aboutsummaryrefslogtreecommitdiff
path: root/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments
diff options
context:
space:
mode:
authorS. Solomon Darnell2025-03-28 21:52:21 -0500
committerS. Solomon Darnell2025-03-28 21:52:21 -0500
commit4a52a71956a8d46fcb7294ac71734504bb09bcc2 (patch)
treeee3dc5af3b6313e921cd920906356f5d4febc4ed /.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments
parentcc961e04ba734dd72309fb548a2f97d67d578813 (diff)
downloadgn-ai-master.tar.gz
two version of R2R are hereHEADmaster
Diffstat (limited to '.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments')
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/__init__.py10
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_deployment_executor.py267
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_helper.py61
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/__init__.py5
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/base_template.json7
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/code_version.json11
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/environment_version.json11
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments.json194
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments_param.json41
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model.json11
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model_version.json11
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_deployment.json17
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_endpoint.json15
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/update_online_endpoint.json27
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_base.json1194
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_param.json218
-rw-r--r--.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_project.json731
17 files changed, 2831 insertions, 0 deletions
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/__init__.py b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/__init__.py
new file mode 100644
index 00000000..b7dab6c2
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/__init__.py
@@ -0,0 +1,10 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+
+__path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore
+
+
+from .arm_deployment_executor import ArmDeploymentExecutor
+
+__all__ = ["ArmDeploymentExecutor"]
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_deployment_executor.py b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_deployment_executor.py
new file mode 100644
index 00000000..a6089ad3
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_deployment_executor.py
@@ -0,0 +1,267 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+
+# pylint: disable=protected-access
+
+import logging
+import time
+from typing import Any, Dict, Optional
+
+from azure.ai.ml._arm_deployments.arm_helper import deployment_message_mapping
+from azure.ai.ml._azure_environments import (
+ _get_azure_portal_id_from_metadata,
+ _get_base_url_from_metadata,
+ _get_cloud_details,
+ _resource_to_scopes,
+)
+from azure.ai.ml._utils._arm_id_utils import AzureResourceId, get_arm_id_object_from_id
+from azure.ai.ml._utils._logger_utils import initialize_logger_info
+from azure.ai.ml._utils.utils import from_iso_duration_format_min_sec
+from azure.ai.ml._vendor.azure_resources._resource_management_client import ResourceManagementClient
+from azure.ai.ml._vendor.azure_resources.models import Deployment, DeploymentProperties
+from azure.ai.ml.constants._common import (
+ ENDPOINT_DEPLOYMENT_START_MSG,
+ ArmConstants,
+ LROConfigurations,
+ OperationStatus,
+)
+from azure.ai.ml.exceptions import ErrorCategory, ErrorTarget, ValidationException
+from azure.core.credentials import TokenCredential
+from azure.core.polling import LROPoller
+
+module_logger = logging.getLogger(__name__)
+initialize_logger_info(module_logger, terminator="")
+
+
+# pylint: disable=too-many-instance-attributes
+class ArmDeploymentExecutor(object):
+ def __init__(
+ self,
+ credentials: TokenCredential,
+ resource_group_name: str,
+ subscription_id: str,
+ deployment_name: str,
+ **kwargs,
+ ):
+ self._credentials = credentials
+ self._subscription_id = subscription_id
+ self._resource_group_name = resource_group_name
+ self._deployment_name = deployment_name
+ self._cloud = _get_cloud_details()
+ management_hostname = _get_base_url_from_metadata()
+ credential_scopes = _resource_to_scopes(management_hostname)
+ kwargs.pop("base_url", None)
+ if credential_scopes is not None:
+ kwargs["credential_scopes"] = credential_scopes
+ self._client = ResourceManagementClient(
+ credential=self._credentials,
+ subscription_id=self._subscription_id,
+ api_version=ArmConstants.AZURE_MGMT_RESOURCE_API_VERSION,
+ base_url=management_hostname,
+ **kwargs,
+ )
+ self._deployment_operations_client = self._client.deployment_operations
+ self._deployments_client = self._client.deployments
+ self._deployment_tracking = []
+ self._lock = None # To allow only one deployment to print
+ self._printed_set = set() # To prevent already printed deployment from re using the console
+ self._resources_being_deployed = {}
+
+ def deploy_resource(
+ self,
+ template: str,
+ resources_being_deployed: Dict[str, Any],
+ parameters: Optional[Dict] = None,
+ wait: bool = True,
+ ) -> Optional[LROPoller]:
+ total_duration = None
+ if not resources_being_deployed:
+ msg = "No resource is being deployed. Please check the template again."
+ raise ValidationException(
+ message=msg,
+ no_personal_data_message=msg,
+ target=ErrorTarget.ARM_DEPLOYMENT,
+ error_category=ErrorCategory.USER_ERROR,
+ )
+ error = None
+ try:
+ poller = self._get_poller(template=template, parameters=parameters)
+ module_logger.info(
+ "The deployment request %s was accepted. ARM deployment URI for reference: \n", self._deployment_name
+ )
+ endpoint_deployment_start_message = ENDPOINT_DEPLOYMENT_START_MSG.format(
+ _get_azure_portal_id_from_metadata(),
+ self._subscription_id,
+ self._resource_group_name,
+ self._deployment_name,
+ )
+ module_logger.info(endpoint_deployment_start_message)
+ if wait:
+ try:
+ while not poller.done():
+ try:
+ time.sleep(LROConfigurations.SLEEP_TIME)
+ self._check_deployment_status()
+ except KeyboardInterrupt as e:
+ self._client.close()
+ error = e
+ raise
+
+ if poller._exception is not None:
+ error = poller._exception
+ except Exception as e: # pylint: disable=W0718
+ error = e
+ finally:
+ # one last check to make sure all print statements make it
+ if not isinstance(error, KeyboardInterrupt):
+ self._check_deployment_status()
+ total_duration = poller.result().properties.duration
+ else:
+ return poller
+ except Exception as ex:
+ module_logger.debug("Polling hit the exception %s\n", ex)
+ raise ex
+
+ if error is not None:
+ error_msg = f"Unable to create resource. \n {error}\n"
+ module_logger.error(error_msg)
+ raise error
+ if len(resources_being_deployed) > 1 and total_duration:
+ module_logger.info("Total time : %s\n", from_iso_duration_format_min_sec(total_duration))
+ return None
+
+ def _get_poller(self, template: str, parameters: Optional[Dict] = None, wait: bool = True) -> None:
+ # deploy the template
+ properties = DeploymentProperties(template=template, parameters=parameters, mode="incremental")
+ return self._deployments_client.begin_create_or_update(
+ resource_group_name=self._resource_group_name,
+ deployment_name=self._deployment_name,
+ parameters=Deployment(properties=properties),
+ polling=wait,
+ polling_interval=LROConfigurations.POLL_INTERVAL,
+ )
+
+ # pylint: disable=too-many-statements
+ def _check_deployment_status(self) -> None:
+ deployment_operations = self._deployment_operations_client.list(
+ resource_group_name=self._resource_group_name,
+ deployment_name=self._deployment_name,
+ )
+
+ for deployment_operation in deployment_operations:
+ operation_id = deployment_operation.operation_id
+ properties = deployment_operation.properties
+ target_resource = properties.target_resource
+
+ module_logger.debug(
+ "\n Received deployment operation: %s, with status %s\n\n",
+ target_resource,
+ properties.provisioning_state,
+ )
+
+ if properties.provisioning_operation == "EvaluateDeploymentOutput":
+ continue
+
+ arm_id_obj = get_arm_id_object_from_id(target_resource.id)
+
+ resource_name = (
+ f"{arm_id_obj.asset_name} {arm_id_obj.asset_version if hasattr(arm_id_obj,'asset_version') else ''}"
+ )
+ # do swap on asset_type to avoid collision with workspaces asset_type in arm id
+ if isinstance(arm_id_obj, AzureResourceId):
+ arm_id_obj.asset_type = (
+ arm_id_obj.asset_type
+ if not arm_id_obj.provider_namespace_with_type == "OperationalInsightsworkspaces"
+ else "LogAnalytics"
+ )
+ deployment_message = deployment_message_mapping[arm_id_obj.asset_type].format(f"{resource_name} ")
+ if target_resource.resource_name not in self._resources_being_deployed:
+ self._resources_being_deployed[target_resource.resource_name] = (
+ deployment_message,
+ None,
+ )
+
+ if (
+ properties.provisioning_state
+ and (not self._lock or self._lock == target_resource.resource_name)
+ and target_resource.resource_name not in self._printed_set
+ ):
+ status_in_resource_dict = self._resources_being_deployed[target_resource.resource_name][1]
+ module_logger.debug(
+ ("\n LOCK STATUS : %s, Status in the resources dict : %s , Already in printed set: %s\n"),
+ self._lock,
+ status_in_resource_dict,
+ self._printed_set,
+ )
+ module_logger.debug("Locking with the deployment : %s\n\n", target_resource.resource_name)
+ self._lock = target_resource.resource_name
+ provisioning_state = properties.provisioning_state
+ request_id = properties.service_request_id
+
+ if target_resource is None:
+ continue
+
+ resource_name = target_resource.resource_name
+ if resource_name not in self._resources_being_deployed:
+ resource_type, previous_state = resource_name, None
+ else:
+ resource_type, previous_state = self._resources_being_deployed[resource_name]
+
+ duration = properties.duration
+ # duration comes in format: "PT1M56.3454108S"
+ try:
+ duration_in_min_sec = from_iso_duration_format_min_sec(duration)
+ except Exception: # pylint: disable=W0718
+ duration_in_min_sec = ""
+
+ self._resources_being_deployed[resource_name] = (
+ resource_type,
+ provisioning_state,
+ )
+
+ if provisioning_state == OperationStatus.FAILED and previous_state != OperationStatus.FAILED:
+ status_code = properties.status_code
+ status_message = properties.status_message
+ module_logger.debug(
+ (
+ "%s: Failed with operation id= %s, "
+ "service request id=%s, status=%s, "
+ "error message = %s.\n"
+ ),
+ resource_type,
+ operation_id,
+ request_id,
+ status_code,
+ status_message.error,
+ )
+ module_logger.debug(
+ "More details: %s\n",
+ status_message.error.details[0].message if status_message.error.details else None,
+ )
+ # self._lock = None
+ # First time we're seeing this so let the user know it's being deployed
+ elif properties.provisioning_state == OperationStatus.RUNNING and previous_state is None:
+ module_logger.info("%s ", resource_type)
+ elif (
+ properties.provisioning_state == OperationStatus.RUNNING
+ and previous_state == OperationStatus.RUNNING
+ ):
+ module_logger.info(".")
+ # If the provisioning has already succeeded but we hadn't seen it Running before
+ # (really quick deployment - so probably never happening) let user know resource
+ # is being deployed and then let user know it has been deployed
+ elif properties.provisioning_state == OperationStatus.SUCCEEDED and previous_state is None:
+ module_logger.info("%s Done (%s)\n", resource_type, duration_in_min_sec)
+ self._lock = None
+ self._printed_set.add(resource_name)
+ module_logger.debug("Releasing lock for deployment: %s\n\n", target_resource.resource_name)
+ # Finally, deployment has succeeded and was previously running, so mark it as finished
+ elif (
+ properties.provisioning_state == OperationStatus.SUCCEEDED
+ and previous_state != OperationStatus.SUCCEEDED
+ ):
+ module_logger.info(" Done (%s)\n", duration_in_min_sec)
+ self._lock = None
+ self._printed_set.add(resource_name)
+ module_logger.debug("Releasing lock for deployment: %s\n\n", target_resource.resource_name)
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_helper.py b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_helper.py
new file mode 100644
index 00000000..14070db7
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_helper.py
@@ -0,0 +1,61 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+
+from os import path
+from typing import Any, Dict
+
+from azure.ai.ml._utils.utils import load_json
+from azure.ai.ml.constants._common import ArmConstants, AzureMLResourceType
+from azure.ai.ml.exceptions import ErrorTarget, ValidationException
+
+template_mapping = {
+ ArmConstants.BASE_TYPE: "base_template.json",
+ ArmConstants.CODE_TYPE: "code.json",
+ ArmConstants.CODE_VERSION_TYPE: "code_version.json",
+ ArmConstants.ENVIRONMENT_VERSION_TYPE: "environment_version.json",
+ ArmConstants.MODEL_VERSION_TYPE: "model_version.json",
+ ArmConstants.MODEL_TYPE: "model.json",
+ ArmConstants.ONLINE_ENDPOINT_TYPE: "online_endpoint.json",
+ ArmConstants.ONLINE_DEPLOYMENT_TYPE: "online_deployment.json",
+ ArmConstants.UPDATE_ONLINE_ENDPOINT_TYPE: "update_online_endpoint.json",
+ ArmConstants.WORKSPACE_BASE: "workspace_base.json",
+ ArmConstants.WORKSPACE_PARAM: "workspace_param.json",
+ ArmConstants.FEATURE_STORE_ROLE_ASSIGNMENTS: "feature_store_role_assignments.json",
+ ArmConstants.FEATURE_STORE_ROLE_ASSIGNMENTS_PARAM: "feature_store_role_assignments_param.json",
+ ArmConstants.WORKSPACE_PROJECT: "workspace_project.json",
+}
+
+
+deployment_message_mapping = {
+ ArmConstants.CODE_TYPE: "Registering code: ({0})",
+ AzureMLResourceType.CODE: "Registering code version: ({0})",
+ ArmConstants.CODE_VERSION_TYPE: "Registering code version: ({0})",
+ ArmConstants.ENVIRONMENT_VERSION_TYPE: "Registering environment version: ({0})",
+ AzureMLResourceType.ENVIRONMENT: "Registering environment version: ({0})",
+ ArmConstants.MODEL_VERSION_TYPE: "Registering model version: ({0})",
+ ArmConstants.MODEL_TYPE: "Registering model: ({0})",
+ AzureMLResourceType.MODEL: "Registering model version: ({0})",
+ ArmConstants.ONLINE_ENDPOINT_TYPE: "Creating endpoint: {0}",
+ ArmConstants.ONLINE_DEPLOYMENT_TYPE: "Creating or updating deployment: {0}",
+ AzureMLResourceType.DEPLOYMENT: "Creating or updating deployment: {0}",
+ ArmConstants.UPDATE_ONLINE_ENDPOINT_TYPE: "Updating traffic",
+ ArmConstants.KEY_VAULT_PARAMETER_NAME: "Creating Key Vault: ({0})",
+ ArmConstants.LOG_ANALYTICS: "Creating Log Analytics Workspace: ({0})",
+ ArmConstants.APP_INSIGHTS_PARAMETER_NAME: "Creating Application Insights: ({0})",
+ ArmConstants.CONTAINER_REGISTRY_PARAMETER_NAME: "Creating Container Registry: ({0})",
+ ArmConstants.STORAGE_ACCOUNT_PARAMETER_NAME: "Creating Storage Account: ({0})",
+ AzureMLResourceType.WORKSPACE: "Creating AzureML Workspace: ({0})",
+ AzureMLResourceType.CONNECTIONS: "Creating connection: ({0})",
+ ArmConstants.USER_ASSIGNED_IDENTITIES: "Creating User Assigned Identities: ({0})",
+ ArmConstants.ROLE_ASSIGNMENTS: "Creating Role Assignment: ({0})",
+ ArmConstants.MULTIPLE_ENDPOINTS_TYPE: "Creating endpoints: ({0})",
+}
+
+
+def get_template(resource_type: str) -> Dict[str, Any]:
+ if resource_type not in template_mapping:
+ msg = "can't find the template for the resource {}".format(resource_type)
+ raise ValidationException(message=msg, no_personal_data_message=msg, target=ErrorTarget.ARM_RESOURCE)
+ template_path = path.join(path.dirname(__file__), "arm_templates", template_mapping[resource_type])
+ return load_json(file_path=template_path)
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/__init__.py b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/__init__.py
new file mode 100644
index 00000000..29a4fcd3
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/__init__.py
@@ -0,0 +1,5 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+
+__path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/base_template.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/base_template.json
new file mode 100644
index 00000000..c57299eb
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/base_template.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {},
+ "variables": {},
+ "resources": []
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/code_version.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/code_version.json
new file mode 100644
index 00000000..0e9bd949
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/code_version.json
@@ -0,0 +1,11 @@
+{
+ "type": "Microsoft.MachineLearningServices/workspaces/codes/versions",
+ "apiVersion": "2021-10-01",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('code_version')[copyIndex()].name, '/', parameters('code_version')[copyIndex()].version)]",
+ "properties": "[parameters('code_version')[copyIndex()].properties]",
+ "copy": {
+ "name": "codeVersionDeploymentCopy",
+ "count": "[length(parameters('code_version'))]",
+ "mode": "serial"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/environment_version.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/environment_version.json
new file mode 100644
index 00000000..86c4072e
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/environment_version.json
@@ -0,0 +1,11 @@
+{
+ "type": "Microsoft.MachineLearningServices/workspaces/environments/versions",
+ "apiVersion": "2021-10-01",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('environment_version')[copyIndex()].name, '/', parameters('environment_version')[copyIndex()].version)]",
+ "properties": "[parameters('environment_version')[copyIndex()].properties]",
+ "copy": {
+ "name": "environmentVersionDeploymentCopy",
+ "count": "[length(parameters('environment_version'))]",
+ "mode": "serial"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments.json
new file mode 100644
index 00000000..bde437c9
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments.json
@@ -0,0 +1,194 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "materialization_identity_resource_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store materialization identity resource id"
+ }
+ },
+ "offline_store_target": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "offline store resource id"
+ }
+ },
+ "offline_store_resource_group_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store offline store resource group"
+ }
+ },
+ "offline_store_subscription_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store offline store subscription id"
+ }
+ },
+ "online_store_target": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "online store resource id"
+ }
+ },
+ "online_store_resource_group_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store resource group"
+ }
+ },
+ "online_store_subscription_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store subscription id"
+ }
+ },
+ "workspace_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Specifies the name of the Azure Machine Learning workspace."
+ }
+ },
+ "resource_group_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Specifies the name of the resource group."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the location for all resources."
+ }
+ },
+ "update_offline_store_role_assignment": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether to update offline store role assignment"
+ }
+ },
+ "update_online_store_role_assignment": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether to update online store role assignment"
+ }
+ },
+ "update_workspace_role_assignment": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether to update workspace role assignment"
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[and(not(empty(parameters('materialization_identity_resource_id'))), equals(parameters('update_workspace_role_assignment'), 'true'))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('workspace-role-assign-', guid(parameters('materialization_identity_resource_id'), parameters('resource_group_name'), parameters('workspace_name'), 'azureml ds role'))]",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(parameters('materialization_identity_resource_id'), resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspace_name')), 'azureml ds role')]",
+ "scope": "[resourceId(parameters('resource_group_name'), 'Microsoft.MachineLearningServices/workspaces', parameters('workspace_name'))]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121')]",
+ "principalId": "[reference(parameters('materialization_identity_resource_id'), '2018-11-30').principalId]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(not(empty(parameters('materialization_identity_resource_id'))), equals(parameters('update_offline_store_role_assignment'), 'true'), not(empty(parameters('offline_store_target'))))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('offline-store-role-assign-', guid(parameters('materialization_identity_resource_id'), parameters('offline_store_target'), 'storage blob data contributor'))]",
+ "apiVersion": "2020-06-01",
+ "resourceGroup": "[If(empty(parameters('offline_store_resource_group_name')), resourceGroup().name, parameters('offline_store_resource_group_name'))]",
+ "subscriptionId": "[If(empty(parameters('offline_store_subscription_id')), subscription().subscriptionId, parameters('offline_store_subscription_id'))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(parameters('materialization_identity_resource_id'), parameters('offline_store_target'), 'storage blob data contributor')]",
+ "scope": "[parameters('offline_store_target')]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
+ "principalId": "[reference(parameters('materialization_identity_resource_id'), '2023-01-31').principalId]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(not(empty(parameters('materialization_identity_resource_id'))), equals(parameters('update_online_store_role_assignment'), 'true'), not(empty(parameters('online_store_target'))))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('online-store-role-assign-', guid(parameters('materialization_identity_resource_id'), parameters('online_store_target'), 'contributor'))]",
+ "apiVersion": "2020-06-01",
+ "resourceGroup": "[If(empty(parameters('online_store_resource_group_name')), resourceGroup().name, parameters('online_store_resource_group_name'))]",
+ "subscriptionId": "[If(empty(parameters('online_store_subscription_id')), subscription().subscriptionId, parameters('online_store_subscription_id'))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(parameters('materialization_identity_resource_id'), parameters('online_store_target'), 'contributor')]",
+ "scope": "[parameters('online_store_target')]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "principalId": "[reference(parameters('materialization_identity_resource_id'), '2023-01-31').principalId]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ }
+ ]
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments_param.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments_param.json
new file mode 100644
index 00000000..6f62c1a1
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/feature_store_role_assignments_param.json
@@ -0,0 +1,41 @@
+{
+ "materialization_identity_resource_id": {
+ "value": null
+ },
+ "offline_store_target": {
+ "value": null
+ },
+ "offline_store_resource_group_name" : {
+ "value": null
+ },
+ "offline_store_subscription_id" : {
+ "value": null
+ },
+ "online_store_target": {
+ "value": null
+ },
+ "online_store_resource_group_name" : {
+ "value": null
+ },
+ "online_store_subscription_id" : {
+ "value": null
+ },
+ "workspace_name": {
+ "value": null
+ },
+ "resource_group_name": {
+ "value": null
+ },
+ "location": {
+ "value": ""
+ },
+ "update_offline_store_role_assignment": {
+ "value": "false"
+ },
+ "update_online_store_role_assignment": {
+ "value": "false"
+ },
+ "update_workspace_role_assignment": {
+ "value": "false"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model.json
new file mode 100644
index 00000000..27a92bdd
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model.json
@@ -0,0 +1,11 @@
+{
+ "type": "Microsoft.MachineLearningServices/workspaces/models",
+ "apiVersion": "2021-10-01",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('models')[copyIndex()].name)]",
+ "properties": "[parameters('models')[copyIndex()].properties]",
+ "copy": {
+ "name": "modelDeploymentCopy",
+ "count": "[length(parameters('models'))]",
+ "mode": "serial"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model_version.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model_version.json
new file mode 100644
index 00000000..e9edc83e
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/model_version.json
@@ -0,0 +1,11 @@
+{
+ "type": "Microsoft.MachineLearningServices/workspaces/models/versions",
+ "apiVersion": "2021-10-01",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('model_version')[copyIndex()].name, '/', parameters('model_version')[copyIndex()].version)]",
+ "properties": "[parameters('model_version')[copyIndex()].properties]",
+ "copy": {
+ "name": "modelVersionDeploymentCopy",
+ "count": "[length(parameters('model_version'))]",
+ "mode": "serial"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_deployment.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_deployment.json
new file mode 100644
index 00000000..0bf51f61
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_deployment.json
@@ -0,0 +1,17 @@
+{
+ "type": "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments",
+ "apiVersion": "2021-10-01",
+ "location": "[parameters('location')]",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('onlineEndpointName'), '/', parameters('online_deployment')[copyIndex()].name)]",
+ "identity": {
+ "type": "None"
+ },
+ "properties": "[parameters('online_deployment')[copyIndex()].properties]",
+ "tags": "[parameters('online_deployment')[copyIndex()].tags]",
+ "sku": "[parameters('online_deployment')[copyIndex()].sku]",
+ "copy": {
+ "name": "onlineDeploymentCopy",
+ "count": "[length(parameters('online_deployment'))]",
+ "mode": "serial"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_endpoint.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_endpoint.json
new file mode 100644
index 00000000..ecafb25d
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/online_endpoint.json
@@ -0,0 +1,15 @@
+{
+ "condition": "[equals(parameters('endpointCreateOrUpdate'),'create')]",
+ "type": "Microsoft.MachineLearningServices/workspaces/onlineEndpoints",
+ "apiVersion": "2021-10-01",
+ "location": "[parameters('location')]",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('onlineEndpointName'))]",
+ "identity": "[parameters('onlineEndpointIdentity')]",
+ "tags": "[parameters('onlineEndpointTags')]",
+ "properties": "[parameters('onlineEndpointProperties')]",
+ "copy": {
+ "name": "onlineEndpointCopy",
+ "count": 1,
+ "mode": "serial"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/update_online_endpoint.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/update_online_endpoint.json
new file mode 100644
index 00000000..59a2b67a
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/update_online_endpoint.json
@@ -0,0 +1,27 @@
+{
+ "apiVersion": "2015-01-01",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('updateEndpointWithTraffic', '-', parameters('onlineEndpointName'))]",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {},
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {},
+ "variables": {},
+ "resources": [
+ {
+ "type": "Microsoft.MachineLearningServices/workspaces/onlineEndpoints",
+ "apiVersion": "2021-10-01",
+ "location": "[parameters('location')]",
+ "name": "[concat(parameters('workspaceName'), '/', parameters('onlineEndpointName'))]",
+ "identity": "[parameters('onlineEndpointIdentity')]",
+ "tags": "[parameters('onlineEndpointTags')]",
+ "properties": "[parameters('onlineEndpointPropertiesTrafficUpdate')]"
+ }
+ ],
+ "outputs": {}
+ }
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_base.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_base.json
new file mode 100644
index 00000000..c75daf50
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_base.json
@@ -0,0 +1,1194 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "workspaceName": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the name of the Azure Machine Learning workspace."
+ }
+ },
+ "description": {
+ "type": "string",
+ "metadata": {
+ "description": "Description string."
+ }
+ },
+ "friendlyName": {
+ "type": "string",
+ "metadata": {
+ "description": "Friendly name."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "defaultValue": "Default",
+ "metadata": {
+ "description": "Specifies the Kind of the workspace."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the location for all resources."
+ }
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the resource group name of the Azure Machine Learning workspace."
+ }
+ },
+ "associatedResourcePNA": {
+ "type": "string",
+ "defaultValue": "Enabled",
+ "allowedValues": [
+ "Enabled",
+ "Disabled"
+ ],
+ "metadata": {
+ "description": "Determines the PublicNetworkAccess mode of new workspace-associated resources provisioned alongside with workspace."
+ }
+ },
+ "storageAccountOption": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new storage should be provisioned."
+ }
+ },
+ "storageAccountName": {
+ "type": "string",
+ "defaultValue": "[concat('sa', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the storage account."
+ }
+ },
+ "storageAccountType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS"
+ },
+ "storageAccountBehindVNet": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to put the storage account behind VNet"
+ }
+ },
+ "storageAccountSubscriptionId": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]"
+ },
+ "storageAccountResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "storageAccountLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "keyVaultOption": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new key vault should be provisioned."
+ }
+ },
+ "keyVaultName": {
+ "type": "string",
+ "defaultValue": "[concat('kv', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the key vault."
+ }
+ },
+ "keyVaultBehindVNet": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to put the storage account behind VNet"
+ }
+ },
+ "keyVaultResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "keyVaultLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "applicationInsightsOption": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not new ApplicationInsights should be provisioned."
+ }
+ },
+ "logAnalyticsName": {
+ "type": "string",
+ "defaultValue": "[concat('la', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of LogAnalytics to be used by ApplicationInsights resource."
+ }
+ },
+ "logAnalyticsArmId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "ARM Id of LogAnalytics to be used by ApplicationInsights resource."
+ }
+ },
+ "applicationInsightsName": {
+ "type": "string",
+ "defaultValue": "[concat('ai', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of ApplicationInsights."
+ }
+ },
+ "applicationInsightsResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "applicationInsightsLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "containerRegistryOption": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new container registry should be provisioned."
+ }
+ },
+ "containerRegistryName": {
+ "type": "string",
+ "defaultValue": "[concat('cr', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "The container registry bind to the workspace."
+ }
+ },
+ "containerRegistrySku": {
+ "type": "string",
+ "defaultValue": "Standard",
+ "allowedValues": [
+ "Basic",
+ "Standard",
+ "Premium"
+ ]
+ },
+ "containerRegistryResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "containerRegistryBehindVNet": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to put container registry behind VNet."
+ }
+ },
+ "containerRegistryLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "vnetOption": {
+ "type": "string",
+ "defaultValue": "[if(equals(parameters('privateEndpointType'), 'none'), 'none', 'new')]",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new VNet should be provisioned."
+ }
+ },
+ "vnetName": {
+ "type": "string",
+ "defaultValue": "[concat('vn',uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the VNet"
+ }
+ },
+ "vnetResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "addressPrefixes": {
+ "type": "array",
+ "defaultValue": [
+ "10.0.0.0/16"
+ ],
+ "metadata": {
+ "description": "Address prefix of the virtual network"
+ }
+ },
+ "subnetOption": {
+ "type": "string",
+ "defaultValue": "[if(or(not(equals(parameters('privateEndpointType'), 'none')), equals(parameters('vnetOption'), 'new')), 'new', 'none')]",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new subnet should be provisioned."
+ }
+ },
+ "subnetName": {
+ "type": "string",
+ "defaultValue": "[concat('sn',uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the subnet"
+ }
+ },
+ "subnetPrefix": {
+ "type": "string",
+ "defaultValue": "10.0.0.0/24",
+ "metadata": {
+ "description": "Subnet prefix of the virtual network"
+ }
+ },
+ "adbWorkspace": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Azure Databrick workspace to be linked to the workspace"
+ }
+ },
+ "confidential_data": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Specifies that the Azure Machine Learning workspace holds highly confidential data."
+ }
+ },
+ "encryption_status": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Enabled",
+ "Disabled"
+ ],
+ "metadata": {
+ "description": "Specifies if the Azure Machine Learning workspace should be encrypted with customer managed key."
+ }
+ },
+ "cmk_keyvault": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Specifies the customer managed keyVault arm id."
+ }
+ },
+ "resource_cmk_uri": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Specifies if the customer managed keyvault key uri."
+ }
+ },
+ "privateEndpointType": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "AutoApproval",
+ "ManualApproval",
+ "none"
+ ]
+ },
+ "tagValues": {
+ "type": "object"
+ },
+ "privateEndpointName": {
+ "type": "string",
+ "defaultValue": "pe",
+ "metadata": {
+ "description": "Name of the private end point added to the workspace"
+ }
+ },
+ "privateEndpointResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]",
+ "metadata": {
+ "description": "Name of the resource group where the private end point is added to"
+ }
+ },
+ "imageBuildCompute": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The name of the compute target to use for building environment Docker images with the container registry is behind a VNet."
+ }
+ },
+ "publicNetworkAccess": {
+ "type": "string",
+ "defaultValue": "Enabled",
+ "allowedValues": [
+ "Disabled",
+ "Enabled"
+ ],
+ "metadata": {
+ "description": "Whether to allow public endpoint connectivity when a workspace is private link enabled."
+ }
+ },
+ "soft_delete_enabled": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Whether to create a workspace with soft delete capability"
+ }
+ },
+ "allow_recover_softdeleted_workspace": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Whether to allow an existing soft-deleted workspace to be recovered"
+ }
+ },
+ "encryption_cosmosdb_resourceid": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Bring-Your-Own cosmosdb account that customer brings to store data"
+ }
+ },
+ "encryption_storage_resourceid": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Bring-Your-Own storage account that customer brings to store data"
+ }
+ },
+ "encryption_search_resourceid": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Bring-Your-Own search account that customer brings to store data"
+ }
+ },
+ "identity": {
+ "type": "object",
+ "defaultValue": {
+ "type": "systemAssigned"
+ },
+ "metadata": {
+ "description": "Managed identities assigned to workspace. If not specificed, SystemAssigned managed identity is the default."
+ }
+ },
+ "primaryUserAssignedIdentity": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "ARM identifier of primary user assigned managed identity, in case multiple ones are specified. Also the default managed identity for clusterless compute."
+ }
+ },
+ "managedNetwork": {
+ "type": "object",
+ "defaultValue": {
+ "isolationMode": "Disabled"
+ },
+ "metadata": {
+ "description": "Managed network settings to be used for the workspace. If not specified, isolation mode Disabled is the default"
+ }
+ },
+ "provisionNetworkNow": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Set to provision the managed VNet with the default Options when creating a Workspace with the managed VNet enabled"
+ }
+ },
+ "allowRoleAssignmentOnRG": {
+ "type": "string",
+ "defaultValue": "true",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "A flag to determine if workspace should be created/update with allow role assignment on resource group level."
+ }
+ },
+ "spark_runtime_version": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "spark version to be used by all feature sets"
+ }
+ },
+ "offlineStoreStorageAccountOption": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to provision a feature store offline store storage account"
+ }
+ },
+ "offline_store_storage_account_name": {
+ "type": "string",
+ "defaultValue": "[concat('sa', uniqueString('featurestore', parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the feature store offline store storage account."
+ }
+ },
+ "offline_store_container_name": {
+ "type": "string",
+ "defaultValue": "[concat('offlinestore', newGuid())]",
+ "metadata": {
+ "description": "Feature store offline store container"
+ }
+ },
+ "offline_store_resource_group_name": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Feature store offline store resource group"
+ }
+ },
+ "offline_store_subscription_id": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Feature store offline store subscription id"
+ }
+ },
+ "offline_store_connection_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store offline store config"
+ }
+ },
+ "online_store_resource_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store resource id"
+ }
+ },
+ "online_store_resource_group_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store resource group"
+ }
+ },
+ "online_store_subscription_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store subscription id"
+ }
+ },
+ "online_store_connection_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store config"
+ }
+ },
+ "materializationIdentityOption": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to provision a materialization identity"
+ }
+ },
+ "materialization_identity_name": {
+ "type": "string",
+ "defaultValue": "empty",
+ "metadata": {
+ "description": "Feature store materialization identity name"
+ }
+ },
+ "materialization_identity_subscription_id": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Feature store materialization identity subscription id"
+ }
+ },
+ "materialization_identity_resource_group_name": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Feature store materialization identity resource group name"
+ }
+ },
+ "grant_materialization_permissions": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Whether to grant materialization identity permissions"
+ }
+ },
+ "enable_data_isolation": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "A flag to determine if workspace has data isolation enabled. The flag can only be set at the creation phase, it can't be updated."
+ }
+ },
+ "workspace_hub_config" : {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Additional configuration for WorkspaceHub."
+ }
+ },
+ "existing_workspaces" : {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "A list of existing workspaces used by Hub to perform convert."
+ }
+ },
+ "workspace_hub" : {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Resource Id of Hub used for lean workspace."
+ }
+ },
+ "serverless_compute_settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Serverless compute settings to be used for the workspace."
+ }
+ },
+ "systemDatastoresAuthMode": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The authentication mode for system datastores"
+ }
+ },
+ "endpoint_resource_id": {
+ "type": "string",
+ "defaultValue": "null",
+ "metadata": {
+ "description": "The resource id that this workspace hub's endpoints should reference."
+ }
+ },
+ "endpoint_kind": {
+ "type": "string",
+ "defaultValue": "AIServices",
+ "metadata": {
+ "description": "The kind of endpoints this workspace hub ought to contain."
+ }
+ },
+ "endpoint_option": {
+ "type": "string",
+ "defaultValue": "new",
+ "metadata": {
+ "description": "Testing value. Do not touch."
+ }
+ }
+ },
+ "variables": {
+ "tenantId": "[subscription().tenantId]",
+ "storageAccount": "[resourceId(parameters('storageAccountSubscriptionId'), parameters('storageAccountResourceGroupName'), 'Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
+ "keyVault": "[resourceId(parameters('keyVaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))]",
+ "containerRegistry": "[resourceId(parameters('containerRegistryResourceGroupName'), 'Microsoft.ContainerRegistry/registries', parameters('containerRegistryName'))]",
+ "applicationInsights": "[resourceId(parameters('applicationInsightsResourceGroupName'), 'Microsoft.Insights/components', parameters('applicationInsightsName'))]",
+ "vnet": "[resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('vnetName'))]",
+ "subnet": "[resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]",
+ "enablePE": true,
+ "networkRuleSetBehindVNet": {
+ "defaultAction": "deny",
+ "virtualNetworkRules": [
+ {
+ "action": "Allow",
+ "id": "[variables('subnet')]"
+ }
+ ]
+ },
+ "networkAclsForManagedNetworkDependencies": {
+ "defaultAction": "deny",
+ "bypass": "AzureServices"
+ },
+ "privateEndpointSettings": {
+ "name": "[concat(parameters('workspaceName'), '-PrivateEndpoint')]",
+ "properties": {
+ "privateLinkServiceId": "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "groupIds": [
+ "amlworkspace"
+ ]
+ }
+ },
+ "defaultPEConnections": "[array(variables('privateEndpointSettings'))]",
+ "privateEndpointDeploymentName": "[concat('DeployPrivateEndpoint-', uniqueString(parameters('privateEndpointName')))]",
+ "materializationIdentity": "[resourceId(parameters('materialization_identity_subscription_id'), parameters('materialization_identity_resource_group_name'), 'Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]",
+ "offlineStore": "[resourceId(parameters('offline_store_subscription_id'), parameters('offline_store_resource_group_name'), 'Microsoft.Storage/storageAccounts/blobServices/containers', parameters('offline_store_storage_account_name'), 'default', parameters('offline_store_container_name'))]",
+ "isWorkspaceHub": "[equals(parameters('kind'), 'hub')]"
+ },
+ "resources": [
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('vnetOption'), 'new'))]",
+ "type": "Microsoft.Network/virtualNetworks",
+ "apiVersion": "2019-09-01",
+ "name": "[parameters('vnetName')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tagValues')]",
+ "properties": {
+ "addressSpace": {
+ "addressPrefixes": "[parameters('addressPrefixes')]"
+ },
+ "enableDdosProtection": false,
+ "enableVmProtection": false
+ }
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('subnetOption'), 'new'))]",
+ "type": "Microsoft.Network/virtualNetworks/subnets",
+ "apiVersion": "2019-09-01",
+ "name": "[concat(parameters('vnetName'), '/', parameters('subnetName'))]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
+ ],
+ "properties": {
+ "addressPrefix": "[parameters('subnetPrefix')]",
+ "privateEndpointNetworkPolicies": "Disabled",
+ "privateLinkServiceNetworkPolicies": "Enabled",
+ "serviceEndpoints": [
+ {
+ "service": "Microsoft.Storage"
+ },
+ {
+ "service": "Microsoft.KeyVault"
+ },
+ {
+ "service": "Microsoft.ContainerRegistry"
+ }
+ ]
+ }
+ },
+ {
+ "condition": "[and(equals(parameters('kind'), 'featurestore'), equals(parameters('materializationIdentityOption'), 'new'))]",
+ "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
+ "apiVersion": "2018-11-30",
+ "name": "[parameters('materialization_identity_name')]",
+ "location": "[parameters('location')]"
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('storageAccountOption'), 'new'))]",
+ "type": "Microsoft.Storage/storageAccounts",
+ "apiVersion": "2023-04-01",
+ "name": "[parameters('storageAccountName')]",
+ "tags": "[parameters('tagValues')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
+ ],
+ "location": "[parameters('storageAccountLocation')]",
+ "sku": {
+ "name": "[parameters('storageAccountType')]"
+ },
+ "kind": "StorageV2",
+ "properties": {
+ "encryption": {
+ "services": {
+ "blob": {
+ "enabled": true
+ },
+ "file": {
+ "enabled": true
+ }
+ },
+ "keySource": "Microsoft.Storage"
+ },
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "networkAcls": "[if(equals(parameters('associatedResourcePNA'), 'Disabled'), variables('networkAclsForManagedNetworkDependencies'), if(equals(parameters('storageAccountBehindVNet'), 'true'), variables('networkRuleSetBehindVNet'), json('null')))]",
+ "publicNetworkAccess": "[parameters('associatedResourcePNA')]",
+ "isHnsEnabled": "[equals(parameters('kind'), 'featurestore')]",
+ "minimumTlsVersion": "TLS1_2"
+ }
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('kind'), 'featurestore'), equals(parameters('storageAccountOption'), 'existing'), equals(parameters('offlineStoreStorageAccountOption'), 'new'))]",
+ "type": "Microsoft.Storage/storageAccounts",
+ "apiVersion": "2019-04-01",
+ "name": "[parameters('offline_store_storage_account_name')]",
+ "tags": "[parameters('tagValues')]",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard_LRS"
+ },
+ "kind": "StorageV2",
+ "properties": {
+ "encryption": {
+ "services": {
+ "blob": {
+ "enabled": true
+ },
+ "file": {
+ "enabled": true
+ }
+ },
+ "keySource": "Microsoft.Storage"
+ },
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "networkAcls": "[json('null')]",
+ "isHnsEnabled": true,
+ "minimumTlsVersion": "TLS1_2"
+ }
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('kind'), 'featurestore'), equals(parameters('offlineStoreStorageAccountOption'), 'new'))]",
+ "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
+ "apiVersion": "2021-04-01",
+ "name": "[concat(parameters('offline_store_storage_account_name'), '/default/', parameters('offline_store_container_name'))]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', parameters('offline_store_storage_account_name'))]"
+ ]
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('keyVaultOption'), 'new'))]",
+ "type": "Microsoft.KeyVault/vaults",
+ "apiVersion": "2023-07-01",
+ "tags": "[parameters('tagValues')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
+ ],
+ "name": "[parameters('keyVaultName')]",
+ "location": "[parameters('keyVaultLocation')]",
+ "properties": {
+ "tenantId": "[variables('tenantId')]",
+ "sku": {
+ "name": "standard",
+ "family": "A"
+ },
+ "accessPolicies": [],
+ "enableRbacAuthorization": true,
+ "networkAcls": "[if(equals(parameters('associatedResourcePNA'), 'Disabled'), variables('networkAclsForManagedNetworkDependencies'), if(equals(parameters('keyVaultBehindVNet'), 'true'), variables('networkRuleSetBehindVNet'), json('null')))]",
+ "publicNetworkAccess": "[parameters('associatedResourcePNA')]"
+ }
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('applicationInsightsOption'), 'new'))]",
+ "type": "Microsoft.OperationalInsights/workspaces",
+ "tags": "[parameters('tagValues')]",
+ "apiVersion": "2020-08-01",
+ "name": "[parameters('logAnalyticsName')]",
+ "location": "[if(or(equals(toLower(parameters('applicationInsightsLocation')),'westcentralus'), equals(toLower(parameters('applicationInsightsLocation')),'eastus2euap'), equals(toLower(parameters('applicationInsightsLocation')),'centraluseuap')),'southcentralus', parameters('applicationInsightsLocation'))]",
+ "kind": "web",
+ "properties": {
+ "Application_Type": "web"
+ }
+ },
+ {
+ "condition": "[and(variables('enablePE'), equals(parameters('applicationInsightsOption'), 'new'))]",
+ "type": "Microsoft.Insights/components",
+ "tags": "[parameters('tagValues')]",
+ "apiVersion": "2020-02-02-preview",
+ "name": "[parameters('applicationInsightsName')]",
+ "location": "[if(or(equals(toLower(parameters('applicationInsightsLocation')),'westcentralus'), equals(toLower(parameters('applicationInsightsLocation')),'eastus2euap'), equals(toLower(parameters('applicationInsightsLocation')),'centraluseuap')),'southcentralus', parameters('applicationInsightsLocation'))]",
+ "kind": "web",
+ "dependsOn": [
+ "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName'))]"
+ ],
+ "properties": {
+ "Application_Type": "web",
+ "WorkspaceResourceId": "[parameters('logAnalyticsArmId')]"
+ }
+ },
+ {
+ "condition": "[variables('enablePE')]",
+ "type": "Microsoft.MachineLearningServices/workspaces",
+ "apiVersion": "2023-08-01-preview",
+ "tags": "[parameters('tagValues')]",
+ "name": "[parameters('workspaceName')]",
+ "kind": "[parameters('kind')]",
+ "location": "[parameters('location')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
+ "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]",
+ "[resourceId('Microsoft.Insights/components', parameters('applicationInsightsName'))]"
+ ],
+ "identity": "[parameters('identity')]",
+ "properties": {
+ "friendlyName": "[parameters('friendlyName')]",
+ "description": "[parameters('description')]",
+ "storageAccount": "[variables('storageAccount')]",
+ "keyVault": "[variables('keyVault')]",
+ "containerRegistry": "[if(not(equals(parameters('containerRegistryOption'), 'none')), variables('containerRegistry'), json('null'))]",
+ "applicationInsights": "[if(not(equals(parameters('applicationInsightsOption'), 'none')), variables('applicationInsights'), json('null'))]",
+ "hbiWorkspace": "[parameters('confidential_data')]",
+ "imageBuildCompute": "[parameters('imageBuildCompute')]",
+ "publicNetworkAccess": "[parameters('publicNetworkAccess')]",
+ "softDeleteEnabled": "[parameters('soft_delete_enabled')]",
+ "allowRecoverSoftDeletedWorkspace": "[parameters('allow_recover_softdeleted_workspace')]",
+ "encryption": {
+ "status": "[parameters('encryption_status')]",
+ "keyVaultProperties": {
+ "keyVaultArmId": "[parameters('cmk_keyvault')]",
+ "keyIdentifier": "[parameters('resource_cmk_uri')]"
+ },
+ "cosmosDbArmId": "[parameters('encryption_cosmosdb_resourceid')]",
+ "storageAccountArmId": "[parameters('encryption_storage_resourceid')]",
+ "SearchAccountArmId": "[parameters('encryption_search_resourceid')]"
+ },
+ "primaryUserAssignedIdentity": "[parameters('primaryUserAssignedIdentity')]",
+ "systemDatastoresAuthMode": "[parameters('systemDatastoresAuthMode')]",
+ "allowRoleAssignmentOnRG": "[parameters('allowRoleAssignmentOnRG')]",
+ "managedNetwork": "[parameters('managedNetwork')]",
+ "provisionNetworkNow": "[parameters('provisionNetworkNow')]",
+ "featureStoreSettings": {
+ "computeruntime": {
+ "SparkRuntimeVersion": "[parameters('spark_runtime_version')]"
+ }
+ },
+ "enableDataIsolation": "[parameters('enable_data_isolation')]",
+ "workspaceHubConfig": "[parameters('workspace_hub_config')]",
+ "existingWorkspaces": "[parameters('existing_workspaces')]",
+ "serverlessComputeSettings": "[parameters('serverless_compute_settings')]"
+ },
+ "resources":[
+ {
+ "condition": "[equals(parameters('kind'), 'featurestore')]",
+ "type": "connections",
+ "apiVersion": "2022-05-01",
+ "name": "[if(empty(parameters('offline_store_connection_name')), 'empty', parameters('offline_store_connection_name'))]",
+ "location": "[parameters('location')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('offline_store_storage_account_name'), 'default', parameters('offline_store_container_name'))]",
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]"
+ ],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "category": "AzureDataLakeGen2",
+ "target": "[variables('offlineStore')]",
+ "authType": "ManagedIdentity",
+ "credentials": {
+ "clientid": "[if(not(equals(parameters('materializationIdentityOption'), 'none')), reference(variables('materializationIdentity'), '2018-11-30').clientId, '')]",
+ "resourceid": "[variables('materializationIdentity')]"
+ }
+ }
+ },
+ {
+ "condition": "[and(equals(parameters('kind'), 'featurestore'), not(empty(parameters('online_store_resource_id'))))]",
+ "type": "connections",
+ "apiVersion": "2022-05-01",
+ "name": "[if(empty(parameters('online_store_connection_name')), 'empty', parameters('online_store_connection_name'))]",
+ "location": "[parameters('location')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]"
+ ],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "category": "Redis",
+ "target": "[parameters('online_store_resource_id')]",
+ "authType": "ManagedIdentity",
+ "credentials": {
+ "clientid": "[if(not(equals(parameters('materializationIdentityOption'), 'none')), reference(variables('materializationIdentity'), '2018-11-30').clientId, '')]",
+ "resourceid": "[variables('materializationIdentity')]"
+ }
+ }
+ }
+ ]
+ },
+ {
+ "condition":"[equals(parameters('kind'), 'featurestore')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2024-03-01",
+ "name": "[concat(parameters('workspaceName'), '-deploy-feature-store')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]",
+ "[resourceId('Microsoft.MachineLearningServices/workspaces/connections', parameters('workspaceName'), parameters('offline_store_connection_name'))]",
+ "[resourceId('Microsoft.MachineLearningServices/workspaces/connections', parameters('workspaceName'), parameters('online_store_connection_name'))]"
+ ],
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {},
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.1",
+ "resources": [
+ {
+ "apiVersion": "2022-12-01-preview",
+ "name": "[parameters('workspaceName')]",
+ "location": "[parameters('location')]",
+ "kind": "featurestore",
+ "type": "Microsoft.MachineLearningServices/workspaces",
+ "identity": {
+ "type": "SystemAssigned,UserAssigned",
+ "userAssignedIdentities": {
+ "[variables('materializationIdentity')]": {}
+ }
+ },
+ "properties": {
+ "friendlyName": "[parameters('friendlyName')]",
+ "description": "[parameters('description')]",
+ "storageAccount": "[variables('storageAccount')]",
+ "keyVault": "[variables('keyVault')]",
+ "applicationInsights": "[if(not(equals(parameters('applicationInsightsOption'), 'none')), variables('applicationInsights'), json('null'))]",
+ "containerRegistry": "[if(not(equals(parameters('containerRegistryOption'), 'none')), variables('containerRegistry'), json('null'))]",
+ "hbiWorkspace": "[parameters('confidential_data')]",
+ "imageBuildCompute": "[parameters('imageBuildCompute')]",
+ "publicNetworkAccess": "[parameters('publicNetworkAccess')]",
+ "softDeleteEnabled": "[parameters('soft_delete_enabled')]",
+ "allowRecoverSoftDeletedWorkspace": "[parameters('allow_recover_softdeleted_workspace')]",
+ "encryption": {
+ "status": "[parameters('encryption_status')]",
+ "keyVaultProperties": {
+ "keyVaultArmId": "[parameters('cmk_keyvault')]",
+ "keyIdentifier": "[parameters('resource_cmk_uri')]"
+ },
+ "cosmosDbArmId": "[parameters('encryption_cosmosdb_resourceid')]",
+ "storageAccountArmId": "[parameters('encryption_storage_resourceid')]",
+ "SearchAccountArmId": "[parameters('encryption_search_resourceid')]"
+ },
+ "primaryUserAssignedIdentity": "[parameters('primaryUserAssignedIdentity')]",
+ "systemDatastoresAuthMode": "[parameters('systemDatastoresAuthMode')]",
+ "allowRoleAssignmentOnRG": "[parameters('allowRoleAssignmentOnRG')]",
+ "managedNetwork": "[parameters('managedNetwork')]",
+ "provisionNetworkNow": "[parameters('provisionNetworkNow')]",
+ "featureStoreSettings": {
+ "computeruntime": {
+ "SparkRuntimeVersion": "[parameters('spark_runtime_version')]"
+ },
+ "offlinestoreconnectionname": "[parameters('offline_store_connection_name')]",
+ "onlinestoreconnectionname": "[parameters('online_store_connection_name')]"
+ },
+ "enableDataIsolation": "[parameters('enable_data_isolation')]"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(equals(parameters('kind'), 'featurestore'), equals(parameters('grant_materialization_permissions'), 'true'))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('workspace-role-assign-', guid(variables('materializationIdentity'), resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName')), 'azureml ds role'))]",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]"
+ ],
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(variables('materializationIdentity'), resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName')), 'azureml ds role')]",
+ "scope": "[resourceId(resourceGroup().name, 'Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121')]",
+ "principalId": "[if(not(equals(parameters('materializationIdentityOption'), 'none')), reference(variables('materializationIdentity'), '2018-11-30').principalId, '')]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(equals(parameters('kind'), 'featurestore'), equals(parameters('grant_materialization_permissions'), 'true'), not(equals(parameters('materializationIdentityOption'), 'none')))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('offline-store-role-assign-', guid(variables('materializationIdentity'), variables('offlineStore'), 'storage blob data contributor'))]",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('offline_store_storage_account_name'), 'default', parameters('offline_store_container_name'))]",
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]"
+ ],
+ "resourceGroup": "[parameters('offline_store_resource_group_name')]",
+ "subscriptionId": "[parameters('offline_store_subscription_id')]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(variables('materializationIdentity'), variables('offlineStore'), 'storage blob data contributor')]",
+ "scope": "[variables('offlineStore')]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
+ "principalId": "[if(not(equals(parameters('materializationIdentityOption'), 'none')), reference(variables('materializationIdentity'), '2023-01-31').principalId, '')]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(equals(parameters('kind'), 'featurestore'), equals(parameters('grant_materialization_permissions'), 'true'), not(equals(parameters('materializationIdentityOption'), 'none')), not(empty(parameters('online_store_resource_id'))))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('online-store-role-assign-', guid(variables('materializationIdentity'), parameters('online_store_resource_id'), 'contributor'))]",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]"
+ ],
+ "resourceGroup": "[parameters('online_store_resource_group_name')]",
+ "subscriptionId": "[parameters('online_store_subscription_id')]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(variables('materializationIdentity'), parameters('online_store_resource_id'), 'contributor')]",
+ "scope": "[parameters('online_store_resource_id')]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "principalId": "[if(not(equals(parameters('materializationIdentityOption'), 'none')), reference(variables('materializationIdentity'), '2023-01-31').principalId, '')]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(equals(parameters('kind'), 'featurestore'), equals(parameters('grant_materialization_permissions'), 'true'), not(equals(parameters('materializationIdentityOption'), 'none')))]",
+ "type": "Microsoft.Resources/deployments",
+ "name": "[concat('ws-storage-role-assign-', guid(variables('materializationIdentity'), variables('storageAccount'), 'storage blob data contributor'))]",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('materialization_identity_name'))]"
+ ],
+ "resourceGroup": "[parameters('storageAccountResourceGroupName')]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(variables('materializationIdentity'), variables('storageAccount'), 'storage blob data contributor')]",
+ "scope": "[variables('storageAccount')]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
+ "principalId": "[if(not(equals(parameters('materializationIdentityOption'), 'none')), reference(variables('materializationIdentity'), '2023-01-31').principalId, '')]",
+ "principalType": "ServicePrincipal"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "condition": "[and(variables('enablePE'), not(equals(parameters('privateEndpointType'), 'none')))]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('privateEndpointDeploymentName')]",
+ "resourceGroup": "[parameters('privateEndpointResourceGroupName')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
+ ],
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "apiVersion": "2020-06-01",
+ "name": "[parameters('privateEndpointName')]",
+ "type": "Microsoft.Network/privateEndpoints",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tagValues')]",
+ "properties": {
+ "privateLinkServiceConnections": "[if(equals(parameters('privateEndpointType'), 'AutoApproval'), variables('defaultPEConnections'), json('null'))]",
+ "manualPrivateLinkServiceConnections": "[if(equals(parameters('privateEndpointType'), 'ManualApproval'), variables('defaultPEConnections'), json('null'))]",
+ "subnet": {
+ "id": "[variables('subnet')]"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ ]
+}
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_param.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_param.json
new file mode 100644
index 00000000..3ae37b73
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_param.json
@@ -0,0 +1,218 @@
+{
+ "location": {
+ "value": ""
+ },
+ "workspaceName": {
+ "value": ""
+ },
+ "resourceGroupName": {
+ "value": ""
+ },
+ "description": {
+ "value": ""
+ },
+ "kind": {
+ "value": "Default"
+ },
+ "friendlyName": {
+ "value": ""
+ },
+ "tagValues": {
+ "value": {}
+ },
+ "keyVaultOption": {
+ "value": "new"
+ },
+ "keyVaultName": {
+ "value": ""
+ },
+ "keyVaultResourceGroupName": {
+ "value": ""
+ },
+ "associatedResourcePNA": {
+ "value": "Enabled"
+ },
+ "storageAccountOption": {
+ "value": "new"
+ },
+ "storageAccountName": {
+ "value": ""
+ },
+ "storageAccountSubscriptionId": {
+ "value": ""
+ },
+ "storageAccountResourceGroupName": {
+ "value": ""
+ },
+ "applicationInsightsOption": {
+ "value": "new"
+ },
+ "applicationInsightsName": {
+ "value": ""
+ },
+ "logAnalyticsName": {
+ "value": "none"
+ },
+ "logAnalyticsArmId": {
+ "value": ""
+ },
+ "applicationInsightsResourceGroupName": {
+ "value": ""
+ },
+ "containerRegistryOption": {
+ "value": "none"
+ },
+ "containerRegistryName": {
+ "value": "name"
+ },
+ "containerRegistryResourceGroupName": {
+ "value": ""
+ },
+ "encryption_status": {
+ "value": "Disabled"
+ },
+ "cmk_keyvault": {
+ "value": ""
+ },
+ "resource_cmk_uri": {
+ "value": ""
+ },
+ "privateEndpointName": {
+ "value": "name"
+ },
+ "subnetOption": {
+ "value": "existing"
+ },
+ "subnetName": {
+ "value": "default"
+ },
+ "vnetOption": {
+ "value": "existing"
+ },
+ "vnetName": {
+ "value": "name"
+ },
+ "vnetResourceGroupName": {
+ "value": "name"
+ },
+ "privateEndpointType": {
+ "value": "none"
+ },
+ "privateEndpointResourceGroupName": {
+ "value": "name"
+ },
+ "confidential_data": {
+ "value": "false"
+ },
+ "imageBuildCompute": {
+ "value": ""
+ },
+ "publicNetworkAccess": {
+ "value": "Enabled"
+ },
+ "soft_delete_enabled": {
+ "value": "false"
+ },
+ "allow_recover_softdeleted_workspace": {
+ "value": "false"
+ },
+ "encryption_cosmosdb_resourceid": {
+ "value": ""
+ },
+ "encryption_storage_resourceid": {
+ "value": ""
+ },
+ "encryption_search_resourceid": {
+ "value": ""
+ },
+ "identity": {
+ "value": {}
+ },
+ "primaryUserAssignedIdentity": {
+ "value": ""
+ },
+ "managedNetwork": {
+ "value": {}
+ },
+ "provisionNetworkNow": {
+ "value": "false"
+ },
+ "spark_runtime_version" : {
+ "value": null
+ },
+ "offlineStoreStorageAccountOption": {
+ "value": null
+ },
+ "offline_store_storage_account_name": {
+ "value": null
+ },
+ "offline_store_container_name" : {
+ "value": null
+ },
+ "offline_store_resource_group_name" : {
+ "value": null
+ },
+ "offline_store_subscription_id" : {
+ "value": null
+ },
+ "offline_store_connection_name" : {
+ "value": null
+ },
+ "online_store_resource_id" : {
+ "value": null
+ },
+ "online_store_resource_group_name" : {
+ "value": null
+ },
+ "online_store_subscription_id" : {
+ "value": null
+ },
+ "online_store_connection_name" : {
+ "value": null
+ },
+ "grant_materialization_permissions" : {
+ "value": "true"
+ },
+ "materializationIdentityOption": {
+ "value": null
+ },
+ "materialization_identity_name": {
+ "value": null
+ },
+ "materialization_identity_resource_group_name": {
+ "value": null
+ },
+ "materialization_identity_subscription_id": {
+ "value": null
+ },
+ "workspace_hub_config" : {
+ "value": {}
+ },
+ "existing_workspaces" : {
+ "value": []
+ },
+ "workspace_hub" : {
+ "value": ""
+ },
+ "enable_data_isolation": {
+ "value": "false"
+ },
+ "allowRoleAssignmentOnRG": {
+ "value": "true"
+ },
+ "serverless_compute_settings": {
+ "value": {}
+ },
+ "systemDatastoresAuthMode": {
+ "value": ""
+ },
+ "endpoint_resource_id": {
+ "value": "null"
+ },
+ "endpoint_kind": {
+ "value": "AIServices"
+ },
+ "endpoint_option": {
+ "value": "new"
+ }
+} \ No newline at end of file
diff --git a/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_project.json b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_project.json
new file mode 100644
index 00000000..74d19bcb
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/azure/ai/ml/_arm_deployments/arm_templates/workspace_project.json
@@ -0,0 +1,731 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "workspaceName": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the name of the Azure Machine Learning workspace."
+ }
+ },
+ "description": {
+ "type": "string",
+ "metadata": {
+ "description": "Description string."
+ }
+ },
+ "friendlyName": {
+ "type": "string",
+ "metadata": {
+ "description": "Friendly name."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "defaultValue": "Default",
+ "metadata": {
+ "description": "Specifies the Kind of the workspace."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the location for all resources."
+ }
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "Specifies the resource group name of the Azure Machine Learning workspace."
+ }
+ },
+ "associatedResourcePNA": {
+ "type": "string",
+ "defaultValue": "Enabled",
+ "allowedValues": [
+ "Enabled",
+ "Disabled"
+ ],
+ "metadata": {
+ "description": "Determines the PublicNetworkAccess mode of new workspace-associated resources provisioned alongside with workspace."
+ }
+ },
+ "storageAccountOption": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new storage should be provisioned."
+ }
+ },
+ "storageAccountName": {
+ "type": "string",
+ "defaultValue": "[concat('sa', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the storage account."
+ }
+ },
+ "storageAccountType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS"
+ },
+ "storageAccountBehindVNet": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to put the storage account behind VNet"
+ }
+ },
+ "storageAccountSubscriptionId": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]"
+ },
+ "storageAccountResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "storageAccountLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "keyVaultOption": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new key vault should be provisioned."
+ }
+ },
+ "keyVaultName": {
+ "type": "string",
+ "defaultValue": "[concat('kv', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the key vault."
+ }
+ },
+ "keyVaultBehindVNet": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to put the storage account behind VNet"
+ }
+ },
+ "keyVaultResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "keyVaultLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "applicationInsightsOption": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not new ApplicationInsights should be provisioned."
+ }
+ },
+ "logAnalyticsName": {
+ "type": "string",
+ "defaultValue": "[concat('la', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of LogAnalytics to be used by ApplicationInsights resource."
+ }
+ },
+ "logAnalyticsArmId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "ARM Id of LogAnalytics to be used by ApplicationInsights resource."
+ }
+ },
+ "applicationInsightsName": {
+ "type": "string",
+ "defaultValue": "[concat('ai', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of ApplicationInsights."
+ }
+ },
+ "applicationInsightsResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "applicationInsightsLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "containerRegistryOption": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "new",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new container registry should be provisioned."
+ }
+ },
+ "containerRegistryName": {
+ "type": "string",
+ "defaultValue": "[concat('cr', uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "The container registry bind to the workspace."
+ }
+ },
+ "containerRegistrySku": {
+ "type": "string",
+ "defaultValue": "Standard",
+ "allowedValues": [
+ "Basic",
+ "Standard",
+ "Premium"
+ ]
+ },
+ "containerRegistryResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "containerRegistryBehindVNet": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to put container registry behind VNet."
+ }
+ },
+ "containerRegistryLocation": {
+ "type": "string",
+ "defaultValue": "[parameters('location')]"
+ },
+ "vnetOption": {
+ "type": "string",
+ "defaultValue": "[if(equals(parameters('privateEndpointType'), 'none'), 'none', 'new')]",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new VNet should be provisioned."
+ }
+ },
+ "vnetName": {
+ "type": "string",
+ "defaultValue": "[concat('vn',uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the VNet"
+ }
+ },
+ "vnetResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]"
+ },
+ "addressPrefixes": {
+ "type": "array",
+ "defaultValue": [
+ "10.0.0.0/16"
+ ],
+ "metadata": {
+ "description": "Address prefix of the virtual network"
+ }
+ },
+ "subnetOption": {
+ "type": "string",
+ "defaultValue": "[if(or(not(equals(parameters('privateEndpointType'), 'none')), equals(parameters('vnetOption'), 'new')), 'new', 'none')]",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not a new subnet should be provisioned."
+ }
+ },
+ "subnetName": {
+ "type": "string",
+ "defaultValue": "[concat('sn',uniqueString(parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the subnet"
+ }
+ },
+ "subnetPrefix": {
+ "type": "string",
+ "defaultValue": "10.0.0.0/24",
+ "metadata": {
+ "description": "Subnet prefix of the virtual network"
+ }
+ },
+ "adbWorkspace": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Azure Databrick workspace to be linked to the workspace"
+ }
+ },
+ "confidential_data": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Specifies that the Azure Machine Learning workspace holds highly confidential data."
+ }
+ },
+ "encryption_status": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Enabled",
+ "Disabled"
+ ],
+ "metadata": {
+ "description": "Specifies if the Azure Machine Learning workspace should be encrypted with customer managed key."
+ }
+ },
+ "cmk_keyvault": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Specifies the customer managed keyVault arm id."
+ }
+ },
+ "resource_cmk_uri": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Specifies if the customer managed keyvault key uri."
+ }
+ },
+ "privateEndpointType": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "AutoApproval",
+ "ManualApproval",
+ "none"
+ ]
+ },
+ "tagValues": {
+ "type": "object"
+ },
+ "privateEndpointName": {
+ "type": "string",
+ "defaultValue": "pe",
+ "metadata": {
+ "description": "Name of the private end point added to the workspace"
+ }
+ },
+ "privateEndpointResourceGroupName": {
+ "type": "string",
+ "defaultValue": "[parameters('resourceGroupName')]",
+ "metadata": {
+ "description": "Name of the resource group where the private end point is added to"
+ }
+ },
+ "imageBuildCompute": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The name of the compute target to use for building environment Docker images with the container registry is behind a VNet."
+ }
+ },
+ "publicNetworkAccess": {
+ "type": "string",
+ "defaultValue": "Enabled",
+ "allowedValues": [
+ "Disabled",
+ "Enabled"
+ ],
+ "metadata": {
+ "description": "Whether to allow public endpoint connectivity when a workspace is private link enabled."
+ }
+ },
+ "soft_delete_enabled": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Whether to create a workspace with soft delete capability"
+ }
+ },
+ "allow_recover_softdeleted_workspace": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Whether to allow an existing soft-deleted workspace to be recovered"
+ }
+ },
+ "encryption_cosmosdb_resourceid": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Bring-Your-Own cosmosdb account that customer brings to store data"
+ }
+ },
+ "encryption_storage_resourceid": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Bring-Your-Own storage account that customer brings to store data"
+ }
+ },
+ "encryption_search_resourceid": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Bring-Your-Own search account that customer brings to store data"
+ }
+ },
+ "identity": {
+ "type": "object",
+ "defaultValue": {
+ "type": "systemAssigned"
+ },
+ "metadata": {
+ "description": "Managed identities assigned to workspace. If not specificed, SystemAssigned managed identity is the default."
+ }
+ },
+ "primaryUserAssignedIdentity": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "ARM identifier of primary user assigned managed identity, in case multiple ones are specified. Also the default managed identity for clusterless compute."
+ }
+ },
+ "managedNetwork": {
+ "type": "object",
+ "defaultValue": {
+ "isolationMode": "Disabled"
+ },
+ "metadata": {
+ "description": "Managed network settings to be used for the workspace. If not specified, isolation mode Disabled is the default"
+ }
+ },
+ "provisionNetworkNow": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Set to provision the managed VNet with the default Options when creating a Workspace with the managed VNet enabled"
+ }
+ },
+ "enable_data_isolation": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "A flag to determine if workspace has data isolation enabled. The flag can only be set at the creation phase, it can't be updated."
+ }
+ },
+ "storage_accounts" : {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "A list of storage accounts used by Hub."
+ }
+ },
+ "key_vaults" : {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "A list of key vaults used by Hub."
+ }
+ },
+ "container_registies" : {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "A list of container registries used by Hub."
+ }
+ },
+ "existing_workspaces" : {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "A list of existing workspaces used by Hub to perform convert."
+ }
+ },
+ "workspace_hub" : {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Resource Id of Hub used for lean workspace."
+ }
+ },
+ "workspace_hub_config" : {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Additional configuration for WorkspaceHub."
+ }
+ },
+ "serverless_compute_settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Serverless compute configuration."
+ }
+ },
+ "endpoint_resource_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource id that this workspace hub's endpoints should reference."
+ }
+ },
+ "endpoint_kind": {
+ "type": "string",
+ "defaultValue": "AIServices",
+ "metadata": {
+ "description": "The kind of endpoints this workspace hub ought to contain."
+ }
+ },
+ "endpoint_option": {
+ "type": "string",
+ "defaultValue": "new",
+ "metadata": {
+ "description": "Testing value. Do not touch."
+ }
+ },
+ "spark_runtime_version": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "spark version to be used by all feature sets"
+ }
+ },
+ "offlineStoreStorageAccountOption": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to provision a feature store offline store storage account"
+ }
+ },
+ "offline_store_storage_account_name": {
+ "type": "string",
+ "defaultValue": "[concat('sa', uniqueString('featurestore', parameters('resourceGroupName'), parameters('workspaceName')))]",
+ "metadata": {
+ "description": "Name of the feature store storage account."
+ }
+ },
+ "offline_store_container_name": {
+ "type": "string",
+ "defaultValue": "[concat('offlinestore', newGuid())]",
+ "metadata": {
+ "description": "Feature store offline store container"
+ }
+ },
+ "offline_store_resource_group_name": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Feature store offline store resource group"
+ }
+ },
+ "offline_store_subscription_id": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Feature store offline store subscription id"
+ }
+ },
+ "offline_store_connection_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store offline store config"
+ }
+ },
+ "online_store_resource_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store resource id"
+ }
+ },
+ "online_store_resource_group_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store resource group"
+ }
+ },
+ "online_store_subscription_id": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store subscription id"
+ }
+ },
+ "online_store_connection_name": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Feature store online store config"
+ }
+ },
+ "materializationIdentityOption": {
+ "type": "string",
+ "defaultValue": "none",
+ "allowedValues": [
+ "new",
+ "existing",
+ "none"
+ ],
+ "metadata": {
+ "description": "Determines whether or not to provision a materialization identity"
+ }
+ },
+ "materialization_identity_name": {
+ "type": "string",
+ "defaultValue": "empty",
+ "metadata": {
+ "description": "Feature store materialization identity name"
+ }
+ },
+ "materialization_identity_subscription_id": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Feature store materialization identity subscription id"
+ }
+ },
+ "materialization_identity_resource_group_name": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Feature store materialization identity resource group name"
+ }
+ },
+ "grant_materialization_permissions": {
+ "type": "string",
+ "defaultValue": "false",
+ "allowedValues": [
+ "false",
+ "true"
+ ],
+ "metadata": {
+ "description": "Whether to grant materialization identity permissions"
+ }
+ },
+ "allowRoleAssignmentOnRG": {
+ "type": "string",
+ "defaultValue": "true",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "metadata": {
+ "description": "Unused for projects, but required due to interdependency of normal and project ARM templates."
+ }
+ },
+
+ "systemDatastoresAuthMode": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Unused for projects, but required due to interdependency of normal and project ARM templates"
+ }
+ }
+ },
+ "variables": {
+ "tenantId": "[subscription().tenantId]",
+ "storageAccount": "[resourceId(parameters('storageAccountSubscriptionId'), parameters('storageAccountResourceGroupName'), 'Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
+ "keyVault": "[resourceId(parameters('keyVaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))]",
+ "containerRegistry": "[resourceId(parameters('containerRegistryResourceGroupName'), 'Microsoft.ContainerRegistry/registries', parameters('containerRegistryName'))]",
+ "applicationInsights": "[resourceId(parameters('applicationInsightsResourceGroupName'), 'Microsoft.Insights/components', parameters('applicationInsightsName'))]",
+ "vnet": "[resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('vnetName'))]",
+ "subnet": "[resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]",
+ "enablePE": true,
+ "networkRuleSetBehindVNet": {
+ "defaultAction": "deny",
+ "virtualNetworkRules": [
+ {
+ "action": "Allow",
+ "id": "[variables('subnet')]"
+ }
+ ]
+ },
+ "privateEndpointSettings": {
+ "name": "[concat(parameters('workspaceName'), '-PrivateEndpoint')]",
+ "properties": {
+ "privateLinkServiceId": "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('workspaceName'))]",
+ "groupIds": [
+ "amlworkspace"
+ ]
+ }
+ },
+ "defaultPEConnections": "[array(variables('privateEndpointSettings'))]",
+ "privateEndpointDeploymentName": "[concat('DeployPrivateEndpoint-', uniqueString(parameters('privateEndpointName')))]",
+ "offlineStoreConnectionName": "[if(equals(parameters('offline_store_connection_name'), ''), 'OfflineStoreConnectionName', parameters('offline_store_connection_name'))]",
+ "onlineStoreConnectionName": "[if(equals(parameters('online_store_connection_name'), ''), 'OnlineStoreConnectionName', parameters('online_store_connection_name'))]",
+ "isWorkspaceHub": "[equals(parameters('kind'), 'hub')]",
+ "storageAccountList": ["[variables('storageAccount')]"],
+ "keyVaultList": ["[variables('keyVault')]"],
+ "emptyArray": [],
+ "containerRegistryList": "[if(not(equals(parameters('containerRegistryOption'), 'none')), array(variables('containerRegistry')), variables('emptyArray'))]"
+ },
+ "resources": [
+ {
+ "condition": "[variables('enablePE')]",
+ "type": "Microsoft.MachineLearningServices/workspaces",
+ "apiVersion": "2023-08-01-preview",
+ "tags": "[parameters('tagValues')]",
+ "name": "[parameters('workspaceName')]",
+ "kind": "[parameters('kind')]",
+ "location": "[parameters('location')]",
+ "identity": "[parameters('identity')]",
+ "properties": {
+ "friendlyName": "[parameters('friendlyName')]",
+ "description": "[parameters('description')]",
+ "primaryUserAssignedIdentity": "[parameters('primaryUserAssignedIdentity')]",
+ "hubResourceId": "[parameters('workspace_hub')]",
+ "enableDataIsolation": "[parameters('enable_data_isolation')]",
+ "publicNetworkAccess": "[parameters('publicNetworkAccess')]",
+ "serverlessComputeSettings": "[parameters('serverless_compute_settings')]"
+ }
+ }
+ ]
+}
generated by cgit v1.2.3 (git 2.47.1) at 2025-07-29 16:40:34 +0000