Add AI Foundry

.github/workflows/terraform.yml

@@ -36,7 +36,7 @@ jobs:
       tenant_id: "37963dd4-f4e6-40f8-a7d6-24b97919e452"
       subscription_id: "9842be63-c8c0-4647-a5d1-0c5e7f8bbb25"
     secrets:
-      CLIENT_ID_PLAN: ${{ secrets.CLIENT_ID_PLAN }}
+      CLIENT_ID_PLAN: ${{ secrets.CLIENT_ID }}
       CLIENT_ID_APPLY: ${{ secrets.CLIENT_ID }}
 
   terraform_destroy:

README.md

@@ -242,6 +242,7 @@ object(
       storage_subnet                        = string
       consumption_subnet                    = string
       fabric_subnet                         = string
+      aifoundry_subnet                      = optional(string, "")
       databricks_engineering_private_subnet = string
       databricks_engineering_public_subnet  = string
       databricks_consumption_private_subnet = optional(string, "")
@@ -260,6 +261,29 @@ Type: `string`
 
 The following input variables are optional (have default values):
 
+### <a name="input_ai_foundry_account_details"></a> [ai\_foundry\_account\_details](#input\_ai\_foundry\_account\_details)
+
+Description: Specifies the ai foundry configuration.
+
+Type:
+
+```hcl
+object({
+    enabled = optional(bool, false)
+    search_service = optional(object({
+      sku                 = optional(string, "basic")
+      semantic_search_sku = optional(string, "standard")
+      partition_count     = optional(number, 1)
+      replica_count       = optional(number, 1)
+    }), {})
+    cosmos_db = optional(object({
+      consistency_level = optional(string, "Session")
+    }), {})
+  })
+```
+
+Default: `{}`
+
 ### <a name="input_customer_managed_key"></a> [customer\_managed\_key](#input\_customer\_managed\_key)
 
 Description: Specifies the customer managed key configurations.
@@ -411,6 +435,14 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_private_dns_zone_id_ai_services"></a> [private\_dns\_zone\_id\_ai\_services](#input\_private\_dns\_zone\_id\_ai\_services)
+
+Description: Specifies the resource ID of the private DNS zone for Azure Foundry (AI Services). Not required if DNS A-records get created via Azure Policy.
+
+Type: `string`
+
+Default: `""`
+
 ### <a name="input_private_dns_zone_id_blob"></a> [private\_dns\_zone\_id\_blob](#input\_private\_dns\_zone\_id\_blob)
 
 Description: Specifies the resource ID of the private DNS zone for Azure Storage blob endpoints. Not required if DNS A-records get created via Azue Policy.
@@ -427,6 +459,14 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_private_dns_zone_id_cosmos_sql"></a> [private\_dns\_zone\_id\_cosmos\_sql](#input\_private\_dns\_zone\_id\_cosmos\_sql)
+
+Description: Specifies the resource ID of the private DNS zone for cosmos db sql. Not required if DNS A-records get created via Azure Policy.
+
+Type: `string`
+
+Default: `""`
+
 ### <a name="input_private_dns_zone_id_data_factory"></a> [private\_dns\_zone\_id\_data\_factory](#input\_private\_dns\_zone\_id\_data\_factory)
 
 Description: Specifies the resource ID of the private DNS zone for Azure Data Factory. Not required if DNS A-records get created via Azure Policy.

databricks.tf

@@ -23,6 +23,7 @@ module "databricks_core" {
   databricks_ip_access_list_deny                   = []
   databricks_network_connectivity_config_name      = var.databricks_network_connectivity_config_name
   databricks_compliance_security_profile_standards = var.databricks_compliance_security_profile_standards
+  # databricks_network_policy_details                = var.databricks_network_policy_details
 
   # Identity variables
   service_principal_name_terraform_plan = var.service_principal_name_terraform_plan

main.tf

@@ -19,6 +19,7 @@ module "platform" {
   subnet_cidr_range_storage             = var.subnet_cidr_ranges.storage_subnet
   subnet_cidr_range_consumption         = var.subnet_cidr_ranges.consumption_subnet
   subnet_cidr_range_fabric              = var.subnet_cidr_ranges.fabric_subnet
+  subnet_cidr_range_aifoundry           = var.subnet_cidr_ranges.aifoundry_subnet
   subnet_cidr_range_engineering_private = var.subnet_cidr_ranges.databricks_engineering_private_subnet
   subnet_cidr_range_engineering_public  = var.subnet_cidr_ranges.databricks_engineering_public_subnet
   subnet_cidr_range_consumption_private = var.subnet_cidr_ranges.databricks_consumption_private_subnet
@@ -30,6 +31,7 @@ module "platform" {
     }
   }
   databricks_workspace_consumption_enabled = var.databricks_workspace_consumption_enabled
+  aifoundry_enabled                        = var.ai_foundry_account_details.enabled
 }
 
 module "core" {
@@ -53,6 +55,7 @@ module "core" {
   databricks_compliance_security_profile_standards = var.databricks_compliance_security_profile_standards
   databricks_workspace_consumption_enabled         = var.databricks_workspace_consumption_enabled
   fabric_capacity_details                          = var.fabric_capacity_details
+  ai_foundry_account_details                       = var.ai_foundry_account_details
 
   # HA/DR variables
   zone_redundancy_enabled        = var.zone_redundancy_enabled
@@ -68,17 +71,23 @@ module "core" {
   vnet_id                       = var.vnet_id
   subnet_id_storage             = module.platform.subnet_id_storage
   subnet_id_consumption         = module.platform.subnet_id_consumption
+  subnet_id_aifoundry           = module.platform.subnet_id_aifoundry
   subnet_id_engineering_private = module.platform.subnet_id_engineering_private
   subnet_id_engineering_public  = module.platform.subnet_id_engineering_public
   subnet_id_consumption_private = module.platform.subnet_id_consumption_private
   subnet_id_consumption_public  = module.platform.subnet_id_consumption_public
   connectivity_delay_in_seconds = local.connectivity_delay_in_seconds
 
   # DNS variables
-  private_dns_zone_id_blob       = var.private_dns_zone_id_blob
-  private_dns_zone_id_dfs        = var.private_dns_zone_id_dfs
-  private_dns_zone_id_queue      = var.private_dns_zone_id_queue
-  private_dns_zone_id_databricks = var.private_dns_zone_id_databricks
+  private_dns_zone_id_blob              = var.private_dns_zone_id_blob
+  private_dns_zone_id_dfs               = var.private_dns_zone_id_dfs
+  private_dns_zone_id_queue             = var.private_dns_zone_id_queue
+  private_dns_zone_id_databricks        = var.private_dns_zone_id_databricks
+  private_dns_zone_id_ai_services       = var.private_dns_zone_id_ai_services
+  private_dns_zone_id_cognitive_account = var.private_dns_zone_id_cognitive_account
+  private_dns_zone_id_open_ai           = var.private_dns_zone_id_open_ai
+  private_dns_zone_id_search_service    = var.private_dns_zone_id_search_service
+  private_dns_zone_id_cosmos_sql        = var.private_dns_zone_id_cosmos_sql
 
   # Customer-managed key variables
   customer_managed_key = var.customer_managed_key
@@ -135,12 +144,17 @@ module "data_application" {
       root_folder     = try(each.value.repository.github.fabric_root_folder, "")
     }
   }
+  ai_foundry_account_details = module.core.ai_foundry_account_details
+  ai_foundry_project_details = {
+    enabled = try(each.value.ai_foundry_project.enabled, false)
+  }
   storage_dependencies = module.core.storage_dependencies
 
   # HA/DR variables
   zone_redundancy_enabled = var.zone_redundancy_enabled
 
   # Logging and monitoring variables
+  log_analytics_workspace_id = var.log_analytics_workspace_id
   diagnostics_configurations = local.diagnostics_configurations
   alerting                   = try(each.value.alerting, {})
 

modules/core/aifoundry.tf

@@ -0,0 +1,34 @@
+module "ai_foundry_account" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/aifoundry?ref=marvinbuss/ai_foundry"
+  providers = {
+    azurerm = azurerm
+    time    = time
+  }
+
+  count = var.ai_foundry_account_details.enabled ? 1 : 0
+
+  location                                          = var.location
+  resource_group_name                               = one(azurerm_resource_group.resource_group_ai[*].name)
+  tags                                              = var.tags
+  ai_services_name                                  = "${local.prefix}-aif001"
+  ai_services_sku                                   = "S0"
+  ai_services_firewall_bypass_azure_services        = true
+  ai_services_outbound_network_access_restricted    = true
+  ai_services_outbound_network_access_allowed_fqdns = []
+  ai_services_local_auth_enabled                    = false
+  ai_services_projects                              = {}
+  ai_services_cosmosdb_accounts                     = {}
+  ai_services_storage_accounts                      = {}
+  ai_services_aisearch_accounts                     = {}
+  ai_services_openai_accounts                       = {}
+  ai_services_connections_account                   = {}
+  ai_services_deployments                           = {}
+  diagnostics_configurations                        = var.diagnostics_configurations
+  subnet_id                                         = var.subnet_id_consumption
+  subnet_id_capability_hosts                        = var.subnet_id_aifoundry
+  connectivity_delay_in_seconds                     = var.connectivity_delay_in_seconds
+  private_dns_zone_id_ai_services                   = var.private_dns_zone_id_ai_services
+  private_dns_zone_id_cognitive_account             = var.private_dns_zone_id_cognitive_account
+  private_dns_zone_id_open_ai                       = var.private_dns_zone_id_open_ai
+  customer_managed_key                              = var.customer_managed_key
+}

modules/core/aisearch.tf

@@ -0,0 +1,27 @@
+module "ai_search" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/aisearch?ref=main"
+  providers = {
+    azurerm = azurerm
+    time    = time
+  }
+
+  count = var.ai_foundry_account_details.enabled ? 1 : 0
+
+  location                                    = var.location
+  resource_group_name                         = one(azurerm_resource_group.resource_group_ai[*].name)
+  tags                                        = var.tags
+  search_service_name                         = "${local.prefix}-srch001"
+  search_service_sku                          = var.ai_foundry_account_details.search_service.sku
+  search_service_semantic_search_sku          = var.ai_foundry_account_details.search_service.semantic_search_sku
+  search_service_local_authentication_enabled = false
+  search_service_authentication_failure_mode  = null
+  search_service_hosting_mode                 = "default"
+  search_service_partition_count              = var.ai_foundry_account_details.search_service.partition_count
+  search_service_replica_count                = var.ai_foundry_account_details.search_service.replica_count
+  search_service_shared_private_links         = local.search_service_shared_private_links
+  diagnostics_configurations                  = var.diagnostics_configurations
+  subnet_id                                   = var.subnet_id_consumption
+  connectivity_delay_in_seconds               = var.connectivity_delay_in_seconds
+  private_dns_zone_id_search_service          = var.private_dns_zone_id_search_service
+  customer_managed_key                        = var.customer_managed_key
+}

modules/core/cosmosdb.tf

@@ -0,0 +1,56 @@
+module "cosmos_db" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/cosmosdb?ref=main"
+  providers = {
+    azurerm = azurerm
+    time    = time
+  }
+
+  count = var.ai_foundry_account_details.enabled ? 1 : 0
+
+  location                                            = var.location
+  resource_group_name                                 = one(azurerm_resource_group.resource_group_ai[*].name)
+  tags                                                = var.tags
+  cosmosdb_account_name                               = "${local.prefix}-csms001"
+  cosmosdb_account_access_key_metadata_writes_enabled = false
+  cosmosdb_account_analytical_storage_enabled         = false
+  cosmosdb_account_automatic_failover_enabled         = false
+  cosmosdb_account_backup = {
+    type                = "Continuous"
+    tier                = "Continuous7Days"
+    storage_redundancy  = null
+    retention_in_hours  = null
+    interval_in_minutes = null
+  }
+  cosmosdb_account_capabilities                    = []
+  cosmosdb_account_capacity_total_throughput_limit = -1
+  cosmosdb_account_consistency_policy = {
+    consistency_level       = var.ai_foundry_account_details.cosmos_db.consistency_level
+    max_interval_in_seconds = null
+    max_staleness_prefix    = null
+  }
+  cosmosdb_account_cors_rules            = {}
+  cosmosdb_account_default_identity_type = null
+  cosmosdb_account_geo_location = [
+    {
+      location          = var.location
+      failover_priority = 0
+      zone_redundant    = false
+    }
+  ]
+  cosmosdb_account_kind                          = "GlobalDocumentDB"
+  cosmosdb_account_mongo_server_version          = null
+  cosmosdb_account_local_authentication_disabled = true
+  cosmosdb_account_partition_merge_enabled       = false
+  diagnostics_configurations                     = var.diagnostics_configurations
+  subnet_id                                      = var.subnet_id_consumption
+  connectivity_delay_in_seconds                  = var.connectivity_delay_in_seconds
+  private_endpoint_subresource_names             = ["Sql"]
+  private_dns_zone_id_cosmos_sql                 = var.private_dns_zone_id_cosmos_sql
+  private_dns_zone_id_cosmos_mongodb             = ""
+  private_dns_zone_id_cosmos_cassandra           = ""
+  private_dns_zone_id_cosmos_gremlin             = ""
+  private_dns_zone_id_cosmos_table               = ""
+  private_dns_zone_id_cosmos_analytical          = ""
+  private_dns_zone_id_cosmos_coordinator         = ""
+  customer_managed_key                           = var.customer_managed_key
+}

modules/core/locals.tf

@@ -103,4 +103,7 @@ locals {
       group_id    = "dfs"
     }
   }
+
+  # Search service locals
+  search_service_shared_private_links = {}
 }

modules/core/main.tf

@@ -18,6 +18,14 @@ resource "azurerm_resource_group" "resource_group_consumption" {
   tags     = var.tags
 }
 
+resource "azurerm_resource_group" "resource_group_ai" {
+  count = var.ai_foundry_account_details.enabled ? 1 : 0
+
+  name     = "${local.prefix}-ai-rg"
+  location = var.location
+  tags     = var.tags
+}
+
 resource "azurerm_resource_group" "resource_group_fabric" {
   name     = "${local.prefix}-fbrc-rg"
   location = var.location

modules/core/outputs.tf

@@ -52,3 +52,30 @@ output "fabric_capacity_name" {
   description = "Specifies the name of the Fabric capacity."
   value       = try(reverse(split("/", one(module.fabric_capacity[*].fabric_capacity_id), "/"))[0], "")
 }
+
+# AI Foundry details
+output "ai_foundry_account_details" {
+  description = "Specifies the ai foundry details of the account."
+  value = {
+    enabled = var.ai_foundry_account_details.enabled
+    ai_foundry_account = {
+      id = one(module.ai_foundry_account[*].ai_services_id)
+    }
+    search_service = {
+      id     = one(module.ai_search[*].search_service_id)
+      target = "https://${one(module.ai_search[*].search_service_name)}.search.windows.net"
+    }
+    cosmos_db = {
+      id     = one(module.cosmos_db[*].cosmosdb_account_id)
+      target = one(module.cosmos_db[*].cosmosdb_account_endpoint)
+    }
+    storage_account = {
+      id     = one(module.storage_account_aifoundry[*].storage_account_id)
+      target = one(module.storage_account_aifoundry[*].storage_account_primary_blob_endpoint)
+    }
+  }
+  sensitive = false
+  depends_on = [
+    # one(module.ai_foundry_account[*].ai_services_setup_completed),
+  ]
+}

modules/core/storage.tf

@@ -217,3 +217,49 @@ module "storage_account_workspace" {
   private_dns_zone_id_dfs                         = var.private_dns_zone_id_dfs
   customer_managed_key                            = var.customer_managed_key
 }
+
+module "storage_account_aifoundry" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/storage?ref=main"
+  providers = {
+    azurerm = azurerm
+    time    = time
+  }
+
+  count = var.ai_foundry_account_details.enabled ? 1 : 0
+
+  location            = var.location
+  resource_group_name = one(azurerm_resource_group.resource_group_ai[*].name)
+  tags                = var.tags
+
+  storage_account_name                            = replace("${local.prefix}-stg-aif", "-", "")
+  storage_access_tier                             = "Hot"
+  storage_account_type                            = "StorageV2"
+  storage_account_tier                            = "Standard"
+  storage_account_replication_type                = var.zone_redundancy_enabled ? "ZRS" : "LRS"
+  storage_blob_change_feed_enabled                = false
+  storage_blob_container_delete_retention_in_days = 30
+  storage_blob_delete_retention_in_days           = 30
+  storage_blob_cors_rules                         = {}
+  storage_blob_last_access_time_enabled           = false
+  storage_blob_versioning_enabled                 = false
+  storage_is_hns_enabled                          = false
+  storage_network_bypass                          = ["AzureServices"]
+  storage_network_private_link_access             = local.storage_network_private_link_access
+  storage_public_network_access_enabled           = true
+  storage_nfsv3_enabled                           = false
+  storage_sftp_enabled                            = false
+  storage_shared_access_key_enabled               = false
+  storage_container_names                         = []
+  storage_static_website                          = []
+  diagnostics_configurations                      = var.diagnostics_configurations
+  subnet_id                                       = var.subnet_id_storage
+  connectivity_delay_in_seconds                   = var.connectivity_delay_in_seconds
+  private_endpoint_subresource_names              = ["blob", ]
+  private_dns_zone_id_blob                        = var.private_dns_zone_id_blob
+  private_dns_zone_id_file                        = ""
+  private_dns_zone_id_table                       = ""
+  private_dns_zone_id_queue                       = ""
+  private_dns_zone_id_web                         = ""
+  private_dns_zone_id_dfs                         = ""
+  customer_managed_key                            = var.customer_managed_key
+}