diff --git a/assets/Deployments.png b/assets/Deployments.png new file mode 100644 index 0000000..5ef09f0 Binary files /dev/null and b/assets/Deployments.png differ diff --git a/assets/Example1.png b/assets/Example1.png new file mode 100644 index 0000000..fed95a9 Binary files /dev/null and b/assets/Example1.png differ diff --git a/assets/Example2.png b/assets/Example2.png new file mode 100644 index 0000000..43cce4e Binary files /dev/null and b/assets/Example2.png differ diff --git a/assets/Example3.png b/assets/Example3.png new file mode 100644 index 0000000..0b420cc Binary files /dev/null and b/assets/Example3.png differ diff --git a/assets/Resources.png b/assets/Resources.png new file mode 100644 index 0000000..0ddc300 Binary files /dev/null and b/assets/Resources.png differ diff --git a/assets/openai.png b/assets/openai.png new file mode 100644 index 0000000..e6ea292 Binary files /dev/null and b/assets/openai.png differ diff --git a/assets/screenshot.png b/assets/screenshot.png deleted file mode 100644 index 8b6a4ca..0000000 Binary files a/assets/screenshot.png and /dev/null differ diff --git a/assets/var-secrets.png b/assets/var-secrets.png new file mode 100644 index 0000000..7352ff6 Binary files /dev/null and b/assets/var-secrets.png differ diff --git a/examples/Create_Models_existing_OpenAI_Service/README.md b/examples/Create_Models_existing_OpenAI_Service/README.md new file mode 100644 index 0000000..8515c89 --- /dev/null +++ b/examples/Create_Models_existing_OpenAI_Service/README.md @@ -0,0 +1,7 @@ +# Automated Test 1 + +This automated test will create a new resource group, cognitive OpenAI service, and two model deployment. It will then run a test to ensure the model deployment is working as expected and save the OpenAI Account details and deployments into an Azure Key Vault ready for consumption by other services. + + + + \ No newline at end of file diff --git a/examples/Create_Models_existing_OpenAI_Service/main.tf b/examples/Create_Models_existing_OpenAI_Service/main.tf new file mode 100644 index 0000000..56aac0c --- /dev/null +++ b/examples/Create_Models_existing_OpenAI_Service/main.tf @@ -0,0 +1,57 @@ +terraform { + #backend "azurerm" {} + backend "local" { path = "terraform-test1.tfstate" } +} + +provider "azurerm" { + features { + key_vault { + purge_soft_delete_on_destroy = true + } + } +} + +################################################# +# PRE-REQS # +################################################# +### Resource group to deploy the Key Vault into +resource "azurerm_resource_group" "rg" { + name = var.resource_group_name + location = var.location + tags = var.tags +} + +################################################## +# MODULE TO TEST # +################################################## +module "openai" { + source = "Pwd9000-ML/openai-service/azurerm" + version = ">= 0.1.0" + + #common + location = var.location + tags = var.tags + + #keyvault (To store OpenAI Account and model details, if the KV needs to be created in a different resource group, create it first and pass the resource group name to the module) + keyvault_resource_group_name = azurerm_resource_group.rg.name + kv_config = var.kv_config + keyvault_firewall_default_action = var.keyvault_firewall_default_action + keyvault_firewall_bypass = var.keyvault_firewall_bypass + keyvault_firewall_allowed_ips = var.keyvault_firewall_allowed_ips + keyvault_firewall_virtual_network_subnet_ids = var.keyvault_firewall_virtual_network_subnet_ids + + #Create OpenAI Service? + create_openai_service = var.create_openai_service + openai_resource_group_name = azurerm_resource_group.rg.name + openai_account_name = var.openai_account_name + openai_custom_subdomain_name = var.openai_custom_subdomain_name + openai_sku_name = var.openai_sku_name + openai_local_auth_enabled = var.openai_local_auth_enabled + openai_outbound_network_access_restricted = var.openai_outbound_network_access_restricted + openai_public_network_access_enabled = var.openai_public_network_access_enabled + openai_identity = var.openai_identity + + #Create Model Deployment? + create_model_deployment = var.create_model_deployment + model_deployment = var.model_deployment +} \ No newline at end of file diff --git a/examples/Create_Models_existing_OpenAI_Service/testing.auto.tfvars b/examples/Create_Models_existing_OpenAI_Service/testing.auto.tfvars new file mode 100644 index 0000000..d0b9984 --- /dev/null +++ b/examples/Create_Models_existing_OpenAI_Service/testing.auto.tfvars @@ -0,0 +1,54 @@ +### Common Variables ### +resource_group_name = "Terraform-Cognitive-Services-Test" +location = "eastus" +tags = { + Terraform = "True" + Description = "Azure OpenAI Service" + Author = "Marcel Lupo" + GitHub = "https://github.com/Pwd9000-ML/terraform-azurerm-openai-service" +} + +# solution specific variables +kv_config = { + name = "openaikv9000" + sku = "standard" +} +keyvault_firewall_default_action = "Deny" +keyvault_firewall_bypass = "AzureServices" +keyvault_firewall_allowed_ips = ["0.0.0.0/0"] #for testing purposes only - allow all IPs +keyvault_firewall_virtual_network_subnet_ids = [] + +### Create OpenAI Service ### +create_openai_service = true +openai_account_name = "pwd9000" +openai_custom_subdomain_name = "pwd9000" #translates to 'pwd9000.openai.azure.com' +openai_sku_name = "S0" +openai_local_auth_enabled = true +openai_outbound_network_access_restricted = false +openai_public_network_access_enabled = true +openai_identity = { + type = "SystemAssigned" +} + +### Create Model deployment ### +create_model_deployment = true +model_deployment = [ + { + deployment_no = 1 + deployment_id = "pwd9000-gpt-35-turbo-16k" + api_type = "azure" + model = "gpt-35-turbo-16k" + model_format = "OpenAI" + model_version = "0613" + scale_type = "Standard" + }, + { + deployment_no = 2 + deployment_id = "pwd9000-gpt-35-turbo" + api_type = "azure" + model = "gpt-35-turbo" + model_format = "OpenAI" + model_version = "0613" + scale_type = "Standard" + } +] \ No newline at end of file diff --git a/examples/Create_Models_existing_OpenAI_Service/variables.tf b/examples/Create_Models_existing_OpenAI_Service/variables.tf new file mode 100644 index 0000000..5190ea5 --- /dev/null +++ b/examples/Create_Models_existing_OpenAI_Service/variables.tf @@ -0,0 +1,160 @@ +### common ### +variable "location" { + type = string + default = "uksouth" + description = "Azure region where resources will be hosted." +} + +variable "tags" { + type = map(string) + default = {} + description = "A map of key value pairs that is used to tag resources created." +} + +### solution resource group ### +variable "resource_group_name" { + type = string + description = "Name of the resource group to create where resources will be hosted." + nullable = false +} +### key vault ### +variable "kv_config" { + type = object({ + name = string + sku = string + }) + default = { + name = "openaikv9000" + sku = "standard" + } + description = "Key Vault configuration object to create azure key vault to store openai account details." + nullable = false +} + +variable "keyvault_firewall_default_action" { + type = string + default = "Deny" + description = "Default action for keyvault firewall rules." +} + +variable "keyvault_firewall_bypass" { + type = string + default = "AzureServices" + description = "List of keyvault firewall rules to bypass." +} + +variable "keyvault_firewall_allowed_ips" { + type = list(string) + default = [] + description = "value of keyvault firewall allowed ip rules." +} + +variable "keyvault_firewall_virtual_network_subnet_ids" { + type = list(string) + default = [] + description = "value of keyvault firewall allowed virtual network subnet ids." +} + +### openai service ### +variable "create_openai_service" { + type = bool + description = "Create the OpenAI service." + default = false +} + +variable "openai_account_name" { + type = string + description = "Name of the OpenAI service." + default = "demo-account" +} + +variable "openai_custom_subdomain_name" { + type = string + description = "The subdomain name used for token-based authentication. Changing this forces a new resource to be created. (normally the same as the account name)" + default = "demo-account" +} + +variable "openai_sku_name" { + type = string + description = "SKU name of the OpenAI service." + default = "S0" +} + +variable "openai_local_auth_enabled" { + type = bool + default = true + description = "Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`." +} + +variable "openai_outbound_network_access_restricted" { + type = bool + default = false + description = "Whether or not outbound network access is restricted. Defaults to `false`." +} + +variable "openai_public_network_access_enabled" { + type = bool + default = true + description = "Whether or not public network access is enabled. Defaults to `false`." +} + +variable "openai_identity" { + type = object({ + type = string + }) + default = { + type = "SystemAssigned" + } + description = <<-DESCRIPTION + type = object({ + type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`. + identity_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account. + }) + DESCRIPTION +} + +### model deployment ### +variable "create_model_deployment" { + type = bool + description = "Create the model deployment." + default = false +} + +variable "model_deployment" { + type = list(object({ + deployment_no = number + deployment_id = string + api_type = string + model = string + model_format = string + model_version = string + scale_type = string + scale_tier = optional(string) + scale_size = optional(number) + scale_family = optional(string) + scale_capacity = optional(number) + rai_policy_name = optional(string) + })) + default = [] + description = <<-DESCRIPTION + type = list(object({ + deployment_no = (Required) The unique number of each model deployment (Numbered when saved in Azure KeyVault). + deployment_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created. + api_type = (Required) The type of the Cognitive Services Account `Model Deployment`. Possible values are `azure`. + model = { + model_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI. + model = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. + model_version = (Required) The version of Cognitive Services Account Deployment model. + } + scale = { + scale_type = (Required) Deployment scale type. Possible value is Standard. Changing this forces a new resource to be created. + scale_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created. + scale_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created. + scale_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created. + scale_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created. + } + rai_policy_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created. + })) + DESCRIPTION + nullable = false +} \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_and_Models/README.md b/examples/Create_OpenAI_Service_and_Models/README.md new file mode 100644 index 0000000..a11d547 --- /dev/null +++ b/examples/Create_OpenAI_Service_and_Models/README.md @@ -0,0 +1,11 @@ +# Example: Create OpenAI Service and Models + +This example module creates a new resource group, new cognitive OpenAI service, and two model deployments. It will then run a test to ensure the model deployment is working as expected and save the OpenAI Account and Model deployment details into an Azure Key Vault ready for consumption by other services. + +![image.png]() + +![image.png]() + + + + \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_and_Models/common.auto.tfvars b/examples/Create_OpenAI_Service_and_Models/common.auto.tfvars new file mode 100644 index 0000000..e1a5d5a --- /dev/null +++ b/examples/Create_OpenAI_Service_and_Models/common.auto.tfvars @@ -0,0 +1,54 @@ +### Common Variables ### +resource_group_name = "Terraform-Cognitive-Services-Example1" +location = "uksouth" +tags = { + Terraform = "True" + Description = "Azure OpenAI Service" + Author = "Marcel Lupo" + GitHub = "https://github.com/Pwd9000-ML/terraform-azurerm-openai-service" +} + +# solution specific variables +kv_config = { + name = "openaikv1001" + sku = "standard" +} +keyvault_firewall_default_action = "Deny" +keyvault_firewall_bypass = "AzureServices" +keyvault_firewall_allowed_ips = ["0.0.0.0/0"] #for testing purposes only - allow all IPs +keyvault_firewall_virtual_network_subnet_ids = [] + +### Create OpenAI Service ### +create_openai_service = true +openai_account_name = "pwd1001" +openai_custom_subdomain_name = "pwd1001" #translates to 'pwd1001.openai.azure.com' +openai_sku_name = "S0" +openai_local_auth_enabled = true +openai_outbound_network_access_restricted = false +openai_public_network_access_enabled = true +openai_identity = { + type = "SystemAssigned" +} + +### Create Model deployment ### +create_model_deployment = true +model_deployment = [ + { + deployment_no = 1 + deployment_id = "pwd1001-gpt-35-turbo-16k" + api_type = "azure" + model = "gpt-35-turbo-16k" + model_format = "OpenAI" + model_version = "0613" + scale_type = "Standard" + }, + { + deployment_no = 2 + deployment_id = "pwd1001-gpt-35-turbo" + api_type = "azure" + model = "gpt-35-turbo" + model_format = "OpenAI" + model_version = "0613" + scale_type = "Standard" + } +] \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_and_Models/main.tf b/examples/Create_OpenAI_Service_and_Models/main.tf new file mode 100644 index 0000000..2778ab4 --- /dev/null +++ b/examples/Create_OpenAI_Service_and_Models/main.tf @@ -0,0 +1,57 @@ +terraform { + #backend "azurerm" {} + backend "local" { path = "terraform-example1.tfstate" } +} + +provider "azurerm" { + features { + key_vault { + purge_soft_delete_on_destroy = true + } + } +} + +################################################# +# PRE-REQS # +################################################# +### Resource group to deploy the Key Vault into +resource "azurerm_resource_group" "rg" { + name = var.resource_group_name + location = var.location + tags = var.tags +} + +################################################## +# MODULE TO TEST # +################################################## +module "openai" { + source = "Pwd9000-ML/openai-service/azurerm" + version = ">= 0.1.0" + + #common + location = var.location + tags = var.tags + + #keyvault (To store OpenAI Account and model details, if the KV needs to be created in a different resource group, create it first and pass the resource group name to the module) + keyvault_resource_group_name = azurerm_resource_group.rg.name + kv_config = var.kv_config + keyvault_firewall_default_action = var.keyvault_firewall_default_action + keyvault_firewall_bypass = var.keyvault_firewall_bypass + keyvault_firewall_allowed_ips = var.keyvault_firewall_allowed_ips + keyvault_firewall_virtual_network_subnet_ids = var.keyvault_firewall_virtual_network_subnet_ids + + #Create OpenAI Service? + create_openai_service = var.create_openai_service + openai_resource_group_name = azurerm_resource_group.rg.name + openai_account_name = var.openai_account_name + openai_custom_subdomain_name = var.openai_custom_subdomain_name + openai_sku_name = var.openai_sku_name + openai_local_auth_enabled = var.openai_local_auth_enabled + openai_outbound_network_access_restricted = var.openai_outbound_network_access_restricted + openai_public_network_access_enabled = var.openai_public_network_access_enabled + openai_identity = var.openai_identity + + #Create Model Deployment? + create_model_deployment = var.create_model_deployment + model_deployment = var.model_deployment +} \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_and_Models/variables.tf b/examples/Create_OpenAI_Service_and_Models/variables.tf new file mode 100644 index 0000000..c8bea78 --- /dev/null +++ b/examples/Create_OpenAI_Service_and_Models/variables.tf @@ -0,0 +1,160 @@ +### common ### +variable "location" { + type = string + default = "uksouth" + description = "Azure region where resources will be hosted." +} + +variable "tags" { + type = map(string) + default = {} + description = "A map of key value pairs that is used to tag resources created." +} + +### solution resource group ### +variable "resource_group_name" { + type = string + description = "Name of the resource group to create where resources will be hosted." + nullable = false +} +### key vault ### +variable "kv_config" { + type = object({ + name = string + sku = string + }) + default = { + name = "kvname" + sku = "standard" + } + description = "Key Vault configuration object to create azure key vault to store openai account details." + nullable = false +} + +variable "keyvault_firewall_default_action" { + type = string + default = "Deny" + description = "Default action for keyvault firewall rules." +} + +variable "keyvault_firewall_bypass" { + type = string + default = "AzureServices" + description = "List of keyvault firewall rules to bypass." +} + +variable "keyvault_firewall_allowed_ips" { + type = list(string) + default = [] + description = "value of keyvault firewall allowed ip rules." +} + +variable "keyvault_firewall_virtual_network_subnet_ids" { + type = list(string) + default = [] + description = "value of keyvault firewall allowed virtual network subnet ids." +} + +### openai service ### +variable "create_openai_service" { + type = bool + description = "Create the OpenAI service." + default = false +} + +variable "openai_account_name" { + type = string + description = "Name of the OpenAI service." + default = "demo-account" +} + +variable "openai_custom_subdomain_name" { + type = string + description = "The subdomain name used for token-based authentication. Changing this forces a new resource to be created. (normally the same as the account name)" + default = "demo-account" +} + +variable "openai_sku_name" { + type = string + description = "SKU name of the OpenAI service." + default = "S0" +} + +variable "openai_local_auth_enabled" { + type = bool + default = true + description = "Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`." +} + +variable "openai_outbound_network_access_restricted" { + type = bool + default = false + description = "Whether or not outbound network access is restricted. Defaults to `false`." +} + +variable "openai_public_network_access_enabled" { + type = bool + default = true + description = "Whether or not public network access is enabled. Defaults to `false`." +} + +variable "openai_identity" { + type = object({ + type = string + }) + default = { + type = "SystemAssigned" + } + description = <<-DESCRIPTION + type = object({ + type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`. + identity_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account. + }) + DESCRIPTION +} + +### model deployment ### +variable "create_model_deployment" { + type = bool + description = "Create the model deployment." + default = false +} + +variable "model_deployment" { + type = list(object({ + deployment_no = number + deployment_id = string + api_type = string + model = string + model_format = string + model_version = string + scale_type = string + scale_tier = optional(string) + scale_size = optional(number) + scale_family = optional(string) + scale_capacity = optional(number) + rai_policy_name = optional(string) + })) + default = [] + description = <<-DESCRIPTION + type = list(object({ + deployment_no = (Required) The unique number of each model deployment (Numbered when saved in Azure KeyVault). + deployment_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created. + api_type = (Required) The type of the Cognitive Services Account `Model Deployment`. Possible values are `azure`. + model = { + model_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI. + model = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. + model_version = (Required) The version of Cognitive Services Account Deployment model. + } + scale = { + scale_type = (Required) Deployment scale type. Possible value is Standard. Changing this forces a new resource to be created. + scale_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created. + scale_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created. + scale_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created. + scale_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created. + } + rai_policy_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created. + })) + DESCRIPTION + nullable = false +} \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_only/README.md b/examples/Create_OpenAI_Service_only/README.md new file mode 100644 index 0000000..8515c89 --- /dev/null +++ b/examples/Create_OpenAI_Service_only/README.md @@ -0,0 +1,7 @@ +# Automated Test 1 + +This automated test will create a new resource group, cognitive OpenAI service, and two model deployment. It will then run a test to ensure the model deployment is working as expected and save the OpenAI Account details and deployments into an Azure Key Vault ready for consumption by other services. + + + + \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_only/main.tf b/examples/Create_OpenAI_Service_only/main.tf new file mode 100644 index 0000000..56aac0c --- /dev/null +++ b/examples/Create_OpenAI_Service_only/main.tf @@ -0,0 +1,57 @@ +terraform { + #backend "azurerm" {} + backend "local" { path = "terraform-test1.tfstate" } +} + +provider "azurerm" { + features { + key_vault { + purge_soft_delete_on_destroy = true + } + } +} + +################################################# +# PRE-REQS # +################################################# +### Resource group to deploy the Key Vault into +resource "azurerm_resource_group" "rg" { + name = var.resource_group_name + location = var.location + tags = var.tags +} + +################################################## +# MODULE TO TEST # +################################################## +module "openai" { + source = "Pwd9000-ML/openai-service/azurerm" + version = ">= 0.1.0" + + #common + location = var.location + tags = var.tags + + #keyvault (To store OpenAI Account and model details, if the KV needs to be created in a different resource group, create it first and pass the resource group name to the module) + keyvault_resource_group_name = azurerm_resource_group.rg.name + kv_config = var.kv_config + keyvault_firewall_default_action = var.keyvault_firewall_default_action + keyvault_firewall_bypass = var.keyvault_firewall_bypass + keyvault_firewall_allowed_ips = var.keyvault_firewall_allowed_ips + keyvault_firewall_virtual_network_subnet_ids = var.keyvault_firewall_virtual_network_subnet_ids + + #Create OpenAI Service? + create_openai_service = var.create_openai_service + openai_resource_group_name = azurerm_resource_group.rg.name + openai_account_name = var.openai_account_name + openai_custom_subdomain_name = var.openai_custom_subdomain_name + openai_sku_name = var.openai_sku_name + openai_local_auth_enabled = var.openai_local_auth_enabled + openai_outbound_network_access_restricted = var.openai_outbound_network_access_restricted + openai_public_network_access_enabled = var.openai_public_network_access_enabled + openai_identity = var.openai_identity + + #Create Model Deployment? + create_model_deployment = var.create_model_deployment + model_deployment = var.model_deployment +} \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_only/testing.auto.tfvars b/examples/Create_OpenAI_Service_only/testing.auto.tfvars new file mode 100644 index 0000000..d0b9984 --- /dev/null +++ b/examples/Create_OpenAI_Service_only/testing.auto.tfvars @@ -0,0 +1,54 @@ +### Common Variables ### +resource_group_name = "Terraform-Cognitive-Services-Test" +location = "eastus" +tags = { + Terraform = "True" + Description = "Azure OpenAI Service" + Author = "Marcel Lupo" + GitHub = "https://github.com/Pwd9000-ML/terraform-azurerm-openai-service" +} + +# solution specific variables +kv_config = { + name = "openaikv9000" + sku = "standard" +} +keyvault_firewall_default_action = "Deny" +keyvault_firewall_bypass = "AzureServices" +keyvault_firewall_allowed_ips = ["0.0.0.0/0"] #for testing purposes only - allow all IPs +keyvault_firewall_virtual_network_subnet_ids = [] + +### Create OpenAI Service ### +create_openai_service = true +openai_account_name = "pwd9000" +openai_custom_subdomain_name = "pwd9000" #translates to 'pwd9000.openai.azure.com' +openai_sku_name = "S0" +openai_local_auth_enabled = true +openai_outbound_network_access_restricted = false +openai_public_network_access_enabled = true +openai_identity = { + type = "SystemAssigned" +} + +### Create Model deployment ### +create_model_deployment = true +model_deployment = [ + { + deployment_no = 1 + deployment_id = "pwd9000-gpt-35-turbo-16k" + api_type = "azure" + model = "gpt-35-turbo-16k" + model_format = "OpenAI" + model_version = "0613" + scale_type = "Standard" + }, + { + deployment_no = 2 + deployment_id = "pwd9000-gpt-35-turbo" + api_type = "azure" + model = "gpt-35-turbo" + model_format = "OpenAI" + model_version = "0613" + scale_type = "Standard" + } +] \ No newline at end of file diff --git a/examples/Create_OpenAI_Service_only/variables.tf b/examples/Create_OpenAI_Service_only/variables.tf new file mode 100644 index 0000000..5190ea5 --- /dev/null +++ b/examples/Create_OpenAI_Service_only/variables.tf @@ -0,0 +1,160 @@ +### common ### +variable "location" { + type = string + default = "uksouth" + description = "Azure region where resources will be hosted." +} + +variable "tags" { + type = map(string) + default = {} + description = "A map of key value pairs that is used to tag resources created." +} + +### solution resource group ### +variable "resource_group_name" { + type = string + description = "Name of the resource group to create where resources will be hosted." + nullable = false +} +### key vault ### +variable "kv_config" { + type = object({ + name = string + sku = string + }) + default = { + name = "openaikv9000" + sku = "standard" + } + description = "Key Vault configuration object to create azure key vault to store openai account details." + nullable = false +} + +variable "keyvault_firewall_default_action" { + type = string + default = "Deny" + description = "Default action for keyvault firewall rules." +} + +variable "keyvault_firewall_bypass" { + type = string + default = "AzureServices" + description = "List of keyvault firewall rules to bypass." +} + +variable "keyvault_firewall_allowed_ips" { + type = list(string) + default = [] + description = "value of keyvault firewall allowed ip rules." +} + +variable "keyvault_firewall_virtual_network_subnet_ids" { + type = list(string) + default = [] + description = "value of keyvault firewall allowed virtual network subnet ids." +} + +### openai service ### +variable "create_openai_service" { + type = bool + description = "Create the OpenAI service." + default = false +} + +variable "openai_account_name" { + type = string + description = "Name of the OpenAI service." + default = "demo-account" +} + +variable "openai_custom_subdomain_name" { + type = string + description = "The subdomain name used for token-based authentication. Changing this forces a new resource to be created. (normally the same as the account name)" + default = "demo-account" +} + +variable "openai_sku_name" { + type = string + description = "SKU name of the OpenAI service." + default = "S0" +} + +variable "openai_local_auth_enabled" { + type = bool + default = true + description = "Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`." +} + +variable "openai_outbound_network_access_restricted" { + type = bool + default = false + description = "Whether or not outbound network access is restricted. Defaults to `false`." +} + +variable "openai_public_network_access_enabled" { + type = bool + default = true + description = "Whether or not public network access is enabled. Defaults to `false`." +} + +variable "openai_identity" { + type = object({ + type = string + }) + default = { + type = "SystemAssigned" + } + description = <<-DESCRIPTION + type = object({ + type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`. + identity_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account. + }) + DESCRIPTION +} + +### model deployment ### +variable "create_model_deployment" { + type = bool + description = "Create the model deployment." + default = false +} + +variable "model_deployment" { + type = list(object({ + deployment_no = number + deployment_id = string + api_type = string + model = string + model_format = string + model_version = string + scale_type = string + scale_tier = optional(string) + scale_size = optional(number) + scale_family = optional(string) + scale_capacity = optional(number) + rai_policy_name = optional(string) + })) + default = [] + description = <<-DESCRIPTION + type = list(object({ + deployment_no = (Required) The unique number of each model deployment (Numbered when saved in Azure KeyVault). + deployment_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created. + api_type = (Required) The type of the Cognitive Services Account `Model Deployment`. Possible values are `azure`. + model = { + model_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI. + model = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. + model_version = (Required) The version of Cognitive Services Account Deployment model. + } + scale = { + scale_type = (Required) Deployment scale type. Possible value is Standard. Changing this forces a new resource to be created. + scale_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created. + scale_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created. + scale_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created. + scale_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created. + } + rai_policy_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created. + })) + DESCRIPTION + nullable = false +} \ No newline at end of file diff --git a/examples/placehold b/examples/placehold deleted file mode 100644 index e69de29..0000000 diff --git a/main.tf b/main.tf index bbaa6b4..2926244 100644 --- a/main.tf +++ b/main.tf @@ -3,7 +3,7 @@ ########################## # Key Vault - Create Key Vault to save cognitive account details resource "azurerm_key_vault" "openai_kv" { - resource_group_name = var.resource_group_name + resource_group_name = var.keyvault_resource_group_name location = var.location #values from variable kv_config object name = lower(var.kv_config.name) diff --git a/tests/auto_test1/locals.tf b/tests/auto_test1/locals.tf new file mode 100644 index 0000000..9e3b3c9 --- /dev/null +++ b/tests/auto_test1/locals.tf @@ -0,0 +1,6 @@ +locals { + kv_config = { + name = "openaikv${random_integer.number.result}" + sku = "standard" + } +} \ No newline at end of file diff --git a/tests/auto_test1/main.tf b/tests/auto_test1/main.tf index af689ed..c5210b4 100644 --- a/tests/auto_test1/main.tf +++ b/tests/auto_test1/main.tf @@ -1,6 +1,6 @@ terraform { - #backend "azurerm" {} - backend "local" { path = "terraform-test1.tfstate" } + backend "azurerm" {} + #backend "local" { path = "terraform-test1.tfstate" } } provider "azurerm" { @@ -14,9 +14,15 @@ provider "azurerm" { ################################################# # PRE-REQS # ################################################# +### Random integer to generate unique names +resource "random_integer" "number" { + min = 0001 + max = 9999 +} + ### Resource group to deploy the Key Vault into resource "azurerm_resource_group" "rg" { - name = var.openai_resource_group_name + name = var.resource_group_name location = var.location tags = var.tags } @@ -33,7 +39,7 @@ module "openai" { #keyvault (To store OpenAI Account and model details, if the KV needs to be created in a different resource group, create it first and pass the resource group name to the module) keyvault_resource_group_name = azurerm_resource_group.rg.name - kv_config = var.kv_config + kv_config = local.kv_config keyvault_firewall_default_action = var.keyvault_firewall_default_action keyvault_firewall_bypass = var.keyvault_firewall_bypass keyvault_firewall_allowed_ips = var.keyvault_firewall_allowed_ips @@ -42,8 +48,8 @@ module "openai" { #Create OpenAI Service? create_openai_service = var.create_openai_service openai_resource_group_name = azurerm_resource_group.rg.name - openai_account_name = var.openai_account_name - openai_custom_subdomain_name = var.openai_custom_subdomain_name + openai_account_name = "${var.openai_account_name}${random_integer.number.result}" + openai_custom_subdomain_name = "${var.openai_custom_subdomain_name}${random_integer.number.result}" openai_sku_name = var.openai_sku_name openai_local_auth_enabled = var.openai_local_auth_enabled openai_outbound_network_access_restricted = var.openai_outbound_network_access_restricted diff --git a/tests/auto_test1/testing.auto.tfvars b/tests/auto_test1/testing.auto.tfvars index d0b9984..1e92d89 100644 --- a/tests/auto_test1/testing.auto.tfvars +++ b/tests/auto_test1/testing.auto.tfvars @@ -1,6 +1,6 @@ ### Common Variables ### -resource_group_name = "Terraform-Cognitive-Services-Test" -location = "eastus" +resource_group_name = "TF-Module-Automated-Tests-OpenAI-Service" +location = "uksouth" tags = { Terraform = "True" Description = "Azure OpenAI Service" @@ -10,7 +10,7 @@ tags = { # solution specific variables kv_config = { - name = "openaikv9000" + name = "kvname" sku = "standard" } keyvault_firewall_default_action = "Deny" @@ -20,8 +20,8 @@ keyvault_firewall_virtual_network_subnet_ids = [] ### Create OpenAI Service ### create_openai_service = true -openai_account_name = "pwd9000" -openai_custom_subdomain_name = "pwd9000" #translates to 'pwd9000.openai.azure.com' +openai_account_name = "name" +openai_custom_subdomain_name = "name" #translates to 'name.openai.azure.com' openai_sku_name = "S0" openai_local_auth_enabled = true openai_outbound_network_access_restricted = false @@ -35,7 +35,7 @@ create_model_deployment = true model_deployment = [ { deployment_no = 1 - deployment_id = "pwd9000-gpt-35-turbo-16k" + deployment_id = "name-gpt-35-turbo-16k" api_type = "azure" model = "gpt-35-turbo-16k" model_format = "OpenAI" @@ -44,7 +44,7 @@ model_deployment = [ }, { deployment_no = 2 - deployment_id = "pwd9000-gpt-35-turbo" + deployment_id = "name-gpt-35-turbo" api_type = "azure" model = "gpt-35-turbo" model_format = "OpenAI" diff --git a/tests/auto_test1/variables.tf b/tests/auto_test1/variables.tf index 5190ea5..c8bea78 100644 --- a/tests/auto_test1/variables.tf +++ b/tests/auto_test1/variables.tf @@ -24,7 +24,7 @@ variable "kv_config" { sku = string }) default = { - name = "openaikv9000" + name = "kvname" sku = "standard" } description = "Key Vault configuration object to create azure key vault to store openai account details."