adding python script for rag evaluation using azure ai evaluation sdk and ragas

Author: dantelmomsft

.gitignore

@@ -95,6 +95,8 @@ ipython_config.py
 #   intended to run in multiple environments; otherwise, check them in:
 # .python-version
 
+.evalenv
+.env
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies

.vscode/launch.json

@@ -8,6 +8,36 @@
       "hostName": "127.0.0.1",
       "port": 5005,
       "preLaunchTask": "func: host start"
+    },
+    {
+      "name": "Debug evaluate.py",
+      "type": "debugpy",
+      "request": "launch",
+      "program": "${workspaceFolder}/evals/evaluate.py",
+      "python": "${workspaceFolder}/.evalenv/bin/python",
+      "cwd": "${workspaceFolder}",
+      "args": [
+        "--env-file-path", "./deploy/aca"
+      ],
+      "console": "integratedTerminal",
+      "justMyCode": false,
+      "stopOnEntry": false
+    },
+    {
+      "name": "Debug safety_evaluation.py",
+      "type": "debugpy",
+      "request": "launch",
+      "program": "${workspaceFolder}/evals/safety_evaluation.py",
+      "python": "${workspaceFolder}/.evalenv/bin/python",
+      "cwd": "${workspaceFolder}",
+      "args": [
+        "--env-file-path", "./deploy/aca",
+        "--target_url", "http://172.24.128.1:8080/api/chat",
+        "--max_simulations", "1"
+      ],
+      "console": "integratedTerminal",
+      "justMyCode": false,
+      "stopOnEntry": false
     }
   ]
 }

deploy/aca/infra/main.bicep

@@ -13,18 +13,13 @@ param tenantId string = tenant().tenantId
 param authTenantId string = ''
 
 var tenantIdForAuth = !empty(authTenantId) ? authTenantId : tenantId
-var authenticationIssuerUri = '${environment().authentication.loginEndpoint}${tenantIdForAuth}/v2.0'
+
 
 // Used for the optional login and document level access control system
 param useAuthentication bool = true
-param enableUnauthenticatedAccess bool = false
-
 param serverAppId string = ''
-@secure()
-param serverAppSecret string = ''
 param clientAppId string = ''
-@secure()
-param clientAppSecret string = ''
+
 
 @allowed(['None', 'AzureServices'])
 @description('If allowedIp is set, whether azure services are allowed to bypass the storage and AI services firewall.')
@@ -69,6 +64,9 @@ param enableGlobalDocumentAccess bool = true
 @description('Use Service Bus for indexing documents requests')
 param useServiceBusIndexing bool = false
 
+param useEval bool = false
+param useSafetyEval bool = false
+
 @allowed(['free', 'provisioned', 'serverless'])
 param cosmosDbSkuName string // Set in main.parameters.json
 param cosmodDbResourceGroupName string = ''
@@ -104,11 +102,34 @@ param documentIntelligenceResourceGroupLocation string = location
 
 param documentIntelligenceSkuName string = 'S0'
 
-param chatGptDeploymentName string // Set in main.parameters.json
-param chatGptDeploymentCapacity int = 80
-param chatGptDeploymentSkuName string= 'Standard'
-param chatGptModelName string = 'gpt-4o-mini'
-param chatGptModelVersion string = '2024-07-18'
+param azureOpenAiDisableKeys bool = true
+param chatGptModelName string = ''
+param chatGptDeploymentName string = ''
+param chatGptDeploymentVersion string = ''
+param chatGptDeploymentSkuName string = ''
+param chatGptDeploymentCapacity int = 0
+
+var chatGpt = {
+  modelName: !empty(chatGptModelName) ? chatGptModelName : 'gpt-4o-mini'
+  deploymentName: !empty(chatGptDeploymentName) ? chatGptDeploymentName : 'gpt-4o-mini'
+  deploymentVersion: !empty(chatGptDeploymentVersion) ? chatGptDeploymentVersion : '2024-07-18'
+  deploymentSkuName: !empty(chatGptDeploymentSkuName) ? chatGptDeploymentSkuName : 'GlobalStandard' // Not backward-compatible
+  deploymentCapacity: chatGptDeploymentCapacity != 0 ? chatGptDeploymentCapacity : 30
+}
+
+param evalModelName string = ''
+param evalDeploymentName string = ''
+param evalModelVersion string = ''
+param evalDeploymentSkuName string = ''
+param evalDeploymentCapacity int = 0
+
+var eval = {
+  modelName: !empty(evalModelName) ? evalModelName : 'gpt-4o'
+  deploymentName: !empty(evalDeploymentName) ? evalDeploymentName : 'gpt-4o'
+  deploymentVersion: !empty(evalModelVersion) ? evalModelVersion : '2024-08-06'
+  deploymentSkuName: !empty(evalDeploymentSkuName) ? evalDeploymentSkuName : 'GlobalStandard' // Not backward-compatible
+  deploymentCapacity: evalDeploymentCapacity != 0 ? evalDeploymentCapacity : 30
+}
 
 param embeddingModelName string = ''
 param embeddingDeploymentName string = ''
@@ -419,43 +440,72 @@ module web './app/web.bicep' = {
   }
 }
 
-
-module openAi '../../shared/ai/cognitiveservices.bicep' =  {
-  name: 'openai'
-  scope: openAiResourceGroup
-  params: {
-    name: !empty(openAiServiceName) ? openAiServiceName : '${abbrs.cognitiveServicesAccounts}${resourceToken}'
-    location: !empty(customOpenAiResourceGroupLocation) ? customOpenAiResourceGroupLocation : openAiResourceGroupLocation
-    tags: tags
+var defaultOpenAiDeployments = [
+  {
+    name: chatGpt.deploymentName
+    model: {
+      format: 'OpenAI'
+      name: chatGpt.modelName
+      version: chatGpt.deploymentVersion
+    }
     sku: {
-      name: openAiSkuName
+      name: chatGpt.deploymentSkuName
+      capacity: chatGpt.deploymentCapacity
     }
-    deployments: [
-      {
-        name: chatGptDeploymentName
-        model: {
-          format: 'OpenAI'
-          name: chatGptModelName
-          version: chatGptModelVersion
-        }
-        sku: {
-          name: chatGptDeploymentSkuName
-          capacity: chatGptDeploymentCapacity
-        }
-      }
+  }
+  {
+    name: embedding.deploymentName
+    model: {
+      format: 'OpenAI'
+      name: embedding.modelName
+      version: embedding.deploymentVersion
+    }
+    sku: {
+      name: embedding.deploymentSkuName
+      capacity: embedding.deploymentCapacity
+    }
+  }
+]
+
+var openAiDeployments = concat(
+  defaultOpenAiDeployments,
+  useEval
+    ? [
       {
-        name: embedding.deploymentName
+        name: eval.deploymentName
         model: {
           format: 'OpenAI'
-          name: embedding.modelName
-          version: embedding.deploymentVersion
+          name: eval.modelName
+          version: eval.deploymentVersion
         }
         sku: {
-          name: embedding.deploymentSkuName
-          capacity: embedding.deploymentCapacity
+          name: eval.deploymentSkuName
+          capacity: eval.deploymentCapacity
         }
       }
-    ]
+    ] : []
+)
+
+
+module openAi 'br/public:avm/res/cognitive-services/account:0.7.2' =  {
+  name: 'openai'
+  scope: openAiResourceGroup
+  params: {
+    name: !empty(openAiServiceName) ? openAiServiceName : '${abbrs.cognitiveServicesAccounts}${resourceToken}'
+    location: !empty(customOpenAiResourceGroupLocation) ? customOpenAiResourceGroupLocation : openAiResourceGroupLocation
+    tags: tags
+    kind: 'OpenAI'
+    customSubDomainName: !empty(openAiServiceName)
+      ? openAiServiceName
+      : '${abbrs.cognitiveServicesAccounts}${resourceToken}'
+    publicNetworkAccess: publicNetworkAccess
+    networkAcls: {
+      defaultAction: 'Allow'
+      bypass: bypass
+    }
+    sku: openAiSkuName
+    deployments: openAiDeployments
+    disableLocalAuth: azureOpenAiDisableKeys
   }
 }
 
@@ -501,7 +551,7 @@ module storage '../../shared/storage/storage-account.bicep' = {
     tags: tags
     allowBlobPublicAccess: false
     publicNetworkAccess: 'Enabled'
-    isHnsEnabled: true
+    isHnsEnabled: false
     sku: {
       name: storageSkuName
     }
@@ -610,6 +660,21 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.6.1' = if (use
   }
 }
 
+module ai '../../shared/ai/ai-environment.bicep' = if (useSafetyEval) {
+  name: 'ai'
+  scope: resourceGroup
+  params: {
+    // Limited region support: https://learn.microsoft.com/azure/ai-foundry/how-to/develop/evaluate-sdk#region-support
+    location: 'eastus2'
+    tags: tags
+    hubName: 'aihub-${resourceToken}'
+    projectName: 'aiproj-${resourceToken}'
+    storageAccountId: storage.outputs.id
+    applicationInsightsId: !useApplicationInsights ? '' : monitoring.outputs.applicationInsightsId
+  }
+}
+
+
 
 // USER ROLES
 module openAiRoleUser '../../shared/security/role.bicep'  = {
@@ -835,6 +900,12 @@ output AZURE_OPENAI_EMB_DEPLOYMENT string = embedding.deploymentName
 output AZURE_OPENAI_EMB_DEPLOYMENT_VERSION string = embedding.deploymentVersion
 output AZURE_OPENAI_EMB_DEPLOYMENT_SKU string = embedding.deploymentSkuName
 
+// Specific to Azure OpenAI with eval
+output AZURE_OPENAI_EVAL_DEPLOYMENT string = useEval ? eval.deploymentName : ''
+output AZURE_OPENAI_EVAL_DEPLOYMENT_VERSION string = useEval ? eval.deploymentVersion : ''
+output AZURE_OPENAI_EVAL_DEPLOYMENT_SKU string = useEval ? eval.deploymentSkuName : ''
+output AZURE_OPENAI_EVAL_MODEL string = useEval ? eval.modelName : ''
+
 // Used only with non-Azure OpenAI deployments
 output OPENAI_API_KEY string = openAiApiKey
 output OPENAI_ORGANIZATION string = openAiApiOrganization
@@ -865,6 +936,7 @@ output USE_CHAT_HISTORY_BROWSER  bool = useChatHistoryBrowser
 output USE_CHAT_HISTORY_COSMOS bool = useChatHistoryCosmos
 output USE_SERVICEBUS_INDEXING bool = useServiceBusIndexing
 
+output AZURE_AI_PROJECT string = useSafetyEval ? ai.outputs.projectName : ''
 output WEB_URI string = web.outputs.SERVICE_WEB_URI
 output INDEXER_URI string = indexer.outputs.SERVICE_INDEXER_URI
 // output INDEXER_FUNCTIONAPP_NAME string = indexer.outputs.name

deploy/aca/infra/main.parameters.json

@@ -83,6 +83,21 @@
     "chatGptDeploymentSkuName": {
       "value": "${AZURE_OPENAI_CHATGPT_DEPLOYMENT_SKU_NAME=Standard}"
     },
+    "evalModelName":{
+      "value": "${AZURE_OPENAI_EVAL_MODEL}"
+    },
+    "evalModelVersion":{
+      "value": "${AZURE_OPENAI_EVAL_MODEL_VERSION}"
+    },
+    "evalDeploymentName": {
+      "value": "${AZURE_OPENAI_EVAL_DEPLOYMENT}"
+    },
+    "evalDeploymentSkuName":{
+      "value": "${AZURE_OPENAI_EVAL_DEPLOYMENT_SKU}"
+    },
+    "evalDeploymentCapacity":{
+      "value": "${AZURE_OPENAI_EVAL_DEPLOYMENT_CAPACITY}"
+    },
     "embeddingModelName": {
       "value": "${AZURE_OPENAI_EMB_MODEL}"
     },
@@ -147,6 +162,12 @@
     "useServiceBusIndexing": {
       "value": "${USE_SERVICEBUS_INDEXING=true}"
     },
+    "useEval": {
+      "value": "${USE_EVAL=false}"
+    },
+    "useSafetyEval": {
+      "value": "${USE_SAFETY_EVAL=false}"
+    },
     "apiAppExists": {
       "value": false
     },

deploy/shared/ai/ai-environment.bicep

@@ -0,0 +1,46 @@
+@minLength(1)
+@description('Primary location for all resources')
+param location string
+
+@description('The AI Hub resource name.')
+param hubName string
+@description('The AI Project resource name.')
+param projectName string
+@description('The Storage Account resource ID.')
+param storageAccountId string
+@description('The Application Insights resource ID.')
+param applicationInsightsId string = ''
+@description('The Azure Search resource name.')
+param searchServiceName string = ''
+@description('The Azure Search connection name.')
+param searchConnectionName string = ''
+param tags object = {}
+
+module hub './hub.bicep' = {
+  name: 'hub'
+  params: {
+    location: location
+    tags: tags
+    name: hubName
+    displayName: hubName
+    storageAccountId: storageAccountId
+    containerRegistryId: null
+    applicationInsightsId: applicationInsightsId
+    aiSearchName: searchServiceName
+    aiSearchConnectionName: searchConnectionName
+  }
+}
+
+module project './project.bicep' = {
+  name: 'project'
+  params: {
+    location: location
+    tags: tags
+    name: projectName
+    displayName: projectName
+    hubName: hub.outputs.name
+  }
+}
+
+
+output projectName string = project.outputs.name