feat: Add Azure OpenAI

contiamo · Nov 22, 2024 · 8c7ecf1 · 8c7ecf1
1 parent 11d8b29
commit 8c7ecf1
Show file tree

Hide file tree

Showing 7 changed files with 403 additions and 0 deletions.
diff --git a/azure-openai/README.md b/azure-openai/README.md
@@ -0,0 +1,5 @@
+# Azure OpenAI Module
+
+This is a fork of the module provided by Azure
+
+https://github.com/Azure/terraform-azurerm-openai
diff --git a/azure-openai/main.tf b/azure-openai/main.tf
@@ -0,0 +1,68 @@
+data "azurerm_resource_group" "this" {
+  name = var.resource_group_name
+}
+
+resource "azurerm_cognitive_account" "this" {
+  kind                               = "OpenAI"
+  location                           = var.location
+  name                               = var.account_name
+  resource_group_name                = data.azurerm_resource_group.this.name
+  sku_name                           = var.sku_name
+  custom_subdomain_name              = var.custom_subdomain_name
+  dynamic_throttling_enabled         = var.dynamic_throttling_enabled
+  fqdns                              = var.fqdns
+  local_auth_enabled                 = var.local_auth_enabled
+  outbound_network_access_restricted = var.outbound_network_access_restricted
+  public_network_access_enabled      = var.public_network_access_enabled
+  tags                               = var.tags
+
+  dynamic "customer_managed_key" {
+    for_each = var.customer_managed_key != null ? [var.customer_managed_key] : []
+    content {
+      key_vault_key_id   = customer_managed_key.value.key_vault_key_id
+      identity_client_id = customer_managed_key.value.identity_client_id
+    }
+  }
+  dynamic "identity" {
+    for_each = var.identity != null ? [var.identity] : []
+    content {
+      type         = identity.value.type
+      identity_ids = identity.value.identity_ids
+    }
+  }
+  dynamic "network_acls" {
+    for_each = var.network_acls != null ? var.network_acls : []
+    content {
+      default_action = network_acls.value.default_action
+      ip_rules       = network_acls.value.ip_rules
+
+      dynamic "virtual_network_rules" {
+        for_each = network_acls.value.virtual_network_rules != null ? network_acls.value.virtual_network_rules : []
+        content {
+          subnet_id                            = virtual_network_rules.value.subnet_id
+          ignore_missing_vnet_service_endpoint = virtual_network_rules.value.ignore_missing_vnet_service_endpoint
+        }
+      }
+    }
+  }
+}
+
+resource "azurerm_cognitive_deployment" "this" {
+  for_each = var.deployment
+
+  cognitive_account_id   = azurerm_cognitive_account.this.id
+  name                   = each.value.name
+  rai_policy_name        = each.value.rai_policy_name
+  version_upgrade_option = each.value.version_upgrade_option
+
+  model {
+    format  = each.value.model_format
+    name    = each.value.model_name
+    version = each.value.model_version
+  }
+
+  scale {
+    type     = each.value.scale_type
+    capacity = try(each.value.capacity, 1)
+  }
+}
diff --git a/azure-openai/outputs.tf b/azure-openai/outputs.tf
@@ -0,0 +1,34 @@
+
+output "openai_endpoint" {
+  description = "The endpoint used to connect to the Cognitive Service Account."
+  value       = azurerm_cognitive_account.this.endpoint
+}
+
+output "openai_id" {
+  description = "The ID of the Cognitive Service Account."
+  value       = azurerm_cognitive_account.this.id
+}
+
+output "openai_primary_key" {
+  description = "The primary access key for the Cognitive Service Account."
+  sensitive   = true
+  value       = azurerm_cognitive_account.this.primary_access_key
+}
+
+output "openai_secondary_key" {
+  description = "The secondary access key for the Cognitive Service Account."
+  sensitive   = true
+  value       = azurerm_cognitive_account.this.secondary_access_key
+}
+
+output "openai_subdomain" {
+  description = "The subdomain used to connect to the Cognitive Service Account."
+  value       = azurerm_cognitive_account.this.custom_subdomain_name
+}
+
+output "private_ip_addresses" {
+  description = "A map dictionary of the private IP addresses for each private endpoint."
+  value = {
+    for key, pe in azurerm_private_endpoint.this : key => pe.private_service_connection[0].private_ip_address
+  }
+}
diff --git a/azure-openai/private_endpoint.tf b/azure-openai/private_endpoint.tf
@@ -0,0 +1,55 @@
+locals {
+  private_dns_zone_id   = length(var.private_endpoint) > 0 ? try(azurerm_private_dns_zone.dns_zone[0].id, data.azurerm_private_dns_zone.dns_zone[0].id) : null
+  private_dns_zone_name = length(var.private_endpoint) > 0 ? try(azurerm_private_dns_zone.dns_zone[0].name, data.azurerm_private_dns_zone.dns_zone[0].name) : null
+}
+
+resource "azurerm_private_endpoint" "this" {
+  for_each = var.private_endpoint
+
+  location            = each.value.location != null ? each.value.location : data.azurerm_resource_group.pe_vnet_rg[each.key].location
+  name                = each.value.name
+  resource_group_name = data.azurerm_resource_group.pe_vnet_rg[each.key].name
+  subnet_id           = data.azurerm_subnet.pe_subnet[each.key].id
+  tags                = var.tags
+
+  private_service_connection {
+    is_manual_connection           = each.value.is_manual_connection
+    name                           = each.value.private_service_connection_name
+    private_connection_resource_id = azurerm_cognitive_account.this.id
+    subresource_names              = var.pe_subresource
+  }
+  dynamic "private_dns_zone_group" {
+    for_each = each.value.private_dns_entry_enabled ? ["private_dns_zone_group"] : []
+
+    content {
+      name                 = local.private_dns_zone_name
+      private_dns_zone_ids = [local.private_dns_zone_id]
+    }
+  }
+}
+
+data "azurerm_private_dns_zone" "dns_zone" {
+  count = length(var.private_endpoint) > 0 && var.private_dns_zone != null ? 1 : 0
+
+  name                = var.private_dns_zone.name
+  resource_group_name = var.private_dns_zone.resource_group_name
+}
+
+resource "azurerm_private_dns_zone" "dns_zone" {
+  count = length(var.private_endpoint) > 0 && var.private_dns_zone == null ? 1 : 0
+
+  name                = "privatelink.openai.azure.com"
+  resource_group_name = data.azurerm_resource_group.this.name
+  tags                = var.tags
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "dns_zone_link" {
+  for_each = var.private_endpoint
+
+  name                  = each.value.dns_zone_virtual_network_link_name
+  private_dns_zone_name = local.private_dns_zone_name
+  resource_group_name   = data.azurerm_resource_group.this.name
+  virtual_network_id    = data.azurerm_virtual_network.vnet[each.key].id
+  registration_enabled  = false
+  tags                  = var.tags
+}
diff --git a/azure-openai/private_endpoint_data.tf b/azure-openai/private_endpoint_data.tf
@@ -0,0 +1,23 @@
+# Private endpoint data dependencies
+# Subnet where PE will be created
+data "azurerm_subnet" "pe_subnet" {
+  for_each = var.private_endpoint
+
+  name                 = each.value.subnet_name
+  resource_group_name  = each.value.vnet_rg_name
+  virtual_network_name = each.value.vnet_name
+}
+
+# Resource group of the VNET-Subnet where PE will be created
+data "azurerm_resource_group" "pe_vnet_rg" {
+  for_each = var.private_endpoint
+
+  name = each.value.vnet_rg_name
+}
+
+data "azurerm_virtual_network" "vnet" {
+  for_each = var.private_endpoint
+
+  name                = each.value.vnet_name
+  resource_group_name = each.value.vnet_rg_name
+}
diff --git a/azure-openai/providers.tf b/azure-openai/providers.tf
@@ -0,0 +1,15 @@
+# Azure provider version
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.80"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0"
+    }
+  }
+}