Open AI Workspace Service

.github/workflows/deploy_tre_reusable.yml

@@ -401,6 +401,8 @@ jobs:
              BUNDLE_DIR: "./templates/workspace_services/ohdsi"}
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/azuresql"}
+          - {BUNDLE_TYPE: "workspace_service",
+             BUNDLE_DIR: "./templates/workspace_services/openai"}
           - {BUNDLE_TYPE: "user_resource",
              BUNDLE_DIR: "./templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm"}
           - {BUNDLE_TYPE: "user_resource",

CHANGELOG.md

@@ -15,6 +15,7 @@ COMPONENTS:
 
 FEATURES:
 * Azure SQL Workspace Service ([#3969](https://github.com/microsoft/AzureTRE/issues/3969))
+* OpenAI Workspace Service ([#3810](https://github.com/microsoft/AzureTRE/issues/3810))
 
 ENHANCEMENTS:
 * Add Case Study Docs ([#1366](https://github.com/microsoft/AzureTRE/issues/1366))

core/terraform/dns_zones_non_core.tf

@@ -32,6 +32,26 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azuresql" {
   lifecycle { ignore_changes = [tags] }
 }
 
+resource "azurerm_private_dns_zone_virtual_network_link" "openai" {
+  resource_group_name   = azurerm_resource_group.core.name
+  virtual_network_id    = module.network.core_vnet_id
+  private_dns_zone_name = azurerm_private_dns_zone.non_core["privatelink.openai.azure.com"].name
+  name                  = azurerm_private_dns_zone.non_core["privatelink.openai.azure.com"].name
+  registration_enabled  = false
+  tags                  = local.tre_core_tags
+  lifecycle { ignore_changes = [tags] }
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "cognitivesearch" {
+  resource_group_name   = azurerm_resource_group.core.name
+  virtual_network_id    = module.network.core_vnet_id
+  private_dns_zone_name = azurerm_private_dns_zone.non_core["privatelink.cognitiveservices.azure.com"].name
+  name                  = azurerm_private_dns_zone.non_core["privatelink.cognitiveservices.azure.com"].name
+  registration_enabled  = false
+  tags                  = local.tre_core_tags
+  lifecycle { ignore_changes = [tags] }
+}
+
 # Once the deployment of the app gateway is complete, we can proceed to include the required DNS zone for Nexus, which is dependent on the FQDN of the app gateway.
 resource "azurerm_private_dns_zone" "nexus" {
   name                = "nexus-${module.appgateway.app_gateway_fqdn}"

core/terraform/locals.tf

@@ -33,7 +33,9 @@ locals {
     "privatelink.postgres.database.azure.com",
     "privatelink.mysql.database.azure.com",
     "privatelink.database.windows.net",
-    "privatelink.azuredatabricks.net"
+    "privatelink.azuredatabricks.net",
+    "privatelink.openai.azure.com",
+    "privatelink.cognitiveservices.azure.com"
   ])
 
   # The followig regex extracts different parts of the service bus endpoint: scheme, fqdn, port, path, query and fragment. This allows us to extract the needed fqdn part.

core/terraform/main.tf

@@ -179,6 +179,6 @@ module "resource_processor_vmss_porter" {
 }
 
 module "terraform_azurerm_environment_configuration" {
-  source          = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.5.0"
+  source          = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.6.0"
   arm_environment = var.arm_environment
 }

core/version.txt

@@ -1 +1 @@
-__version__ = "0.10.6"
+__version__ = "0.10.7"

docs/tre-templates/workspace-services/openai.md

@@ -0,0 +1,22 @@
+# OpenAI Workspace Service
+
+See: [Azure OpenAI Service](https://learn.microsoft.com/en-us/azure/ai-services/openai/overview)
+
+## Prerequisites
+
+- [A base workspace deployed](../workspaces/base.md)
+
+- The OpenAI workspace service container image needs building and pushing:
+
+  `make workspace_service_bundle BUNDLE=openai`
+
+## Authenticating
+
+1. The open AI domain and deployment id can be found from the details tab.
+2. When communicating with the API, an "api_key" is required. This can be found in the Key Vault.
+
+## Properties
+- `is_exposed_externally` - If `True`, the OpenAI workspace is accessible from outside of the workspace virtual network.
+- `openai_model` - The model to use for the OpenAI deployment `<model name> | <model version>`. The default is `gpt-35-turbo | 0301`.
+- Important note: Models are subject to different quota and region availability and the deployment may fail if you don't have the correct quota.
+Please review this link on current limits and how to request increases: [Open AI Quotas](https://learn.microsoft.com/en-us/azure/ai-services/openai/quotas-limits)

e2e_tests/resources/strings.py

@@ -20,6 +20,7 @@
 MYSQL_SERVICE = "tre-workspace-service-mysql"
 HEALTH_SERVICE = "tre-workspace-service-health"
 AZURESQL_SERVICE = "tre-workspace-service-azuresql"
+OPENAI_SERVICE = "tre-workspace-service-openai"
 
 FIREWALL_SHARED_SERVICE = "tre-shared-service-firewall"
 GITEA_SHARED_SERVICE = "tre-shared-service-gitea"

e2e_tests/test_workspace_services.py

@@ -13,7 +13,8 @@
     strings.MLFLOW_SERVICE,
     strings.MYSQL_SERVICE,
     strings.HEALTH_SERVICE,
-    strings.AZURESQL_SERVICE
+    strings.AZURESQL_SERVICE,
+    strings.OPENAI_SERVICE
 ]
 
 

mkdocs.yml

@@ -104,6 +104,7 @@ nav:
           - OHDSI: tre-templates/workspace-services/ohdsi.md
           - MySQL: tre-templates/workspace-services/mysql.md
           - Azure SQL: tre-templates/workspace-services/azuresql.md
+          - Open AI: tre-templates/workspace-services/openai.md
       - Shared Services:
           - Gitea (Source Mirror): tre-templates/shared-services/gitea.md
           - Nexus (Package Mirror): tre-templates/shared-services/nexus.md

templates/workspace_services/openai/.env.sample

@@ -0,0 +1,4 @@
+ID="__CHANGE_ME__"
+WORKSPACE_ID="__CHANGE_ME__"
+IS_EXPOSED_EXTERNALLY="__CHANGE_ME__"
+OPENAI_MODEL="__CHANGE_ME__"

templates/workspace_services/openai/Dockerfile.tmpl

@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile-upstream:1.4.0
+FROM --platform=linux/amd64 debian:bullseye-slim
+
+# PORTER_INIT
+
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+
+# Git is required for terraform_azurerm_environment_configuration
+RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
+    apt-get update && apt-get install -y git --no-install-recommends
+
+# PORTER_MIXINS
+
+# Use the BUNDLE_DIR build argument to copy files into the bundle
+COPY --link . ${BUNDLE_DIR}/

templates/workspace_services/openai/parameters.json

@@ -0,0 +1,62 @@
+{
+  "schemaType": "ParameterSet",
+  "schemaVersion": "1.0.0",
+  "namespace": "",
+  "name": "tre-workspace-service-openai",
+  "parameters": [
+    {
+      "name": "tre_id",
+      "source": {
+        "env": "TRE_ID"
+      }
+    },
+    {
+      "name": "id",
+      "source": {
+        "env": "ID"
+      }
+    },
+    {
+      "name": "tfstate_container_name",
+      "source": {
+        "env": "TERRAFORM_STATE_CONTAINER_NAME"
+      }
+    },
+    {
+      "name": "tfstate_resource_group_name",
+      "source": {
+        "env": "MGMT_RESOURCE_GROUP_NAME"
+      }
+    },
+    {
+      "name": "tfstate_storage_account_name",
+      "source": {
+        "env": "MGMT_STORAGE_ACCOUNT_NAME"
+      }
+    },
+    {
+      "name": "workspace_id",
+      "source": {
+        "env": "WORKSPACE_ID"
+      }
+    },
+    {
+      "name": "arm_environment",
+      "source": {
+        "env": "ARM_ENVIRONMENT"
+      }
+    },
+    {
+      "name": "is_exposed_externally",
+      "source": {
+        "env": "IS_EXPOSED_EXTERNALLY"
+      }
+    },
+    {
+      "name": "openai_model",
+      "source": {
+        "env": "OPENAI_MODEL"
+      }
+    }
+  ]
+}

templates/workspace_services/openai/porter.yaml

@@ -0,0 +1,122 @@
+---
+schemaVersion: 1.0.0
+name: tre-workspace-service-openai
+version: 1.0.0
+description: "An OpenAI workspace service"
+registry: azuretre
+dockerfile: Dockerfile.tmpl
+
+credentials:
+  - name: azure_tenant_id
+    env: ARM_TENANT_ID
+  - name: azure_subscription_id
+    env: ARM_SUBSCRIPTION_ID
+  - name: azure_client_id
+    env: ARM_CLIENT_ID
+  - name: azure_client_secret
+    env: ARM_CLIENT_SECRET
+parameters:
+  - name: workspace_id
+    type: string
+  - name: tre_id
+    type: string
+
+  # the following are added automatically by the resource processor
+  - name: id
+    type: string
+    description: "Resource ID"
+    env: id
+  - name: tfstate_resource_group_name
+    type: string
+    description: "Resource group containing the Terraform state storage account"
+  - name: tfstate_storage_account_name
+    type: string
+    description: "The name of the Terraform state storage account"
+  - name: tfstate_container_name
+    env: tfstate_container_name
+    type: string
+    default: "tfstate"
+    description: "The name of the Terraform state storage container"
+  - name: arm_use_msi
+    env: ARM_USE_MSI
+    type: boolean
+    default: false
+  - name: arm_environment
+    env: ARM_ENVIRONMENT
+    type: string
+    default: "public"
+  - name: is_exposed_externally
+    env: IS_EXPOSED_EXTERNALLY
+    type: boolean
+  - name: openai_model
+    env: OPENAI_MODEL
+    type: string
+
+mixins:
+  - exec
+  - terraform:
+      clientVersion: 1.3.6
+
+outputs:
+  - name: openai_fqdn
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: openai_deployment_id
+    type: string
+    applyTo:
+      - install
+      - upgrade
+
+install:
+  - terraform:
+      description: "Deploy OpenAI workspace service"
+      vars:
+        workspace_id: ${ bundle.parameters.workspace_id }
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        arm_environment: ${ bundle.parameters.arm_environment }
+        is_exposed_externally: ${ bundle.parameters.is_exposed_externally }
+        openai_model: ${ bundle.parameters.openai_model }
+      backendConfig:
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: tre-workspace-service-openai-${ bundle.parameters.id }
+      outputs:
+        - name: openai_fqdn
+        - name: openai_deployment_id
+upgrade:
+  - terraform:
+      description: "Upgrade OpenAI workspace service"
+      vars:
+        workspace_id: ${ bundle.parameters.workspace_id }
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        arm_environment: ${ bundle.parameters.arm_environment }
+        is_exposed_externally: ${ bundle.parameters.is_exposed_externally }
+        openai_model: ${ bundle.parameters.openai_model }
+      backendConfig:
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: tre-workspace-service-openai-${ bundle.parameters.id }
+      outputs:
+        - name: openai_fqdn
+        - name: openai_deployment_id
+uninstall:
+  - terraform:
+      description: "Tear down OpenAI workspace service"
+      vars:
+        workspace_id: ${ bundle.parameters.workspace_id }
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        arm_environment: ${ bundle.parameters.arm_environment }
+        is_exposed_externally: ${ bundle.parameters.is_exposed_externally }
+        openai_model: ${ bundle.parameters.openai_model }
+      backendConfig:
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: tre-workspace-service-openai-${ bundle.parameters.id }

templates/workspace_services/openai/template_schema.json

@@ -0,0 +1,56 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema",
+  "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/sql/template_schema.json",
+  "type": "object",
+  "title": "OpenAI Workspace Service",
+  "description": "Provides OpenAI within the workspace",
+  "required": [],
+  "properties": {
+    "display_name": {
+      "type": "string",
+      "title": "Name for the workspace service",
+      "description": "The name of the workspace service to be displayed to users",
+      "default": "Azure OpenAI Service",
+      "updateable": true
+    },
+    "description": {
+      "type": "string",
+      "title": "Description of the workspace service",
+      "description": "Description of the workspace service",
+      "default": "Build your own copilot and generative AI applications",
+      "updateable": true
+    },
+    "overview": {
+      "type": "string",
+      "title": "Workspace Service Overview",
+      "description": "Long form description of the workspace service, in markdown syntax",
+      "default": "Azure OpenAI Service provides REST API access to OpenAI's powerful language models including the GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, and Embeddings model series. For more information, see the [Azure OpenAI Service documentation](https://learn.microsoft.com/en-us/azure/ai-services/openai/overview).",
+      "updateable": true
+    },
+    "is_exposed_externally": {
+      "$id": "#/properties/is_exposed_externally",
+      "type": "boolean",
+      "title": "Expose externally",
+      "description": "Should the OpenAI instance be publicly accessible?",
+      "default": false,
+      "updateable": true
+    },
+    "openai_model": {
+      "$id": "#/properties/openai_model",
+      "type": "string",
+      "title": "OpenAI Model",
+      "description": "Which OpenAI Model should be used? (be mindful of subscription limits)",
+      "enum": [
+        "gpt-35-turbo | 0301",
+        "gpt-35-turbo | 1106",
+        "gpt-35-turbo | 0163",
+        "gpt-35-turbo | 0125",
+        "gpt-4 | 0613",
+        "gpt-4 | turbo-2024-04-09",
+        "gpt-4o | 2024-05-13"
+      ],
+      "default": "gpt-35-turbo | 0301",
+      "updateable": true
+    }
+  }
+}