From abdc762bf4e0c893b3a3274ffb38bd0be88955a4 Mon Sep 17 00:00:00 2001
From: ryonsteele <ryonsteele@gmail.com>
Date: Tue, 9 Jan 2024 16:21:53 -0500
Subject: [PATCH] Merge pull request #438 from
 microsoft/ryonsteele/6373-aoai-kv-hf

Resolve issue with aoai key reference when not using existing deployment
---
 infra/core/ai/cognitiveservices.bicep | 13 +++++++++++++
 infra/core/security/keyvault.bicep    |  3 ++-
 infra/main.bicep                      |  2 ++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/infra/core/ai/cognitiveservices.bicep b/infra/core/ai/cognitiveservices.bicep
index 8efb10ac4..33cc2554c 100644
--- a/infra/core/ai/cognitiveservices.bicep
+++ b/infra/core/ai/cognitiveservices.bicep
@@ -6,6 +6,7 @@ param customSubDomainName string = name
 param deployments array = []
 param kind string = 'OpenAI'
 param publicNetworkAccess string = 'Enabled'
+param keyVaultName string
 param sku object = {
   name: 'S0'
 }
@@ -36,6 +37,18 @@ resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01
   }
 }]
 
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) {
+  name: keyVaultName
+}
+
+resource openaiServiceKeySecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-SERVICE-KEY'
+  properties: {
+    value: account.listKeys().key1
+  }
+}
+
 output endpoint string = account.properties.endpoint
 output id string = account.id
 output name string = account.name
diff --git a/infra/core/security/keyvault.bicep b/infra/core/security/keyvault.bicep
index 88195e15a..e8a17474f 100644
--- a/infra/core/security/keyvault.bicep
+++ b/infra/core/security/keyvault.bicep
@@ -5,6 +5,7 @@ param kvAccessObjectId string
 param openaiServiceKey string
 @secure()
 param spClientSecret string 
+param useExistingAOAIService bool
 
 
 
@@ -33,7 +34,7 @@ resource kv 'Microsoft.KeyVault/vaults@2019-09-01' = {
   }
 }
 
-resource openaiServiceKeySecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = {
+resource openaiServiceKeySecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = if (useExistingAOAIService){
   parent: kv
   name: 'AZURE-OPENAI-SERVICE-KEY'
   properties: {
diff --git a/infra/main.bicep b/infra/main.bicep
index fd628cc02..01d4e9ee6 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -295,6 +295,7 @@ module cognitiveServices 'core/ai/cognitiveservices.bicep' = if (!useExistingAOA
     name: !empty(openAiServiceName) ? openAiServiceName : '${prefix}-${abbrs.openAIServices}${randomString}'
     location: location
     tags: tags
+    keyVaultName: kvModule.outputs.keyVaultName
     sku: {
       name: openAiSkuName
     }
@@ -712,6 +713,7 @@ module kvModule 'core/security/keyvault.bicep' = {
     kvAccessObjectId: kvAccessObjectId
     openaiServiceKey: azureOpenAIServiceKey
     spClientSecret: aadMgmtClientSecret
+    useExistingAOAIService: useExistingAOAIService
   }
 }