-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathvariables.tf
236 lines (214 loc) · 8.62 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
##################################################
# VARIABLES #
##################################################
###Common###
variable "tags" {
type = map(string)
default = {
Terraform = "True"
Description = "Azure OpenAI service."
Author = "Marcel Lupo"
GitHub = "https://github.com/Pwd9000-ML/terraform-azurerm-openai-service"
}
description = "A map of key value pairs that is used to tag resources created."
}
variable "location" {
type = string
default = "uksouth"
description = "Azure region to deploy resources to."
}
# solution resource group
variable "keyvault_resource_group_name" {
type = string
description = "Name of the resource group where the Key Vault will be hosted."
nullable = false
}
###Key Vault###
variable "kv_config" {
type = object({
name = string
sku = string
})
default = {
name = "openaikv9000"
sku = "standard"
}
description = "Key Vault configuration object to create azure key vault to store openai account details."
nullable = false
}
variable "keyvault_firewall_default_action" {
type = string
default = "Deny"
description = "Default action for key vault firewall rules."
}
variable "keyvault_firewall_bypass" {
type = string
default = "AzureServices"
description = "List of key vault firewall rules to bypass."
}
variable "keyvault_firewall_allowed_ips" {
type = list(string)
default = []
description = "value of key vault firewall allowed ip rules."
}
variable "keyvault_firewall_virtual_network_subnet_ids" {
type = list(string)
default = []
description = "value of key vault firewall allowed virtual network subnet ids."
}
##########################################
# OpenAI Service #
##########################################
variable "create_openai_service" {
type = bool
description = "Create the OpenAI service."
default = false
}
variable "openai_resource_group_name" {
type = string
description = "Name of the resource group where the cognitive account OpenAI service is hosted (if different from solution resource group)."
nullable = false
}
variable "openai_account_name" {
type = string
description = "Name of the OpenAI service."
default = "demo-account"
}
variable "openai_sku_name" {
type = string
description = "SKU name of the OpenAI service."
default = "S0"
}
variable "openai_custom_subdomain_name" {
type = string
description = "The subdomain name used for token-based authentication. Changing this forces a new resource to be created (normally the same as variable `openai_account_name`)"
default = "demo-account"
}
variable "openai_dynamic_throttling_enabled" {
type = bool
description = "Determines whether or not dynamic throttling is enabled. If set to `true`, dynamic throttling will be enabled. If set to `false`, dynamic throttling will not be enabled."
default = null
}
variable "openai_fqdns" {
type = list(string)
description = "List of FQDNs allowed for the Cognitive Account."
default = null
}
variable "openai_local_auth_enabled" {
type = bool
description = "Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`."
default = true
}
variable "openai_outbound_network_access_restricted" {
type = bool
description = "Whether or not outbound network access is restricted."
default = false
}
variable "openai_public_network_access_enabled" {
type = bool
description = "Whether or not public network access is enabled for the Cognitive Account."
default = true
}
variable "openai_customer_managed_key" {
type = object({
key_vault_key_id = string
identity_client_id = optional(string)
})
default = null
description = <<-DESCRIPTION
type = object({
key_vault_key_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity_client_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
})
DESCRIPTION
}
variable "openai_identity" {
type = object({
type = string
identity_ids = optional(list(string))
})
default = null
description = <<-DESCRIPTION
type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
})
DESCRIPTION
}
variable "openai_network_acls" {
type = set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
}))
default = null
description = <<-DESCRIPTION
type = set(object({
default_action = (Required) The Default Action to use when no rules match from ip_rules / virtual_network_rules. Possible values are `Allow` and `Deny`.
ip_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual_network_rules = optional(set(object({
subnet_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore_missing_vnet_service_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
}))
DESCRIPTION
}
variable "openai_storage" {
type = list(object({
storage_account_id = string
identity_client_id = optional(string)
}))
default = []
description = <<-DESCRIPTION
type = list(object({
storage_account_id = (Required) Full resource id of a Microsoft.Storage resource.
identity_client_id = (Optional) The client ID of the managed identity associated with the storage resource.
}))
DESCRIPTION
nullable = false
}
##########################################
# Model Deployment #
##########################################
variable "create_model_deployment" {
type = bool
description = "Create the model deployment."
default = false
}
variable "model_deployment" {
type = list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
}))
default = []
description = <<-DESCRIPTION
type = list(object({
deployment_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model_name = {
model_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai_policy_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
}))
DESCRIPTION
nullable = false
}