diff --git a/.github/workflows/dependency-tests.yml b/.github/workflows/dependency-tests.yml
index 66f0820..3a23b77 100644
--- a/.github/workflows/dependency-tests.yml
+++ b/.github/workflows/dependency-tests.yml
@@ -56,7 +56,7 @@ jobs:
ref: ${{ github.event.pull_request.head.ref }}
- name: Render terraform docs inside the README.md and push changes back to PR branch
- uses: terraform-docs/gh-actions@v1.2.2
+ uses: terraform-docs/gh-actions@v1.3.0
with:
find-dir: .
output-file: README.md
diff --git a/.github/workflows/manual-test-release.yml b/.github/workflows/manual-test-release.yml
index 547094e..291d377 100644
--- a/.github/workflows/manual-test-release.yml
+++ b/.github/workflows/manual-test-release.yml
@@ -49,7 +49,7 @@ jobs:
ref: ${{ github.event.pull_request.head.ref }}
- name: Render terraform docs inside the README.md and push changes back to PR branch
- uses: terraform-docs/gh-actions@v1.2.2
+ uses: terraform-docs/gh-actions@v1.3.0
with:
find-dir: .
output-file: README.md
diff --git a/README.md b/README.md
index 662cb63..de65c40 100644
--- a/README.md
+++ b/README.md
@@ -153,9 +153,9 @@ No modules.
| [app\_service\_name](#input\_app\_service\_name) | Name of the Linux App Service Plan. | `string` | `"openaiasp9000"` | no |
| [app\_service\_sku\_name](#input\_app\_service\_sku\_name) | The SKU name of the App Service Plan. | `string` | `"B1"` | no |
| [cosmosdb\_automatic\_failover](#input\_cosmosdb\_automatic\_failover) | Whether to enable automatic failover for the Cosmos DB account | `bool` | `false` | no |
-| [cosmosdb\_capabilities](#input\_cosmosdb\_capabilities) | The capabilities for the Cosmos DB account | `list(string)` | [
"EnableMongo",
"MongoDBv3.4"
]
| no |
+| [cosmosdb\_capabilities](#input\_cosmosdb\_capabilities) | The capabilities for the Cosmos DB account | `list(string)` | [
"EnableMongo",
"MongoDBv3.4"
]
| no |
| [cosmosdb\_consistency\_level](#input\_cosmosdb\_consistency\_level) | The consistency level of the Cosmos DB account | `string` | `"BoundedStaleness"` | no |
-| [cosmosdb\_geo\_locations](#input\_cosmosdb\_geo\_locations) | The geo-locations for the Cosmos DB account | list(object({
location = string
failover_priority = number
})) | [
{
"failover_priority": 0,
"location": "uksouth"
}
]
| no |
+| [cosmosdb\_geo\_locations](#input\_cosmosdb\_geo\_locations) | The geo-locations for the Cosmos DB account | list(object({
location = string
failover_priority = number
})) | [
{
"failover_priority": 0,
"location": "uksouth"
}
]
| no |
| [cosmosdb\_is\_virtual\_network\_filter\_enabled](#input\_cosmosdb\_is\_virtual\_network\_filter\_enabled) | Whether to enable virtual network filtering for the Cosmos DB account | `bool` | `true` | no |
| [cosmosdb\_kind](#input\_cosmosdb\_kind) | The kind of Cosmos DB to create | `string` | `"MongoDB"` | no |
| [cosmosdb\_max\_interval\_in\_seconds](#input\_cosmosdb\_max\_interval\_in\_seconds) | The maximum staleness interval in seconds for the Cosmos DB account | `number` | `10` | no |
@@ -175,8 +175,8 @@ No modules.
| [libre\_app\_allow\_registration](#input\_libre\_app\_allow\_registration) | Allow Registration | `bool` | `true` | no |
| [libre\_app\_allow\_social\_login](#input\_libre\_app\_allow\_social\_login) | Allow Social Login | `bool` | `false` | no |
| [libre\_app\_allow\_social\_registration](#input\_libre\_app\_allow\_social\_registration) | Allow Social Registration | `bool` | `false` | no |
-| [libre\_app\_allowed\_ip\_addresses](#input\_libre\_app\_allowed\_ip\_addresses) | Allowed IP Addresses. The CIDR notation of the IP or IP Range to match to allow. For example: 10.0.0.0/24 or 192.168.10.1/32 | list(object({
ip_address = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"ip_address": "0.0.0.0/0",
"name": "ip-access-rule1",
"priority": 300
}
]
| no |
-| [libre\_app\_allowed\_subnets](#input\_libre\_app\_allowed\_subnets) | Allowed Subnets (By default the subnet the app service is deployed in is allowed access already as priority 100). Add any additionals here | list(object({
virtual_network_subnet_id = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"name": "subnet-access-rule1",
"priority": 200,
"virtual_network_subnet_id": "subnet_id1"
}
]
| no |
+| [libre\_app\_allowed\_ip\_addresses](#input\_libre\_app\_allowed\_ip\_addresses) | Allowed IP Addresses. The CIDR notation of the IP or IP Range to match to allow. For example: 10.0.0.0/24 or 192.168.10.1/32 | list(object({
ip_address = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"ip_address": "0.0.0.0/0",
"name": "ip-access-rule1",
"priority": 300
}
]
| no |
+| [libre\_app\_allowed\_subnets](#input\_libre\_app\_allowed\_subnets) | Allowed Subnets (By default the subnet the app service is deployed in is allowed access already as priority 100). Add any additionals here | list(object({
virtual_network_subnet_id = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"name": "subnet-access-rule1",
"priority": 200,
"virtual_network_subnet_id": "subnet_id1"
}
]
| no |
| [libre\_app\_az\_oai\_api\_key](#input\_libre\_app\_az\_oai\_api\_key) | Azure OpenAI API Key | `string` | `null` | no |
| [libre\_app\_az\_oai\_api\_version](#input\_libre\_app\_az\_oai\_api\_version) | Azure OpenAI API Version | `string` | `"2023-07-01-preview"` | no |
| [libre\_app\_az\_oai\_dall3\_api\_version](#input\_libre\_app\_az\_oai\_dall3\_api\_version) | Azure OpenAI DALL-E API Version | `string` | `"2023-12-01-preview"` | no |
@@ -204,30 +204,30 @@ No modules.
| [libre\_app\_port](#input\_libre\_app\_port) | The host port to listen on. | `number` | `3080` | no |
| [libre\_app\_public\_network\_access\_enabled](#input\_libre\_app\_public\_network\_access\_enabled) | Whether or not public network access is enabled. Defaults to `false`. | `bool` | `true` | no |
| [libre\_app\_title](#input\_libre\_app\_title) | Add a custom title for the App. | `string` | `"PrivateGPT"` | no |
-| [libre\_app\_violations](#input\_libre\_app\_violations) | Configuration for violations | object({
enabled = bool
ban_duration = number
ban_interval = number
login_violation_score = number
registration_violation_score = number
concurrent_violation_score = number
message_violation_score = number
non_browser_violation_score = number
login_max = number
login_window = number
register_max = number
register_window = number
limit_concurrent_messages = bool
concurrent_message_max = number
limit_message_ip = bool
message_ip_max = number
message_ip_window = number
limit_message_user = bool
message_user_max = number
message_user_window = number
}) | {
"ban_duration": 7200000,
"ban_interval": 20,
"concurrent_message_max": 2,
"concurrent_violation_score": 1,
"enabled": true,
"limit_concurrent_messages": true,
"limit_message_ip": true,
"limit_message_user": false,
"login_max": 7,
"login_violation_score": 1,
"login_window": 5,
"message_ip_max": 40,
"message_ip_window": 1,
"message_user_max": 40,
"message_user_window": 1,
"message_violation_score": 1,
"non_browser_violation_score": 20,
"register_max": 5,
"register_window": 60,
"registration_violation_score": 1
} | no |
+| [libre\_app\_violations](#input\_libre\_app\_violations) | Configuration for violations | object({
enabled = bool
ban_duration = number
ban_interval = number
login_violation_score = number
registration_violation_score = number
concurrent_violation_score = number
message_violation_score = number
non_browser_violation_score = number
login_max = number
login_window = number
register_max = number
register_window = number
limit_concurrent_messages = bool
concurrent_message_max = number
limit_message_ip = bool
message_ip_max = number
message_ip_window = number
limit_message_user = bool
message_user_max = number
message_user_window = number
}) | {
"ban_duration": 7200000,
"ban_interval": 20,
"concurrent_message_max": 2,
"concurrent_violation_score": 1,
"enabled": true,
"limit_concurrent_messages": true,
"limit_message_ip": true,
"limit_message_user": false,
"login_max": 7,
"login_violation_score": 1,
"login_window": 5,
"message_ip_max": 40,
"message_ip_window": 1,
"message_user_max": 40,
"message_user_window": 1,
"message_violation_score": 1,
"non_browser_violation_score": 20,
"register_max": 5,
"register_window": 60,
"registration_violation_score": 1
} | no |
| [libre\_app\_virtual\_network\_subnet\_id](#input\_libre\_app\_virtual\_network\_subnet\_id) | The ID of the subnet, used to allow access to the App Service (priority 100), e.g. cosmosdb, meilisearch etc. If networking is created as part of the module, this will be automatically populated if value is 'null'. | `string` | `null` | no |
| [librechat\_app\_custom\_dns\_zone\_name](#input\_librechat\_app\_custom\_dns\_zone\_name) | The DNS Zone to use for the App Service. | `string` | `"domain.com"` | no |
| [librechat\_app\_custom\_domain\_name](#input\_librechat\_app\_custom\_domain\_name) | The custom domain to use for the App Service. | `string` | `"privategpt"` | no |
| [location](#input\_location) | Azure region where resources will be hosted. | `string` | `"uksouth"` | no |
| [oai\_account\_name](#input\_oai\_account\_name) | The name of the OpenAI service. | `string` | `"az-openai-account"` | no |
| [oai\_custom\_subdomain\_name](#input\_oai\_custom\_subdomain\_name) | The subdomain name used for token-based authentication. Changing this forces a new resource to be created. (normally the same as the account name) | `string` | `"demo-account"` | no |
-| [oai\_customer\_managed\_key](#input\_oai\_customer\_managed\_key) | type = object({
key\_vault\_key\_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity\_client\_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
}) | object({
key_vault_key_id = string
identity_client_id = optional(string)
}) | `null` | no |
+| [oai\_customer\_managed\_key](#input\_oai\_customer\_managed\_key) | type = object({
key\_vault\_key\_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity\_client\_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
}) | object({
key_vault_key_id = string
identity_client_id = optional(string)
}) | `null` | no |
| [oai\_dynamic\_throttling\_enabled](#input\_oai\_dynamic\_throttling\_enabled) | Whether or not dynamic throttling is enabled. Defaults to `true`. | `bool` | `true` | no |
| [oai\_fqdns](#input\_oai\_fqdns) | A list of FQDNs to be used for token-based authentication. Changing this forces a new resource to be created. | `list(string)` | `[]` | no |
-| [oai\_identity](#input\_oai\_identity) | type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity\_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
}) | object({
type = string
identity_ids = optional(list(string))
}) | {
"type": "SystemAssigned"
} | no |
+| [oai\_identity](#input\_oai\_identity) | type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity\_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
}) | object({
type = string
identity_ids = optional(list(string))
}) | {
"type": "SystemAssigned"
} | no |
| [oai\_local\_auth\_enabled](#input\_oai\_local\_auth\_enabled) | Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`. | `bool` | `true` | no |
-| [oai\_model\_deployment](#input\_oai\_model\_deployment) | type = list(object({
deployment\_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model\_name = {
model\_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model\_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model\_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku\_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku\_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku\_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku\_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku\_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai\_policy\_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
})) | list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
})) | `[]` | no |
-| [oai\_network\_acls](#input\_oai\_network\_acls) | type = set(object({
default\_action = (Required) The Default Action to use when no rules match from ip\_rules / virtual\_network\_rules. Possible values are `Allow` and `Deny`.
ip\_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual\_network\_rules = optional(set(object({
subnet\_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore\_missing\_vnet\_service\_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
})) | set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
})) | `null` | no |
+| [oai\_model\_deployment](#input\_oai\_model\_deployment) | type = list(object({
deployment\_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model\_name = {
model\_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model\_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model\_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku\_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku\_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku\_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku\_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku\_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai\_policy\_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
})) | list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
})) | `[]` | no |
+| [oai\_network\_acls](#input\_oai\_network\_acls) | type = set(object({
default\_action = (Required) The Default Action to use when no rules match from ip\_rules / virtual\_network\_rules. Possible values are `Allow` and `Deny`.
ip\_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual\_network\_rules = optional(set(object({
subnet\_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore\_missing\_vnet\_service\_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
})) | set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
})) | `null` | no |
| [oai\_outbound\_network\_access\_restricted](#input\_oai\_outbound\_network\_access\_restricted) | Whether or not outbound network access is restricted. Defaults to `false`. | `bool` | `false` | no |
| [oai\_public\_network\_access\_enabled](#input\_oai\_public\_network\_access\_enabled) | Whether or not public network access is enabled. Defaults to `false`. | `bool` | `true` | no |
| [oai\_sku\_name](#input\_oai\_sku\_name) | SKU name of the OpenAI service. | `string` | `"S0"` | no |
-| [oai\_storage](#input\_oai\_storage) | type = list(object({
storage\_account\_id = (Required) Full resource id of a Microsoft.Storage resource.
identity\_client\_id = (Optional) The client ID of the managed identity associated with the storage resource.
})) | list(object({
storage_account_id = string
identity_client_id = optional(string)
})) | `[]` | no |
+| [oai\_storage](#input\_oai\_storage) | type = list(object({
storage\_account\_id = (Required) Full resource id of a Microsoft.Storage resource.
identity\_client\_id = (Optional) The client ID of the managed identity associated with the storage resource.
})) | list(object({
storage_account_id = string
identity_client_id = optional(string)
})) | `[]` | no |
| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group to create the OpenAI service / or where an existing service is hosted. | `string` | n/a | yes |
-| [subnet\_config](#input\_subnet\_config) | A list of subnet configuration objects to create subnets in the virtual network. | object({
subnet_name = string
subnet_address_space = list(string)
service_endpoints = list(string)
private_endpoint_network_policies_enabled = string
private_link_service_network_policies_enabled = bool
subnets_delegation_settings = map(list(object({
name = string
actions = list(string)
})))
}) | {
"private_endpoint_network_policies_enabled": "Enabled",
"private_link_service_network_policies_enabled": false,
"service_endpoints": [
"Microsoft.AzureCosmosDB",
"Microsoft.Web"
],
"subnet_address_space": [
"10.4.0.0/24"
],
"subnet_name": "app-cosmos-sub",
"subnets_delegation_settings": {
"app-service-plan": [
{
"actions": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"name": "Microsoft.Web/serverFarms"
}
]
}
} | no |
+| [subnet\_config](#input\_subnet\_config) | A list of subnet configuration objects to create subnets in the virtual network. | object({
subnet_name = string
subnet_address_space = list(string)
service_endpoints = list(string)
private_endpoint_network_policies_enabled = string
private_link_service_network_policies_enabled = bool
subnets_delegation_settings = map(list(object({
name = string
actions = list(string)
})))
}) | {
"private_endpoint_network_policies_enabled": "Enabled",
"private_link_service_network_policies_enabled": false,
"service_endpoints": [
"Microsoft.AzureCosmosDB",
"Microsoft.Web"
],
"subnet_address_space": [
"10.4.0.0/24"
],
"subnet_name": "app-cosmos-sub",
"subnets_delegation_settings": {
"app-service-plan": [
{
"actions": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"name": "Microsoft.Web/serverFarms"
}
]
}
} | no |
| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | `{}` | no |
| [use\_cosmosdb\_free\_tier](#input\_use\_cosmosdb\_free\_tier) | Whether to enable the free tier for the Cosmos DB account. This needs to be false if another instance already uses free tier. | `bool` | `true` | no |
| [virtual\_network\_name](#input\_virtual\_network\_name) | Name of the virtual network where resources are attached. | `string` | `"openai-vnet-9000"` | no |
-| [vnet\_address\_space](#input\_vnet\_address\_space) | value of the address space for the virtual network. | `list(string)` | [
"10.4.0.0/24"
]
| no |
+| [vnet\_address\_space](#input\_vnet\_address\_space) | value of the address space for the virtual network. | `list(string)` | [
"10.4.0.0/24"
]
| no |
## Outputs
diff --git a/examples/public_deployment_with_custom_domain/README.md b/examples/public_deployment_with_custom_domain/README.md
index 9a196c0..f40d461 100644
--- a/examples/public_deployment_with_custom_domain/README.md
+++ b/examples/public_deployment_with_custom_domain/README.md
@@ -87,9 +87,9 @@ No requirements.
| [app\_service\_name](#input\_app\_service\_name) | Name of the Linux App Service Plan. | `string` | `"openai-asp9000"` | no |
| [app\_service\_sku\_name](#input\_app\_service\_sku\_name) | The SKU name of the App Service Plan. | `string` | `"B1"` | no |
| [cosmosdb\_automatic\_failover](#input\_cosmosdb\_automatic\_failover) | Whether to enable automatic failover for the Cosmos DB account | `bool` | `false` | no |
-| [cosmosdb\_capabilities](#input\_cosmosdb\_capabilities) | The capabilities for the Cosmos DB account | `list(string)` | [
"EnableMongo",
"MongoDBv3.4"
]
| no |
+| [cosmosdb\_capabilities](#input\_cosmosdb\_capabilities) | The capabilities for the Cosmos DB account | `list(string)` | [
"EnableMongo",
"MongoDBv3.4"
]
| no |
| [cosmosdb\_consistency\_level](#input\_cosmosdb\_consistency\_level) | The consistency level of the Cosmos DB account | `string` | `"BoundedStaleness"` | no |
-| [cosmosdb\_geo\_locations](#input\_cosmosdb\_geo\_locations) | The geo-locations for the Cosmos DB account | list(object({
location = string
failover_priority = number
})) | [
{
"failover_priority": 0,
"location": "uksouth"
}
]
| no |
+| [cosmosdb\_geo\_locations](#input\_cosmosdb\_geo\_locations) | The geo-locations for the Cosmos DB account | list(object({
location = string
failover_priority = number
})) | [
{
"failover_priority": 0,
"location": "uksouth"
}
]
| no |
| [cosmosdb\_is\_virtual\_network\_filter\_enabled](#input\_cosmosdb\_is\_virtual\_network\_filter\_enabled) | Whether to enable virtual network filtering for the Cosmos DB account | `bool` | `true` | no |
| [cosmosdb\_kind](#input\_cosmosdb\_kind) | The kind of Cosmos DB to create | `string` | `"MongoDB"` | no |
| [cosmosdb\_max\_interval\_in\_seconds](#input\_cosmosdb\_max\_interval\_in\_seconds) | The maximum staleness interval in seconds for the Cosmos DB account | `number` | `10` | no |
@@ -109,8 +109,8 @@ No requirements.
| [libre\_app\_allow\_registration](#input\_libre\_app\_allow\_registration) | Allow Registration | `bool` | `true` | no |
| [libre\_app\_allow\_social\_login](#input\_libre\_app\_allow\_social\_login) | Allow Social Login | `bool` | `false` | no |
| [libre\_app\_allow\_social\_registration](#input\_libre\_app\_allow\_social\_registration) | Allow Social Registration | `bool` | `false` | no |
-| [libre\_app\_allowed\_ip\_addresses](#input\_libre\_app\_allowed\_ip\_addresses) | Allowed IP Addresses. The CIDR notation of the IP or IP Range to match to allow. For example: 10.0.0.0/24 or 192.168.10.1/32 | list(object({
ip_address = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"ip_address": "0.0.0.0/0",
"name": "ip-access-rule1",
"priority": 300
}
]
| no |
-| [libre\_app\_allowed\_subnets](#input\_libre\_app\_allowed\_subnets) | Allowed Subnets (By default the subnet the app service is deployed in is allowed access already as priority 100). Add any additionals here | list(object({
virtual_network_subnet_id = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"name": "subnet-access-rule1",
"priority": 200,
"virtual_network_subnet_id": "subnet_id1"
}
]
| no |
+| [libre\_app\_allowed\_ip\_addresses](#input\_libre\_app\_allowed\_ip\_addresses) | Allowed IP Addresses. The CIDR notation of the IP or IP Range to match to allow. For example: 10.0.0.0/24 or 192.168.10.1/32 | list(object({
ip_address = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"ip_address": "0.0.0.0/0",
"name": "ip-access-rule1",
"priority": 300
}
]
| no |
+| [libre\_app\_allowed\_subnets](#input\_libre\_app\_allowed\_subnets) | Allowed Subnets (By default the subnet the app service is deployed in is allowed access already as priority 100). Add any additionals here | list(object({
virtual_network_subnet_id = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"name": "subnet-access-rule1",
"priority": 200,
"virtual_network_subnet_id": "subnet_id1"
}
]
| no |
| [libre\_app\_az\_oai\_api\_key](#input\_libre\_app\_az\_oai\_api\_key) | Azure OpenAI API Key | `string` | `null` | no |
| [libre\_app\_az\_oai\_api\_version](#input\_libre\_app\_az\_oai\_api\_version) | Azure OpenAI API Version | `string` | `"2023-07-01-preview"` | no |
| [libre\_app\_az\_oai\_dall3\_api\_version](#input\_libre\_app\_az\_oai\_dall3\_api\_version) | Azure OpenAI DALL-E API Version | `string` | `"2023-12-01-preview"` | no |
@@ -139,30 +139,30 @@ No requirements.
| [libre\_app\_port](#input\_libre\_app\_port) | The host port to listen on. | `number` | `3080` | no |
| [libre\_app\_public\_network\_access\_enabled](#input\_libre\_app\_public\_network\_access\_enabled) | Whether or not public network access is enabled. Defaults to `false`. | `bool` | `true` | no |
| [libre\_app\_title](#input\_libre\_app\_title) | Add a custom title for the App. | `string` | `"PrivateGPT"` | no |
-| [libre\_app\_violations](#input\_libre\_app\_violations) | Configuration for violations | object({
enabled = bool
ban_duration = number
ban_interval = number
login_violation_score = number
registration_violation_score = number
concurrent_violation_score = number
message_violation_score = number
non_browser_violation_score = number
login_max = number
login_window = number
register_max = number
register_window = number
limit_concurrent_messages = bool
concurrent_message_max = number
limit_message_ip = bool
message_ip_max = number
message_ip_window = number
limit_message_user = bool
message_user_max = number
message_user_window = number
}) | {
"ban_duration": 7200000,
"ban_interval": 20,
"concurrent_message_max": 2,
"concurrent_violation_score": 1,
"enabled": true,
"limit_concurrent_messages": true,
"limit_message_ip": true,
"limit_message_user": false,
"login_max": 7,
"login_violation_score": 1,
"login_window": 5,
"message_ip_max": 40,
"message_ip_window": 1,
"message_user_max": 40,
"message_user_window": 1,
"message_violation_score": 1,
"non_browser_violation_score": 20,
"register_max": 5,
"register_window": 60,
"registration_violation_score": 1
} | no |
+| [libre\_app\_violations](#input\_libre\_app\_violations) | Configuration for violations | object({
enabled = bool
ban_duration = number
ban_interval = number
login_violation_score = number
registration_violation_score = number
concurrent_violation_score = number
message_violation_score = number
non_browser_violation_score = number
login_max = number
login_window = number
register_max = number
register_window = number
limit_concurrent_messages = bool
concurrent_message_max = number
limit_message_ip = bool
message_ip_max = number
message_ip_window = number
limit_message_user = bool
message_user_max = number
message_user_window = number
}) | {
"ban_duration": 7200000,
"ban_interval": 20,
"concurrent_message_max": 2,
"concurrent_violation_score": 1,
"enabled": true,
"limit_concurrent_messages": true,
"limit_message_ip": true,
"limit_message_user": false,
"login_max": 7,
"login_violation_score": 1,
"login_window": 5,
"message_ip_max": 40,
"message_ip_window": 1,
"message_user_max": 40,
"message_user_window": 1,
"message_violation_score": 1,
"non_browser_violation_score": 20,
"register_max": 5,
"register_window": 60,
"registration_violation_score": 1
} | no |
| [libre\_app\_virtual\_network\_subnet\_id](#input\_libre\_app\_virtual\_network\_subnet\_id) | The ID of the subnet, used to allow access to the App Service (priority 100), e.g. cosmosdb, meilisearch etc. If networking is created as part of the module, this will be automatically populated if value is 'null'. | `string` | `null` | no |
| [librechat\_app\_custom\_dns\_zone\_name](#input\_librechat\_app\_custom\_dns\_zone\_name) | The DNS Zone to use for the App Service. | `string` | `"domain.com"` | no |
| [librechat\_app\_custom\_domain\_name](#input\_librechat\_app\_custom\_domain\_name) | The custom domain to use for the App Service. | `string` | `"privategpt"` | no |
| [location](#input\_location) | Azure region where resources will be hosted. | `string` | `"uksouth"` | no |
| [oai\_account\_name](#input\_oai\_account\_name) | The name of the OpenAI service. | `string` | `"az-openai-account"` | no |
| [oai\_custom\_subdomain\_name](#input\_oai\_custom\_subdomain\_name) | The subdomain name used for token-based authentication. Changing this forces a new resource to be created. (normally the same as the account name) | `string` | `"demo-account"` | no |
-| [oai\_customer\_managed\_key](#input\_oai\_customer\_managed\_key) | type = object({
key\_vault\_key\_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity\_client\_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
}) | object({
key_vault_key_id = string
identity_client_id = optional(string)
}) | `null` | no |
+| [oai\_customer\_managed\_key](#input\_oai\_customer\_managed\_key) | type = object({
key\_vault\_key\_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity\_client\_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
}) | object({
key_vault_key_id = string
identity_client_id = optional(string)
}) | `null` | no |
| [oai\_dynamic\_throttling\_enabled](#input\_oai\_dynamic\_throttling\_enabled) | Whether or not dynamic throttling is enabled. Defaults to `true`. | `bool` | `true` | no |
| [oai\_fqdns](#input\_oai\_fqdns) | A list of FQDNs to be used for token-based authentication. Changing this forces a new resource to be created. | `list(string)` | `[]` | no |
-| [oai\_identity](#input\_oai\_identity) | type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity\_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
}) | object({
type = string
identity_ids = optional(list(string))
}) | {
"type": "SystemAssigned"
} | no |
+| [oai\_identity](#input\_oai\_identity) | type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity\_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
}) | object({
type = string
identity_ids = optional(list(string))
}) | {
"type": "SystemAssigned"
} | no |
| [oai\_local\_auth\_enabled](#input\_oai\_local\_auth\_enabled) | Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`. | `bool` | `true` | no |
-| [oai\_model\_deployment](#input\_oai\_model\_deployment) | type = list(object({
deployment\_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model\_name = {
model\_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model\_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model\_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku\_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku\_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku\_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku\_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku\_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai\_policy\_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
})) | list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
})) | `[]` | no |
-| [oai\_network\_acls](#input\_oai\_network\_acls) | type = set(object({
default\_action = (Required) The Default Action to use when no rules match from ip\_rules / virtual\_network\_rules. Possible values are `Allow` and `Deny`.
ip\_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual\_network\_rules = optional(set(object({
subnet\_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore\_missing\_vnet\_service\_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
})) | set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
})) | `null` | no |
+| [oai\_model\_deployment](#input\_oai\_model\_deployment) | type = list(object({
deployment\_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model\_name = {
model\_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model\_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model\_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku\_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku\_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku\_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku\_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku\_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai\_policy\_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
})) | list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
})) | `[]` | no |
+| [oai\_network\_acls](#input\_oai\_network\_acls) | type = set(object({
default\_action = (Required) The Default Action to use when no rules match from ip\_rules / virtual\_network\_rules. Possible values are `Allow` and `Deny`.
ip\_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual\_network\_rules = optional(set(object({
subnet\_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore\_missing\_vnet\_service\_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
})) | set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
})) | `null` | no |
| [oai\_outbound\_network\_access\_restricted](#input\_oai\_outbound\_network\_access\_restricted) | Whether or not outbound network access is restricted. Defaults to `false`. | `bool` | `false` | no |
| [oai\_public\_network\_access\_enabled](#input\_oai\_public\_network\_access\_enabled) | Whether or not public network access is enabled. Defaults to `false`. | `bool` | `false` | no |
| [oai\_sku\_name](#input\_oai\_sku\_name) | SKU name of the OpenAI service. | `string` | `"S0"` | no |
-| [oai\_storage](#input\_oai\_storage) | type = list(object({
storage\_account\_id = (Required) Full resource id of a Microsoft.Storage resource.
identity\_client\_id = (Optional) The client ID of the managed identity associated with the storage resource.
})) | list(object({
storage_account_id = string
identity_client_id = optional(string)
})) | `[]` | no |
+| [oai\_storage](#input\_oai\_storage) | type = list(object({
storage\_account\_id = (Required) Full resource id of a Microsoft.Storage resource.
identity\_client\_id = (Optional) The client ID of the managed identity associated with the storage resource.
})) | list(object({
storage_account_id = string
identity_client_id = optional(string)
})) | `[]` | no |
| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group to create where the cognitive account OpenAI service is hosted. | `string` | n/a | yes |
-| [subnet\_config](#input\_subnet\_config) | A list of subnet configuration objects to create subnets in the virtual network. | object({
subnet_name = string
subnet_address_space = list(string)
service_endpoints = list(string)
private_endpoint_network_policies_enabled = string
private_link_service_network_policies_enabled = bool
subnets_delegation_settings = map(list(object({
name = string
actions = list(string)
})))
}) | {
"private_endpoint_network_policies_enabled": "Enabled",
"private_link_service_network_policies_enabled": false,
"service_endpoints": [
"Microsoft.AzureCosmosDB",
"Microsoft.Web"
],
"subnet_address_space": [
"10.4.0.0/24"
],
"subnet_name": "app-cosmos-sub",
"subnets_delegation_settings": {
"app-service-plan": [
{
"actions": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"name": "Microsoft.Web/serverFarms"
}
]
}
} | no |
+| [subnet\_config](#input\_subnet\_config) | A list of subnet configuration objects to create subnets in the virtual network. | object({
subnet_name = string
subnet_address_space = list(string)
service_endpoints = list(string)
private_endpoint_network_policies_enabled = string
private_link_service_network_policies_enabled = bool
subnets_delegation_settings = map(list(object({
name = string
actions = list(string)
})))
}) | {
"private_endpoint_network_policies_enabled": "Enabled",
"private_link_service_network_policies_enabled": false,
"service_endpoints": [
"Microsoft.AzureCosmosDB",
"Microsoft.Web"
],
"subnet_address_space": [
"10.4.0.0/24"
],
"subnet_name": "app-cosmos-sub",
"subnets_delegation_settings": {
"app-service-plan": [
{
"actions": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"name": "Microsoft.Web/serverFarms"
}
]
}
} | no |
| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | `{}` | no |
| [use\_cosmosdb\_free\_tier](#input\_use\_cosmosdb\_free\_tier) | Whether to enable the free tier for the Cosmos DB account. This needs to be false if another instance already uses free tier. | `bool` | `true` | no |
| [virtual\_network\_name](#input\_virtual\_network\_name) | Name of the virtual network where resources are attached. | `string` | `"openai-vnet-9000"` | no |
-| [vnet\_address\_space](#input\_vnet\_address\_space) | value of the address space for the virtual network. | `list(string)` | [
"10.4.0.0/24"
]
| no |
+| [vnet\_address\_space](#input\_vnet\_address\_space) | value of the address space for the virtual network. | `list(string)` | [
"10.4.0.0/24"
]
| no |
## Outputs
diff --git a/tests/auto_test1/README.md b/tests/auto_test1/README.md
index d81b730..b97067f 100644
--- a/tests/auto_test1/README.md
+++ b/tests/auto_test1/README.md
@@ -32,9 +32,9 @@ No requirements.
| [app\_service\_name](#input\_app\_service\_name) | Name of the Linux App Service Plan. | `string` | `"openai-asp9000"` | no |
| [app\_service\_sku\_name](#input\_app\_service\_sku\_name) | The SKU name of the App Service Plan. | `string` | `"B1"` | no |
| [cosmosdb\_automatic\_failover](#input\_cosmosdb\_automatic\_failover) | Whether to enable automatic failover for the Cosmos DB account | `bool` | `false` | no |
-| [cosmosdb\_capabilities](#input\_cosmosdb\_capabilities) | The capabilities for the Cosmos DB account | `list(string)` | [
"EnableMongo",
"MongoDBv3.4"
]
| no |
+| [cosmosdb\_capabilities](#input\_cosmosdb\_capabilities) | The capabilities for the Cosmos DB account | `list(string)` | [
"EnableMongo",
"MongoDBv3.4"
]
| no |
| [cosmosdb\_consistency\_level](#input\_cosmosdb\_consistency\_level) | The consistency level of the Cosmos DB account | `string` | `"BoundedStaleness"` | no |
-| [cosmosdb\_geo\_locations](#input\_cosmosdb\_geo\_locations) | The geo-locations for the Cosmos DB account | list(object({
location = string
failover_priority = number
})) | [
{
"failover_priority": 0,
"location": "uksouth"
}
]
| no |
+| [cosmosdb\_geo\_locations](#input\_cosmosdb\_geo\_locations) | The geo-locations for the Cosmos DB account | list(object({
location = string
failover_priority = number
})) | [
{
"failover_priority": 0,
"location": "uksouth"
}
]
| no |
| [cosmosdb\_is\_virtual\_network\_filter\_enabled](#input\_cosmosdb\_is\_virtual\_network\_filter\_enabled) | Whether to enable virtual network filtering for the Cosmos DB account | `bool` | `true` | no |
| [cosmosdb\_kind](#input\_cosmosdb\_kind) | The kind of Cosmos DB to create | `string` | `"MongoDB"` | no |
| [cosmosdb\_max\_interval\_in\_seconds](#input\_cosmosdb\_max\_interval\_in\_seconds) | The maximum staleness interval in seconds for the Cosmos DB account | `number` | `10` | no |
@@ -54,8 +54,8 @@ No requirements.
| [libre\_app\_allow\_registration](#input\_libre\_app\_allow\_registration) | Allow Registration | `bool` | `true` | no |
| [libre\_app\_allow\_social\_login](#input\_libre\_app\_allow\_social\_login) | Allow Social Login | `bool` | `false` | no |
| [libre\_app\_allow\_social\_registration](#input\_libre\_app\_allow\_social\_registration) | Allow Social Registration | `bool` | `false` | no |
-| [libre\_app\_allowed\_ip\_addresses](#input\_libre\_app\_allowed\_ip\_addresses) | Allowed IP Addresses. The CIDR notation of the IP or IP Range to match to allow. For example: 10.0.0.0/24 or 192.168.10.1/32 | list(object({
ip_address = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"ip_address": "0.0.0.0/0",
"name": "ip-access-rule1",
"priority": 300
}
]
| no |
-| [libre\_app\_allowed\_subnets](#input\_libre\_app\_allowed\_subnets) | Allowed Subnets (By default the subnet the app service is deployed in is allowed access already as priority 100). Add any additionals here | list(object({
virtual_network_subnet_id = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"name": "subnet-access-rule1",
"priority": 200,
"virtual_network_subnet_id": "subnet_id1"
}
]
| no |
+| [libre\_app\_allowed\_ip\_addresses](#input\_libre\_app\_allowed\_ip\_addresses) | Allowed IP Addresses. The CIDR notation of the IP or IP Range to match to allow. For example: 10.0.0.0/24 or 192.168.10.1/32 | list(object({
ip_address = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"ip_address": "0.0.0.0/0",
"name": "ip-access-rule1",
"priority": 300
}
]
| no |
+| [libre\_app\_allowed\_subnets](#input\_libre\_app\_allowed\_subnets) | Allowed Subnets (By default the subnet the app service is deployed in is allowed access already as priority 100). Add any additionals here | list(object({
virtual_network_subnet_id = string
priority = number
name = string
action = string
})) | [
{
"action": "Allow",
"name": "subnet-access-rule1",
"priority": 200,
"virtual_network_subnet_id": "subnet_id1"
}
]
| no |
| [libre\_app\_az\_oai\_api\_key](#input\_libre\_app\_az\_oai\_api\_key) | Azure OpenAI API Key | `string` | `null` | no |
| [libre\_app\_az\_oai\_api\_version](#input\_libre\_app\_az\_oai\_api\_version) | Azure OpenAI API Version | `string` | `"2023-07-01-preview"` | no |
| [libre\_app\_az\_oai\_dall3\_api\_version](#input\_libre\_app\_az\_oai\_dall3\_api\_version) | Azure OpenAI DALL-E API Version | `string` | `"2023-12-01-preview"` | no |
@@ -84,30 +84,30 @@ No requirements.
| [libre\_app\_port](#input\_libre\_app\_port) | The host port to listen on. | `number` | `3080` | no |
| [libre\_app\_public\_network\_access\_enabled](#input\_libre\_app\_public\_network\_access\_enabled) | Whether or not public network access is enabled. Defaults to `false`. | `bool` | `true` | no |
| [libre\_app\_title](#input\_libre\_app\_title) | Add a custom title for the App. | `string` | `"PrivateGPT"` | no |
-| [libre\_app\_violations](#input\_libre\_app\_violations) | Configuration for violations | object({
enabled = bool
ban_duration = number
ban_interval = number
login_violation_score = number
registration_violation_score = number
concurrent_violation_score = number
message_violation_score = number
non_browser_violation_score = number
login_max = number
login_window = number
register_max = number
register_window = number
limit_concurrent_messages = bool
concurrent_message_max = number
limit_message_ip = bool
message_ip_max = number
message_ip_window = number
limit_message_user = bool
message_user_max = number
message_user_window = number
}) | {
"ban_duration": 7200000,
"ban_interval": 20,
"concurrent_message_max": 2,
"concurrent_violation_score": 1,
"enabled": true,
"limit_concurrent_messages": true,
"limit_message_ip": true,
"limit_message_user": false,
"login_max": 7,
"login_violation_score": 1,
"login_window": 5,
"message_ip_max": 40,
"message_ip_window": 1,
"message_user_max": 40,
"message_user_window": 1,
"message_violation_score": 1,
"non_browser_violation_score": 20,
"register_max": 5,
"register_window": 60,
"registration_violation_score": 1
} | no |
+| [libre\_app\_violations](#input\_libre\_app\_violations) | Configuration for violations | object({
enabled = bool
ban_duration = number
ban_interval = number
login_violation_score = number
registration_violation_score = number
concurrent_violation_score = number
message_violation_score = number
non_browser_violation_score = number
login_max = number
login_window = number
register_max = number
register_window = number
limit_concurrent_messages = bool
concurrent_message_max = number
limit_message_ip = bool
message_ip_max = number
message_ip_window = number
limit_message_user = bool
message_user_max = number
message_user_window = number
}) | {
"ban_duration": 7200000,
"ban_interval": 20,
"concurrent_message_max": 2,
"concurrent_violation_score": 1,
"enabled": true,
"limit_concurrent_messages": true,
"limit_message_ip": true,
"limit_message_user": false,
"login_max": 7,
"login_violation_score": 1,
"login_window": 5,
"message_ip_max": 40,
"message_ip_window": 1,
"message_user_max": 40,
"message_user_window": 1,
"message_violation_score": 1,
"non_browser_violation_score": 20,
"register_max": 5,
"register_window": 60,
"registration_violation_score": 1
} | no |
| [libre\_app\_virtual\_network\_subnet\_id](#input\_libre\_app\_virtual\_network\_subnet\_id) | The ID of the subnet, used to allow access to the App Service (priority 100), e.g. cosmosdb, meilisearch etc. If networking is created as part of the module, this will be automatically populated if value is 'null'. | `string` | `null` | no |
| [librechat\_app\_custom\_dns\_zone\_name](#input\_librechat\_app\_custom\_dns\_zone\_name) | The DNS Zone to use for the App Service. | `string` | `"domain.com"` | no |
| [librechat\_app\_custom\_domain\_name](#input\_librechat\_app\_custom\_domain\_name) | The custom domain to use for the App Service. | `string` | `"privategpt"` | no |
| [location](#input\_location) | Azure region where resources will be hosted. | `string` | `"uksouth"` | no |
| [oai\_account\_name](#input\_oai\_account\_name) | The name of the OpenAI service. | `string` | `"az-openai-account"` | no |
| [oai\_custom\_subdomain\_name](#input\_oai\_custom\_subdomain\_name) | The subdomain name used for token-based authentication. Changing this forces a new resource to be created. (normally the same as the account name) | `string` | `"demo-account"` | no |
-| [oai\_customer\_managed\_key](#input\_oai\_customer\_managed\_key) | type = object({
key\_vault\_key\_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity\_client\_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
}) | object({
key_vault_key_id = string
identity_client_id = optional(string)
}) | `null` | no |
+| [oai\_customer\_managed\_key](#input\_oai\_customer\_managed\_key) | type = object({
key\_vault\_key\_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity\_client\_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
}) | object({
key_vault_key_id = string
identity_client_id = optional(string)
}) | `null` | no |
| [oai\_dynamic\_throttling\_enabled](#input\_oai\_dynamic\_throttling\_enabled) | Whether or not dynamic throttling is enabled. Defaults to `true`. | `bool` | `true` | no |
| [oai\_fqdns](#input\_oai\_fqdns) | A list of FQDNs to be used for token-based authentication. Changing this forces a new resource to be created. | `list(string)` | `[]` | no |
-| [oai\_identity](#input\_oai\_identity) | type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity\_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
}) | object({
type = string
identity_ids = optional(list(string))
}) | {
"type": "SystemAssigned"
} | no |
+| [oai\_identity](#input\_oai\_identity) | type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity\_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
}) | object({
type = string
identity_ids = optional(list(string))
}) | {
"type": "SystemAssigned"
} | no |
| [oai\_local\_auth\_enabled](#input\_oai\_local\_auth\_enabled) | Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`. | `bool` | `true` | no |
-| [oai\_model\_deployment](#input\_oai\_model\_deployment) | type = list(object({
deployment\_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model\_name = {
model\_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model\_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model\_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku\_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku\_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku\_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku\_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku\_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai\_policy\_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
})) | list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
})) | `[]` | no |
-| [oai\_network\_acls](#input\_oai\_network\_acls) | type = set(object({
default\_action = (Required) The Default Action to use when no rules match from ip\_rules / virtual\_network\_rules. Possible values are `Allow` and `Deny`.
ip\_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual\_network\_rules = optional(set(object({
subnet\_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore\_missing\_vnet\_service\_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
})) | set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
})) | `null` | no |
+| [oai\_model\_deployment](#input\_oai\_model\_deployment) | type = list(object({
deployment\_id = (Required) The name of the Cognitive Services Account `Model Deployment`. Changing this forces a new resource to be created.
model\_name = {
model\_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model\_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model\_version = (Required) The version of Cognitive Services Account Deployment model.
}
sku = {
sku\_name = (Required) The name of the SKU. Possible values include Standard, GlobalBatch, GlobalStandard and ProvisionedManaged.
sku\_tier = (Optional) Possible values are Free, Basic, Standard, Premium, Enterprise. Changing this forces a new resource to be created.
sku\_size = (Optional) The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created.
sku\_family = (Optional) If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created.
sku\_capacity = (Optional) Tokens-per-Minute (TPM). If the SKU supports sku out/in then the capacity integer should be included. If sku out/in is not possible for the resource this may be omitted. Default value is 1. Changing this forces a new resource to be created.
}
rai\_policy\_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
})) | list(object({
deployment_id = string
model_name = string
model_format = string
model_version = string
sku_name = string
sku_tier = optional(string)
sku_size = optional(number)
sku_family = optional(string)
sku_capacity = optional(number)
rai_policy_name = optional(string)
})) | `[]` | no |
+| [oai\_network\_acls](#input\_oai\_network\_acls) | type = set(object({
default\_action = (Required) The Default Action to use when no rules match from ip\_rules / virtual\_network\_rules. Possible values are `Allow` and `Deny`.
ip\_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual\_network\_rules = optional(set(object({
subnet\_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore\_missing\_vnet\_service\_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
})) | set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
})) | `null` | no |
| [oai\_outbound\_network\_access\_restricted](#input\_oai\_outbound\_network\_access\_restricted) | Whether or not outbound network access is restricted. Defaults to `false`. | `bool` | `false` | no |
| [oai\_public\_network\_access\_enabled](#input\_oai\_public\_network\_access\_enabled) | Whether or not public network access is enabled. Defaults to `false`. | `bool` | `false` | no |
| [oai\_sku\_name](#input\_oai\_sku\_name) | SKU name of the OpenAI service. | `string` | `"S0"` | no |
-| [oai\_storage](#input\_oai\_storage) | type = list(object({
storage\_account\_id = (Required) Full resource id of a Microsoft.Storage resource.
identity\_client\_id = (Optional) The client ID of the managed identity associated with the storage resource.
})) | list(object({
storage_account_id = string
identity_client_id = optional(string)
})) | `[]` | no |
+| [oai\_storage](#input\_oai\_storage) | type = list(object({
storage\_account\_id = (Required) Full resource id of a Microsoft.Storage resource.
identity\_client\_id = (Optional) The client ID of the managed identity associated with the storage resource.
})) | list(object({
storage_account_id = string
identity_client_id = optional(string)
})) | `[]` | no |
| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group to create where the cognitive account OpenAI service is hosted. | `string` | n/a | yes |
-| [subnet\_config](#input\_subnet\_config) | A list of subnet configuration objects to create subnets in the virtual network. | object({
subnet_name = string
subnet_address_space = list(string)
service_endpoints = list(string)
private_endpoint_network_policies_enabled = string
private_link_service_network_policies_enabled = bool
subnets_delegation_settings = map(list(object({
name = string
actions = list(string)
})))
}) | {
"private_endpoint_network_policies_enabled": "Enabled",
"private_link_service_network_policies_enabled": false,
"service_endpoints": [
"Microsoft.AzureCosmosDB",
"Microsoft.Web"
],
"subnet_address_space": [
"10.4.0.0/24"
],
"subnet_name": "app-cosmos-sub",
"subnets_delegation_settings": {
"app-service-plan": [
{
"actions": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"name": "Microsoft.Web/serverFarms"
}
]
}
} | no |
+| [subnet\_config](#input\_subnet\_config) | A list of subnet configuration objects to create subnets in the virtual network. | object({
subnet_name = string
subnet_address_space = list(string)
service_endpoints = list(string)
private_endpoint_network_policies_enabled = string
private_link_service_network_policies_enabled = bool
subnets_delegation_settings = map(list(object({
name = string
actions = list(string)
})))
}) | {
"private_endpoint_network_policies_enabled": "Enabled",
"private_link_service_network_policies_enabled": false,
"service_endpoints": [
"Microsoft.AzureCosmosDB",
"Microsoft.Web"
],
"subnet_address_space": [
"10.4.0.0/24"
],
"subnet_name": "app-cosmos-sub",
"subnets_delegation_settings": {
"app-service-plan": [
{
"actions": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"name": "Microsoft.Web/serverFarms"
}
]
}
} | no |
| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | `{}` | no |
| [use\_cosmosdb\_free\_tier](#input\_use\_cosmosdb\_free\_tier) | Whether to enable the free tier for the Cosmos DB account. This needs to be false if another instance already uses free tier. | `bool` | `true` | no |
| [virtual\_network\_name](#input\_virtual\_network\_name) | Name of the virtual network where resources are attached. | `string` | `"openai-vnet-9000"` | no |
-| [vnet\_address\_space](#input\_vnet\_address\_space) | value of the address space for the virtual network. | `list(string)` | [
"10.4.0.0/24"
]
| no |
+| [vnet\_address\_space](#input\_vnet\_address\_space) | value of the address space for the virtual network. | `list(string)` | [
"10.4.0.0/24"
]
| no |
## Outputs