Merge pull request #599 from microsoft/kylewerts/Bug7279-BingSearch-Key

KyleWerts/7279-Bing-Search-KeyVault
microsoft · Mar 29, 2024 · 9fb22e6 · 9fb22e6
2 parents cd60c4b + 5ddde4a
commit 9fb22e6
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 15 deletions.
diff --git a/infra/core/ai/bingSearch/bingSearch.tf b/infra/core/ai/bingSearch/bingSearch.tf
@@ -11,6 +11,7 @@ data "template_file" "workflow" {
 }
 
 resource "azurerm_resource_group_template_deployment" "bing_search" {
+  count               = var.enableWebChat ? 1 : 0
   resource_group_name = var.resourceGroupName
   parameters_content = jsonencode({
     "name"                      = { value = "${var.name}" },
@@ -23,4 +24,10 @@ resource "azurerm_resource_group_template_deployment" "bing_search" {
   # this ensures the keys are up-to-date
   name            = "bingsearch-${filemd5(local.arm_file_path)}"
   deployment_mode = "Incremental"
+}
+
+resource "azurerm_key_vault_secret" "bing_search_key" {
+  name         = "BINGSEARCH-KEY"
+  value        = var.enableWebChat ? jsondecode(azurerm_resource_group_template_deployment.bing_search[0].output_content).key1.value : ""
+  key_vault_id = var.keyVaultId
 }
diff --git a/infra/core/ai/bingSearch/outputs.tf b/infra/core/ai/bingSearch/outputs.tf
@@ -1,11 +1,11 @@
 output "id" {
-  value = jsondecode(azurerm_resource_group_template_deployment.bing_search.output_content).id.value
+  value = var.enableWebChat ? jsondecode(azurerm_resource_group_template_deployment.bing_search[0].output_content).id.value : ""
 }
 
 output "endpoint" {
-  value = jsondecode(azurerm_resource_group_template_deployment.bing_search.output_content).endpoint.value
+  value = var.enableWebChat ? jsondecode(azurerm_resource_group_template_deployment.bing_search[0].output_content).endpoint.value : ""
 }
 
 output "key" {
-  value = jsondecode(azurerm_resource_group_template_deployment.bing_search.output_content).key1.value
+  value = var.enableWebChat ? jsondecode(azurerm_resource_group_template_deployment.bing_search[0].output_content).key1.value : ""
 }
diff --git a/infra/core/ai/bingSearch/variables.tf b/infra/core/ai/bingSearch/variables.tf
@@ -16,7 +16,16 @@ variable "sku" {
   type = string
 }
 
-
 variable "arm_template_schema_mgmt_api" {
   type = string
+}
+
+variable "keyVaultId" { 
+  type = string
+  sensitive   = true
+}
+
+variable "enableWebChat" {
+  description = "A flag to enable or disable web chat."
+  type        = bool
 }
diff --git a/infra/core/host/webapp/webapp.tf b/infra/core/host/webapp/webapp.tf
@@ -102,11 +102,12 @@ resource "azurerm_linux_web_app" "app_service" {
       "SCM_DO_BUILD_DURING_DEPLOYMENT" = lower(tostring(var.scmDoBuildDuringDeployment))
       "ENABLE_ORYX_BUILD"              = lower(tostring(var.enableOryxBuild))
       "APPLICATIONINSIGHTS_CONNECTION_STRING" = var.applicationInsightsConnectionString
-      "AZURE_SEARCH_SERVICE_KEY" = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/AZURE-SEARCH-SERVICE-KEY)"
-      "COSMOSDB_KEY" = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/COSMOSDB-KEY)"
-      "AZURE_BLOB_STORAGE_KEY" = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/AZURE-BLOB-STORAGE-KEY)"
-      "ENRICHMENT_KEY" = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/ENRICHMENT-KEY)"
-      "AZURE_OPENAI_SERVICE_KEY" = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/AZURE-OPENAI-SERVICE-KEY)"
+      "AZURE_SEARCH_SERVICE_KEY"  = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/AZURE-SEARCH-SERVICE-KEY)"
+      "COSMOSDB_KEY"              = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/COSMOSDB-KEY)"
+      "BING_SEARCH_KEY"           = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/BINGSEARCH-KEY)"
+      "AZURE_BLOB_STORAGE_KEY"    = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/AZURE-BLOB-STORAGE-KEY)"
+      "ENRICHMENT_KEY"            = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/ENRICHMENT-KEY)"
+      "AZURE_OPENAI_SERVICE_KEY"  = "@Microsoft.KeyVault(SecretUri=${var.keyVaultUri}secrets/AZURE-OPENAI-SERVICE-KEY)"
     }
   )
 

diff --git a/infra/main.tf b/infra/main.tf
@@ -170,8 +170,7 @@ module "backend" {
     APPLICATION_TITLE                       = var.applicationtitle == "" ? "Information Assistant, built with Azure OpenAI" : var.applicationtitle
     AZURE_AI_TRANSLATION_DOMAIN             = var.azure_ai_translation_domain
     USE_SEMANTIC_RERANKER                   = var.use_semantic_reranker
-    BING_SEARCH_ENDPOINT                    = var.enableWebChat ? module.bingSearch[0].endpoint : ""
-    BING_SEARCH_KEY                         = var.enableWebChat ? module.bingSearch[0].key : ""
+    BING_SEARCH_ENDPOINT                    = var.enableWebChat ? module.bingSearch.endpoint : ""
     ENABLE_WEB_CHAT                         = var.enableWebChat
     ENABLE_BING_SAFE_SEARCH                 = var.enableBingSafeSearch
     ENABLE_UNGROUNDED_CHAT                  = var.enableUngroundedChat
@@ -475,13 +474,14 @@ module "kvModule" {
 }
 
 module "bingSearch" {
-  count                         = var.enableWebChat ? 1 : 0
   source                        = "./core/ai/bingSearch"
   name                          = "infoasst-bing-${random_string.random.result}"
   resourceGroupName             = azurerm_resource_group.rg.name
   tags                          = local.tags
   sku                           = "S1" //supported SKUs can be found at https://www.microsoft.com/en-us/bing/apis/pricing
   arm_template_schema_mgmt_api  = var.arm_template_schema_mgmt_api
+  keyVaultId                    = module.kvModule.keyVaultId
+  enableWebChat                 = var.enableWebChat
 }
 
 // DEPLOYMENT OF AZURE CUSTOMER ATTRIBUTION TAG

diff --git a/infra/outputs.tf b/infra/outputs.tf
@@ -164,11 +164,11 @@ output "AZURE_ENVIRONMENT" {
 }
 
 output "BING_SEARCH_ENDPOINT" {
-  value = var.enableWebChat ? module.bingSearch[0].endpoint : ""
+  value = var.enableWebChat ? module.bingSearch.endpoint : ""
 }
 
 output "BING_SEARCH_KEY" {
-  value = var.enableWebChat ? module.bingSearch[0].key : ""
+  value = var.enableWebChat ? module.bingSearch.key : ""
 }
 
 output "ENABLE_BING_SAFE_SEARCH" {

diff --git a/scripts/json-to-env.webapp.debug.sh b/scripts/json-to-env.webapp.debug.sh
@@ -201,7 +201,7 @@ fi
 keyVaultName=$(cat inf_output.json | jq -r .DEPLOYMENT_KEYVAULT_NAME.value)
 
 # Names of your secrets
-secretNames=("AZURE-SEARCH-SERVICE-KEY" "AZURE-BLOB-STORAGE-KEY" "BLOB-CONNECTION-STRING" "COSMOSDB-KEY" "AZURE-OPENAI-SERVICE-KEY" "AZURE-CLIENT-SECRET" "ENRICHMENT-KEY")
+secretNames=("AZURE-SEARCH-SERVICE-KEY" "AZURE-BLOB-STORAGE-KEY" "BLOB-CONNECTION-STRING" "COSMOSDB-KEY" "BINGSEARCH-KEY" "AZURE-OPENAI-SERVICE-KEY" "AZURE-CLIENT-SECRET" "ENRICHMENT-KEY")
 
 # Retrieve and export each secret
 for secretName in "${secretNames[@]}"; do