Merge pull request #980 from solliancenet/mg-t17605

Assigning roles to Gateway API
solliancenet · May 17, 2024 · aa6cf41 · aa6cf41
2 parents 07de708 + 60da1f6
commit aa6cf41
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/deploy/quick-start/infra/main.bicep b/deploy/quick-start/infra/main.bicep
@@ -594,6 +594,18 @@ module cosmosRoles './shared/sqlRoleAssignments.bicep' = [
   }
 ]
 
+module openAiRoles './shared/roleAssignments.bicep' = {
+  scope: rg
+  name: 'gateway-api-openai-roles'
+  params: {
+    principalId: acaServices[indexOf(serviceNames, 'gateway-api')].outputs.miPrincipalId
+    roleDefinitionNames: [
+      'Cognitive Services OpenAI User'
+      'Reader'
+    ]
+  }
+}
+
 output AZURE_APP_CONFIG_NAME string = appConfig.outputs.name
 output AZURE_AUTHORIZATION_STORAGE_ACCOUNT_NAME string = authStore.outputs.name
 output AZURE_COGNITIVE_SEARCH_ENDPOINT string = cogSearch.outputs.endpoint

diff --git a/deploy/quick-start/infra/main.parameters.json b/deploy/quick-start/infra/main.parameters.json
@@ -78,6 +78,7 @@
           "data-source-hub-api": "${SERVICE_DATASOURCEHUBAPI_RESOURCE_EXISTS=false}",
           "gatekeeper-api": "${SERVICE_GATEKEEPERAPI_RESOURCE_EXISTS=false}",
           "gatekeeper-integration-api": "${SERVICE_GATEKEEPERINTEGRATIONAPI_RESOURCE_EXISTS=false}",
+          "gateway-api": "${SERVICE_GATEWAYAPI_RESOURCE_EXISTS=false}",
           "langchain-api": "${SERVICE_LANGCHAINAPI_RESOURCE_EXISTS=false}",
           "management-api": "${SERVICE_MANAGEMENTAPI_RESOURCE_EXISTS=false}",
           "management-ui": "${SERVICE_MANAGEMENTUI_RESOURCE_EXISTS=false}",

diff --git a/deploy/quick-start/infra/shared/roleAssignments.bicep b/deploy/quick-start/infra/shared/roleAssignments.bicep
@@ -8,13 +8,15 @@ param roleDefinitionNames array = []
 var roleDefinitionsToCreate = union(selectedRoleDefinitions, items(roleDefinitionIds))
 var selectedRoleDefinitions = filter(items(roleDefinitions), (item) => contains(roleDefinitionNames, item.key))
 var roleDefinitions = {
-  'App Configuration Data Reader': '516239f1-63e1-4d78-a4de-a74fb236a071'
-  'EventGrid Contributor': '1e241071-0855-49ea-94dc-649edcd759de'
-  'Key Vault Secrets User': '4633458b-17de-408a-b874-0445c86b69e6'
-  'Key Vault Secrets Officer': 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7'
-  'Storage Blob Data Contributor': 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
+  'App Configuration Data Reader':  '516239f1-63e1-4d78-a4de-a74fb236a071'
+  'Cognitive Services OpenAI User': '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd'
+  'Contributor':                    'b24988ac-6180-42a0-ab88-20f7382dd24c'
+  'EventGrid Contributor':          '1e241071-0855-49ea-94dc-649edcd759de'
+  'Key Vault Secrets User':         '4633458b-17de-408a-b874-0445c86b69e6'
+  'Key Vault Secrets Officer':      'b86a8fe4-44ce-4948-aee5-eccb2c155cd7'
+  'Reader':                         'acdd72a7-3385-48ef-bd42-f606fba81ae7'
+  'Storage Blob Data Contributor':  'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
   'Storage Queue Data Contributor': '974c5e8b-45b9-4653-ba55-5f855dd0fb88'
-  Contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
 }
 
 var roleAssignmentsToCreate = [