-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added the ability to provision AOAI as an optional component (#46570)
* fixed cminfra * openai provisioning works * open ai client added * progress * changed ai to key auth * moved CM to WorkspaceClient abstraction * refactored built-in methods and extension methods * openai works * updated api file * disabled live tests * updated version * small tweaks * updated api file * PR feedback * removed stj override
- Loading branch information
1 parent
8a252ab
commit fabfa6c
Showing
22 changed files
with
679 additions
and
290 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,8 @@ | |
|
||
## 1.0.0-beta.1 (Unreleased) | ||
|
||
## 1.0.0-beta.2 (Unreleased) | ||
|
||
### Features Added | ||
|
||
### Breaking Changes | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82 changes: 82 additions & 0 deletions
82
sdk/provisioning/Azure.Provisioning.CloudMachine/src/AzureSdkExtensions/KeyVaultFeature.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT License. | ||
|
||
using System; | ||
using Azure.Core; | ||
using Azure.Provisioning.Authorization; | ||
using Azure.Provisioning.Expressions; | ||
using Azure.Provisioning.KeyVault; | ||
using Azure.Security.KeyVault.Secrets; | ||
|
||
namespace Azure.Provisioning.CloudMachine.KeyVault; | ||
|
||
public class KeyVaultFeature : CloudMachineFeature | ||
{ | ||
public KeyVaultSku Sku { get; set; } | ||
|
||
public KeyVaultFeature(KeyVaultSku? sku = default) | ||
{ | ||
if (sku == null) | ||
{ | ||
sku = new KeyVaultSku { Name = KeyVaultSkuName.Standard, Family = KeyVaultSkuFamily.A, }; | ||
} | ||
Sku = sku; | ||
} | ||
public override void AddTo(CloudMachineInfrastructure infrastructure) | ||
{ | ||
// Add a KeyVault to the CloudMachine infrastructure. | ||
KeyVaultService keyVaultResource = new("cm_kv") | ||
{ | ||
Name = infrastructure.Id, | ||
Properties = | ||
new KeyVaultProperties | ||
{ | ||
Sku = this.Sku, | ||
TenantId = BicepFunction.GetSubscription().TenantId, | ||
EnabledForDeployment = true, | ||
AccessPolicies = [ | ||
new KeyVaultAccessPolicy() { | ||
ObjectId = infrastructure.PrincipalIdParameter, | ||
Permissions = new IdentityAccessPermissions() { | ||
Secrets = [IdentityAccessSecretPermission.Get, IdentityAccessSecretPermission.Set] | ||
}, | ||
TenantId = infrastructure.Identity.TenantId | ||
} | ||
] | ||
}, | ||
}; | ||
|
||
infrastructure.AddResource(keyVaultResource); | ||
|
||
RoleAssignment ra = keyVaultResource.CreateRoleAssignment(KeyVaultBuiltInRole.KeyVaultAdministrator, RoleManagementPrincipalType.User, infrastructure.PrincipalIdParameter); | ||
infrastructure.AddResource(ra); | ||
|
||
// necessary until ResourceName is settable via AssignRole. | ||
RoleAssignment kvMiRoleAssignment = new RoleAssignment(keyVaultResource.IdentifierName + "_" + infrastructure.Identity.IdentifierName + "_" + KeyVaultBuiltInRole.GetBuiltInRoleName(KeyVaultBuiltInRole.KeyVaultAdministrator)); | ||
kvMiRoleAssignment.Name = BicepFunction.CreateGuid(keyVaultResource.Id, infrastructure.Identity.Id, BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", KeyVaultBuiltInRole.KeyVaultAdministrator.ToString())); | ||
kvMiRoleAssignment.Scope = new IdentifierExpression(keyVaultResource.IdentifierName); | ||
kvMiRoleAssignment.PrincipalType = RoleManagementPrincipalType.ServicePrincipal; | ||
kvMiRoleAssignment.RoleDefinitionId = BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", KeyVaultBuiltInRole.KeyVaultAdministrator.ToString()); | ||
kvMiRoleAssignment.PrincipalId = infrastructure.Identity.PrincipalId; | ||
infrastructure.AddResource(kvMiRoleAssignment); | ||
} | ||
} | ||
|
||
public static class KeyVaultExtensions | ||
{ | ||
public static SecretClient GetKeyVaultSecretsClient(this WorkspaceClient workspace) | ||
{ | ||
ClientConfiguration? connectionMaybe = workspace.GetConfiguration(typeof(SecretClient).FullName); | ||
if (connectionMaybe == null) | ||
{ | ||
throw new Exception("Connection not found"); | ||
} | ||
|
||
ClientConfiguration connection = connectionMaybe.Value; | ||
if (connection.CredentialType == CredentialType.EntraId) | ||
{ | ||
return new(new Uri(connection.Endpoint), workspace.Credential); | ||
} | ||
throw new Exception("ApiKey not supported"); | ||
} | ||
} |
105 changes: 105 additions & 0 deletions
105
sdk/provisioning/Azure.Provisioning.CloudMachine/src/AzureSdkExtensions/OpenAIFeature.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT License. | ||
|
||
using System; | ||
using System.ClientModel; | ||
using System.ClientModel.Primitives; | ||
using System.Diagnostics.Contracts; | ||
using Azure.AI.OpenAI; | ||
using Azure.CloudMachine; | ||
using Azure.Core; | ||
using Azure.Provisioning.Authorization; | ||
using Azure.Provisioning.CognitiveServices; | ||
using OpenAI.Chat; | ||
|
||
namespace Azure.Provisioning.CloudMachine.OpenAI; | ||
|
||
public class OpenAIFeature : CloudMachineFeature | ||
{ | ||
public string Model { get; } | ||
public string ModelVersion { get; } | ||
|
||
public OpenAIFeature(string model, string modelVersion) { Model = model; ModelVersion = modelVersion; } | ||
|
||
public override void AddTo(CloudMachineInfrastructure cloudMachine) | ||
{ | ||
CognitiveServicesAccount cognitiveServices = new("openai") | ||
{ | ||
Name = cloudMachine.Id, | ||
Kind = "OpenAI", | ||
Sku = new CognitiveServicesSku { Name = "S0" }, | ||
Properties = new CognitiveServicesAccountProperties() | ||
{ | ||
PublicNetworkAccess = ServiceAccountPublicNetworkAccess.Enabled, | ||
CustomSubDomainName = cloudMachine.Id | ||
}, | ||
}; | ||
|
||
cloudMachine.AddResource(cognitiveServices.CreateRoleAssignment( | ||
CognitiveServicesBuiltInRole.CognitiveServicesOpenAIContributor, | ||
RoleManagementPrincipalType.User, | ||
cloudMachine.PrincipalIdParameter) | ||
); | ||
|
||
// TODO: if we every support more than one deployment, they need to be chained using DependsOn. | ||
// The reason is that deployments need to be deployed/created serially. | ||
CognitiveServicesAccountDeployment deployment = new("openai_deployment", "2023-05-01") | ||
{ | ||
Parent = cognitiveServices, | ||
Name = cloudMachine.Id, | ||
Properties = new CognitiveServicesAccountDeploymentProperties() | ||
{ | ||
Model = new CognitiveServicesAccountDeploymentModel() { | ||
Name = this.Model, | ||
Format = "OpenAI", | ||
Version = this.ModelVersion | ||
} | ||
}, | ||
}; | ||
|
||
cloudMachine.AddResource(cognitiveServices); | ||
cloudMachine.AddResource(deployment); | ||
} | ||
} | ||
|
||
public static class OpenAIFeatureExtensions | ||
{ | ||
public static ChatClient GetOpenAIChatClient(this WorkspaceClient workspace) | ||
{ | ||
string chatClientId = typeof(ChatClient).FullName; | ||
|
||
ChatClient client = workspace.Subclients.Get(chatClientId, () => | ||
{ | ||
string azureOpenAIClientId = typeof(AzureOpenAIClient).FullName; | ||
AzureOpenAIClient aoia = workspace.Subclients.Get(azureOpenAIClientId, () => | ||
{ | ||
ClientConfiguration? connectionMaybe = workspace.GetConfiguration(typeof(AzureOpenAIClient).FullName); | ||
if (connectionMaybe == null) throw new Exception("Connection not found"); | ||
ClientConfiguration connection = connectionMaybe.Value; | ||
Uri endpoint = new(connection.Endpoint); | ||
var clientOptions = new AzureOpenAIClientOptions(); | ||
if (connection.CredentialType == CredentialType.EntraId) | ||
{ | ||
AzureOpenAIClient aoai = new(endpoint, workspace.Credential, clientOptions); | ||
return aoai; | ||
} | ||
else | ||
{ | ||
AzureOpenAIClient aoai = new(endpoint, new ApiKeyCredential(connection.ApiKey!), clientOptions); | ||
return aoai; | ||
} | ||
}); | ||
string azureOpenAIChatClientId = typeof(ChatClient).FullName; | ||
ClientConfiguration? connectionMaybe = workspace.GetConfiguration(azureOpenAIChatClientId); | ||
if (connectionMaybe == null) throw new Exception("Connection not found"); | ||
var connection = connectionMaybe.Value; | ||
ChatClient chat = aoia.GetChatClient(connection.Endpoint); | ||
return chat; | ||
}); | ||
|
||
return client; | ||
} | ||
} |
File renamed without changes.
3 changes: 3 additions & 0 deletions
3
...g.CloudMachine/src/CloudMachineFeature.cs → ...hine/src/CDKLevel3/CloudMachineFeature.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,12 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT License. | ||
|
||
using System.ComponentModel; | ||
|
||
namespace Azure.Provisioning.CloudMachine; | ||
|
||
public abstract class CloudMachineFeature | ||
{ | ||
[EditorBrowsable(EditorBrowsableState.Never)] | ||
public abstract void AddTo(CloudMachineInfrastructure cm); | ||
} |
Oops, something went wrong.