azure-search-openai-demo icon indicating copy to clipboard operation
azure-search-openai-demo copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

Add networkAcls prop in cognitiveservices.bicep

Open den130 opened this issue 2 years ago • 1 comments

Purpose

I was in the scenario with an already deployed OpenAI service on my Azure subscription.

After run azd up, some steps were failing with this error:

{
  "code": "DeploymentFailed",
  "target": "/subscriptions/<sub-id>/resourceGroups/<my-rg>/providers/Microsoft.Resources/deployments/openai",
  "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
  "details": [
    {
      "code": "BadRequest",
      "message": "NetworkAcls is required for this resouce."
    }
  ]
}

Then I resolved adding a default value for NetworkAcls in core/ai/cognitiveservices.bicep

Does this introduce a breaking change?

[ ] Yes
[X] No

Pull Request Type

What kind of change does this Pull Request introduce?

[X] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

  • Get the code
git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install
  • Test the code

What to Check

Verify that the following are valid

  • ...

Other Information

den130 avatar May 12 '23 15:05 den130

thanks @den130 this template was updated a couple of weeks ago after your report using a different version of the API.

Please can you update and try provisioning again.

tonybaloney avatar Jun 29 '23 04:06 tonybaloney

I had the deployment issue, and when I applied your changes locally it enabled azd to deploy. Thank you!

Dag-Calafell-MCA avatar Aug 03 '23 15:08 Dag-Calafell-MCA

@tonybaloney Another similar PR just came in: https://github.com/Azure-Samples/azure-search-openai-demo/pull/561 (I'm guessing its basically the same, as the rules probably default to empty lists) Do you know if there are security implications for this change? That's been my hesitancy in merging it.

pamelafox avatar Aug 24 '23 14:08 pamelafox

@tonybaloney Ah I ran the sec check on the latest PR, and it does indeed think its a bad change security-wise: https://github.com/Azure-Samples/azure-search-openai-demo/pull/561/checks?check_run_id=16182143029

pamelafox avatar Aug 24 '23 14:08 pamelafox

I wonder if this is an underlying issue with the OpenAI deployments API, should networkAcls really be required?

pamelafox avatar Aug 24 '23 14:08 pamelafox

We've now merged a PR with these changes: https://github.com/Azure-Samples/azure-search-openai-demo/pull/561

So I'll close this one. Thank you @den130 and sorry it took so long for merging. We're more comfortable with the change now that we're closer to getting VNet support baked into the repo as an option for developers who need heightened security.

pamelafox avatar Nov 29 '23 18:11 pamelafox