From 6d7c5998500981f6d78496bce46aef9167a2152c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 15 May 2024 21:17:25 +0000 Subject: [PATCH] merged cmk into hub.tf --- quickstart/101-ai-studio/dependent.tf | 2 +- quickstart/101-ai-studio/hub-cmk.tf | 48 --------------------------- quickstart/101-ai-studio/hub.tf | 10 ++++++ quickstart/101-ai-studio/variables.tf | 12 ++++++- 4 files changed, 22 insertions(+), 50 deletions(-) delete mode 100644 quickstart/101-ai-studio/hub-cmk.tf diff --git a/quickstart/101-ai-studio/dependent.tf b/quickstart/101-ai-studio/dependent.tf index 038af316..50958e43 100644 --- a/quickstart/101-ai-studio/dependent.tf +++ b/quickstart/101-ai-studio/dependent.tf @@ -24,7 +24,7 @@ resource "azurerm_key_vault" "default" { // AzAPI AIServices resource "azapi_resource" "AIServicesResource"{ - type = "Microsoft.CognitiveServices/accounts@2024-01-01-preview" + type = "Microsoft.CognitiveServices/accounts@2024-04-01-preview" name = "${var.names}AIServicesResource" location = azurerm_resource_group.default.location parent_id = azurerm_resource_group.default.id diff --git a/quickstart/101-ai-studio/hub-cmk.tf b/quickstart/101-ai-studio/hub-cmk.tf deleted file mode 100644 index c29c1f3e..00000000 --- a/quickstart/101-ai-studio/hub-cmk.tf +++ /dev/null @@ -1,48 +0,0 @@ -/* // To enable cmk, pass in arguments to set up keyIdentifier via cmk_keyvault_key_uri. Also comment out hub.tf. - -variable "cmk_keyvault_key_uri" { - description = "Key vault uri to access the encryption key." -} - -variable "encryption_status" { - description = "Indicates whether or not the encryption is enabled for the workspace." - default = "Enabled" -} - -resource "azapi_resource" "hub" { - type = "Microsoft.MachineLearningServices/workspaces@2024-04-01" - name = "my-ai-hub" - location = azurerm_resource_group.default.location - parent_id = azurerm_resource_group.default.id - - identity { - type = "SystemAssigned" - } - - body = jsonencode({ - properties = { - description = "This is my Azure AI hub" - friendlyName = "My Hub" - storageAccount = azurerm_storage_account.default.id - keyVault = azurerm_key_vault.default.id - - /* Optional: To enable these field, the corresponding dependent resources need to be uncommented. - applicationInsight = azurerm_application_insights.default.id - containerRegistry = azurerm_container_registry.default.id - /* - - encryption = { - status = var.encryption_status - keyVaultProperties = { - keyVaultArmId = azurerm_key_vault.default.id - keyIdentifier = var.cmk_keyvault_key_uri - } - } - - } - kind = "hub" - }) - schema_validation_enabled = false -} - -*/ \ No newline at end of file diff --git a/quickstart/101-ai-studio/hub.tf b/quickstart/101-ai-studio/hub.tf index 7629f30b..e0389340 100644 --- a/quickstart/101-ai-studio/hub.tf +++ b/quickstart/101-ai-studio/hub.tf @@ -19,6 +19,16 @@ resource "azapi_resource" "hub" { applicationInsight = azurerm_application_insights.default.id containerRegistry = azurerm_container_registry.default.id */ + + //Optional: To enable Customer Managed Keys, the corresponding + encryption = { + status = var.encryption_status + keyVaultProperties = { + keyVaultArmId = azurerm_key_vault.default.id + keyIdentifier = var.cmk_keyvault_key_uri + } + } + } kind = "hub" }) diff --git a/quickstart/101-ai-studio/variables.tf b/quickstart/101-ai-studio/variables.tf index ae636375..b83c3120 100644 --- a/quickstart/101-ai-studio/variables.tf +++ b/quickstart/101-ai-studio/variables.tf @@ -15,4 +15,14 @@ variable "sku" { type = string description = "The sku name of the Azure Analysis Services server to create. Choose from: B1, B2, D1, S0, S1, S2, S3, S4, S8, S9. Some skus are region specific. See https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-overview#availability-by-region" default = "S0" -} \ No newline at end of file +} + +//Optional: For Customer Managed Keys, uncomment this part AND the corresponding section in hub.tf +variable "cmk_keyvault_key_uri" { + description = "Key vault uri to access the encryption key." +} + +variable "encryption_status" { + description = "Indicates whether or not the encryption is enabled for the workspace." + default = "Enabled" +}