Feature/openai bicep (#196)

* feat: Create openai module for bicep

* feat: Rename openai.module.bicep to openai.bicep

* feat: add initial openai module

* feat: added openai module to spoke

* feat: OpenAI behind PE: work in progress

* feat: openAI with GPT34turbo deployment-Bicep

* fix: eliminate warning

* fix: implicit param (false) to deploy openAI Model
docs: fix relevant docs

* docs fix

* feat: ARM deployment for openAI

* Get Latest from Main (#195)

Co-authored-by: Jin Lee <[email protected]>

---------

Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Jin Lee <[email protected]>

scenarios/secure-baseline-multitenant/README.md

@@ -1,6 +1,6 @@
 # Multitenant App Service Secure Baseline
 
-This reference architecture shows how to run a web-app workload on Azure App Services in a secure configuration. This secure baseline follow [Defence in Depth](https://learn.microsoft.com/en-us/shows/azure-videos/defense-in-depth-security-in-azure) approach to protect AppService workload against cloud vulnerabilities along with additional [Well-Architected Framework](https://learn.microsoft.com/en-us/azure/architecture/framework/) pillars to enable a resilient solution.
+This reference architecture shows how to run a web-app workload on Azure App Services in a secure configuration. This secure baseline follow [Defense in Depth](https://learn.microsoft.com/en-us/shows/azure-videos/defense-in-depth-security-in-azure) approach to protect AppService workload against cloud vulnerabilities along with additional [Well-Architected Framework](https://learn.microsoft.com/en-us/azure/architecture/framework/) pillars to enable a resilient solution.
 
 ## Quick deployment to Azure
 You can deploy the current LZA directly in your azure subscription by hitting the button below or using Azure Dev CLI. 
@@ -33,6 +33,7 @@ You can deploy the current LZA directly in your azure subscription by hitting th
 * App Services use [Virtual Network (VNet) Integration](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration#regional-virtual-network-integration) to connect to backend Azure services over a private VNet.
 * [Azure Cache for Redis](https://azure.microsoft.com/services/cache/) provides a high-performance distributed cache for output, session, and general-purpose caching.
 * [Azure SQL DB](https://azure.microsoft.com/en-us/products/azure-sql/database/) provides a fully managed relational database service for back-end application services.
+* [Azure OpenAI](https://learn.microsoft.com/en-us/azure/ai-services/openai/overview) provides REST API access to OpenAI's powerful language models including the GPT-4, GPT-3.5-Turbo, and Embeddings model series.
 * [Private Endpoints](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview) allow connections to Azure services from private VNets, and allow the public endpoints on these services to be disabled.
 * [Azure private DNS](https://learn.microsoft.com/en-us/azure/dns/private-dns-overview) automatically configures and updates the DNS records required by private endpoint services.
 * [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) securely stores secrets and certificates to be accessed by Azure services.
@@ -57,7 +58,7 @@ For network and subnet topology details, see the [Azure sample template](https:/
 
 ## Scenario details
 The scenario describes a secure baseline that allows you to have a protect environment and a good starting point for designing your solution.
-Defence in depth is a security strategy that involves implementing multiple layers of defence at different points within a network or system. The idea is that if one layer of defence is breached, the next layer will be able to prevent an attacker from gaining access to sensitive information or critical systems. 
+Defense in depth is a security strategy that involves implementing multiple layers of defense at different points within a network or system. The idea is that if one layer of defense is breached, the next layer will be able to prevent an attacker from gaining access to sensitive information or critical systems. 
 This approach is a key point that drives the architecture decisions ->
 * Use isolated network layers for the different components.
 * Use protected AD based access via Managed Identity (where possible).

scenarios/secure-baseline-multitenant/azure-resource-manager/README.md

@@ -15,7 +15,7 @@ Alternatively, you can clone the repo and follow the instractions below
 ## Deploy the App Service Landing Zone ARM template file
 Before deploying the Bicep IaC artifacts, you need to review and customize the values of the parameters in the [main.parameters.jsonc](main.parameters.jsonc) file. 
 
-The table below summurizes the avaialble parameters and the possible values that can be set. 
+The table below summarizes the available parameters and the possible values that can be set. 
 
 
 | Name | Description | Example | 
@@ -40,6 +40,7 @@ The table below summurizes the avaialble parameters and the possible values that
 |deployAzureSql|Feature Flag: Deploy (or not) an Azure SQL with default database|
 |deployAppConfig|Feature Flag: Deploy (or not) an Azure app configuration|
 |deployJumpHost|Feature Flag: Deploy (or not) an Azure virtual machine (to be used as jumphost)|
+|deployOpenAi|Feature Flag: Deploy (or not) an Azure OpenAI account. ATTENTION: At the time of writing, [OpenAI is in preview](https://learn.microsoft.com/azure/ai-services/openai/chatgpt-quickstart#prerequisites) and available in limited regions. |false
 |sqlServerAdministrators|The Azure Active Directory (AAD) administrator group used for SQL Server authentication.  The Azure AD group  must be created before running deployment. This has three values that need to be filled, as shown below <br> **login**: the name of the AAD Group <br> **sid**: the object id  of the AAD Group <br> **tenantId**: The tenantId of the AAD ||
 
 After the parameters have been initialized, you can deploy the Landing Zone Accelerator resources with the following `az cli` command:

scenarios/secure-baseline-multitenant/azure-resource-manager/main-portal-ux.json

@@ -957,7 +957,7 @@
                             "label": "Deploy Redis",
                             "subLabel": "",
                             "defaultValue": "false",
-                            "toolTip": "set to true if you want to a redis cache",
+                            "toolTip": "set to true if you want to deploy a redis cache",
                             "constraints": {
                                 "required": false,
                                 "allowedValues": [
@@ -1022,6 +1022,48 @@
                             },
                             "infoMessages": [],
                             "visible": true
+                        }, 
+                        {
+                            "name": "openAiInfoTitle",
+                            "type": "Microsoft.Common.Section",
+                            "label": "Azure OpenAI Feature Flag",
+                            "elements": []
+                        },
+                        {
+                            "name": "openAiInfo",
+                            "type": "Microsoft.Common.TextBlock",
+                            "visible": true,
+                            "options": {
+                                "text": "Please be informed that currently Azure OpenAI is in preview and only available in limited regions. Also your azure subscription needs to be allow-listed.",
+                                "link": {
+                                    "label": "Azure OpenAI Prerequisites",
+                                    "uri": "https://learn.microsoft.com/azure/ai-services/openai/chatgpt-quickstart#prerequisites"
+                                }
+                            }
+                        },
+                        {
+                            "name": "deployOpenAI",
+                            "type": "Microsoft.Common.DropDown",
+                            "label": "Deploy OpenAI",
+                            "subLabel": "what is that??",
+                            "defaultValue": "false",
+                            "toolTip": "set to true if you want to deploy OpenAI",
+                            "constraints": {
+                                "required": false,
+                                "allowedValues": [
+                                    {
+                                        "label": "true",
+                                        "value": true
+                                    },
+                                    {
+                                        "label": "false",
+                                        "value": false
+                                    }
+                                ],
+                                "validations": []
+                            },
+                            "infoMessages": [],
+                            "visible": true
                         }
                     ]
                 }
@@ -1055,7 +1097,7 @@
                 "deployRedis": "[steps('flags').deployRedis]",
                 "deployAppConfig": "[steps('flags').deployAppConfig]",
                 "autoApproveAfdPrivateEndpoint": "[steps('flags').autoApproveAfdPrivateEndpoint]",
-
+                "deployOpenAI": "[steps('flags').deployOpenAI]",
                 "githubRepository": "[if( equals ( steps('extra').jumpBoxGithubRunnerSection.deployGitHubRunner, true), steps('extra').jumpBoxGithubRunnerSection.githubRepositoryUrl , '' )]",
                 "githubToken": "[if( equals ( steps('extra').jumpBoxGithubRunnerSection.deployGitHubRunner, true), steps('extra').jumpBoxGithubRunnerSection.githubToken , '' )]",
                 "adoOrganization": "[if( equals ( steps('extra').jumpBoxAzDoAgentSection.deployAzDoSelfHostedAgent, true), steps('extra').jumpBoxAzDoAgentSection.adoOrganization , '' )]",