAI workspace service" +registry: azuretre +dockerfile: Dockerfile.tmpl + +credentials: + - name: azure_tenant_id + env: ARM_TENANT_ID + - name: azure_subscription_id + env: ARM_SUBSCRIPTION_ID + - name: azure_client_id + env: ARM_CLIENT_ID + - name: azure_client_secret + env: ARM_CLIENT_SECRET +parameters: + - name: workspace_id + type: string + - name: tre_id + type: string + + # the following are added automatically by the resource processor + - name: id + type: string + description: "Resource ID" + env: id + - name: tfstate_resource_group_name + type: string + description: "Resource group containing the Terraform state storage account" + - name: tfstate_storage_account_name + type: string + description: "The name of the Terraform state storage account" + - name: tfstate_container_name + env: tfstate_container_name + type: string + default: "tfstate" + description: "The name of the Terraform state storage container" + - name: arm_use_msi + env: ARM_USE_MSI + type: boolean + default: false + - name: arm_environment + env: ARM_ENVIRONMENT + type: string + default: "public" + - name: is_exposed_externally + env: IS_EXPOSED_EXTERNALLY + type: boolean + - name: openai_model + env: OPENAI_MODEL + type: string + +mixins: + - exec + - terraform: + clientVersion: 1.3.6 + +outputs: + - name: openai_fqdn + type: string + applyTo: + - install + - upgrade + - name: openai_deployment_id + type: string + applyTo: + - install + - upgrade + +install: + - terraform: + description: "Deploy OpenAI workspace service" + vars: + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + arm_environment: ${ bundle.parameters.arm_environment } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + openai_model: ${ bundle.parameters.openai_model } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-openai-${ bundle.parameters.id } + outputs: + - name: openai_fqdn + - name: openai_deployment_id +upgrade: + - terraform: + description: "Upgrade OpenAI workspace service" + vars: + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + arm_environment: ${ bundle.parameters.arm_environment } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + openai_model: ${ bundle.parameters.openai_model } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-openai-${ bundle.parameters.id } + outputs: + - name: openai_fqdn + - name: openai_deployment_id +uninstall: + - terraform: + description: "Tear down OpenAI workspace service" + vars: + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + arm_environment: ${ bundle.parameters.arm_environment } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + openai_model: ${ bundle.parameters.openai_model } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-openai-${ bundle.parameters.id } diff --git a/templates/workspace_services/openai/template_schema.json b/templates/workspace_services/openai/template_schema.json new file mode 100644 index 0000000000..da2cf39f92 --- /dev/null +++ b/templates/workspace_services/openai/template_schema.json @@ -0,0 +1,56 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/sql/template_schema.json", + "type": "object", + "title": "OpenAI Workspace Service", + "description": "Provides OpenAI within the workspace", + "required": [], + "properties": { + "display_name": { + "type": "string", + "title": "Name for the workspace service", + "description": "The name of the workspace service to be displayed to users", + "default": "Azure OpenAI Service", + "updateable": true + }, + "description": { + "type": "string", + "title": "Description of the workspace service", + "description": "Description of the workspace service", + "default": "Build your own copilot and generative AI applications", + "updateable": true + }, + "overview": { + "type": "string", + "title": "Workspace Service Overview", + "description": "Long form description of the workspace service, in markdown syntax", + "default": "Azure OpenAI Service provides REST API access to OpenAI's powerful language models including the GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, and Embeddings model series. For more information, see the [Azure OpenAI Service documentation](https://learn.microsoft.com/en-us/azure/ai-services/openai/overview).", + "updateable": true + }, + "is_exposed_externally": { + "$id": "#/properties/is_exposed_externally", + "type": "boolean", + "title": "Expose externally", + "description": "Should the OpenAI instance be publicly accessible?", + "default": false, + "updateable": true + }, + "openai_model": { + "$id": "#/properties/openai_model", + "type": "string", + "title": "OpenAI Model", + "description": "Which OpenAI Model should be used? (be mindful of subscription limits)", + "enum": [ + "gpt-35-turbo | 0301", + "gpt-35-turbo | 1106", + "gpt-35-turbo | 0163", + "gpt-35-turbo | 0125", + "gpt-4 | 0613", + "gpt-4 | turbo-2024-04-09", + "gpt-4o | 2024-05-13" + ], + "default": "gpt-35-turbo | 0301", + "updateable": true + } + } +} diff --git a/templates/workspace_services/openai/terraform/.terraform.lock.hcl b/templates/workspace_services/openai/terraform/.terraform.lock.hcl new file mode 100644 index 0000000000..600efbeb36 --- /dev/null +++ b/templates/workspace_services/openai/terraform/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.84.0" + constraints = "3.84.0" + hashes = [ + "h1:aoqNC2sfLKyblgQh0SfQW0BHl3UP1mMAUJLYLGG3PxE=", + "zh:14a96daf672541dbc27137d9cc0a96a737710597262ecaaa64a328eb1174e5df", + "zh:16d8e794fdd87ed8e64291fe8a617f420d8263f21672033333a020d06f4c9618", + "zh:64e5cd1bb6a81bccffff0d1f77790286ab46179cf12442134c3f3bca722afc1b", + "zh:7010ada67fbae971ac8b7204a30b1317aee7ccac7227afc6ac27277c642996a1", + "zh:77c2616ecd29685d2a4dc3ec3e9771e5ecf652e127946767d9b7ef19bbf58a21", + "zh:861922cfae724eacf1bd915efd5dbf6c23e4e762a2bbe60993099648e64aedb5", + "zh:8fb797c98bb08e7342995317810d28c41bb519fbc128adaa170896356b9eaebd", + "zh:982e85a4a9d282e3c8f7d7836037ccc98ff3ef50af246fad2e04684a81d16201", + "zh:a2ef29ff907cf6622e58afa0a27e23a3160ba3d70d531795b4d9a6c42c354630", + "zh:c46ccc4eecb79d096bcb652af0cffe300ec480d80a13a5b302c71b1aac9f9f1c", + "zh:cc6a06bf6d5e811fe8c0d9ad652e143b4e94bd16a03fb8a86f5086f0ae5abfa9", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/templates/workspace_services/openai/terraform/locals.tf b/templates/workspace_services/openai/terraform/locals.tf new file mode 100644 index 0000000000..f168ee887e --- /dev/null +++ b/templates/workspace_services/openai/terraform/locals.tf @@ -0,0 +1,17 @@ +locals { + short_service_id = substr(var.tre_resource_id, -4, -1) + short_workspace_id = substr(var.workspace_id, -4, -1) + workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}" + service_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_service_id}" + keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}") + core_resource_group_name = "rg-${var.tre_id}" + workspace_service_tags = { + tre_id = var.tre_id + tre_workspace_id = var.workspace_id + tre_workspace_service_id = var.tre_resource_id + } + openai_model = { + name = trimspace(split("|", var.openai_model)[0]) + version = trimspace(split("|", var.openai_model)[1]) + } +} diff --git a/templates/workspace_services/openai/terraform/main.tf b/templates/workspace_services/openai/terraform/main.tf new file mode 100644 index 0000000000..d35ee5f90e --- /dev/null +++ b/templates/workspace_services/openai/terraform/main.tf @@ -0,0 +1,59 @@ +# Azure Provider source and version being used +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.84.0" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features { + key_vault { + # Don't purge on destroy (this would fail due to purge protection being enabled on keyvault) + purge_soft_delete_on_destroy = false + purge_soft_deleted_secrets_on_destroy = false + purge_soft_deleted_certificates_on_destroy = false + purge_soft_deleted_keys_on_destroy = false + # When recreating an environment, recover any previously soft deleted secrets - set to true by default + recover_soft_deleted_key_vaults = true + recover_soft_deleted_secrets = true + recover_soft_deleted_certificates = true + recover_soft_deleted_keys = true + } + } +} + +module "terraform_azurerm_environment_configuration" { + source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.6.0" + arm_environment = var.arm_environment +} + + +data "azurerm_resource_group" "ws" { + name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_virtual_network" "ws" { + name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" + resource_group_name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_key_vault" "ws" { + name = local.keyvault_name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_subnet" "services" { + name = "ServicesSubnet" + virtual_network_name = data.azurerm_virtual_network.ws.name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_private_dns_zone" "openai" { + name = module.terraform_azurerm_environment_configuration.private_links["privatelink.openai.azure.com"] + resource_group_name = local.core_resource_group_name +} diff --git a/templates/workspace_services/openai/terraform/openai.tf b/templates/workspace_services/openai/terraform/openai.tf new file mode 100644 index 0000000000..44a0061c9c --- /dev/null +++ b/templates/workspace_services/openai/terraform/openai.tf @@ -0,0 +1,60 @@ +# openai cognitive services account + +resource "azurerm_cognitive_account" "openai" { + kind = "OpenAI" + name = "openai-${local.service_resource_name_suffix}" + resource_group_name = data.azurerm_resource_group.ws.name + location = data.azurerm_resource_group.ws.location + sku_name = "S0" + custom_subdomain_name = "openai-${local.service_resource_name_suffix}" + public_network_access_enabled = var.is_exposed_externally + tags = local.workspace_service_tags + + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_cognitive_deployment" "openai" { + name = "openai-${local.openai_model.name}-${local.openai_model.version}-${local.service_resource_name_suffix}" + cognitive_account_id = azurerm_cognitive_account.openai.id + + model { + format = "OpenAI" + name = local.openai_model.name + version = local.openai_model.version + } + + scale { + type = "Standard" + } +} + +resource "azurerm_private_endpoint" "openai_private_endpoint" { + name = "pe-${azurerm_cognitive_account.openai.name}" + location = data.azurerm_resource_group.ws.location + resource_group_name = data.azurerm_resource_group.ws.name + subnet_id = data.azurerm_subnet.services.id + tags = local.workspace_service_tags + + private_service_connection { + private_connection_resource_id = azurerm_cognitive_account.openai.id + name = "psc-${azurerm_cognitive_account.openai.name}" + subresource_names = ["account"] + is_manual_connection = false + } + + private_dns_zone_group { + name = module.terraform_azurerm_environment_configuration.private_links["privatelink.openai.azure.com"] + private_dns_zone_ids = [data.azurerm_private_dns_zone.openai.id] + } + + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_key_vault_secret" "db_password" { + name = "${azurerm_cognitive_account.openai.name}-access-key" + value = azurerm_cognitive_account.openai.primary_access_key + key_vault_id = data.azurerm_key_vault.ws.id + tags = local.workspace_service_tags + + lifecycle { ignore_changes = [tags] } +} diff --git a/templates/workspace_services/openai/terraform/outputs.tf b/templates/workspace_services/openai/terraform/outputs.tf new file mode 100644 index 0000000000..1c65c49512 --- /dev/null +++ b/templates/workspace_services/openai/terraform/outputs.tf @@ -0,0 +1,7 @@ +output "openai_fqdn" { + value = azurerm_cognitive_account.openai.endpoint +} + +output "openai_deployment_id" { + value = azurerm_cognitive_deployment.openai.name +} diff --git a/templates/workspace_services/openai/terraform/variables.tf b/templates/workspace_services/openai/terraform/variables.tf new file mode 100644 index 0000000000..73f111ec44 --- /dev/null +++ b/templates/workspace_services/openai/terraform/variables.tf @@ -0,0 +1,21 @@ +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} + +variable "arm_environment" { + type = string +} + +variable "openai_model" { + type = string +} + +variable "is_exposed_externally" { + type = bool +} diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 81297e717d..430fab4513 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-base -version: 1.5.4 +version: 1.5.5 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspaces/base/terraform/network/data.tf b/templates/workspaces/base/terraform/network/data.tf index 48dee597b7..e05015f0e3 100644 --- a/templates/workspaces/base/terraform/network/data.tf +++ b/templates/workspaces/base/terraform/network/data.tf @@ -98,6 +98,16 @@ data "azurerm_private_dns_zone" "azuresql" { resource_group_name = local.core_resource_group_name } +data "azurerm_private_dns_zone" "openai" { + name = module.terraform_azurerm_environment_configuration.private_links["privatelink.openai.azure.com"] + resource_group_name = local.core_resource_group_name +} + +data "azurerm_private_dns_zone" "cognitiveservices" { + name = module.terraform_azurerm_environment_configuration.private_links["privatelink.cognitiveservices.azure.com"] + resource_group_name = local.core_resource_group_name +} + data "azurerm_public_ip" "app_gateway_ip" { name = "pip-agw-${var.tre_id}" resource_group_name = local.core_resource_group_name diff --git a/templates/workspaces/base/terraform/network/network.tf b/templates/workspaces/base/terraform/network/network.tf index c50ebff6f2..bc9e5fadb3 100644 --- a/templates/workspaces/base/terraform/network/network.tf +++ b/templates/workspaces/base/terraform/network/network.tf @@ -105,6 +105,6 @@ resource "azurerm_subnet_route_table_association" "rt_webapps_subnet_association } module "terraform_azurerm_environment_configuration" { - source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.5.0" + source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.6.0" arm_environment = var.arm_environment } diff --git a/templates/workspaces/base/terraform/network/zone_links.tf b/templates/workspaces/base/terraform/network/zone_links.tf index e5a0f60781..1b8bcc91dd 100644 --- a/templates/workspaces/base/terraform/network/zone_links.tf +++ b/templates/workspaces/base/terraform/network/zone_links.tf @@ -158,3 +158,23 @@ resource "azurerm_private_dns_zone_virtual_network_link" "databrickslink" { lifecycle { ignore_changes = [tags] } } + +resource "azurerm_private_dns_zone_virtual_network_link" "openailink" { + name = "openailink-${local.workspace_resource_name_suffix}" + resource_group_name = local.core_resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.openai.name + virtual_network_id = azurerm_virtual_network.ws.id + tags = var.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_private_dns_zone_virtual_network_link" "cognitveserviceslink" { + name = "cognitiveserviceslink-${local.workspace_resource_name_suffix}" + resource_group_name = local.core_resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.cognitiveservices.name + virtual_network_id = azurerm_virtual_network.ws.id + tags = var.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } +}