From abc0486d83458423aa40b2ba4730a848bf9d8baa Mon Sep 17 00:00:00 2001 From: Konstantin Gukov Date: Tue, 22 Jul 2025 16:08:37 +0200 Subject: [PATCH 1/3] Add replace_triggers_external_values to project capability host --- .../code/main.tf | 47 +++++++++++++------ .../code/main.tf | 36 ++++++++++---- 2 files changed, 60 insertions(+), 23 deletions(-) diff --git a/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf b/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf index 48b9dbc8..b57b8f58 100644 --- a/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf +++ b/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf @@ -25,7 +25,7 @@ resource "azurerm_virtual_network" "vnet" { name = "vnet-agents${random_string.unique.result}" location = var.location resource_group_name = azurerm_resource_group.rg.name - address_space = [ + address_space = [ var.virtual_network_address_space ] } @@ -36,7 +36,7 @@ resource "azurerm_subnet" "subnet_agent" { name = "agent-subnet" resource_group_name = azurerm_resource_group.rg.name virtual_network_name = azurerm_virtual_network.vnet.name - address_prefixes = [ + address_prefixes = [ var.agent_subnet_address_prefix ] delegation { @@ -51,7 +51,7 @@ resource "azurerm_subnet" "subnet_pe" { name = "pe-subnet" resource_group_name = azurerm_resource_group.rg.name virtual_network_name = azurerm_virtual_network.vnet.name - address_prefixes = [ + address_prefixes = [ var.private_endpoint_subnet_address_prefix ] } @@ -177,7 +177,7 @@ resource "azapi_resource" "ai_foundry" { body = { - + kind = "AIServices", sku = { name = "S0" @@ -194,7 +194,7 @@ resource "azapi_resource" "ai_foundry" { allowProjectManagement = true # Set custom subdomain name for DNS names created for this Foundry resource - customSubDomainName = "aifoundry${random_string.unique.result}" + customSubDomainName = "aifoundry${random_string.unique.result}" # Network-related controls # Disable public access but allow Trusted Azure Services exception @@ -672,6 +672,22 @@ resource "time_sleep" "wait_rbac" { ## Create the AI Foundry project capability host ## + +locals { + aiServicesConnections = [ + azapi_resource.conn_azure_openai.name + ] + vectorStoreConnections = [ + azapi_resource.conn_aisearch.name + ] + storageConnections = [ + azapi_resource.conn_storage.name + ] + threadStorageConnections = [ + azapi_resource.conn_cosmosdb.name + ] +} + resource "azapi_resource" "ai_foundry_project_capability_host" { depends_on = [ azapi_resource.conn_aisearch, @@ -687,17 +703,20 @@ resource "azapi_resource" "ai_foundry_project_capability_host" { body = { properties = { capabilityHostKind = "Agents" - vectorStoreConnections = [ - azapi_resource.ai_search.name - ] - storageConnections = [ - azurerm_storage_account.storage_account.name - ] - threadStorageConnections = [ - azurerm_cosmosdb_account.cosmosdb.name - ] + aiServicesConnections = local.aiServicesConnections + vectorStoreConnections = local.vectorStoreConnections + storageConnections = local.storageConnections + threadStorageConnections = local.threadStorageConnections } } + + // Capability host can not be updated, and must be replaced if any changes are made + replace_triggers_external_values = [ + local.aiServicesConnections, + local.vectorStoreConnections, + local.storageConnections, + local.threadStorageConnections + ] } ## Create the necessary data plane role assignments to the CosmosDb databases created by the AI Foundry Project diff --git a/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf b/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf index fdc6ffdb..f2c88dd6 100644 --- a/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf +++ b/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf @@ -534,6 +534,21 @@ resource "time_sleep" "wait_rbac" { ## Create the AI Foundry project capability host ## + +locals { + aiServicesConnections = [ + azapi_resource.conn_azure_openai.name + ] + vectorStoreConnections = [ + azapi_resource.conn_aisearch.name + ] + storageConnections = [ + azapi_resource.conn_storage.name + ] + threadStorageConnections = [ + azapi_resource.conn_cosmosdb.name + ] +} resource "azapi_resource" "ai_foundry_project_capability_host" { provider = azapi.workload_subscription @@ -551,17 +566,20 @@ resource "azapi_resource" "ai_foundry_project_capability_host" { body = { properties = { capabilityHostKind = "Agents" - vectorStoreConnections = [ - azapi_resource.ai_search.name - ] - storageConnections = [ - azurerm_storage_account.storage_account.name - ] - threadStorageConnections = [ - azurerm_cosmosdb_account.cosmosdb.name - ] + aiServicesConnections = local.aiServicesConnections + vectorStoreConnections = local.vectorStoreConnections + storageConnections = local.storageConnections + threadStorageConnections = local.threadStorageConnections } } + + // Capability host can not be updated, and must be replaced if any changes are made + replace_triggers_external_values = [ + local.aiServicesConnections, + local.vectorStoreConnections, + local.storageConnections, + local.threadStorageConnections + ] } ## Create the necessary data plane role assignments to the CosmosDb databases created by the AI Foundry Project From 3630c24b58cf4193a2a9480dd26d3193890bd657 Mon Sep 17 00:00:00 2001 From: Konstantin Gukov Date: Wed, 30 Jul 2025 11:18:59 +0200 Subject: [PATCH 2/3] correct the fact aiServicesConnections is null --- .../15a-private-network-standard-agent-setup/code/main.tf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf b/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf index b57b8f58..94ca49e8 100644 --- a/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf +++ b/samples/microsoft/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf @@ -674,9 +674,7 @@ resource "time_sleep" "wait_rbac" { ## locals { - aiServicesConnections = [ - azapi_resource.conn_azure_openai.name - ] + aiServicesConnections = null vectorStoreConnections = [ azapi_resource.conn_aisearch.name ] From 335c7316ead7ba5fa6f877b339624b0fcaf62743 Mon Sep 17 00:00:00 2001 From: Konstantin Gukov Date: Wed, 30 Jul 2025 11:20:17 +0200 Subject: [PATCH 3/3] correct another one --- .../code/main.tf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf b/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf index f2c88dd6..90c0a1c4 100644 --- a/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf +++ b/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf @@ -536,9 +536,7 @@ resource "time_sleep" "wait_rbac" { ## locals { - aiServicesConnections = [ - azapi_resource.conn_azure_openai.name - ] + aiServicesConnections = null vectorStoreConnections = [ azapi_resource.conn_aisearch.name ]