fix changes after merge with main

infra/core/aoai/aoai.bicep

@@ -22,9 +22,6 @@ param llmTpmQuota int = 10
 @description('TPM quota for embedding model deployment (x1000)')
 param embeddingTpmQuota int = 10
 
-@description('Array of objects with fields principalId, roleDefinitionId')
-param roleAssignments array = []
-
 resource aoai 'Microsoft.CognitiveServices/accounts@2024-10-01' = {
   name: openAiName
   location: location
@@ -74,14 +71,6 @@ resource embeddingDeployment 'Microsoft.CognitiveServices/accounts/deployments@2
   }
 }
 
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
-  for role in roleAssignments: {
-    name: guid('${role.principalId}-${role.roleDefinitionId}')
-    scope: resourceGroup()
-    properties: role
-  }
-]
-
 output openAiEndpoint string = aoai.properties.endpoint
 output llmModel string = llmDeployment.properties.model.name
 output llmModelDeploymentName string = llmDeployment.name

infra/deploy.sh

@@ -146,6 +146,9 @@ checkRequiredTools () {
     which kubectl > /dev/null
     exitIfCommandFailed $? "kubectl is required, exiting..."
 
+    which kubelogin > /dev/null
+    exitIfCommandFailed $? "kubelogin is required, exiting..."
+
     which helm > /dev/null
     exitIfCommandFailed $? "helm is required, exiting..."
 
@@ -317,15 +320,12 @@ deployAzureResources () {
         --no-prompt \
         --resource-group $RESOURCE_GROUP \
         --template-file ./main.bicep \
+        --parameters "resourceGroup=$RESOURCE_GROUP" \
         --parameters "resourceBaseName=$RESOURCE_BASE_NAME" \
-        --parameters "resourceGroup=$RESOURCE_GROUP" \
-        --parameters "resourceGroup=$RESOURCE_GROUP" \
         --parameters "apimName=$APIM_NAME" \
         --parameters "apimTier=$APIM_TIER" \
-        --parameters "apiPublisherName=$PUBLISHER_NAME" \
         --parameters "apiPublisherEmail=$PUBLISHER_EMAIL" \
         --parameters "apiPublisherName=$PUBLISHER_NAME" \
-        --parameters "apiPublisherEmail=$PUBLISHER_EMAIL" \
         --parameters "enablePrivateEndpoints=$ENABLE_PRIVATE_ENDPOINTS" \
         --output json)
     # errors in deployment may not be caught by exitIfCommandFailed function so we also check the output for errors
@@ -414,8 +414,8 @@ installGraphRAGHelmChart () {
 
     local graphragImageName=$(sed -rn "s/([^:]+).*/\1/p" <<< "$GRAPHRAG_IMAGE")
     local graphragImageVersion=$(sed -rn "s/[^:]+:(.*)/\1/p" <<< "$GRAPHRAG_IMAGE")
-    exitIfValueEmpty "$graphragImageName" "Unable to parse graphrag image name, exiting..."
-    exitIfValueEmpty "$graphragImageVersion" "Unable to parse graphrag image version, exiting..."
+    exitIfValueEmpty "$graphragImageName" "Unable to parse graphrag docker image name, exiting..."
+    exitIfValueEmpty "$graphragImageVersion" "Unable to parse graphrag docker image version, exiting..."
 
     local graphragApiBase=$(jq -r .azure_aoai_endpoint.value <<< $AZURE_OUTPUTS)
     exitIfValueEmpty "$graphragApiBase" "Unable to parse AOAI endpoint from deployment outputs, exiting..."
@@ -444,8 +444,8 @@ installGraphRAGHelmChart () {
         --set "master.image.repository=$containerRegistryName/$graphragImageName" \
         --set "master.image.tag=$graphragImageVersion" \
         --set "ingress.host=$graphragHostname" \
-        --set "graphragConfig.APPLICATIONINSIGHTS_CONNECTION_STRING=$appInsightsConnectionString" \
         --set "graphragConfig.AI_SEARCH_URL=https://$aiSearchName.$AISEARCH_ENDPOINT_SUFFIX" \
+        --set "graphragConfig.APPLICATIONINSIGHTS_CONNECTION_STRING=$appInsightsConnectionString" \
         --set "graphragConfig.COSMOS_URI_ENDPOINT=$cosmosEndpoint" \
         --set "graphragConfig.GRAPHRAG_API_BASE=$graphragApiBase" \
         --set "graphragConfig.GRAPHRAG_API_VERSION=$graphragApiVersion" \
@@ -453,13 +453,7 @@ installGraphRAGHelmChart () {
         --set "graphragConfig.GRAPHRAG_LLM_DEPLOYMENT_NAME=$graphragLlmModelDeployment" \
         --set "graphragConfig.GRAPHRAG_EMBEDDING_MODEL=$graphragEmbeddingModel" \
         --set "graphragConfig.GRAPHRAG_EMBEDDING_DEPLOYMENT_NAME=$graphragEmbeddingModelDeployment" \
-        --set "graphragConfig.GRAPHRAG_API_BASE=$GRAPHRAG_API_BASE" \
-        --set "graphragConfig.GRAPHRAG_API_VERSION=$GRAPHRAG_API_VERSION" \
         --set "graphragConfig.COGNITIVE_SERVICES_AUDIENCE=$COGNITIVE_SERVICES_AUDIENCE" \
-        --set "graphragConfig.GRAPHRAG_LLM_MODEL=$GRAPHRAG_LLM_MODEL" \
-        --set "graphragConfig.GRAPHRAG_LLM_DEPLOYMENT_NAME=$GRAPHRAG_LLM_DEPLOYMENT_NAME" \
-        --set "graphragConfig.GRAPHRAG_EMBEDDING_MODEL=$GRAPHRAG_EMBEDDING_MODEL" \
-        --set "graphragConfig.GRAPHRAG_EMBEDDING_DEPLOYMENT_NAME=$GRAPHRAG_EMBEDDING_DEPLOYMENT_NAME" \
         --set "graphragConfig.STORAGE_ACCOUNT_BLOB_URL=$storageAccountBlobUrl"
 
     local helmResult=$?

infra/main.bicep

@@ -22,13 +22,6 @@ Managed Identity
 @description('Name of the resource group that GraphRAG will be deployed in.')
 param resourceGroup string
 
-@description('Unique name to append to each resource')
-param resourceBaseName string = ''
-var resourceBaseNameFinal = !empty(resourceBaseName)
-  ? resourceBaseName
-  : toLower(uniqueString('${subscription().id}/resourceGroups/${resourceGroup}'))
-param resourceGroup string
-
 @description('Unique name to append to each resource')
 param resourceBaseName string = ''
 var resourceBaseNameFinal = !empty(resourceBaseName)
@@ -36,19 +29,16 @@ var resourceBaseNameFinal = !empty(resourceBaseName)
   : toLower(uniqueString('${subscription().id}/resourceGroups/${resourceGroup}'))
 
 @description('Cloud region for all resources')
-param location string = az.az.resourceGroup().location
+param location string = az.resourceGroup().location
 
 @minLength(1)
 @description('Name of the publisher of the API Management instance.')
 param apiPublisherName string = 'Microsoft'
-param apiPublisherName string = 'Microsoft'
 
 @minLength(1)
 @description('Email address of the publisher of the API Management instance.')
 param apiPublisherEmail string = 'publisher@microsoft.com'
-param apiPublisherEmail string = 'publisher@microsoft.com'
 
-@description('The AKS namespace to install GraphRAG in.')
 @description('The AKS namespace to install GraphRAG in.')
 param aksNamespace string = 'graphrag'
 
@@ -97,40 +87,18 @@ var appUrl = 'http://${appHostname}'
 
 @description('Role definitions for various roles that will be assigned at deployment time. Learn more: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles')
 var roles = {
-  privateDnsZoneContributor: resourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    'b12aa53e-6015-4669-85d0-8515ebb3ae7f' // Private DNS Zone Contributor Role
-  )
-  networkContributor: resourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    'b24988ac-6180-42a0-ab88-20f7382dd24c' // AI Search Contributor Role
-  )
   acrPull: resourceId(
     'Microsoft.Authorization/roleDefinitions',
-    '8ebe5a00-799e-43f5-93ac-243d3dce84a7' // AI Search Index Data Contributor Role
     '7f951dda-4ed3-4680-a7ca-43fe172d538d' // ACR Pull Role
   )
-  aiSearchIndexDataReader: resourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    '1407120a-92aa-4202-b7e9-c0e197c71c8f' // AI Search Index Data Reader Role
-  )
-  privateDnsZoneContributor: resourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    'b12aa53e-6015-4669-85d0-8515ebb3ae7f' // Private DNS Zone Contributor Role
-  )
   networkContributor: resourceId(
     'Microsoft.Authorization/roleDefinitions',
     '4d97b98b-1d4f-4787-a291-c67834d212e7' // Network Contributor Role
   )
-  cognitiveServicesOpenaiContributor: resourceId(
+  privateDnsZoneContributor: resourceId(
     'Microsoft.Authorization/roleDefinitions',
-    'a001fd3d-188f-4b5d-821b-7da978bf7442' // Cognitive Services OpenAI Contributor
+    'b12aa53e-6015-4669-85d0-8515ebb3ae7f' // Private DNS Zone Contributor Role
   )
-  acrPull: resourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    '7f951dda-4ed3-4680-a7ca-43fe172d538d' // ACR Pull Role
-  )
-}
 }
 
 // apply RBAC role assignments to the AKS workload identity
@@ -168,7 +136,7 @@ module aksRBAC 'core/rbac/aks-rbac.bicep' = {
 }
 
 module log 'core/log-analytics/log.bicep' = {
-  name: 'log-analytics-deployment-deployment'
+  name: 'log-analytics-deployment'
   params: {
     name: '${abbrs.operationalInsightsWorkspaces}${resourceBaseNameFinal}'
     location: location
@@ -206,49 +174,14 @@ module aoai 'core/aoai/aoai.bicep' = {
     embeddingModelName: embeddingModelName
     embeddingModelVersion: embeddingModelVersion
     embeddingTpmQuota: embeddingModelQuota
-    roleAssignments: [
-      {
-        principalId: workloadIdentity.outputs.principalId
-        principalType: 'ServicePrincipal'
-        roleDefinitionId: roles.cognitiveServicesOpenaiContributor
-      }
-    ]
-  }
-}
-
-module aoai 'core/aoai/aoai.bicep' = {
-  name: 'aoai-deployment'
-  params: {
-    openAiName: '${abbrs.cognitiveServicesAccounts}${resourceBaseNameFinal}'
-    location: location
-    llmModelName: llmModelName
-    llmModelVersion: llmModelVersion
-    llmTpmQuota: llmModelQuota
-    embeddingModelName: embeddingModelName
-    embeddingModelVersion: embeddingModelVersion
-    embeddingTpmQuota: embeddingModelQuota
-    roleAssignments: [
-      {
-        principalId: workloadIdentity.outputs.principalId
-        principalType: 'ServicePrincipal'
-        roleDefinitionId: roles.cognitiveServicesOpenaiContributor
-      }
-    ]
   }
 }
 
 module acr 'core/acr/acr.bicep' = {
-  name: 'acr'
+  name: 'acr-deployment'
   params: {
     registryName: !empty(acrName) ? acrName : '${abbrs.containerRegistryRegistries}${resourceBaseNameFinal}'
     location: location
-    roleAssignments: [
-      {
-        principalId: aks.outputs.kubeletPrincipalId
-        principalType: 'ServicePrincipal'
-        roleDefinitionId: roles.acrPull
-      }
-    ]
   }
 }
 
@@ -259,7 +192,7 @@ module aks 'core/aks/aks.bicep' = {
     location: location
     graphragVMSize: 'standard_d8s_v5' // 8 vcpu, 32 GB memory
     graphragIndexingVMSize: 'standard_e8s_v5' // 8 vcpus, 64 GB memory
-    clusterAdmins: !empty(deployerPrincipalId) ? ['${deployerPrincipalId}'] : null
+    clusterAdmins: null
     logAnalyticsWorkspaceId: log.outputs.id
     subnetId: vnet.outputs.aksSubnetId
     privateDnsZoneName: privateDnsZone.outputs.name
@@ -452,24 +385,26 @@ output azure_aoai_embedding_model string = aoai.outputs.textEmbeddingModel
 output azure_aoai_embedding_model_deployment_name string = aoai.outputs.textEmbeddingModelDeploymentName
 output azure_aoai_embedding_model_api_version string = aoai.outputs.textEmbeddingModelApiVersion
 
-output azure_apim_name string = apim.outputs.name
 output azure_apim_gateway_url string = apim.outputs.apimGatewayUrl
+output azure_apim_name string = apim.outputs.name
 
 output azure_app_hostname string = appHostname
 output azure_app_url string = appUrl
 
-output azure_app_insights_connection_string string = apim.outputs.appInsightsConnectionString
+output azure_app_insights_connection_string string = appInsights.outputs.connectionString
 
 output azure_cosmosdb_endpoint string = cosmosdb.outputs.endpoint
 output azure_cosmosdb_name string = cosmosdb.outputs.name
 output azure_cosmosdb_id string = cosmosdb.outputs.id
 
 output azure_dns_zone_name string = privateDnsZone.outputs.name
-output azure_app_hostname string = appHostname
-output azure_app_url string = appUrl
-output azure_workload_identity_client_id string = workloadIdentity.outputs.clientId
-output azure_workload_identity_principal_id string = workloadIdentity.outputs.principalId
-output azure_workload_identity_name string = workloadIdentity.outputs.name
 output azure_private_dns_zones array = enablePrivateEndpoints
   ? union(privatelinkPrivateDns.outputs.privateDnsZones, [privateDnsZone.outputs.name])
   : []
+
+output azure_storage_account string = storage.outputs.name
+output azure_storage_account_blob_url string = storage.outputs.primaryEndpoints.blob
+
+output azure_workload_identity_client_id string = workloadIdentity.outputs.clientId
+output azure_workload_identity_principal_id string = workloadIdentity.outputs.principalId
+output azure_workload_identity_name string = workloadIdentity.outputs.name