Merge pull request #57 from Roopan-Microsoft/PSL-US-10673

revert: Reverted the bicep changes, scope from resource group to subscription

.github/workflows/ci.yml

@@ -39,7 +39,6 @@ jobs:
         env:
           AZURE_ENV_NAME: ${{ github.run_id }}
           AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
-          AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
         with:
           imageName: ghcr.io/roopan-microsoft/psl-cwyd-main
           cacheFrom: ghcr.io/roopan-microsoft/psl-cwyd-main
@@ -52,15 +51,13 @@ jobs:
             AZURE_SUBSCRIPTION_ID
             AZURE_ENV_NAME
             AZURE_LOCATION
-            AZURE_RESOURCE_GROUP
 
       - name: Tidy up
         uses: devcontainers/[email protected]
         if: always()
         env:
           AZURE_ENV_NAME: ${{ github.run_id }}
           AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
-          AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
         with:
           push: never
           imageName: ghcr.io/roopan-microsoft/psl-cwyd-main
@@ -72,7 +69,6 @@ jobs:
             AZURE_SUBSCRIPTION_ID
             AZURE_ENV_NAME
             AZURE_LOCATION
-            AZURE_RESOURCE_GROUP
 
       - name: Send Notification on Failure
         if: failure()

Makefile

@@ -57,14 +57,10 @@ azd-login: ## 🔑 Login to Azure with azd and a SPN
 	@echo -e "\e[34m$@\e[0m" || true
 	@azd auth login --client-id ${AZURE_CLIENT_ID} --client-secret ${AZURE_CLIENT_SECRET} --tenant-id ${AZURE_TENANT_ID}
 
-az-login: ## 🔑 Login to Azure with az and a SPN
-	az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
-
-deploy: azd-login az-login ## 🚀 Deploy everything to Azure
+deploy: azd-login ## 🚀 Deploy everything to Azure
 	@echo -e "\e[34m$@\e[0m" || true
 	@azd env new ${AZURE_ENV_NAME}
 	@azd env set AZURE_APP_SERVICE_HOSTING_MODEL code --no-prompt
-	@az group create --name ${AZURE_RESOURCE_GROUP} --location ${AZURE_LOCATION}
 	@azd provision --no-prompt
 	@azd deploy web --no-prompt
 	@azd deploy function --no-prompt

infra/main.bicep

@@ -1,4 +1,14 @@
-param resourceToken string = toLower(uniqueString(subscription().id, resourceGroup().name, resourceGroup().location))
+targetScope = 'subscription'
+
+@minLength(1)
+@maxLength(20)
+@description('Name of the the environment which is used to generate a short unique hash used in all resources.')
+param environmentName string
+
+param resourceToken string = toLower(uniqueString(subscription().id, environmentName, location))
+
+@description('Location for all resources.')
+param location string
 
 @description('Name of App Service plan')
 param hostingPlanName string = 'hosting-plan-${resourceToken}'
@@ -305,9 +315,8 @@ var blobContainerName = 'documents'
 var queueName = 'doc-processing'
 var clientKey = '${uniqueString(guid(subscription().id, deployment().name))}${newGuidString}'
 var eventGridSystemTopicName = 'doc-processing'
-var resourceGroupName = resourceGroup().name
-var tags = { 'azd-env-name': resourceGroupName }
-var location = resourceGroup().location
+var tags = { 'azd-env-name': environmentName }
+var rgName = 'rg-${environmentName}'
 var keyVaultName = 'kv-${resourceToken}'
 var azureOpenAIModelInfo = string({
   model: azureOpenAIModel
@@ -320,19 +329,26 @@ var azureOpenAIEmbeddingModelInfo = string({
   modelVersion: azureOpenAIEmbeddingModelVersion
 })
 
+// Organize resources in a resource group
+resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: rgName
+  location: location
+  tags: tags
+}
+
 module cosmosDBModule './core/database/cosmosdb.bicep' = {
   name: 'deploy_cosmos_db'
   params: {
     name: azureCosmosDBAccountName
     location: location
   }
-  scope: resourceGroup()
+  scope: rg
 }
 
 // Store secrets in a keyvault
 module keyvault './core/security/keyvault.bicep' = if (useKeyVault || authType == 'rbac') {
   name: 'keyvault'
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: keyVaultName
     location: location
@@ -390,7 +406,7 @@ var openAiDeployments = concat(
 
 module openai 'core/ai/cognitiveservices.bicep' = {
   name: azureOpenAIResourceName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: azureOpenAIResourceName
     location: location
@@ -405,7 +421,7 @@ module openai 'core/ai/cognitiveservices.bicep' = {
 
 module computerVision 'core/ai/cognitiveservices.bicep' = if (useAdvancedImageProcessing) {
   name: 'computerVision'
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: computerVisionName
     kind: 'ComputerVision'
@@ -419,7 +435,7 @@ module computerVision 'core/ai/cognitiveservices.bicep' = if (useAdvancedImagePr
 
 // Search Index Data Reader
 module searchIndexRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac') {
-  scope: resourceGroup()
+  scope: rg
   name: 'search-index-role-openai'
   params: {
     principalId: openai.outputs.identityPrincipalId
@@ -430,7 +446,7 @@ module searchIndexRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac'
 
 // Search Service Contributor
 module searchServiceRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac') {
-  scope: resourceGroup()
+  scope: rg
   name: 'search-service-role-openai'
   params: {
     principalId: openai.outputs.identityPrincipalId
@@ -441,7 +457,7 @@ module searchServiceRoleOpenai 'core/security/role.bicep' = if (authType == 'rba
 
 // Storage Blob Data Reader
 module blobDataReaderRoleSearch 'core/security/role.bicep' = if (authType == 'rbac') {
-  scope: resourceGroup()
+  scope: rg
   name: 'blob-data-reader-role-search'
   params: {
     principalId: search.outputs.identityPrincipalId
@@ -452,7 +468,7 @@ module blobDataReaderRoleSearch 'core/security/role.bicep' = if (authType == 'rb
 
 // Cognitive Services OpenAI User
 module openAiRoleSearchService 'core/security/role.bicep' = if (authType == 'rbac') {
-  scope: resourceGroup()
+  scope: rg
   name: 'openai-role-searchservice'
   params: {
     principalId: search.outputs.identityPrincipalId
@@ -462,7 +478,7 @@ module openAiRoleSearchService 'core/security/role.bicep' = if (authType == 'rba
 }
 
 module speechService 'core/ai/cognitiveservices.bicep' = {
-  scope: resourceGroup()
+  scope: rg
   name: speechServiceName
   params: {
     name: speechServiceName
@@ -476,7 +492,7 @@ module speechService 'core/ai/cognitiveservices.bicep' = {
 
 module storekeys './app/storekeys.bicep' = if (useKeyVault) {
   name: 'storekeys'
-  scope: resourceGroup()
+  scope: rg
   params: {
     keyVaultName: keyVaultName
     azureOpenAIName: openai.outputs.name
@@ -487,13 +503,13 @@ module storekeys './app/storekeys.bicep' = if (useKeyVault) {
     speechServiceName: speechServiceName
     computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : ''
     cosmosAccountName: cosmosDBModule.outputs.cosmosOutput.cosmosAccountName
-    rgName: resourceGroupName
+    rgName: rgName
   }
 }
 
 module search './core/search/search-services.bicep' = {
   name: azureAISearchName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: azureAISearchName
     location: location
@@ -514,7 +530,7 @@ module search './core/search/search-services.bicep' = {
 
 module hostingplan './core/host/appserviceplan.bicep' = {
   name: hostingPlanName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: hostingPlanName
     location: location
@@ -535,7 +551,7 @@ var azureCosmosDBInfo = string({
 
 module web './app/web.bicep' = if (hostingModel == 'code') {
   name: websiteName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: websiteName
     location: location
@@ -618,7 +634,7 @@ module web './app/web.bicep' = if (hostingModel == 'code') {
 
 module web_docker './app/web.bicep' = if (hostingModel == 'container') {
   name: '${websiteName}-docker'
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: '${websiteName}-docker'
     location: location
@@ -700,7 +716,7 @@ module web_docker './app/web.bicep' = if (hostingModel == 'container') {
 
 module adminweb './app/adminweb.bicep' = if (hostingModel == 'code') {
   name: adminWebsiteName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: adminWebsiteName
     location: location
@@ -778,7 +794,7 @@ module adminweb './app/adminweb.bicep' = if (hostingModel == 'code') {
 
 module adminweb_docker './app/adminweb.bicep' = if (hostingModel == 'container') {
   name: '${adminWebsiteName}-docker'
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: '${adminWebsiteName}-docker'
     location: location
@@ -855,7 +871,7 @@ module adminweb_docker './app/adminweb.bicep' = if (hostingModel == 'container')
 
 module monitoring './core/monitor/monitoring.bicep' = {
   name: 'monitoring'
-  scope: resourceGroup()
+  scope: rg
   params: {
     applicationInsightsName: applicationInsightsName
     location: location
@@ -869,7 +885,7 @@ module monitoring './core/monitor/monitoring.bicep' = {
 
 module workbook './app/workbook.bicep' = {
   name: 'workbook'
-  scope: resourceGroup()
+  scope: rg
   params: {
     workbookDisplayName: workbookDisplayName
     location: location
@@ -889,7 +905,7 @@ module workbook './app/workbook.bicep' = {
 
 module function './app/function.bicep' = if (hostingModel == 'code') {
   name: functionName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: functionName
     location: location
@@ -953,7 +969,7 @@ module function './app/function.bicep' = if (hostingModel == 'code') {
 
 module function_docker './app/function.bicep' = if (hostingModel == 'container') {
   name: '${functionName}-docker'
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: '${functionName}-docker'
     location: location
@@ -1016,7 +1032,7 @@ module function_docker './app/function.bicep' = if (hostingModel == 'container')
 
 module formrecognizer 'core/ai/cognitiveservices.bicep' = {
   name: formRecognizerName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: formRecognizerName
     location: location
@@ -1027,7 +1043,7 @@ module formrecognizer 'core/ai/cognitiveservices.bicep' = {
 
 module contentsafety 'core/ai/cognitiveservices.bicep' = {
   name: contentSafetyName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: contentSafetyName
     location: location
@@ -1038,7 +1054,7 @@ module contentsafety 'core/ai/cognitiveservices.bicep' = {
 
 module eventgrid 'app/eventgrid.bicep' = {
   name: eventGridSystemTopicName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: eventGridSystemTopicName
     location: location
@@ -1050,7 +1066,7 @@ module eventgrid 'app/eventgrid.bicep' = {
 
 module storage 'core/storage/storage-account.bicep' = {
   name: storageAccountName
-  scope: resourceGroup()
+  scope: rg
   params: {
     name: storageAccountName
     location: location
@@ -1088,7 +1104,7 @@ module storage 'core/storage/storage-account.bicep' = {
 // USER ROLES
 // Storage Blob Data Contributor
 module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') {
-  scope: resourceGroup()
+  scope: rg
   name: 'storage-role-user'
   params: {
     principalId: principalId
@@ -1099,7 +1115,7 @@ module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && pr
 
 // Cognitive Services User
 module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') {
-  scope: resourceGroup()
+  scope: rg
   name: 'openai-role-user'
   params: {
     principalId: principalId
@@ -1110,7 +1126,7 @@ module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && pri
 
 // Contributor
 module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') {
-  scope: resourceGroup()
+  scope: rg
   name: 'openai-role-user-contributor'
   params: {
     principalId: principalId
@@ -1121,7 +1137,7 @@ module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'r
 
 // Search Index Data Contributor
 module searchRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') {
-  scope: resourceGroup()
+  scope: rg
   name: 'search-role-user'
   params: {
     principalId: principalId
@@ -1131,7 +1147,7 @@ module searchRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && pri
 }
 
 module machineLearning 'app/machinelearning.bicep' = if (orchestrationStrategy == 'prompt_flow') {
-  scope: resourceGroup()
+  scope: rg
   name: azureMachineLearningName
   params: {
     location: location
@@ -1174,7 +1190,7 @@ output AZURE_OPENAI_API_VERSION string = azureOpenAIApiVersion
 output AZURE_OPENAI_RESOURCE string = azureOpenAIResourceName
 output AZURE_OPENAI_EMBEDDING_MODEL_INFO string = azureOpenAIEmbeddingModelInfo
 output AZURE_OPENAI_API_KEY string = useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : ''
-output AZURE_RESOURCE_GROUP string = resourceGroupName
+output AZURE_RESOURCE_GROUP string = rgName
 output AZURE_SEARCH_KEY string = useKeyVault ? storekeys.outputs.SEARCH_KEY_NAME : ''
 output AZURE_SEARCH_SERVICE string = search.outputs.endpoint
 output AZURE_SEARCH_USE_SEMANTIC_SEARCH bool = azureSearchUseSemanticSearch

infra/main.bicepparam

@@ -1,6 +1,7 @@
 using './main.bicep'
 
-var location = readEnvironmentVariable('AZURE_LOCATION', 'location')
+param environmentName = readEnvironmentVariable('AZURE_ENV_NAME', 'env_name')
+param location = readEnvironmentVariable('AZURE_LOCATION', 'location')
 param principalId = readEnvironmentVariable('AZURE_PRINCIPAL_ID', 'principal_id')
 
 
@@ -67,8 +68,7 @@ param computerVisionVectorizeImageModelVersion = readEnvironmentVariable('AZURE_
 
 // We need the resourceToken to be unique for each deployment (copied from the main.bicep)
 var subscriptionId = readEnvironmentVariable('AZURE_SUBSCRIPTION_ID', 'subscription_id')
-var resourceGroupName = readEnvironmentVariable('AZURE_RESOURCE_GROUP', 'azure_resource_group')
-param resourceToken = toLower(uniqueString(subscriptionId, resourceGroupName, location))
+param resourceToken = toLower(uniqueString(subscriptionId, environmentName, location))
 
 
 // Retrieve the Search Name from the Search Endpoint which will be in the format