From d9f4f11f8cc9068a715442aa4b2318a42eb3afcd Mon Sep 17 00:00:00 2001
From: sinedied <noda@free.fr>
Date: Thu, 21 Mar 2024 16:00:57 +0100
Subject: [PATCH 1/4] fix: deployment error (fixes #161)

---
 infra/main.bicep                               | 4 ++--
 packages/indexer/src/lib/document-processor.ts | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/infra/main.bicep b/infra/main.bicep
index 2f61d46e..4a1d5d6e 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -152,7 +152,7 @@ module searchApi './core/host/container-app.bicep' = {
     tags: union(tags, { 'azd-service-name': searchApiName })
     containerAppsEnvironmentName: containerApps.outputs.environmentName
     containerRegistryName: containerApps.outputs.registryName
-    identityType: 'SystemAssigned'
+    identityName: '${abbrs.managedIdentityUserAssignedIdentities}search-api-${resourceToken}'
     allowedOrigins: allowedOrigins
     containerCpuCoreCount: '1.0'
     containerMemory: '2.0Gi'
@@ -219,7 +219,7 @@ module indexerApi './core/host/container-app.bicep' = {
     tags: union(tags, { 'azd-service-name': indexerApiName })
     containerAppsEnvironmentName: containerApps.outputs.environmentName
     containerRegistryName: containerApps.outputs.registryName
-    identityType: 'SystemAssigned'
+    identityName: '${abbrs.managedIdentityUserAssignedIdentities}indexer-api-${resourceToken}'
     containerCpuCoreCount: '1.0'
     containerMemory: '2.0Gi'
     secrets: [
diff --git a/packages/indexer/src/lib/document-processor.ts b/packages/indexer/src/lib/document-processor.ts
index 074b31a9..c867c94b 100644
--- a/packages/indexer/src/lib/document-processor.ts
+++ b/packages/indexer/src/lib/document-processor.ts
@@ -75,6 +75,10 @@ export class DocumentProcessor {
     let start = 0;
     let end = length;
 
+    if (end <= MAX_SECTION_LENGTH) {
+      return [{ content: allText, page: findPage(0) }];
+    }
+
     while (start + SECTION_OVERLAP < length) {
       let lastWord = -1;
       end = start + MAX_SECTION_LENGTH;

From 09cbe214c1a5cd52788e733d79c02b416f20c8e8 Mon Sep 17 00:00:00 2001
From: sinedied <noda@free.fr>
Date: Thu, 21 Mar 2024 17:37:08 +0100
Subject: [PATCH 2/4] fix: add missing managed identities

---
 infra/core/security/managed-identity.bicep |  7 +++++
 infra/main.bicep                           | 36 ++++++++++++++++++++--
 2 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 infra/core/security/managed-identity.bicep

diff --git a/infra/core/security/managed-identity.bicep b/infra/core/security/managed-identity.bicep
new file mode 100644
index 00000000..50cb4682
--- /dev/null
+++ b/infra/core/security/managed-identity.bicep
@@ -0,0 +1,7 @@
+param name string
+param location string = resourceGroup().location
+
+resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: name
+  location: location
+}
diff --git a/infra/main.bicep b/infra/main.bicep
index 4a1d5d6e..f3da6ff3 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -83,6 +83,9 @@ var resourceToken = toLower(uniqueString(subscription().id, environmentName, loc
 var tags = union({ 'azd-env-name': environmentName }, empty(aliasTag) ? {} : { alias: aliasTag })
 var allowedOrigins = empty(allowedOrigin) ? [webApp.outputs.uri] : [webApp.outputs.uri, allowedOrigin]
 
+var indexerApiIdentityName = '${abbrs.managedIdentityUserAssignedIdentities}indexer-api-${resourceToken}'
+var searchApiIdentityName = '${abbrs.managedIdentityUserAssignedIdentities}search-api-${resourceToken}'
+
 // Organize resources in a resource group
 resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
   name: !empty(resourceGroupName) ? resourceGroupName : '${abbrs.resourcesResourceGroups}${environmentName}'
@@ -142,6 +145,16 @@ module webApp './core/host/staticwebapp.bicep' = {
   }
 }
 
+// search API identity
+module searchApiIdentity 'core/security/managed-identity.bicep' = {
+  name: 'search-api-identity'
+  scope: resourceGroup
+  params: {
+    name: searchApiIdentityName
+    location: location
+  }
+}
+
 // The search API
 module searchApi './core/host/container-app.bicep' = {
   name: 'search-api'
@@ -152,7 +165,7 @@ module searchApi './core/host/container-app.bicep' = {
     tags: union(tags, { 'azd-service-name': searchApiName })
     containerAppsEnvironmentName: containerApps.outputs.environmentName
     containerRegistryName: containerApps.outputs.registryName
-    identityName: '${abbrs.managedIdentityUserAssignedIdentities}search-api-${resourceToken}'
+    identityName: searchApiIdentityName
     allowedOrigins: allowedOrigins
     containerCpuCoreCount: '1.0'
     containerMemory: '2.0Gi'
@@ -207,6 +220,19 @@ module searchApi './core/host/container-app.bicep' = {
     imageName: !empty(searchApiImageName) ? searchApiImageName : 'nginx:latest'
     targetPort: 3000
   }
+  dependsOn: [
+    searchApiIdentity
+  ]
+}
+
+// Indexer API identity
+module indexerApiIdentity 'core/security/managed-identity.bicep' = {
+  name: 'indexer-api-identity'
+  scope: resourceGroup
+  params: {
+    name: indexerApiIdentityName
+    location: location
+  }
 }
 
 // The indexer API
@@ -219,7 +245,7 @@ module indexerApi './core/host/container-app.bicep' = {
     tags: union(tags, { 'azd-service-name': indexerApiName })
     containerAppsEnvironmentName: containerApps.outputs.environmentName
     containerRegistryName: containerApps.outputs.registryName
-    identityName: '${abbrs.managedIdentityUserAssignedIdentities}indexer-api-${resourceToken}'
+    identityName: indexerApiIdentityName
     containerCpuCoreCount: '1.0'
     containerMemory: '2.0Gi'
     secrets: [
@@ -273,6 +299,9 @@ module indexerApi './core/host/container-app.bicep' = {
     imageName: !empty(indexerApiImageName) ? indexerApiImageName : 'nginx:latest'
     targetPort: 3001
   }
+  dependsOn: [
+    indexerApiIdentity
+  ]
 }
 
 module openAi 'core/ai/cognitiveservices.bicep' = {
@@ -505,3 +534,6 @@ output INDEXER_API_URI string = indexerApi.outputs.uri
 
 output ALLOWED_ORIGINS string = join(allowedOrigins, ',')
 output BACKEND_URI string = !empty(backendUri) ? backendUri : searchApi.outputs.uri
+
+output INDEXER_PRINCIPAL_ID string = indexerApi.outputs.identityPrincipalId
+output SEARCH_API_PRINCIPAL_ID string = searchApi.outputs.identityPrincipalId

From 71f16a687250b13c98dd520f44f90f90635616cc Mon Sep 17 00:00:00 2001
From: sinedied <noda@free.fr>
Date: Thu, 21 Mar 2024 21:41:42 +0100
Subject: [PATCH 3/4] fix: missing client id for user assigned identity

---
 infra/core/security/managed-identity.bicep |  4 ++++
 infra/main.bicep                           | 22 ++++++++++++----------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/infra/core/security/managed-identity.bicep b/infra/core/security/managed-identity.bicep
index 50cb4682..f46c1d96 100644
--- a/infra/core/security/managed-identity.bicep
+++ b/infra/core/security/managed-identity.bicep
@@ -5,3 +5,7 @@ resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-3
   name: name
   location: location
 }
+
+output tenantId string = apiIdentity.properties.tenantId
+output principalId string = apiIdentity.properties.principalId
+output clientId string = apiIdentity.properties.clientId
diff --git a/infra/main.bicep b/infra/main.bicep
index f3da6ff3..0eb101f3 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -213,16 +213,17 @@ module searchApi './core/host/container-app.bicep' = {
         value: storageContainerName
       }
       {
-      name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-      secretRef: 'appinsights-cs'
+        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+        secretRef: 'appinsights-cs'
+      }
+      {
+        name: 'AZURE_CLIENT_ID'
+        value: searchApiIdentity.outputs.clientId
       }
     ]
     imageName: !empty(searchApiImageName) ? searchApiImageName : 'nginx:latest'
     targetPort: 3000
   }
-  dependsOn: [
-    searchApiIdentity
-  ]
 }
 
 // Indexer API identity
@@ -292,16 +293,17 @@ module indexerApi './core/host/container-app.bicep' = {
         value: storageContainerName
       }
       {
-      name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-      secretRef: 'appinsights-cs'
+        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+        secretRef: 'appinsights-cs'
+      }
+      {
+        name: 'AZURE_CLIENT_ID'
+        value: indexerApiIdentity.outputs.clientId
       }
     ]
     imageName: !empty(indexerApiImageName) ? indexerApiImageName : 'nginx:latest'
     targetPort: 3001
   }
-  dependsOn: [
-    indexerApiIdentity
-  ]
 }
 
 module openAi 'core/ai/cognitiveservices.bicep' = {

From 8dfc0ee8aeb7664aac05e73b2d3887e30b8f97f2 Mon Sep 17 00:00:00 2001
From: sinedied <noda@free.fr>
Date: Thu, 21 Mar 2024 21:43:37 +0100
Subject: [PATCH 4/4] chore: revert unwanted change

---
 packages/indexer/src/lib/document-processor.ts | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/packages/indexer/src/lib/document-processor.ts b/packages/indexer/src/lib/document-processor.ts
index c867c94b..074b31a9 100644
--- a/packages/indexer/src/lib/document-processor.ts
+++ b/packages/indexer/src/lib/document-processor.ts
@@ -75,10 +75,6 @@ export class DocumentProcessor {
     let start = 0;
     let end = length;
 
-    if (end <= MAX_SECTION_LENGTH) {
-      return [{ content: allText, page: findPage(0) }];
-    }
-
     while (start + SECTION_OVERLAP < length) {
       let lastWord = -1;
       end = start + MAX_SECTION_LENGTH;