aliencube
diff --git a/‎.gitattributes‎
Lines changed: 7 additions & 0 deletions b/‎.gitattributes‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/azure-dev.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/azure-dev.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.spectral.yaml‎
Lines changed: 22 additions & 0 deletions b/‎.spectral.yaml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎Directory.Build.props‎
Lines changed: 1 addition & 1 deletion b/‎Directory.Build.props‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎infra/aspire.bicep‎
Lines changed: 41 additions & 0 deletions b/‎infra/aspire.bicep‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎infra/core/storage/storage-account.bicep‎
Lines changed: 118 additions & 0 deletions b/‎infra/core/storage/storage-account.bicep‎
Lines changed: 118 additions & 0 deletions
diff --git a/‎src/AzureOpenAIProxy.ApiApp/AzureOpenAIProxy.ApiApp.csproj‎
Lines changed: 1 addition & 0 deletions b/‎src/AzureOpenAIProxy.ApiApp/AzureOpenAIProxy.ApiApp.csproj‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/AzureOpenAIProxy.ApiApp/Configurations/KeyVaultSettings.cs‎
Lines changed: 2 additions & 2 deletions b/‎src/AzureOpenAIProxy.ApiApp/Configurations/KeyVaultSettings.cs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/AzureOpenAIProxy.ApiApp/Configurations/StorageAccountSettings.cs‎
Lines changed: 17 additions & 0 deletions b/‎src/AzureOpenAIProxy.ApiApp/Configurations/StorageAccountSettings.cs‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎src/AzureOpenAIProxy.ApiApp/Configurations/TableStorageSettings.cs‎
Lines changed: 17 additions & 0 deletions b/‎src/AzureOpenAIProxy.ApiApp/Configurations/TableStorageSettings.cs‎
Lines changed: 17 additions & 0 deletions
@@ -0,0 +1,7 @@
+# Auto detect text files and perform LF normalization
+*          text=auto
+
+*.sln      text eol=crlf
+*.csproj   text eol=crlf
+*.props    text eol=crlf
+*.sh       text eol=lf
@@ -25,7 +25,8 @@ jobs:
       AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
       AZURE_OPENAI_KEYS: ${{ secrets.AZURE_OPENAI_KEYS }}
       AZURE_KEYVAULT_URI: ${{ secrets.AZURE_KEYVAULT_URI }}
-      AZURE_KEYVAULT_SECRET_NAME: ${{ vars.AZURE_KEYVAULT_SECRET_NAME }}
+      AZURE_KEYVAULT_SECRET_NAME_OPENAI: ${{ vars.AZURE_KEYVAULT_SECRET_NAME_OPENAI }}
+      AZURE_KEYVAULT_SECRET_NAME_STORAGE: ${{ vars.AZURE_KEYVAULT_SECRET_NAME_STORAGE }}
 
     steps:
     - name: Checkout
@@ -54,7 +55,8 @@ jobs:
         $appsettings = Get-Content -Path "./src/AzureOpenAIProxy.ApiApp/appsettings.json" -Raw | ConvertFrom-Json
         $appsettings.Azure.OpenAI.Instances = @()
         $appsettings.Azure.KeyVault.VaultUri = "${{ env.AZURE_KEYVAULT_URI }}"
-        $appsettings.Azure.KeyVault.SecretName = "${{ env.AZURE_KEYVAULT_SECRET_NAME }}"
+        $appsettings.Azure.KeyVault.SecretNames.OpenAI = "${{ env.AZURE_KEYVAULT_SECRET_NAME_OPENAI }}"
+        $appsettings.Azure.KeyVault.SecretNames.Storage = "${{ env.AZURE_KEYVAULT_SECRET_NAME_STORAGE }}"
         $appsettings | ConvertTo-Json -Depth 100 | Set-Content -Path "./src/AzureOpenAIProxy.ApiApp/appsettings.json" -Encoding UTF8 -Force
         
     - name: Install Spectral Cli
 
@@ -81,3 +81,25 @@ rules:
       - field: 'content'
         function: truthy
         message: Content is required
+
+  # Ensure endpoints with path variables define a 404 response
+  # path에 path variable이 있다면 404 응답 코드가 있어야 함
+  path-variables-require-404:
+    description: Path variables must include a 404 response
+    severity: error
+    given: $.paths[*][*].parameters[?(@.in == 'path')]^^
+    then:
+      - field: responses.404
+        function: truthy
+        message: Response 404 is required
+
+  # Ensure POST, PUT, PATCH methods define a 400 response
+  # verb가 POST, PUT, PATCH일 경우 400 응답코드가 있어야 함
+  post-put-patch-require-400:
+    description: POST, PUT, PATCH methods must include a 400 response
+    given: $.paths[*][?(@property == 'post' || @property == 'put' || @property == 'patch')]
+    severity: error
+    then:
+      - field: responses.400
+        function: truthy
+        message: Response 400 is required
@@ -7,7 +7,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
 
-    <AspireVersion>8.2.0</AspireVersion>
+    <AspireVersion>8.2.1</AspireVersion>
     <AzureOpenAIVersion>2.*-*</AzureOpenAIVersion>
     <AspNetCoreVersion>8.*</AspNetCoreVersion>
     <MicrosoftExtensionsVersion>8.*</MicrosoftExtensionsVersion>
 
@@ -17,6 +17,15 @@ param enabledForDeployment bool = true
 param enabledForTemplateDeployment bool = true
 param enableRbacAuthorization bool = true
 
+//TODO: 배포 시점에 사용자 princpalId, apiapp principalId를 받는 방법 조사
+//param creatorAdminPrincipalId string = ''
+//param apiAppUserPrincipalId string = ''
+
+// parameters for storage account
+param storageAccountName string = ''
+// tableNames passed as a comma separated string from command line
+param tableNames string = 'events'
+
 var abbrs = loadJsonContent('./abbreviations.json')
 
 // Tags that should be applied to all resources.
@@ -39,6 +48,9 @@ var resourceToken = uniqueString(resourceGroup().id)
 #disable-next-line no-unused-vars
 // var apiServiceName = 'python-api'
 
+// tables for storage account seperated by comma
+var tables = split(tableNames, ',')
+
 // Add resources to be provisioned below.
 
 // Provision Key Vault
@@ -54,6 +66,35 @@ module keyVault './core/security/keyvault.bicep' = {
   }
 }
 
+// Provision Storage Account
+module storageAccount './core/storage/storage-account.bicep' = {
+    name: 'storageAccount'
+    params: {
+        name: !empty(storageAccountName) ? storageAccountName : '${abbrs.storageStorageAccounts}${resourceToken}'
+        location: location
+        tags: tags
+        tables: tables
+        keyVaultName: keyVault.outputs.name
+    }
+}
+
+// TODO: Key vault Secret 권한부여, 생성한 사람에게 관리자 권한을, 그 외에는 secret user 권한을 부여
+//resource keyVaultSecretRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+//    name: guid(resourceGroup().id, resolvedKeyVaultName, 'secret-role-assignment')
+//    properties: {
+//        principalId: creatorAdminPrincipalId
+//        roleDefinitionId: '00482A5A-887F-4FB3-B363-3B7FE8E74483' // administrator role
+//    }
+//}
+//
+//resource keyVaultSecretApiAppRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+//    name: guid(resourceGroup().id, resolvedKeyVaultName, 'secret-apiapp-role-assignment')
+//    properties: {
+//        principalId: apiAppUserPrincipalId
+//        roleDefinitionId: '4633458B-17DE-408A-B874-0445C86B69E6' // secret user role
+//    }
+//}
+
 // Add outputs from the deployment here, if needed.
 //
 // This allows the outputs to be referenced by other bicep deployments in the deployment pipeline,
 
@@ -0,0 +1,118 @@
+metadata description = 'Creates an Azure storage account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+@allowed([
+  'Cool'
+  'Hot'
+  'Premium' ])
+param accessTier string = 'Hot'
+param allowBlobPublicAccess bool = true
+param allowCrossTenantReplication bool = true
+param allowSharedKeyAccess bool = true
+param containers array = []
+param corsRules array = []
+param defaultToOAuthAuthentication bool = false
+param deleteRetentionPolicy object = {}
+@allowed([ 'AzureDnsZone', 'Standard' ])
+param dnsEndpointType string = 'Standard'
+param files array = []
+param kind string = 'StorageV2'
+param minimumTlsVersion string = 'TLS1_2'
+param queues array = []
+param shareDeleteRetentionPolicy object = {}
+param supportsHttpsTrafficOnly bool = true
+param tables array = []
+param networkAcls object = {
+  bypass: 'AzureServices'
+  defaultAction: 'Allow'
+}
+@allowed([ 'Enabled', 'Disabled' ])
+param publicNetworkAccess string = 'Enabled'
+param sku object = { name: 'Standard_LRS' }
+param keyVaultName string = ''
+
+resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  sku: sku
+  properties: {
+    accessTier: accessTier
+    allowBlobPublicAccess: allowBlobPublicAccess
+    allowCrossTenantReplication: allowCrossTenantReplication
+    allowSharedKeyAccess: allowSharedKeyAccess
+    defaultToOAuthAuthentication: defaultToOAuthAuthentication
+    dnsEndpointType: dnsEndpointType
+    minimumTlsVersion: minimumTlsVersion
+    networkAcls: networkAcls
+    publicNetworkAccess: publicNetworkAccess
+    supportsHttpsTrafficOnly: supportsHttpsTrafficOnly
+  }
+
+  resource blobServices 'blobServices' = if (!empty(containers)) {
+    name: 'default'
+    properties: {
+      cors: {
+        corsRules: corsRules
+      }
+      deleteRetentionPolicy: deleteRetentionPolicy
+    }
+    resource container 'containers' = [for container in containers: {
+      name: container.name
+      properties: {
+        // todo: Warning use-safe-access: Use the safe access (.?) operator instead of checking object contents with the 'contains' function. [https://aka.ms/bicep/linter/use-safe-access]
+        publicAccess: contains(container, 'publicAccess') ? container.publicAccess : 'None'
+      }
+    }]
+  }
+
+  resource fileServices 'fileServices' = if (!empty(files)) {
+    name: 'default'
+    properties: {
+      cors: {
+        corsRules: corsRules
+      }
+      shareDeleteRetentionPolicy: shareDeleteRetentionPolicy
+    }
+  }
+
+  resource queueServices 'queueServices' = if (!empty(queues)) {
+    name: 'default'
+    properties: {
+
+    }
+    resource queue 'queues' = [for queue in queues: {
+      name: queue.name
+      properties: {
+        metadata: {}
+      }
+    }]
+  }
+
+  resource tableServices 'tableServices' = if (!empty(tables)) {
+    name: 'default'
+    properties: {}
+    // create tables pre-defined in aspire.bicep
+    resource table 'tables' = [for table in tables: {
+      name: table
+      properties: {}
+    }]
+  }
+}
+
+// Save Storage Account Connection String in Key Vault Secret
+module keyVaultSecrets '../../core/security/keyvault-secret.bicep' = {
+    name: 'keyVaultSecrets'
+    params: {
+        name: 'storage-connection-string'
+        secretValue:'DefaultEndpointsProtocol=https;EndpointSuffix=${environment().suffixes.storage};AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};BlobEndpoint=${storage.properties.primaryEndpoints.blob};FileEndpoint=${storage.properties.primaryEndpoints.file};QueueEndpoint=${storage.properties.primaryEndpoints.queue};TableEndpoint=${storage.properties.primaryEndpoints.table}'
+        keyVaultName:keyVaultName
+    }
+}
+
+output id string = storage.id
+output name string = storage.name
+output primaryEndpoints object = storage.properties.primaryEndpoints
@@ -7,6 +7,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.AI.OpenAI" Version="$(AzureOpenAIVersion)" />
+    <PackageReference Include="Azure.Data.Tables" Version="12.9.0" />
     <PackageReference Include="Azure.Identity" Version="1.12.0" />
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="$(AspNetCoreVersion)" />
 
@@ -16,7 +16,7 @@ public class KeyVaultSettings
     public string? VaultUri { get; set; }
 
     /// <summary>
-    /// Gets or sets the secret name.
+    /// Gets or sets the secret names.
     /// </summary>
-    public string? SecretName { get; set; }
+    public Dictionary<string, string> SecretNames { get; set; } = [];
 }
@@ -0,0 +1,17 @@
+namespace AzureOpenAIProxy.ApiApp.Configurations;
+
+/// <summary>
+/// This represents the settings entity for storage account.
+/// </summary>
+public class StorageAccountSettings
+{
+    /// <summary>
+    /// Gets the name of the configuration settings.
+    /// </summary>
+    public const string Name = "StorageAccount";
+
+    /// <summary>
+    /// Gets or sets the <see cref="TableStorageSettings"/> instance.
+    /// </summary>
+    public TableStorageSettings TableStorage { get; set; } = new();
+}
@@ -0,0 +1,17 @@
+namespace AzureOpenAIProxy.ApiApp.Configurations;
+
+/// <summary>
+/// This represents the settings entity for Azure Table Stroage.
+/// </summary>
+public class TableStorageSettings
+{
+    /// <summary>
+    /// Gets the name of the configuration settings.
+    /// </summary>
+    public const string Name = "TableStorage";
+
+    /// <summary>
+    /// Gets or sets the table name.
+    /// </summary>
+    public string? TableName { get; set; }
+}
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ public class KeyVaultSettings`
`16`	`16`	`public string? VaultUri { get; set; }`
`17`	`17`
`18`	`18`	`/// <summary>`
`19`		`- /// Gets or sets the secret name.`
	`19`	`+ /// Gets or sets the secret names.`
`20`	`20`	`/// </summary>`
`21`		`- public string? SecretName { get; set; }`
	`21`	`+ public Dictionary<string, string> SecretNames { get; set; } = [];`
`22`	`22`	`}`