-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathai-hub-project.bicep
153 lines (143 loc) · 5.55 KB
/
ai-hub-project.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
import { roleAssignmentInfo } from '../security/managed-identity.bicep'
import { serverlessModelDeploymentInfo, serverlessModelDeploymentOutputInfo } from './ai-hub-model-serverless-endpoint.bicep'
import { connectionInfo } from 'ai-hub-connection.bicep'
import { diagnosticSettingsInfo } from '../management_governance/log-analytics-workspace.bicep'
@description('Name of the resource.')
param name string
@description('Location to deploy the resource. Defaults to the location of the resource group.')
param location string = resourceGroup().location
@description('Tags for the resource.')
param tags object = {}
@description('Name for the AI Hub resource associated with the AI Hub project.')
param aiHubName string
@description('Friendly name for the AI Hub project.')
param friendlyName string = name
@description('Description for the AI Hub project.')
param descriptionInfo string = 'Azure AI Hub Project'
@description('Whether to enable public network access. Defaults to Enabled.')
@allowed([
'Enabled'
'Disabled'
])
param publicNetworkAccess string = 'Enabled'
@description('Whether or not to use credentials for the system datastores of the workspace. Defaults to identity.')
@allowed([
'accessKey'
'identity'
])
param systemDatastoresAuthMode string = 'identity'
@description('ID for the Managed Identity associated with the AI Hub project. Defaults to the system-assigned identity.')
param identityId string?
@description('Serverless model deployments for the AI Hub project.')
param serverlessModels serverlessModelDeploymentInfo[] = []
@description('Resource connections associated with the AI Hub project.')
param connections connectionInfo[] = []
@description('Role assignments to create for the AI Hub project instance.')
param roleAssignments roleAssignmentInfo[] = []
@description('Name of the Log Analytics Workspace to use for diagnostic settings.')
param logAnalyticsWorkspaceName string?
@description('Diagnostic settings to configure for the AI Hub project instance. Defaults to all logs and metrics.')
param diagnosticSettings diagnosticSettingsInfo = {
logs: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
}
resource aiHub 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' existing = {
name: aiHubName
}
resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' = {
name: name
location: location
tags: tags
kind: 'Project'
identity: {
type: identityId == null ? 'SystemAssigned' : 'UserAssigned'
userAssignedIdentities: identityId == null
? null
: {
'${identityId}': {}
}
}
sku: {
name: 'Basic'
tier: 'Basic'
}
properties: {
friendlyName: friendlyName
description: descriptionInfo
hubResourceId: aiHub.id
publicNetworkAccess: publicNetworkAccess
systemDatastoresAuthMode: systemDatastoresAuthMode
primaryUserAssignedIdentity: identityId
}
}
module aiHubConnections 'ai-hub-connection.bicep' = [
for connection in connections: {
name: connection.name
params: {
aiHubName: aiHubProject.name
connection: connection
}
}
]
module serverlessModelEndpoints 'ai-hub-model-serverless-endpoint.bicep' = [
for serverlessModel in serverlessModels: {
name: serverlessModel.name
params: {
name: serverlessModel.name
aiHubName: aiHubProject.name
model: serverlessModel.model
keyVaultConfig: serverlessModel.keyVaultConfig
}
}
]
resource assignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
for roleAssignment in roleAssignments: {
name: guid(aiHubProject.id, roleAssignment.principalId, roleAssignment.roleDefinitionId)
scope: aiHubProject
properties: {
principalId: roleAssignment.principalId
roleDefinitionId: roleAssignment.roleDefinitionId
principalType: roleAssignment.principalType
}
}
]
resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = if (logAnalyticsWorkspaceName != null) {
name: logAnalyticsWorkspaceName!
}
resource aiHubProjectDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (logAnalyticsWorkspaceName != null) {
name: '${aiHubProject.name}-diagnostic-settings'
scope: aiHubProject
properties: {
workspaceId: logAnalyticsWorkspace.id
logs: diagnosticSettings!.logs
metrics: diagnosticSettings!.metrics
}
}
@description('The deployed AI Hub project resource.')
output resource resource = aiHubProject
@description('ID for the deployed AI Hub project resource.')
output id string = aiHubProject.id
@description('Name for the deployed AI Hub project resource.')
output name string = aiHubProject.name
@description('Identity principal ID for the deployed AI Hub project resource.')
output identityPrincipalId string? = identityId == null ? aiHubProject.identity.principalId : identityId
@description('Serverless model deployments for the AI Hub project.')
output serverlessModelDeployments serverlessModelDeploymentOutputInfo[] = [
for (item, index) in serverlessModels: {
id: serverlessModelEndpoints[index].outputs.id
name: serverlessModelEndpoints[index].outputs.name
endpoint: serverlessModelEndpoints[index].outputs.endpoint
primaryKeySecretName: serverlessModelEndpoints[index].outputs.primaryKeySecretName
secondaryKeySecretName: serverlessModelEndpoints[index].outputs.secondaryKeySecretName
}
]