microsoft · crickman · Aug 15, 2023 · Aug 14, 2023 · Aug 14, 2023 · Aug 14, 2023
diff --git a/scripts/deploy/deploy-azure.ps1 b/scripts/deploy/deploy-azure.ps1
@@ -44,11 +44,15 @@ param(
     # SKU for the Azure App Service plan
     $WebAppServiceSku = "B1",
 
-    [ValidateSet("Volatile", "AzureCognitiveSearch", "Qdrant")]
+    [ValidateSet("Volatile", "AzureCognitiveSearch", "Qdrant", "Postgres")]
     [string]
     # What method to use to persist embeddings
     $MemoryStore = "AzureCognitiveSearch",
 
+    [SecureString]
+    # Password for the Postgres database
+    $SqlAdminPassword = "",
+
     [switch]
     # Don't deploy Cosmos DB for chat storage - Use volatile memory instead
     $NoCosmosDb,
@@ -87,6 +91,11 @@ if ($AIService -eq "OpenAI" -and !$AIApiKey) {
     exit 1
 }
 
+if ($MemoryStore -eq "Postgres" -and !$SqlAdminPassword) {
+    Write-Host "When MemoryStore is Postgres, SqlAdminPassword must be set"
+    exit 1
+}
+
 $jsonConfig = "
 {
     `\`"webAppServiceSku`\`": { `\`"value`\`": `\`"$WebAppServiceSku`\`" },
@@ -97,7 +106,8 @@ $jsonConfig = "
     `\`"deployNewAzureOpenAI`\`": { `\`"value`\`": $(If ($DeployAzureOpenAI) {"true"} Else {"false"}) },
     `\`"memoryStore`\`": { `\`"value`\`": `\`"$MemoryStore`\`" },
     `\`"deployCosmosDB`\`": { `\`"value`\`": $(If (!($NoCosmosDb)) {"true"} Else {"false"}) },
-    `\`"deploySpeechServices`\`": { `\`"value`\`": $(If (!($NoSpeechServices)) {"true"} Else {"false"}) }
+    `\`"deploySpeechServices`\`": { `\`"value`\`": $(If (!($NoSpeechServices)) {"true"} Else {"false"}) },
+    `\`"sqlAdminPassword`\`": { `\`"value`\`": `\`"$(ConvertFrom-SecureString $SqlAdminPassword -AsPlainText)`\`" }
 }
 "
 

diff --git a/scripts/deploy/deploy-azure.sh b/scripts/deploy/deploy-azure.sh
@@ -19,7 +19,8 @@ usage() {
     echo "  -wr, --web-app-region WEB_APP_REGION       Region to deploy to the static web app into. This must be a region that supports static web apps. (default: \"West US 2\")"
     echo "  -a, --app-service-sku WEB_APP_SVC_SKU      SKU for the Azure App Service plan (default: \"B1\")"
     echo "  -ms, --memory-store                        Method to use to persist embeddings. Valid values are"
-    echo "                                             \"AzureCognitiveSearch\" (default), \"Qdrant\" and \"Volatile\""
+    echo "                                             \"AzureCognitiveSearch\" (default), \"Qdrant\", \"Postgres\" and \"Volatile\""
+    echo "  -sap, --sql-admin-password                 Password for the PostgreSQL Server admin user"
     echo "  -nc, --no-cosmos-db                        Don't deploy Cosmos DB for chat storage - Use volatile memory instead"
     echo "  -ns, --no-speech-services                  Don't deploy Speech Services to enable speech as chat input"
     echo "  -dd, --debug-deployment                    Switches on verbose template deployment output"
@@ -84,6 +85,11 @@ while [[ $# -gt 0 ]]; do
         MEMORY_STORE=="$2"
         shift
         ;;
+        -sap|--sql-admin-password)
+        SQL_ADMIN_PASSWORD="$2"
+        shift
+        shift
+        ;;
         -nc|--no-cosmos-db)
         NO_COSMOS_DB=true
         shift
@@ -152,6 +158,13 @@ if [[ "${AI_SERVICE_TYPE,,}" = "openai" ]] && [[ -z "$AI_SERVICE_KEY" ]]; then
     exit 1
 fi
 
+# If MEMORY_STORE is Postges, then SQL_ADMIN_PASSWORD is mandatory
+if [[ "${MEMORY_STORE,,}" = "postgres" ]] && [[ -z "$SQL_ADMIN_PASSWORD" ]]; then
+    echo "When --memory-store is 'Postgres', --sql-admin-password must be set."
+    usage
+    exit 1
+fi
+
 # If resource group is not set, then set it to rg-DEPLOYMENT_NAME
 if [ -z "$RESOURCE_GROUP" ]; then
     RESOURCE_GROUP="rg-${DEPLOYMENT_NAME}"
@@ -187,6 +200,7 @@ JSON_CONFIG=$(cat << EOF
     "aiEndpoint": { "value": "$([ ! -z "$AI_ENDPOINT" ] && echo "$AI_ENDPOINT")" },
     "deployNewAzureOpenAI": { "value": $([ "$NO_NEW_AZURE_OPENAI" = true ] && echo "false" || echo "true") },
     "memoryStore": { "value": "$MEMORY_STORE" },
+    "sqlAdminPassword": { "value": "$SQL_ADMIN_PASSWORD" },
     "deployCosmosDB": { "value": $([ "$NO_COSMOS_DB" = true ] && echo "false" || echo "true") },
     "deploySpeechServices": { "value": $([ "$NO_SPEECH_SERVICES" = true ] && echo "false" || echo "true") }
 }

diff --git a/scripts/deploy/main.bicep b/scripts/deploy/main.bicep
@@ -54,6 +54,7 @@ param deployCosmosDB bool = true
   'Volatile'
   'AzureCognitiveSearch'
   'Qdrant'
+  'Postgres'
 ])
 param memoryStore string = 'Volatile'
 
@@ -78,6 +79,10 @@ var uniqueName = '${name}-${rgIdHash}'
 @description('Name of the Azure Storage file share to create')
 var storageFileShareName = 'aciqdrantshare'
 
+@description('PostgreSQL admin password')
+@secure()
+param sqlAdminPassword string = newGuid()
+
 resource openAI 'Microsoft.CognitiveServices/accounts@2022-12-01' = if (deployNewAzureOpenAI) {
   name: 'ai-${uniqueName}'
   location: location
@@ -250,6 +255,10 @@ resource appServiceWebConfig 'Microsoft.Web/sites/config@2022-09-01' = {
         name: 'MemoryStore:AzureCognitiveSearch:Key'
         value: memoryStore == 'AzureCognitiveSearch' ? azureCognitiveSearch.listAdminKeys().primaryKey : ''
       }
+      {
+        name: 'MemoryStore:Postgres:ConnectionString'
+        value: memoryStore == 'Postgres' ? 'Host=${postgreServerGroup.properties.serverNames[0].fullyQualifiedDomainName}:5432;Username=citus;Password=${sqlAdminPassword};Database=citus' : ''
+      }
       {
         name: 'AzureSpeech:Region'
         value: location
@@ -501,6 +510,16 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = {
           privateLinkServiceNetworkPolicies: 'Enabled'
         }
       }
+      {
+        name: 'postgresSubnet'
+        properties: {
+          addressPrefix: '10.0.3.0/24'
+          serviceEndpoints: []
+          delegations: []
+          privateEndpointNetworkPolicies: 'Disabled'
+          privateLinkServiceNetworkPolicies: 'Enabled'
+        }
+      }
     ]
   }
 }
@@ -703,6 +722,76 @@ resource memorySourcesContainer 'Microsoft.DocumentDB/databaseAccounts/sqlDataba
   }
 }
 
+resource postgreServerGroup 'Microsoft.DBforPostgreSQL/serverGroupsv2@2022-11-08' = if (memoryStore == 'Postgres') {
+  name: 'pg-${uniqueName}'
+  location: location
+  properties: {
+    postgresqlVersion: '15'
+    administratorLoginPassword: sqlAdminPassword
+    enableHa: false
+    coordinatorVCores: 1
+    coordinatorServerEdition: 'BurstableMemoryOptimized'
+    coordinatorStorageQuotaInMb: 32768
+    nodeVCores: 4
+    nodeCount: 0
+    nodeStorageQuotaInMb: 524288
+    nodeEnablePublicIpAccess: false
+  }
+}
+
+resource postgresDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = if (memoryStore == 'Postgres') {
+  name: 'privatelink.postgres.cosmos.azure.com'
+  location: 'global'
+}
+
+resource postgresPrivateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = if (memoryStore == 'Postgres') {
+  name: 'pg-${uniqueName}-pe'
+  location: location
+  properties: {
+    subnet: {
+      id: virtualNetwork.properties.subnets[2].id
+    }
+    privateLinkServiceConnections: [
+      {
+        name: 'postgres'
+        properties: {
+          privateLinkServiceId: postgreServerGroup.id
+          groupIds: [
+            'coordinator'
+          ]
+        }
+      }
+    ]
+  }
+}
+
+resource postgresVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = if (memoryStore == 'Postgres') {
+  parent: postgresDNSZone
+  name: 'pg-${uniqueName}-vnl'
+  location: 'global'
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+    registrationEnabled: true
+  }
+}
+
+resource postgresPrivateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-04-01' = if (memoryStore == 'Postgres') {
+  #disable-next-line use-parent-property
+  name: '${postgresPrivateEndpoint.name}/default'
+  properties: {
+    privateDnsZoneConfigs: [
+      {
+        name: 'postgres'
+        properties: {
+          privateDnsZoneId: postgresDNSZone.id
+        }
+      }
+    ]
+  }
+}
+
 resource speechAccount 'Microsoft.CognitiveServices/accounts@2022-12-01' = if (deploySpeechServices) {
   name: 'cog-${uniqueName}'
   location: location

diff --git a/scripts/deploy/main.json b/scripts/deploy/main.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.20.4.51522",
-      "templateHash": "15530074115758293206"
+      "templateHash": "1330294935556235998"
     }
   },
   "parameters": {
@@ -113,7 +113,8 @@
       "allowedValues": [
         "Volatile",
         "AzureCognitiveSearch",
-        "Qdrant"
+        "Qdrant",
+        "Postgres"
       ],
       "metadata": {
         "description": "What method to use to persist embeddings"
@@ -146,6 +147,13 @@
       "metadata": {
         "description": "Region for the webapp frontend"
       }
+    },
+    "sqlAdminPassword": {
+      "type": "securestring",
+      "defaultValue": "[newGuid()]",
+      "metadata": {
+        "description": "PostgreSQL admin password"
+      }
     }
   },
   "variables": {
@@ -359,6 +367,10 @@
             "name": "MemoryStore:AzureCognitiveSearch:Key",
             "value": "[if(equals(parameters('memoryStore'), 'AzureCognitiveSearch'), listAdminKeys(resourceId('Microsoft.Search/searchServices', format('acs-{0}', variables('uniqueName'))), '2022-09-01').primaryKey, '')]"
           },
+          {
+            "name": "MemoryStore:Postgres:ConnectionString",
+            "value": "[if(equals(parameters('memoryStore'), 'Postgres'), format('Host={0}:5432;Username=citus;Password={1};Database=citus', reference(resourceId('Microsoft.DBforPostgreSQL/serverGroupsv2', format('pg-{0}', variables('uniqueName'))), '2022-11-08').serverNames[0].fullyQualifiedDomainName, parameters('sqlAdminPassword')), '')]"
+          },
           {
             "name": "AzureSpeech:Region",
             "value": "[parameters('location')]"
@@ -416,6 +428,7 @@
         "[resourceId('Microsoft.Search/searchServices', format('acs-{0}', variables('uniqueName')))]",
         "[resourceId('Microsoft.DocumentDB/databaseAccounts', toLower(format('cosmos-{0}', variables('uniqueName'))))]",
         "[resourceId('Microsoft.CognitiveServices/accounts', format('ai-{0}', variables('uniqueName')))]",
+        "[resourceId('Microsoft.DBforPostgreSQL/serverGroupsv2', format('pg-{0}', variables('uniqueName')))]",
         "[resourceId('Microsoft.CognitiveServices/accounts', format('cog-{0}', variables('uniqueName')))]"
       ]
     },
@@ -636,6 +649,16 @@
               "privateEndpointNetworkPolicies": "Disabled",
               "privateLinkServiceNetworkPolicies": "Enabled"
             }
+          },
+          {
+            "name": "postgresSubnet",
+            "properties": {
+              "addressPrefix": "10.0.3.0/24",
+              "serviceEndpoints": [],
+              "delegations": [],
+              "privateEndpointNetworkPolicies": "Disabled",
+              "privateLinkServiceNetworkPolicies": "Enabled"
+            }
           }
         ]
       },
@@ -878,6 +901,96 @@
         "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', toLower(format('cosmos-{0}', variables('uniqueName'))), 'CopilotChat')]"
       ]
     },
+    {
+      "condition": "[equals(parameters('memoryStore'), 'Postgres')]",
+      "type": "Microsoft.DBforPostgreSQL/serverGroupsv2",
+      "apiVersion": "2022-11-08",
+      "name": "[format('pg-{0}', variables('uniqueName'))]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "postgresqlVersion": "15",
+        "administratorLoginPassword": "[parameters('sqlAdminPassword')]",
+        "enableHa": false,
+        "coordinatorVCores": 1,
+        "coordinatorServerEdition": "BurstableMemoryOptimized",
+        "coordinatorStorageQuotaInMb": 32768,
+        "nodeVCores": 4,
+        "nodeCount": 0,
+        "nodeStorageQuotaInMb": 524288,
+        "nodeEnablePublicIpAccess": false
+      }
+    },
+    {
+      "condition": "[equals(parameters('memoryStore'), 'Postgres')]",
+      "type": "Microsoft.Network/privateDnsZones",
+      "apiVersion": "2020-06-01",
+      "name": "privatelink.postgres.cosmos.azure.com",
+      "location": "global"
+    },
+    {
+      "condition": "[equals(parameters('memoryStore'), 'Postgres')]",
+      "type": "Microsoft.Network/privateEndpoints",
+      "apiVersion": "2023-04-01",
+      "name": "[format('pg-{0}-pe', variables('uniqueName'))]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "subnet": {
+          "id": "[reference(resourceId('Microsoft.Network/virtualNetworks', format('vnet-{0}', variables('uniqueName'))), '2021-05-01').subnets[2].id]"
+        },
+        "privateLinkServiceConnections": [
+          {
+            "name": "postgres",
+            "properties": {
+              "privateLinkServiceId": "[resourceId('Microsoft.DBforPostgreSQL/serverGroupsv2', format('pg-{0}', variables('uniqueName')))]",
+              "groupIds": [
+                "coordinator"
+              ]
+            }
+          }
+        ]
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.DBforPostgreSQL/serverGroupsv2', format('pg-{0}', variables('uniqueName')))]",
+        "[resourceId('Microsoft.Network/virtualNetworks', format('vnet-{0}', variables('uniqueName')))]"
+      ]
+    },
+    {
+      "condition": "[equals(parameters('memoryStore'), 'Postgres')]",
+      "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
+      "apiVersion": "2020-06-01",
+      "name": "[format('{0}/{1}', 'privatelink.postgres.cosmos.azure.com', format('pg-{0}-vnl', variables('uniqueName')))]",
+      "location": "global",
+      "properties": {
+        "virtualNetwork": {
+          "id": "[resourceId('Microsoft.Network/virtualNetworks', format('vnet-{0}', variables('uniqueName')))]"
+        },
+        "registrationEnabled": true
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.postgres.cosmos.azure.com')]",
+        "[resourceId('Microsoft.Network/virtualNetworks', format('vnet-{0}', variables('uniqueName')))]"
+      ]
+    },
+    {
+      "condition": "[equals(parameters('memoryStore'), 'Postgres')]",
+      "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
+      "apiVersion": "2023-04-01",
+      "name": "[format('{0}/default', format('pg-{0}-pe', variables('uniqueName')))]",
+      "properties": {
+        "privateDnsZoneConfigs": [
+          {
+            "name": "postgres",
+            "properties": {
+              "privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.postgres.cosmos.azure.com')]"
+            }
+          }
+        ]
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.postgres.cosmos.azure.com')]",
+        "[resourceId('Microsoft.Network/privateEndpoints', format('pg-{0}-pe', variables('uniqueName')))]"
+      ]
+    },
     {
       "condition": "[parameters('deploySpeechServices')]",
       "type": "Microsoft.CognitiveServices/accounts",