Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Agent virtual security group auth #2200

Merged
merged 12 commits into from
Feb 17, 2025
Merged

Agent virtual security group auth #2200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
98b2928
Delete OpenAIAssistants file from common
joelhulen Feb 14, 2025
263229d
Update default audit fields
joelhulen Feb 14, 2025
7a81ef6
Add LangGraphReactAgent workflow to deployments
joelhulen Feb 14, 2025
f4ba32a
Assign reader role to agent virtual security group for agent and prompt
joelhulen Feb 14, 2025
cee8883
Assign all agents virtual security group to virtual identity
joelhulen Feb 14, 2025
720cc10
Define all agents virtual security group well-known ID
joelhulen Feb 14, 2025
de49733
Add flag for association with agent access token
joelhulen Feb 14, 2025
092d853
Formatting
joelhulen Feb 14, 2025
5832dcf
Only check for URL override if not associated with access token
joelhulen Feb 14, 2025
7e3bf0c
Provide a message that the role already exists if attempting to assig…
joelhulen Feb 14, 2025
59018e5
Add quick-start RBAC and PBAC assignments
joelhulen Feb 14, 2025
36b7d9d
Add standard RBAC and PBAC assignments
joelhulen Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 0 additions & 15 deletions deploy/common/data/resource-provider/FoundationaLLM.Agent/OpenAIAssistants.json
View file
Open in desktop

This file was deleted.

6 changes: 6 additions & 0 deletions deploy/common/data/resource-provider/FoundationaLLM.Agent/_resource-references.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@
"Filename": "/FoundationaLLM.Agent/OpenAIAssistants.json",
"Type": "workflow",
"Deleted": false
},
{
"Name": "LangGraphReactAgent",
"Filename": "/FoundationaLLM.Agent/LangGraphReactAgent.json",
"Type": "workflow",
"Deleted": false
}
]
}
8 changes: 8 additions & 0 deletions deploy/quick-start/azd-hooks/postprovision.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,19 @@ $env:GUID12 = $($(New-Guid).Guid)
$env:GUID13 = $($(New-Guid).Guid)
$env:GUID14 = $($(New-Guid).Guid)
$env:GUID15 = $($(New-Guid).Guid)
$env:GUID16 = $($(New-Guid).Guid)
$env:GUID17 = $($(New-Guid).Guid)
$env:GUID18 = $($(New-Guid).Guid)
$env:GUID19 = $($(New-Guid).Guid)
$env:GUID20 = $($(New-Guid).Guid)
$env:GUID21 = $($(New-Guid).Guid)

$env:POLICYGUID01 = $($(New-Guid).Guid)
$env:POLICYGUID02 = $($(New-Guid).Guid)
$env:POLICYGUID03 = $($(New-Guid).Guid)
$env:POLICYGUID04 = $($(New-Guid).Guid)
$env:POLICYGUID05 = $($(New-Guid).Guid)
$env:POLICYGUID06 = $($(New-Guid).Guid)

Invoke-AndRequireSuccess "Create New OpenAI Assistant" {
$accountInfo = $(az resource show --ids $env:AZURE_OPENAI_ID --query "{resourceGroup:resourceGroup,name:name}" | ConvertFrom-Json)
Expand Down
28 changes: 28 additions & 0 deletions deploy/quick-start/data/policy-assignments/DefaultPolicyAssignments.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,34 @@
"updated_on": "${env:DEPLOY_TIME}",
"created_by": "SYSTEM",
"updated_by": "SYSTEM"
},
{
"name": "${env:POLICYGUID05}",
"type": "FoundationaLLM.Authorization/policyAssignments",
"object_id": "/providers/FoundationaLLM.Authorization/policyAssignments/${env:POLICYGUID05}",
"description": "Ownership on conversation resources for AllAgentsVirtualSecurityGroup by the FoundationaLLM.Conversation resource provider.",
"policy_definition_id": "/providers/FoundationaLLM.Authorization/policyDefinitions/00000000-0000-0000-0001-000000000001",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/FoundationaLLM.Conversation/conversations",
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": "SYSTEM",
"updated_by": "SYSTEM"
},
{
"name": "${env:POLICYGUID06}",
"type": "FoundationaLLM.Authorization/policyAssignments",
"object_id": "/providers/FoundationaLLM.Authorization/policyAssignments/${env:POLICYGUID06}",
"description": "Ownership on conversation mapping resources for AllAgentsVirtualSecurityGroup managed by the FoundationaLLM.AzureOpenAI resource provider.",
"policy_definition_id": "/providers/FoundationaLLM.Authorization/policyDefinitions/00000000-0000-0000-0001-000000000001",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.AzureOpenAI/conversationMappings",
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": "SYSTEM",
"updated_by": "SYSTEM"
}
]
}
Expand Down
15 changes: 15 additions & 0 deletions ...quick-start/data/resource-provider/FoundationaLLM.Agent/LangGraphReactAgent.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"type": "langgraph-react-agent-workflow",
"name": "LangGraphReactAgent",
"object_id": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.Agent/workflows/LangGraphReactAgent",
"display_name": "LangGraphReactAgent",
"description": "LangGraph ReAct workflow",
"cost_center": null,
"properties": null,
"created_on": "0001-01-01T00:00:00+00:00",
"updated_on": "0001-01-01T00:00:00+00:00",
"created_by": "SYSTEM",
"updated_by": null,
"deleted": false,
"expiration_date": null
}
4 changes: 2 additions & 2 deletions ...oy/quick-start/data/resource-provider/FoundationaLLM.Agent/OpenAIAssistants.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
"description": "Open AI Assistants workflow",
"cost_center": null,
"properties": null,
"created_on": "2024-11-08T10:08:27.1953263+00:00",
"created_on": "0001-01-01T00:00:00+00:00",
"updated_on": "0001-01-01T00:00:00+00:00",
"created_by": "andrei@foundationaLLM.ai",
"created_by": "SYSTEM",
"updated_by": null,
"deleted": false,
"expiration_date": null
Expand Down
114 changes: 114 additions & 0 deletions deploy/quick-start/data/role-assignments/DefaultRoleAssignments.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,120 @@
"updated_by": null,
"deleted": false,
"expiration_date": null
},
{
"type": "FoundationaLLM.Authorization/roleAssignments",
"name": "${env:GUID16}",
"object_id": "/providers/FoundationaLLM.Authorization/roleAssignments/${env:GUID16}",
"display_name": null,
"description": "Read Access for OpenAIAssistants for the AllAgentsVirtualSecurityGroup group.",
"cost_center": null,
"role_definition_id": "/providers/FoundationaLLM.Authorization/roleDefinitions/00a53e72-f66e-4c03-8f81-7e885fd2eb35",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.Agent/workflows/OpenAIAssistants",
"properties": null,
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": null,
"updated_by": null,
"deleted": false,
"expiration_date": null
},
{
"type": "FoundationaLLM.Authorization/roleAssignments",
"name": "${env:GUID17}",
"object_id": "/providers/FoundationaLLM.Authorization/roleAssignments/${env:GUID17}",
"display_name": null,
"description": "Read Access for LangGraphReactAgent for the AllAgentsVirtualSecurityGroup group.",
"cost_center": null,
"role_definition_id": "/providers/FoundationaLLM.Authorization/roleDefinitions/00a53e72-f66e-4c03-8f81-7e885fd2eb35",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.Agent/workflows/LangGraphReactAgent",
"properties": null,
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": null,
"updated_by": null,
"deleted": false,
"expiration_date": null
},
{
"type": "FoundationaLLM.Authorization/roleAssignments",
"name": "${env:GUID18}",
"object_id": "/providers/FoundationaLLM.Authorization/roleAssignments/${env:GUID18}",
"display_name": null,
"description": "Attachment contributor role for AllAgentsVirtualSecurityGroup group.",
"cost_center": null,
"role_definition_id": "/providers/FoundationaLLM.Authorization/roleDefinitions/8e77fb6a-7a78-43e1-b628-d9e2285fe25a",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}",
"properties": null,
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": null,
"updated_by": null,
"deleted": false,
"expiration_date": null
},
{
"type": "FoundationaLLM.Authorization/roleAssignments",
"name": "${env:GUID19}",
"object_id": "/providers/FoundationaLLM.Authorization/roleAssignments/${env:GUID19}",
"display_name": null,
"description": "Conversation contributor role for AllAgentsVirtualSecurityGroup group.",
"cost_center": null,
"role_definition_id": "/providers/FoundationaLLM.Authorization/roleDefinitions/d0d21b90-5317-499a-9208-3a6cb71b84f9",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}",
"properties": null,
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": null,
"updated_by": null,
"deleted": false,
"expiration_date": null
},
{
"type": "FoundationaLLM.Authorization/roleAssignments",
"name": "${env:GUID20}",
"object_id": "/providers/FoundationaLLM.Authorization/roleAssignments/${env:GUID20}",
"display_name": null,
"description": "Read Access for configuration for the AllAgentsVirtualSecurityGroup group.",
"cost_center": null,
"role_definition_id": "/providers/FoundationaLLM.Authorization/roleDefinitions/00a53e72-f66e-4c03-8f81-7e885fd2eb35",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.Configuration/appConfigurations/FoundationaLLM:APIEndpoints:CoreAPI:Configuration:MaxUploadsPerMessage",
"properties": null,
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": null,
"updated_by": null,
"deleted": false,
"expiration_date": null
},
{
"type": "FoundationaLLM.Authorization/roleAssignments",
"name": "${env:GUID21}",
"object_id": "/providers/FoundationaLLM.Authorization/roleAssignments/${env:GUID21}",
"display_name": null,
"description": "Read Access for configuration for the AllAgentsVirtualSecurityGroup group.",
"cost_center": null,
"role_definition_id": "/providers/FoundationaLLM.Authorization/roleDefinitions/00a53e72-f66e-4c03-8f81-7e885fd2eb35",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.Configuration/appConfigurations/FoundationaLLM:APIEndpoints:CoreAPI:Configuration:CompletionResponsePollingIntervalSeconds",
"properties": null,
"created_on": "${env:DEPLOY_TIME}",
"updated_on": "${env:DEPLOY_TIME}",
"created_by": null,
"updated_by": null,
"deleted": false,
"expiration_date": null
}
]
}
11 changes: 11 additions & 0 deletions deploy/standard/azd-hooks/utility/Generate-Config.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,16 @@ $tokens.agentReaderGuid = $(New-Guid).Guid
$tokens.promptReaderGuid = $(New-Guid).Guid
$tokens.attachmentContributorGuid = $(New-Guid).Guid
$tokens.conversationContributorGuid = $(New-Guid).Guid

$tokens.openAiAssistantsReaderGuid = $(New-Guid).Guid
$tokens.langGraphReactAgentReaderGuid = $(New-Guid).Guid
$tokens.conversationContributorGuid2 = $(New-Guid).Guid
$tokens.attachmentContributorGuid2 = $(New-Guid).Guid
$tokens.configReadAccessGuid3 = $(New-Guid).Guid
$tokens.configReadAccessGuid4 = $(New-Guid).Guid
$tokens.pbacConversationsOwnerGuid = $(New-Guid).Guid
$tokens.pbacConversationMappingsGuid = $(New-Guid).Guid

$tokens.subscriptionId = $subscriptionId
$tokens.storageResourceGroup = $resourceGroups.storage
$tokens.opsResourceGroup = $resourceGroups.ops
Expand Down Expand Up @@ -550,6 +560,7 @@ $tokens.serviceNamespaceName = $serviceNamespaceName

PopulateTemplate $tokens "..,data,resource-provider,FoundationaLLM.Agent,FoundationaLLM.template.json" "..,..,common,data,resource-provider,FoundationaLLM.Agent,FoundationaLLM.json"
PopulateTemplate $tokens "..,data,resource-provider,FoundationaLLM.Agent,OpenAIAssistants.template.json" "..,..,common,data,resource-provider,FoundationaLLM.Agent,OpenAIAssistants.json"
PopulateTemplate $tokens "..,data,resource-provider,FoundationaLLM.Agent,LangGraphReactAgent.template.json" "..,..,common,data,resource-provider,FoundationaLLM.Agent,LangGraphReactAgent.json"
PopulateTemplate $tokens "..,data,resource-provider,FoundationaLLM.AIModel,completion-4-model.template.json" "..,..,common,data,resource-provider,FoundationaLLM.AIModel,completion-4-model.json"
PopulateTemplate $tokens "..,data,resource-provider,FoundationaLLM.AIModel,completion-4o-model.template.json" "..,..,common,data,resource-provider,FoundationaLLM.AIModel,completion-4o-model.json"
PopulateTemplate $tokens "..,data,resource-provider,FoundationaLLM.AIModel,embedding-model.template.json" "..,..,common,data,resource-provider,FoundationaLLM.AIModel,embedding-model.json"
Expand Down
30 changes: 29 additions & 1 deletion deploy/standard/data/policy-assignments/DefaultPolicyAssignments.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,34 @@
"updated_on": "{{deployTime}}",
"created_by": "SYSTEM",
"updated_by": "SYSTEM"
}
},
{
"name": "{{pbacConversationsOwnerGuid}}",
"type": "FoundationaLLM.Authorization/policyAssignments",
"object_id": "/providers/FoundationaLLM.Authorization/policyAssignments/{{pbacConversationsOwnerGuid}}",
"description": "Ownership on conversation resources for AllAgentsVirtualSecurityGroup by the FoundationaLLM.Conversation resource provider.",
"policy_definition_id": "/providers/FoundationaLLM.Authorization/policyDefinitions/00000000-0000-0000-0001-000000000001",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/{{instanceId}}/FoundationaLLM.Conversation/conversations",
"created_on": "{{deployTime}}",
"updated_on": "{{deployTime}}",
"created_by": "SYSTEM",
"updated_by": "SYSTEM"
},
{
"name": "{{pbacConversationMappingsGuid}}",
"type": "FoundationaLLM.Authorization/policyAssignments",
"object_id": "/providers/FoundationaLLM.Authorization/policyAssignments/{{pbacConversationMappingsGuid}}",
"description": "Ownership on conversation mapping resources for AllAgentsVirtualSecurityGroup managed by the FoundationaLLM.AzureOpenAI resource provider.",
"policy_definition_id": "/providers/FoundationaLLM.Authorization/policyDefinitions/00000000-0000-0000-0001-000000000001",
"principal_id": "5bb493a2-5909-4771-93ba-d83b7b5a1de9",
"principal_type": "Group",
"scope": "/instances/{{instanceId}}/providers/FoundationaLLM.AzureOpenAI/conversationMappings",
"created_on": "{{deployTime}}",
"updated_on": "{{deployTime}}",
"created_by": "SYSTEM",
"updated_by": "SYSTEM"
}
]
}
15 changes: 15 additions & 0 deletions ...oy/standard/data/resource-provider/FoundationaLLM.Agent/LangGraphReactAgent.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"type": "langgraph-react-agent-workflow",
"name": "LangGraphReactAgent",
"object_id": "/instances/${env:FOUNDATIONALLM_INSTANCE_ID}/providers/FoundationaLLM.Agent/workflows/LangGraphReactAgent",
"display_name": "LangGraphReactAgent",
"description": "LangGraph ReAct workflow",
"cost_center": null,
"properties": null,
"created_on": "0001-01-01T00:00:00+00:00",
"updated_on": "0001-01-01T00:00:00+00:00",
"created_by": "SYSTEM",
"updated_by": null,
"deleted": false,
"expiration_date": null
}
4 changes: 2 additions & 2 deletions deploy/standard/data/resource-provider/FoundationaLLM.Agent/OpenAIAssistants.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
"description": "Open AI Assistants workflow",
"cost_center": null,
"properties": null,
"created_on": "2024-11-08T10:08:27.1953263+00:00",
"created_on": "0001-01-01T00:00:00+00:00",
"updated_on": "0001-01-01T00:00:00+00:00",
"created_by": "andrei@foundationaLLM.ai",
"created_by": "SYSTEM",
"updated_by": null,
"deleted": false,
"expiration_date": null
Expand Down
Loading
Loading