Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get Latest from Main #195

Merged
merged 1 commit into from
Oct 31, 2023
Merged

Get Latest from Main #195

merged 1 commit into from
Oct 31, 2023

Conversation

thotheod
Copy link
Contributor

  • Added AI module to multitenant spoke

  • OpenAI module added to multitenant scenario with private networking config.

  • fixing bug with repeat go_version definition on appsvc_options

  • fix: variable hub_settings We have that in the documentation
    we need it for tfvars, to connect to existing hub

  • fixed something that didn't work for me

Description

Thank you for your contribution !

Please include a summary of the change and which issue is fixed.
Please also include the context.
List any dependencies that are required for this change.

Pipeline references

For module/pipeline changes, please create and attach the status badge of your successful run.

Pipeline

Type of Change

Please delete options that are not relevant.

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Update to documentation

Checklist

  • I'm sure there are no other open Pull Requests for the same update/change
  • My corresponding pipelines / checks run clean and green without any errors or warnings
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (readme)
  • I did format my code

@JinLee794 @thotheod
Added OpenAI module to multitenant spoke deployment (#190)
a06d5e0 
* Added AI module to multitenant spoke

* OpenAI module added to multitenant scenario with private networking config.

* fixing bug with repeat go_version definition on appsvc_options

* fix: variable hub_settings
We have that in the documentation
we need it for tfvars, to connect to existing hub

* fixed something that didn't work for me

---------

Co-authored-by: Thodoris Theodorou <[email protected]>
@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 

[command]/home/runner/work/_temp/ccbd24eb-6671-4c79-8514-cdb60299c932/terraform-bin show -no-color tfplan

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
::debug::Terraform exited with code 0.
::debug::stdout: %0ANo changes. Your infrastructure matches the configuration.%0A%0ATerraform has compared your real infrastructure against your configuration%0Aand found no differences, so no changes are needed.%0A
::debug::stderr: 
::debug::exitcode: 0

Pusher: @thotheod, Action: pull_request, Working Directory: scenarios/secure-baseline-multitenant/terraform/hub, Workflow: Scenario 1: Terraform HUB Multi-tenant Secure Baseline

@thotheod thotheod merged commit 56c6b7a into feature/openai-bicep Oct 31, 2023
10 of 12 checks passed
@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 

[command]/home/runner/work/_temp/cce6bf06-5087-4506-a965-fd70ac3ffb22/terraform-bin show -no-color tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.frontdoor.azurerm_monitor_diagnostic_setting.this[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "this" {
        id                             = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Cdn/profiles/sec-baseline-1-spoke-westus3-fd-eslz2-prod|sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}"
      + log_analytics_destination_type = "AzureDiagnostics"
        name                           = "sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}"
        # (2 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.openai[0].azurecaf_name.caf_name_oai will be created
  + resource "azurecaf_name" "caf_name_oai" {
      + clean_input   = true
      + id            = (known after apply)
      + passthrough   = false
      + prefixes      = [
          + "sec-baseline-1-spoke",
          + "westus3",
        ]
      + random_length = 0
      + resource_type = "azurerm_cognitive_account"
      + result        = (known after apply)
      + results       = (known after apply)
      + separator     = "-"
      + suffixes      = [
          + "prod",
        ]
      + use_slug      = true
    }

  # module.openai[0].azurecaf_name.priv_endpoint will be created
  + resource "azurecaf_name" "priv_endpoint" {
      + clean_input   = true
      + id            = (known after apply)
      + passthrough   = false
      + random_length = 0
      + resource_type = "azurerm_private_endpoint"
      + result        = (known after apply)
      + results       = (known after apply)
      + separator     = "-"
      + use_slug      = true
    }

  # module.openai[0].azurerm_cognitive_account.this will be created
  + resource "azurerm_cognitive_account" "this" {
      + custom_subdomain_name              = (known after apply)
      + endpoint                           = (known after apply)
      + id                                 = (known after apply)
      + kind                               = "OpenAI"
      + local_auth_enabled                 = true
      + location                           = "westus3"
      + name                               = (known after apply)
      + outbound_network_access_restricted = false
      + primary_access_key                 = (sensitive value)
      + public_network_access_enabled      = false
      + resource_group_name                = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2"
      + secondary_access_key               = (sensitive value)
      + sku_name                           = "S0"
      + tags                               = {
          + "Environment" = "prod"
          + "Owner"       = "[email protected]"
          + "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"
          + "Terraform"   = "true"
          + "module"      = "openai"
        }

      + identity {
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = "SystemAssigned"
        }

      + network_acls {
          + default_action = "Deny"

          + virtual_network_rules {
              + ignore_missing_vnet_service_endpoint = true
              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/devops"
            }
          + virtual_network_rules {
              + ignore_missing_vnet_service_endpoint = true
              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/ingress"
            }
          + virtual_network_rules {
              + ignore_missing_vnet_service_endpoint = true
              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink"
            }
          + virtual_network_rules {
              + ignore_missing_vnet_service_endpoint = true
              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/serverFarm"
            }
        }
    }

  # module.openai[0].azurerm_cognitive_deployment.this["gpt-35-turbo"] will be created
  + resource "azurerm_cognitive_deployment" "this" {
      + cognitive_account_id = (known after apply)
      + id                   = (known after apply)
      + name                 = "gpt-35-turbo"

      + model {
          + format  = "OpenAI"
          + name    = "gpt-35-turbo"
          + version = "0613"
        }

      + scale {
          + capacity = 1
          + type     = "Standard"
        }
    }

  # module.openai[0].azurerm_cognitive_deployment.this["text-embedding-ada-002"] will be created
  + resource "azurerm_cognitive_deployment" "this" {
      + cognitive_account_id = (known after apply)
      + id                   = (known after apply)
      + name                 = "text-embedding-ada-002"

      + model {
          + format  = "OpenAI"
          + name    = "text-embedding-ada-002"
          + version = "2"
        }

      + scale {
          + capacity = 1
          + type     = "Standard"
        }
    }

  # module.private_dns_zones[1].azurerm_private_dns_zone.this must be replaced
-/+ resource "azurerm_private_dns_zone" "this" {
      ~ id                                                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net" -> (known after apply)
      ~ max_number_of_record_sets                             = 25000 -> (known after apply)
      ~ max_number_of_virtual_network_links                   = 1000 -> (known after apply)
      ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)
      ~ name                                                  = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement
      ~ number_of_record_sets                                 = 2 -> (known after apply)
        tags                                                  = {
            "Environment" = "prod"
            "Owner"       = "[email protected]"
            "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"
            "Terraform"   = "true"
            "module"      = "private-dns-zone"
        }
        # (1 unchanged attribute hidden)

      - soa_record {
          - email         = "azureprivatedns-host.microsoft.com" -> null
          - expire_time   = 2419200 -> null
          - fqdn          = "privatelink.database.windows.net." -> null
          - host_name     = "azureprivatedns.net" -> null
          - minimum_ttl   = 10 -> null
          - refresh_time  = 3600 -> null
          - retry_time    = 300 -> null
          - serial_number = 1 -> null
          - tags          = {} -> null
          - ttl           = 3600 -> null
        }
    }

  # module.private_dns_zones[1].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced
-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {
      ~ id                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)
        name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"
      ~ private_dns_zone_name = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement
      - tags                  = {} -> null
        # (3 unchanged attributes hidden)
    }

  # module.private_dns_zones[2].azurerm_private_dns_zone.this must be replaced
-/+ resource "azurerm_private_dns_zone" "this" {
      ~ id                                                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" -> (known after apply)
      ~ max_number_of_record_sets                             = 25000 -> (known after apply)
      ~ max_number_of_virtual_network_links                   = 1000 -> (known after apply)
      ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)
      ~ name                                                  = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement
      ~ number_of_record_sets                                 = 2 -> (known after apply)
        tags                                                  = {
            "Environment" = "prod"
            "Owner"       = "[email protected]"
            "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"
            "Terraform"   = "true"
            "module"      = "private-dns-zone"
        }
        # (1 unchanged attribute hidden)

      - soa_record {
          - email         = "azureprivatedns-host.microsoft.com" -> null
          - expire_time   = 2419200 -> null
          - fqdn          = "privatelink.azconfig.io." -> null
          - host_name     = "azureprivatedns.net" -> null
          - minimum_ttl   = 10 -> null
          - refresh_time  = 3600 -> null
          - retry_time    = 300 -> null
          - serial_number = 1 -> null
          - tags          = {} -> null
          - ttl           = 3600 -> null
        }
    }

  # module.private_dns_zones[2].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced
-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {
      ~ id                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)
        name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"
      ~ private_dns_zone_name = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement
      - tags                  = {} -> null
        # (3 unchanged attributes hidden)
    }

  # module.private_dns_zones[3].azurerm_private_dns_zone.this must be replaced
-/+ resource "azurerm_private_dns_zone" "this" {
      ~ id                                                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" -> (known after apply)
      ~ max_number_of_record_sets                             = 25000 -> (known after apply)
      ~ max_number_of_virtual_network_links                   = 1000 -> (known after apply)
      ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)
      ~ name                                                  = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement
      ~ number_of_record_sets                                 = 2 -> (known after apply)
        tags                                                  = {
            "Environment" = "prod"
            "Owner"       = "[email protected]"
            "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"
            "Terraform"   = "true"
            "module"      = "private-dns-zone"
        }
        # (1 unchanged attribute hidden)

      - soa_record {
          - email         = "azureprivatedns-host.microsoft.com" -> null
          - expire_time   = 2419200 -> null
          - fqdn          = "privatelink.vaultcore.azure.net." -> null
          - host_name     = "azureprivatedns.net" -> null
          - minimum_ttl   = 10 -> null
          - refresh_time  = 3600 -> null
          - retry_time    = 300 -> null
          - serial_number = 1 -> null
          - tags          = {} -> null
          - ttl           = 3600 -> null
        }
    }

  # module.private_dns_zones[3].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced
-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {
      ~ id                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)
        name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"
      ~ private_dns_zone_name = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement
      - tags                  = {} -> null
        # (3 unchanged attributes hidden)
    }

  # module.private_dns_zones[5].azurerm_private_dns_zone.this will be created
  + resource "azurerm_private_dns_zone" "this" {
      + id                                                    = (known after apply)
      + max_number_of_record_sets                             = (known after apply)
      + max_number_of_virtual_network_links                   = (known after apply)
      + max_number_of_virtual_network_links_with_registration = (known after apply)
      + name                                                  = "privatelink.openai.azure.com"
      + number_of_record_sets                                 = (known after apply)
      + resource_group_name                                   = "sec-baseline-1-hub-wus2-rg-eslz2"
      + tags                                                  = {
          + "Environment" = "prod"
          + "Owner"       = "[email protected]"
          + "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"
          + "Terraform"   = "true"
          + "module"      = "private-dns-zone"
        }
    }

  # module.private_dns_zones[5].azurerm_private_dns_zone_virtual_network_link.this[0] will be created
  + resource "azurerm_private_dns_zone_virtual_network_link" "this" {
      + id                    = (known after apply)
      + name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"
      + private_dns_zone_name = "privatelink.openai.azure.com"
      + registration_enabled  = false
      + resource_group_name   = "sec-baseline-1-hub-wus2-rg-eslz2"
      + virtual_network_id    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-hub-wus2-vnet-eslz2-prod"
    }

  # module.openai[0].module.private_endpoint.azurerm_private_endpoint.this will be created
  + resource "azurerm_private_endpoint" "this" {
      + custom_dns_configs       = (known after apply)
      + id                       = (known after apply)
      + location                 = "westus3"
      + name                     = (known after apply)
      + network_interface        = (known after apply)
      + private_dns_zone_configs = (known after apply)
      + resource_group_name      = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2"
      + subnet_id                = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink"
      + tags                     = {
          + "module" = "private-endpoint"
        }

      + private_service_connection {
          + is_manual_connection           = false
          + name                           = (known after apply)
          + private_connection_resource_id = (known after apply)
          + private_ip_address             = (known after apply)
          + subresource_names              = [
              + "account",
            ]
        }
    }

  # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[0] will be updated in-place
  ~ resource "azurerm_private_dns_a_record" "this" {
        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2"
        name                = "eslz2"
      ~ tags                = {
          + "module" = "private-endpoint"
        }
        # (5 unchanged attributes hidden)
    }

  # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[1] will be updated in-place
  ~ resource "azurerm_private_dns_a_record" "this" {
        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2.scm"
        name                = "eslz2.scm"
      ~ tags                = {
          + "module" = "private-endpoint"
        }
        # (5 unchanged attributes hidden)
    }

  # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_endpoint.this will be updated in-place
  ~ resource "azurerm_private_endpoint" "this" {
        id                       = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2"
        name                     = "pe-eslz2"
      ~ tags                     = {
          + "module" = "private-endpoint"
        }
        # (6 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[0] will be updated in-place
  ~ resource "azurerm_private_dns_a_record" "this" {
        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging"
        name                = "eslz2-staging"
      ~ tags                = {
          + "module" = "private-endpoint"
        }
        # (5 unchanged attributes hidden)
    }

  # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[1] will be updated in-place
  ~ resource "azurerm_private_dns_a_record" "this" {
        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging.scm"
        name                = "eslz2-staging.scm"
      ~ tags                = {
          + "module" = "private-endpoint"
        }
        # (5 unchanged attributes hidden)
    }

  # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_endpoint.this will be updated in-place
  ~ resource "azurerm_private_endpoint" "this" {
        id                       = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2-staging"
        name                     = "pe-eslz2-staging"
      ~ tags                     = {
          + "module" = "private-endpoint"
        }
        # (6 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 14 to add, 7 to change, 6 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.frontdoor.azurerm_monitor_diagnostic_setting.this[0] will be updated in-place%0A  ~ resource "azurerm_monitor_diagnostic_setting" "this" {%0A        id                             = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Cdn/profiles/sec-baseline-1-spoke-westus3-fd-eslz2-prod|sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}"%0A      + log_analytics_destination_type = "AzureDiagnostics"%0A        name                           = "sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}"%0A        # (2 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.openai[0].azurecaf_name.caf_name_oai will be created%0A  + resource "azurecaf_name" "caf_name_oai" {%0A      + clean_input   = true%0A      + id            = (known after apply)%0A      + passthrough   = false%0A      + prefixes      = [%0A          + "sec-baseline-1-spoke",%0A          + "westus3",%0A        ]%0A      + random_length = 0%0A      + resource_type = "azurerm_cognitive_account"%0A      + result        = (known after apply)%0A      + results       = (known after apply)%0A      + separator     = "-"%0A      + suffixes      = [%0A          + "prod",%0A        ]%0A      + use_slug      = true%0A    }%0A%0A  # module.openai[0].azurecaf_name.priv_endpoint will be created%0A  + resource "azurecaf_name" "priv_endpoint" {%0A      + clean_input   = true%0A      + id            = (known after apply)%0A      + passthrough   = false%0A      + random_length = 0%0A      + resource_type = "azurerm_private_endpoint"%0A      + result        = (known after apply)%0A      + results       = (known after apply)%0A      + separator     = "-"%0A      + use_slug      = true%0A    }%0A%0A  # module.openai[0].azurerm_cognitive_account.this will be created%0A  + resource "azurerm_cognitive_account" "this" {%0A      + custom_subdomain_name              = (known after apply)%0A      + endpoint                           = (known after apply)%0A      + id                                 = (known after apply)%0A      + kind                               = "OpenAI"%0A      + local_auth_enabled                 = true%0A      + location                           = "westus3"%0A      + name                               = (known after apply)%0A      + outbound_network_access_restricted = false%0A      + primary_access_key                 = (sensitive value)%0A      + public_network_access_enabled      = false%0A      + resource_group_name                = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2"%0A      + secondary_access_key               = (sensitive value)%0A      + sku_name                           = "S0"%0A      + tags                               = {%0A          + "Environment" = "prod"%0A          + "Owner"       = "[email protected]"%0A          + "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A          + "Terraform"   = "true"%0A          + "module"      = "openai"%0A        }%0A%0A      + identity {%0A          + principal_id = (known after apply)%0A          + tenant_id    = (known after apply)%0A          + type         = "SystemAssigned"%0A        }%0A%0A      + network_acls {%0A          + default_action = "Deny"%0A%0A          + virtual_network_rules {%0A              + ignore_missing_vnet_service_endpoint = true%0A              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/devops"%0A            }%0A          + virtual_network_rules {%0A              + ignore_missing_vnet_service_endpoint = true%0A              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/ingress"%0A            }%0A          + virtual_network_rules {%0A              + ignore_missing_vnet_service_endpoint = true%0A              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink"%0A            }%0A          + virtual_network_rules {%0A              + ignore_missing_vnet_service_endpoint = true%0A              + subnet_id                            = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/serverFarm"%0A            }%0A        }%0A    }%0A%0A  # module.openai[0].azurerm_cognitive_deployment.this["gpt-35-turbo"] will be created%0A  + resource "azurerm_cognitive_deployment" "this" {%0A      + cognitive_account_id = (known after apply)%0A      + id                   = (known after apply)%0A      + name                 = "gpt-35-turbo"%0A%0A      + model {%0A          + format  = "OpenAI"%0A          + name    = "gpt-35-turbo"%0A          + version = "0613"%0A        }%0A%0A      + scale {%0A          + capacity = 1%0A          + type     = "Standard"%0A        }%0A    }%0A%0A  # module.openai[0].azurerm_cognitive_deployment.this["text-embedding-ada-002"] will be created%0A  + resource "azurerm_cognitive_deployment" "this" {%0A      + cognitive_account_id = (known after apply)%0A      + id                   = (known after apply)%0A      + name                 = "text-embedding-ada-002"%0A%0A      + model {%0A          + format  = "OpenAI"%0A          + name    = "text-embedding-ada-002"%0A          + version = "2"%0A        }%0A%0A      + scale {%0A          + capacity = 1%0A          + type     = "Standard"%0A        }%0A    }%0A%0A  # module.private_dns_zones[1].azurerm_private_dns_zone.this must be replaced%0A-/+ resource "azurerm_private_dns_zone" "this" {%0A      ~ id                                                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net" -> (known after apply)%0A      ~ max_number_of_record_sets                             = 25000 -> (known after apply)%0A      ~ max_number_of_virtual_network_links                   = 1000 -> (known after apply)%0A      ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)%0A      ~ name                                                  = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement%0A      ~ number_of_record_sets                                 = 2 -> (known after apply)%0A        tags                                                  = {%0A            "Environment" = "prod"%0A            "Owner"       = "[email protected]"%0A            "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A            "Terraform"   = "true"%0A            "module"      = "private-dns-zone"%0A        }%0A        # (1 unchanged attribute hidden)%0A%0A      - soa_record {%0A          - email         = "azureprivatedns-host.microsoft.com" -> null%0A          - expire_time   = 2419200 -> null%0A          - fqdn          = "privatelink.database.windows.net." -> null%0A          - host_name     = "azureprivatedns.net" -> null%0A          - minimum_ttl   = 10 -> null%0A          - refresh_time  = 3600 -> null%0A          - retry_time    = 300 -> null%0A          - serial_number = 1 -> null%0A          - tags          = {} -> null%0A          - ttl           = 3600 -> null%0A        }%0A    }%0A%0A  # module.private_dns_zones[1].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced%0A-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A      ~ id                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)%0A        name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A      ~ private_dns_zone_name = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement%0A      - tags                  = {} -> null%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.private_dns_zones[2].azurerm_private_dns_zone.this must be replaced%0A-/+ resource "azurerm_private_dns_zone" "this" {%0A      ~ id                                                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" -> (known after apply)%0A      ~ max_number_of_record_sets                             = 25000 -> (known after apply)%0A      ~ max_number_of_virtual_network_links                   = 1000 -> (known after apply)%0A      ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)%0A      ~ name                                                  = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement%0A      ~ number_of_record_sets                                 = 2 -> (known after apply)%0A        tags                                                  = {%0A            "Environment" = "prod"%0A            "Owner"       = "[email protected]"%0A            "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A            "Terraform"   = "true"%0A            "module"      = "private-dns-zone"%0A        }%0A        # (1 unchanged attribute hidden)%0A%0A      - soa_record {%0A          - email         = "azureprivatedns-host.microsoft.com" -> null%0A          - expire_time   = 2419200 -> null%0A          - fqdn          = "privatelink.azconfig.io." -> null%0A          - host_name     = "azureprivatedns.net" -> null%0A          - minimum_ttl   = 10 -> null%0A          - refresh_time  = 3600 -> null%0A          - retry_time    = 300 -> null%0A          - serial_number = 1 -> null%0A          - tags          = {} -> null%0A          - ttl           = 3600 -> null%0A        }%0A    }%0A%0A  # module.private_dns_zones[2].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced%0A-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A      ~ id                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)%0A        name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A      ~ private_dns_zone_name = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement%0A      - tags                  = {} -> null%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.private_dns_zones[3].azurerm_private_dns_zone.this must be replaced%0A-/+ resource "azurerm_private_dns_zone" "this" {%0A      ~ id                                                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" -> (known after apply)%0A      ~ max_number_of_record_sets                             = 25000 -> (known after apply)%0A      ~ max_number_of_virtual_network_links                   = 1000 -> (known after apply)%0A      ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)%0A      ~ name                                                  = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement%0A      ~ number_of_record_sets                                 = 2 -> (known after apply)%0A        tags                                                  = {%0A            "Environment" = "prod"%0A            "Owner"       = "[email protected]"%0A            "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A            "Terraform"   = "true"%0A            "module"      = "private-dns-zone"%0A        }%0A        # (1 unchanged attribute hidden)%0A%0A      - soa_record {%0A          - email         = "azureprivatedns-host.microsoft.com" -> null%0A          - expire_time   = 2419200 -> null%0A          - fqdn          = "privatelink.vaultcore.azure.net." -> null%0A          - host_name     = "azureprivatedns.net" -> null%0A          - minimum_ttl   = 10 -> null%0A          - refresh_time  = 3600 -> null%0A          - retry_time    = 300 -> null%0A          - serial_number = 1 -> null%0A          - tags          = {} -> null%0A          - ttl           = 3600 -> null%0A        }%0A    }%0A%0A  # module.private_dns_zones[3].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced%0A-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A      ~ id                    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)%0A        name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A      ~ private_dns_zone_name = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement%0A      - tags                  = {} -> null%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.private_dns_zones[5].azurerm_private_dns_zone.this will be created%0A  + resource "azurerm_private_dns_zone" "this" {%0A      + id                                                    = (known after apply)%0A      + max_number_of_record_sets                             = (known after apply)%0A      + max_number_of_virtual_network_links                   = (known after apply)%0A      + max_number_of_virtual_network_links_with_registration = (known after apply)%0A      + name                                                  = "privatelink.openai.azure.com"%0A      + number_of_record_sets                                 = (known after apply)%0A      + resource_group_name                                   = "sec-baseline-1-hub-wus2-rg-eslz2"%0A      + tags                                                  = {%0A          + "Environment" = "prod"%0A          + "Owner"       = "[email protected]"%0A          + "Project"     = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A          + "Terraform"   = "true"%0A          + "module"      = "private-dns-zone"%0A        }%0A    }%0A%0A  # module.private_dns_zones[5].azurerm_private_dns_zone_virtual_network_link.this[0] will be created%0A  + resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A      + id                    = (known after apply)%0A      + name                  = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A      + private_dns_zone_name = "privatelink.openai.azure.com"%0A      + registration_enabled  = false%0A      + resource_group_name   = "sec-baseline-1-hub-wus2-rg-eslz2"%0A      + virtual_network_id    = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A    }%0A%0A  # module.openai[0].module.private_endpoint.azurerm_private_endpoint.this will be created%0A  + resource "azurerm_private_endpoint" "this" {%0A      + custom_dns_configs       = (known after apply)%0A      + id                       = (known after apply)%0A      + location                 = "westus3"%0A      + name                     = (known after apply)%0A      + network_interface        = (known after apply)%0A      + private_dns_zone_configs = (known after apply)%0A      + resource_group_name      = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2"%0A      + subnet_id                = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink"%0A      + tags                     = {%0A          + "module" = "private-endpoint"%0A        }%0A%0A      + private_service_connection {%0A          + is_manual_connection           = false%0A          + name                           = (known after apply)%0A          + private_connection_resource_id = (known after apply)%0A          + private_ip_address             = (known after apply)%0A          + subresource_names              = [%0A              + "account",%0A            ]%0A        }%0A    }%0A%0A  # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[0] will be updated in-place%0A  ~ resource "azurerm_private_dns_a_record" "this" {%0A        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2"%0A        name                = "eslz2"%0A      ~ tags                = {%0A          + "module" = "private-endpoint"%0A        }%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[1] will be updated in-place%0A  ~ resource "azurerm_private_dns_a_record" "this" {%0A        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2.scm"%0A        name                = "eslz2.scm"%0A      ~ tags                = {%0A          + "module" = "private-endpoint"%0A        }%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_endpoint.this will be updated in-place%0A  ~ resource "azurerm_private_endpoint" "this" {%0A        id                       = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2"%0A        name                     = "pe-eslz2"%0A      ~ tags                     = {%0A          + "module" = "private-endpoint"%0A        }%0A        # (6 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[0] will be updated in-place%0A  ~ resource "azurerm_private_dns_a_record" "this" {%0A        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging"%0A        name                = "eslz2-staging"%0A      ~ tags                = {%0A          + "module" = "private-endpoint"%0A        }%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[1] will be updated in-place%0A  ~ resource "azurerm_private_dns_a_record" "this" {%0A        id                  = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging.scm"%0A        name                = "eslz2-staging.scm"%0A      ~ tags                = {%0A          + "module" = "private-endpoint"%0A        }%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_endpoint.this will be updated in-place%0A  ~ resource "azurerm_private_endpoint" "this" {%0A        id                       = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2-staging"%0A        name                     = "pe-eslz2-staging"%0A      ~ tags                     = {%0A          + "module" = "private-endpoint"%0A        }%0A        # (6 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0APlan: 14 to add, 7 to change, 6 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Pusher: @thotheod, Action: pull_request, Working Directory: scenarios/secure-baseline-multitenant/terraform/spoke, Workflow: Scenario 1: Terraform SPOKE Multi-tenant Secure Baseline

kunalbabre pushed a commit that referenced this pull request Nov 9, 2023
@thotheod @ibersanoMS @JinLee794
Feature/openai bicep (#196)
a5c0aa7 
* feat: Create openai module for bicep

* feat: Rename openai.module.bicep to openai.bicep

* feat: add initial openai module

* feat: added openai module to spoke

* feat: OpenAI behind PE: work in progress

* feat: openAI with GPT34turbo deployment-Bicep

* fix: eliminate warning

* fix: implicit param (false) to deploy openAI Model
docs: fix relevant docs

* docs fix

* feat: ARM deployment for openAI

* Get Latest from Main (#195)

Co-authored-by: Jin Lee <[email protected]>

---------

Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Jin Lee <[email protected]>
jonlester pushed a commit that referenced this pull request May 20, 2024
@thotheod @ibersanoMS @JinLee794
Feature/openai bicep (#196)
2a8f09d 
* feat: Create openai module for bicep

* feat: Rename openai.module.bicep to openai.bicep

* feat: add initial openai module

* feat: added openai module to spoke

* feat: OpenAI behind PE: work in progress

* feat: openAI with GPT34turbo deployment-Bicep

* fix: eliminate warning

* fix: implicit param (false) to deploy openAI Model
docs: fix relevant docs

* docs fix

* feat: ARM deployment for openAI

* Get Latest from Main (#195)

Co-authored-by: Jin Lee <[email protected]>

---------

Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Jin Lee <[email protected]>
ibersanoMS added a commit that referenced this pull request Oct 1, 2024
@thotheod @ibersanoMS @JinLee794
Feature/openai bicep (#196)
b60063c 
* feat: Create openai module for bicep

* feat: Rename openai.module.bicep to openai.bicep

* feat: add initial openai module

* feat: added openai module to spoke

* feat: OpenAI behind PE: work in progress

* feat: openAI with GPT34turbo deployment-Bicep

* fix: eliminate warning

* fix: implicit param (false) to deploy openAI Model
docs: fix relevant docs

* docs fix

* feat: ARM deployment for openAI

* Get Latest from Main (#195)

Co-authored-by: Jin Lee <[email protected]>

---------

Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Isabelle Bersano <[email protected]>
Co-authored-by: Jin Lee <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thotheod @JinLee794