Merge branch '112-selectai-integration' of github.com:oracle-samples/ai-optimizer into 112-selectai-integration

Author: ddrechse

opentofu/iam.tf

@@ -0,0 +1,38 @@
+# Copyright (c) 2024, 2025, Oracle and/or its affiliates.
+# All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+# spell-checker: disable
+
+resource "oci_identity_tag_namespace" "tag_namespace" {
+  compartment_id = local.compartment_ocid
+  description    = format("%s Tag Namespace", local.label_prefix)
+  name           = local.label_prefix
+  provider       = oci.home_region
+}
+
+resource "oci_identity_tag" "identity_tag" {
+  description      = format("%s Infrastructure", local.label_prefix)
+  name             = "infrastructure"
+  tag_namespace_id = oci_identity_tag_namespace.tag_namespace.id
+  provider         = oci.home_region
+}
+
+resource "oci_identity_dynamic_group" "resource_dynamic_group" {
+  compartment_id = var.tenancy_ocid
+  name           = format("%s-dyngrp", local.label_prefix)
+  description    = format("%s Dynamic Group", local.label_prefix)
+  matching_rule = format(
+    "All {resource.compartment.id = '%s', tag.%s.value = '%s'}",
+    local.compartment_ocid, local.identity_tag_key, local.label_prefix
+  )
+  provider = oci.home_region
+}
+
+resource "oci_identity_policy" "adb_policies" {
+  compartment_id = var.tenancy_ocid
+  name           = format("%s-adb-policy", var.label_prefix)
+  description    = format("%s - ADB", var.label_prefix)
+  statements = [
+    format("allow dynamic-group %s to use generative-ai-family in compartment id %s", oci_identity_dynamic_group.resource_dynamic_group.name, local.compartment_ocid),
+  ]
+  provider = oci.home_region
+}

opentofu/locals.tf

@@ -6,6 +6,7 @@
 locals {
   compartment_ocid = var.compartment_ocid != "" ? var.compartment_ocid : var.tenancy_ocid
   label_prefix     = var.label_prefix != "" ? lower(var.label_prefix) : lower(random_pet.label.id)
+  identity_tag_key = format("%s.%s", oci_identity_tag_namespace.tag_namespace.name, oci_identity_tag.identity_tag.name)
 }
 
 // Autonomous Database

opentofu/main.tf

@@ -74,6 +74,7 @@ resource "oci_database_autonomous_database" "default_adb" {
   license_model                        = var.adb_license_model
   is_mtls_connection_required          = true
   whitelisted_ips                      = local.adb_whitelist_cidrs
+  defined_tags                         = { (local.identity_tag_key) = local.label_prefix }
 }
 
 // Virtual Machine
@@ -112,6 +113,7 @@ module "kubernetes" {
   compartment_id                 = local.compartment_ocid
   vcn_id                         = module.network.vcn_ocid
   region                         = var.region
+  dynamic_group                  = oci_identity_dynamic_group.resource_dynamic_group.name
   lb                             = oci_load_balancer_load_balancer.lb
   adb_id                         = oci_database_autonomous_database.default_adb.id
   adb_name                       = local.adb_name
@@ -130,6 +132,7 @@ module "kubernetes" {
   public_subnet_id               = module.network.public_subnet_ocid
   private_subnet_id              = module.network.private_subnet_ocid
   lb_nsg_id                      = oci_core_network_security_group.lb.id
+  identity_tag_key               = local.identity_tag_key
   providers = {
     oci.home_region = oci.home_region
   }

opentofu/modules/kubernetes/iam.tf

@@ -2,35 +2,10 @@
 # All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 # spell-checker: disable
 
-resource "oci_identity_tag_namespace" "tag_namespace" {
-  compartment_id = var.compartment_id
-  description    = format("%s Tag Namespace", var.label_prefix)
-  name           = var.label_prefix
-  provider       = oci.home_region
-}
-
-resource "oci_identity_tag" "identity_tag" {
-  description      = format("%s Infrastructure", var.label_prefix)
-  name             = "infrastructure"
-  tag_namespace_id = oci_identity_tag_namespace.tag_namespace.id
-  provider         = oci.home_region
-}
-
-resource "oci_identity_dynamic_group" "node_dynamic_group" {
-  compartment_id = var.tenancy_id
-  name           = format("%s-workers-dyngrp", var.label_prefix)
-  description    = format("%s Dynamic Group - K8s Workers", var.label_prefix)
-  matching_rule = format(
-    "All {instance.compartment.id = '%s', tag.%s.value = '%s'}",
-    var.compartment_id, local.identity_tag_key, local.identity_tag_val
-  )
-  provider = oci.home_region
-}
-
-resource "oci_identity_policy" "workload_node_policies" {
+resource "oci_identity_policy" "workers_policies" {
   compartment_id = var.tenancy_id
-  name           = format("%s-worker-workload-policy", var.label_prefix)
-  description    = format("%s PrincipleAuth - K8s Workers", var.label_prefix)
+  name           = format("%s-workers-policy", var.label_prefix)
+  description    = format("%s - K8s Workers", var.label_prefix)
   statements = [
     format("allow any-user to manage autonomous-database-family in compartment id %s where all {request.principal.type = 'workload', request.principal.namespace = 'oracle-database-operator-system', request.principal.service_account = 'default', request.principal.cluster_id = '%s'}", var.compartment_id, oci_containerengine_cluster.default_cluster.id),
     format("allow any-user to read objectstorage-namespaces in compartment id %s where all {request.principal.type = 'workload', request.principal.service_account = 'default', request.principal.cluster_id = '%s'}", var.compartment_id, oci_containerengine_cluster.default_cluster.id),
@@ -52,7 +27,7 @@ resource "oci_identity_policy" "workload_node_policies" {
     format("allow any-user to manage waf-family in compartment id %s where all {request.principal.type = 'workload', request.principal.namespace = 'native-ingress-controller-system', request.principal.service_account = 'oci-native-ingress-controller', request.principal.cluster_id = '%s'}", var.compartment_id, oci_containerengine_cluster.default_cluster.id),
     format("allow any-user to read cluster-family in compartment id %s where all {request.principal.type = 'workload', request.principal.namespace = 'native-ingress-controller-system', request.principal.service_account = 'oci-native-ingress-controller', request.principal.cluster_id = '%s'}", var.compartment_id, oci_containerengine_cluster.default_cluster.id),
     format("allow any-user to use tag-namespaces in compartment id %s where all {request.principal.type = 'workload', request.principal.namespace = 'native-ingress-controller-system', request.principal.service_account = 'oci-native-ingress-controller', request.principal.cluster_id = '%s'}", var.compartment_id, oci_containerengine_cluster.default_cluster.id),
-    format("allow dynamic-group %s to manage repos in compartment id %s", oci_identity_dynamic_group.node_dynamic_group.name, var.compartment_id),
+    format("allow dynamic-group %s to manage repos in compartment id %s", var.dynamic_group, var.compartment_id),
   ]
   provider = oci.home_region
 }

opentofu/modules/kubernetes/locals.tf

@@ -4,8 +4,6 @@
 
 // Region Mapping
 locals {
-  identity_tag_key = format("%s.%s", oci_identity_tag_namespace.tag_namespace.name, oci_identity_tag.identity_tag.name)
-  identity_tag_val = var.label_prefix
   region_map = {
     for r in data.oci_identity_regions.identity_regions.regions : r.name => r.key
   }

opentofu/modules/kubernetes/main.tf

@@ -84,6 +84,7 @@ resource "oci_containerengine_cluster" "default_cluster" {
     }
     service_lb_subnet_ids = [var.public_subnet_id]
   }
+  defined_tags = { (var.identity_tag_key) = var.label_prefix }
   freeform_tags = {
     "clusterName" = local.k8s_cluster_name
   }
@@ -146,7 +147,7 @@ resource "oci_containerengine_node_pool" "default_node_pool_details" {
     size    = var.k8s_cpu_node_pool_size
     nsg_ids = [oci_core_network_security_group.k8s_workers.id]
     // Used for Instance Principles
-    defined_tags = { (local.identity_tag_key) = local.identity_tag_val }
+    defined_tags = { (var.identity_tag_key) = var.label_prefix }
   }
   node_eviction_node_pool_settings {
     eviction_grace_duration              = "PT5M"
@@ -197,6 +198,8 @@ resource "oci_containerengine_node_pool" "gpu_node_pool_details" {
     }
     size    = var.k8s_gpu_node_pool_size
     nsg_ids = [oci_core_network_security_group.k8s_workers.id]
+    // Used for Instance Principles
+    defined_tags = { (var.identity_tag_key) = var.label_prefix }
   }
   node_eviction_node_pool_settings {
     eviction_grace_duration              = "PT5M"

opentofu/modules/kubernetes/variables.tf

@@ -47,6 +47,10 @@ variable "label_prefix" {
   type = string
 }
 
+variable "dynamic_group" {
+  type = string
+}
+
 variable "adb_id" {
   type = string
 }
@@ -100,4 +104,8 @@ variable "lb_nsg_id" {
 variable "k8s_api_endpoint_allowed_cidrs" {
   type    = string
   default = ""
-}
+}
+
+variable "identity_tag_key" {
+  type = string
+}

src/client/content/chatbot.py

@@ -67,9 +67,11 @@ async def main() -> None:
         st.stop()
     # the sidebars will set this to False if not everything is configured.
     state.enable_client = True
+    st_common.tools_sidebar()
     st_common.history_sidebar()
     st_common.ll_sidebar()
-    st_common.tools_sidebar()
+    st_common.selectai_sidebar()
+    st_common.vector_search_sidebar()    
     # Stop when sidebar configurations not set
     if not state.enable_client:
         st.stop()

src/client/utils/st_common.py

@@ -249,7 +249,7 @@ def update_settings():
         switch_prompt("sys", "Basic Example")
     else:
         tools = [
-            ("None", "Do not use tools", False),
+            ("LLM Only", "Do not use tools", False),
             ("SelectAI", "Use AI with Structured Data", disable_selectai),
             ("VectorSearch", "Use AI with Unstructured Data", disable_vector_search),
         ]
@@ -277,7 +277,7 @@ def update_settings():
         tool_box = [name for name, _, disabled in tools if not disabled]
         # tool_cap = [desc for _, desc, disabled in tools if not disabled]
         if len(tool_box) > 1:
-            st.sidebar.subheader("Tools", divider="red")
+            st.sidebar.subheader("Toolkit", divider="red")
             tool_index = next(
                 (
                     i
@@ -287,7 +287,7 @@ def update_settings():
                 ),
                 0,
             )
-            st.sidebar.radio(
+            st.sidebar.selectbox(
                 "Tool Selection",
                 tool_box,
                 # captions=tool_cap,
@@ -298,9 +298,6 @@ def update_settings():
             )
             if state.selected_tool == "None":
                 switch_prompt("sys", "Basic Example")
-            selectai_sidebar()
-            vector_search_sidebar()
-
 
 #####################################################
 # SelectAI Options

src/pyproject.toml

@@ -14,17 +14,17 @@ authors = [
 
 # Common dependencies that are always needed
 dependencies = [
-    "langchain-core==0.3.59",
+    "langchain-core==0.3.62",
     "httpx==0.28.1",
     "oracledb~=3.1",
-    "plotly==6.0.1",
+    "plotly==6.1.2",
 ]
 
 [project.optional-dependencies]
 # Server component dependencies
 # torch is installed via requirements for platform specifics
 server = [
-    "bokeh==3.7.2",
+    "bokeh==3.7.3",
     "evaluate==0.4.3",
     "fastapi==0.115.12",
     "faiss-cpu==1.11.0",
@@ -33,13 +33,13 @@ server = [
     "langchain-cohere==0.4.4",
     "langchain-community==0.3.24",
     "langchain-huggingface==0.2.0",
-    "langchain-ollama==0.3.2",
-    "langchain-openai==0.3.16",
-    "langgraph==0.4.3",
-    "litellm==1.69.2",
-    "llama_index==0.12.36",
+    "langchain-ollama==0.3.3",
+    "langchain-openai==0.3.18",
+    "langgraph==0.4.7",
+    "litellm==1.71.1",
+    "llama_index==0.12.37",
     "lxml==5.4.0",
-    "matplotlib==3.10.1",
+    "matplotlib==3.10.3",
     "oci~=2.0",
     "psutil==7.0.0",
     "python-multipart==0.0.20",