Client Advisor | Researcher - SFI Fixes

ClientAdvisor/Deployment/bicep/core/database/cosmos/cosmos-role-assign.bicep

@@ -0,0 +1,19 @@
+metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.'
+param accountName string
+
+param roleDefinitionId string
+param principalId string = ''
+
+resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
+  parent: cosmos
+  name: guid(roleDefinitionId, principalId, cosmos.id)
+  properties: {
+    principalId: principalId
+    roleDefinitionId: roleDefinitionId
+    scope: cosmos.id
+  }
+}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+  name: accountName
+}

ClientAdvisor/Deployment/bicep/core/database/cosmos/deploy_cosmos_db.bicep

@@ -0,0 +1,76 @@
+@minLength(3)
+@maxLength(15)
+@description('Solution Name')
+param solutionName string
+param solutionLocation string
+
+@description('Name')
+param accountName string = '${ solutionName }-cosmos'
+param databaseName string = 'db_conversation_history'
+param collectionName string = 'conversations'
+
+param containers array = [
+  {
+    name: collectionName
+    id: collectionName
+    partitionKey: '/userId'
+  }
+]
+
+@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
+param kind string = 'GlobalDocumentDB'
+
+param tags object = {}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+  name: accountName
+  kind: kind
+  location: solutionLocation
+  tags: tags
+  properties: {
+    consistencyPolicy: { defaultConsistencyLevel: 'Session' }
+    locations: [
+      {
+        locationName: solutionLocation
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+    ]
+    databaseAccountOfferType: 'Standard'
+    enableAutomaticFailover: false
+    enableMultipleWriteLocations: false
+    disableLocalAuth: true
+    apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.0' } : {}
+    capabilities: [ { name: 'EnableServerless' } ]
+  }
+}
+
+
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
+  name: '${accountName}/${databaseName}'
+  properties: {
+    resource: { id: databaseName }
+  }
+
+  resource list 'containers' = [for container in containers: {
+    name: container.name
+    properties: {
+      resource: {
+        id: container.id
+        partitionKey: { paths: [ container.partitionKey ] }
+      }
+      options: {}
+    }
+  }]
+
+  dependsOn: [
+    cosmos
+  ]
+}
+
+output cosmosOutput object = {
+  cosmosAccountName: cosmos.name
+  cosmosDatabaseName: databaseName
+  cosmosContainerName: collectionName
+}
+

ClientAdvisor/Deployment/bicep/deploy_app_service.bicep

@@ -6,11 +6,6 @@ targetScope = 'resourceGroup'
 @description('Solution Name')
 param solutionName string
 
-@description('Solution Location')
-param solutionLocation string
-
-param identity string
-
 @description('Name of App Service plan')
 param HostingPlanName string = '${ solutionName }-app-service-plan'
 
@@ -172,7 +167,7 @@ param VITE_POWERBI_EMBED_URL string = ''
 
 // var WebAppImageName = 'DOCKER|ncwaappcontainerreg1.azurecr.io/ncqaappimage:v1.0.0'
 
-var WebAppImageName = 'DOCKER|bycwacontainerreg.azurecr.io/byc-wa-app:latest'
+var WebAppImageName = 'DOCKER|bycwacontainerreg.azurecr.io/byc-wa-app:dev'
 
 resource HostingPlan 'Microsoft.Web/serverfarms@2020-06-01' = {
   name: HostingPlanName
@@ -360,9 +355,6 @@ resource Website 'Microsoft.Web/sites@2020-06-01' = {
         {name: 'AZURE_COSMOSDB_ACCOUNT'
           value: AZURE_COSMOSDB_ACCOUNT
         }
-        {name: 'AZURE_COSMOSDB_ACCOUNT_KEY'
-          value: AZURE_COSMOSDB_ACCOUNT_KEY
-        }
         {name: 'AZURE_COSMOSDB_CONVERSATIONS_CONTAINER'
           value: AZURE_COSMOSDB_CONVERSATIONS_CONTAINER
         }
@@ -406,3 +398,19 @@ resource ApplicationInsights 'Microsoft.Insights/components@2020-02-02' = {
   kind: 'web'
 }
 
+resource contributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2024-05-15' existing = {
+  name: '${AZURE_COSMOSDB_ACCOUNT}/00000000-0000-0000-0000-000000000002'
+}
+
+
+module cosmosUserRole 'core/database/cosmos/cosmos-role-assign.bicep' = {
+  name: 'cosmos-sql-user-role-${WebsiteName}'
+  params: {
+    accountName: AZURE_COSMOSDB_ACCOUNT
+    roleDefinitionId: contributorRoleDefinition.id
+    principalId: Website.identity.principalId
+  }
+  dependsOn: [
+    Website
+  ]
+}

ClientAdvisor/Deployment/bicep/deploy_azure_function_script.bicep

@@ -17,6 +17,7 @@ param sqlDbName string
 param sqlDbUser string
 @secure()
 param sqlDbPwd string
+param functionAppVersion string
 
 resource deploy_azure_function 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
   kind:'AzureCLI'
@@ -31,7 +32,7 @@ resource deploy_azure_function 'Microsoft.Resources/deploymentScripts@2020-10-01
   properties: {
     azCliVersion: '2.50.0'
     primaryScriptUri: '${baseUrl}Deployment/scripts/create_azure_functions.sh' // deploy-azure-synapse-pipelines.sh
-    arguments: '${solutionName} ${solutionLocation} ${resourceGroupName} ${baseUrl} ${azureOpenAIApiKey} ${azureOpenAIApiVersion} ${azureOpenAIEndpoint} ${azureSearchAdminKey} ${azureSearchServiceEndpoint} ${azureSearchIndex} ${sqlServerName} ${sqlDbName} ${sqlDbUser} ${sqlDbPwd}' // Specify any arguments for the script
+    arguments: '${solutionName} ${solutionLocation} ${resourceGroupName} ${baseUrl} ${azureOpenAIApiKey} ${azureOpenAIApiVersion} ${azureOpenAIEndpoint} ${azureSearchAdminKey} ${azureSearchServiceEndpoint} ${azureSearchIndex} ${sqlServerName} ${sqlDbName} ${sqlDbUser} ${sqlDbPwd} ${functionAppVersion}' // Specify any arguments for the script
     timeout: 'PT1H' // Specify the desired timeout duration
     retentionInterval: 'PT1H' // Specify the desired retention interval
     cleanupPreference:'OnSuccess'

ClientAdvisor/Deployment/bicep/deploy_keyvault.bicep

@@ -70,8 +70,6 @@ param managedIdentityObjectId string
 // param environmentId string
 param adlsAccountName string
 @secure()
-param adlsAccountKey string
-@secure()
 param azureOpenAIApiKey string
 param azureOpenAIApiVersion string
 param azureOpenAIEndpoint string
@@ -201,15 +199,6 @@ resource adlsAccountNameEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-prev
   }
 }
 
-resource adlsAccountKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
-  parent: keyVault
-  name: 'ADLS-ACCOUNT-KEY'
-  properties: {
-    value: adlsAccountKey
-  }
-}
-
-
 resource azureOpenAIApiKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
   parent: keyVault
   name: 'AZURE-OPENAI-KEY'

ClientAdvisor/Deployment/bicep/deploy_storage_account.bicep

@@ -47,6 +47,7 @@ resource storageAccounts_resource 'Microsoft.Storage/storageAccounts@2022-09-01'
       keySource: 'Microsoft.Storage'
     }
     accessTier: 'Hot'
+    allowSharedKeyAccess: false
   }
 }
 
@@ -107,4 +108,3 @@ output storageAccountOutput object = {
   connectionString:storageAccountString
   dataContainer:storageAccounts_default_power_platform_dataflows.name
 }
-

ClientAdvisor/Deployment/bicep/deploy_upload_files_script.bicep

@@ -1,7 +1,5 @@
 @description('Specifies the location for resources.')
-param solutionLocation string 
-@secure()
-param storageAccountKey string
+param solutionLocation string
 
 param storageAccountName string
 
@@ -22,7 +20,7 @@ resource copy_demo_Data 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
   properties: {
     azCliVersion: '2.50.0'
     primaryScriptUri: '${baseUrl}Deployment/scripts/copy_kb_files.sh' // deploy-azure-synapse-pipelines.sh
-    arguments: '${storageAccountName} ${containerName} ${storageAccountKey} ${baseUrl}' // Specify any arguments for the script
+    arguments: '${storageAccountName} ${containerName} ${baseUrl}' // Specify any arguments for the script
     timeout: 'PT1H' // Specify the desired timeout duration
     retentionInterval: 'PT1H' // Specify the desired retention interval
     cleanupPreference:'OnSuccess'

ClientAdvisor/Deployment/bicep/main.bicep

@@ -17,7 +17,8 @@ var resourceGroupName = resourceGroup().name
 // var subscriptionId  = subscription().subscriptionId
 
 var solutionLocation = resourceGroupLocation
-var baseUrl = 'https://raw.githubusercontent.com/microsoft/Build-your-own-copilot-Solution-Accelerator/main/ClientAdvisor/'
+var baseUrl = 'https://raw.githubusercontent.com/Roopan-Microsoft/psl-byo-main/main/ClientAdvisor/'
+var functionAppversion = 'dev'
 
 // ========== Managed Identity ========== //
 module managedIdentityModule 'deploy_managed_identity.bicep' = {
@@ -29,12 +30,11 @@ module managedIdentityModule 'deploy_managed_identity.bicep' = {
   scope: resourceGroup(resourceGroup().name)
 }
 
-module cosmosDBModule 'deploy_cosmos_db.bicep' = {
+module cosmosDBModule 'core/database/cosmos/deploy_cosmos_db.bicep' = {
   name: 'deploy_cosmos_db'
   params: {
     solutionName: solutionPrefix
     solutionLocation: cosmosLocation
-    identity:managedIdentityModule.outputs.managedIdentityOutput.objectId
   }
   scope: resourceGroup(resourceGroup().name)
 }
@@ -96,7 +96,6 @@ module uploadFiles 'deploy_upload_files_script.bicep' = {
     solutionLocation: solutionLocation
     containerName:storageAccountModule.outputs.storageAccountOutput.dataContainer
     identity:managedIdentityModule.outputs.managedIdentityOutput.id
-    storageAccountKey:storageAccountModule.outputs.storageAccountOutput.key
     baseUrl:baseUrl
   }
   dependsOn:[storageAccountModule]
@@ -120,6 +119,7 @@ module azureFunctions 'deploy_azure_function_script.bicep' = {
     sqlDbPwd:sqlDBModule.outputs.sqlDbOutput.sqlDbPwd
     identity:managedIdentityModule.outputs.managedIdentityOutput.id
     baseUrl:baseUrl
+    functionAppVersion: functionAppversion
   }
   dependsOn:[storageAccountModule]
 }
@@ -145,7 +145,6 @@ module keyvaultModule 'deploy_keyvault.bicep' = {
     tenantId: subscription().tenantId
     managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
     adlsAccountName:storageAccountModule.outputs.storageAccountOutput.storageAccountName
-    adlsAccountKey:storageAccountModule.outputs.storageAccountOutput.key
     azureOpenAIApiKey:azOpenAI.outputs.openAIOutput.openAPIKey
     azureOpenAIApiVersion:'2024-02-15-preview'
     azureOpenAIEndpoint:azOpenAI.outputs.openAIOutput.openAPIEndpoint
@@ -195,9 +194,7 @@ module createIndex 'deploy_index_scripts.bicep' = {
 module appserviceModule 'deploy_app_service.bicep' = {
   name: 'deploy_app_service'
   params: {
-    identity:managedIdentityModule.outputs.managedIdentityOutput.id
     solutionName: solutionPrefix
-    solutionLocation: solutionLocation
     AzureSearchService:azSearchService.outputs.searchServiceOutput.searchServiceName
     AzureSearchIndex:'transcripts_index'
     AzureSearchKey:azSearchService.outputs.searchServiceOutput.searchServiceAdminKey
@@ -235,7 +232,6 @@ module appserviceModule 'deploy_app_service.bicep' = {
     SQLDB_USERNAME:sqlDBModule.outputs.sqlDbOutput.sqlDbUser
     SQLDB_PASSWORD:sqlDBModule.outputs.sqlDbOutput.sqlDbPwd
     AZURE_COSMOSDB_ACCOUNT: cosmosDBModule.outputs.cosmosOutput.cosmosAccountName
-    AZURE_COSMOSDB_ACCOUNT_KEY: cosmosDBModule.outputs.cosmosOutput.cosmosAccountKey
     AZURE_COSMOSDB_CONVERSATIONS_CONTAINER: cosmosDBModule.outputs.cosmosOutput.cosmosContainerName
     AZURE_COSMOSDB_DATABASE: cosmosDBModule.outputs.cosmosOutput.cosmosDatabaseName
     AZURE_COSMOSDB_ENABLE_FEEDBACK: 'True'