Merge pull request #281163 from jeffwmartinez/jefmarti-mi-updates

prmerger-automator[bot] · web-flow · commit 6650f4d92b8a · 2024-07-18T04:44:32.000Z
improving workflow for java and py
diff --git a/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-java-pivot.md b/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-java-pivot.md
@@ -29,51 +29,11 @@ For this Spring Boot application, we are building off the [quickstart](../../qui
   }
 ```
 
-### Secure your app with managed identity
-
-Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
-
-Follow the steps below to secure your application:
-
-Add the Azure OpenAI dependency package. This package enables using Azure credentials in your app.
-
-```java
-<dependency>
-    <groupId>com.azure</groupId>
-    <artifactId>azure-ai-openai</artifactId>
-    <version>1.0.0-beta.9</version>
-</dependency>
-```
-
-Next, include the default Azure default credentials when creating the client
-
-```java
-TokenCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
-
-OpenAIClient client = new OpenAIClientBuilder()
-    .credential(defaultCredential)
-    .endpoint("{endpoint}")
-    .buildClient();
-```
-
-Once the credentials are added to the application, you�ll then need to enable managed identity in your application and grant access to the resource.
-
-1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
-2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
-3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
-4. Find the Grant access to this resource card and click on **Add role assignment**
-5. Search for the **Cognitive Services OpenAI User** role and click **Next**
-6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
-7. Next, click on **+Select Members**  and find your web app
-8. Click **Review + assign**
-
-Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
-
 ### API Keys and Endpoints
 
 First, you need to grab the keys and endpoint values from Azure OpenAI, or OpenAI and add them as secrets for use in your application. Retrieve and save the values for later use to build the client.
 
-For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. For our application, you need the following values:
+For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. If you're planning to use [managed identity](../../overview-managed-identity.md) to secure your app you'll only need the `endpoint` value. Otherwise, you need each of the following:
 
 - `endpoint`
 - `apiKey`
@@ -139,11 +99,11 @@ For OpenAI:
 
 Before you can create the client, you first need to add the Azure SDK dependency. Add the following Azure OpenAI package to the *pom.xl* file and run the **mvn package** command to build the package.
 
-```python
+```java
 <dependency>
     <groupId>com.azure</groupId>
     <artifactId>azure-ai-openai</artifactId>
-    <version>1.0.0-beta.6</version>
+    <version>1.0.0-beta.9</version>
 </dependency>
 ```
 
@@ -180,6 +140,36 @@ import com.azure.ai.openai.OpenAIClientBuilder;
 import com.azure.core.credential.AzureKeyCredential;
 ```
 
+### Secure your app with managed identity
+
+Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
+
+Follow the steps below to secure your application:
+
+The Azure SDK package previously installed in the previous section enables the use of default credentials in your app. Include the default Azure default credentials when you create the client.
+
+```java
+TokenCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
+
+OpenAIClient client = new OpenAIClientBuilder()
+    .credential(defaultCredential)
+    .endpoint(endpoint)
+    .buildClient();
+```
+
+Once the credentials are added to the application, you�ll then need to enable managed identity in your application and grant access to the resource.
+
+1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
+2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
+3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
+4. Find the Grant access to this resource card and click on **Add role assignment**
+5. Search for the **Cognitive Services OpenAI User** role and click **Next**
+6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
+7. Next, click on **+Select Members**  and find your web app
+8. Click **Review + assign**
+
+Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
+
 ### Setup prompt and call to OpenAI
 
 Now that our OpenAI service is created we can use the chat completions method to send our request message to OpenAI and return a response. Here's where we add our chat message prompt to the code to be passed to the chat completions method. Use the following code to set up the chat completions method:
diff --git a/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-python-pivot.md b/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-python-pivot.md
@@ -19,7 +19,7 @@ You can use Azure App Service to work with popular AI frameworks like LangChain
 
 For this Flask web application, we are building off the [quickstart](../../quickstart-python.md?tabs=flask%2Cwindows%2Cazure-cli%2Cvscode-deploy%2Cdeploy-instructions-azportal%2Cterminal-bash%2Cdeploy-instructions-zip-azcli#1---sample-application) app and updating the *app.py* file to send and receive requests to an Azure OpenAI OR OpenAI service using LangChain.
 
-First, copy and replace the *index.html* file with the following code:
+First, copy, and replace the *index.html* file with the following code:
 
 ```html
 <!doctype html>
@@ -54,7 +54,7 @@ First, copy and replace the *index.html* file with the following code:
 </html>
 ```
 
-Next, copy and replace the *hello.html* file with the following code:
+Next, copy, and replace the *hello.html* file with the following code:
 
 ```html
 <!doctype html>
@@ -82,54 +82,16 @@ Next, copy and replace the *hello.html* file with the following code:
 
 After the files are updated, we can start preparing our environment variables to work with OpenAI.
 
-### Secure your app with managed identity
-
-Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
-
-Follow the steps below to secure your application:
-
-Add the identity package `Azure.Identity`. This package enables using Azure credentials in your app.  Install the package and import the default credential and bearer token provider.
-
-```python
-from azure.identity import DefaultAzureCredential, get_bearer_token_provider
-```
-
-Next, include the default Azure credentials and token provider in the AzureOpenAI options.
-
-```python
-token_provider = get_bearer_token_provider(
-    DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default"
-)
-
-client = AzureOpenAI(
-    api_version="2024-02-15-preview",
-    azure_endpoint="https://{your-custom-endpoint}.openai.azure.com/",
-    azure_ad_token_provider=token_provider
-)
-```
-
-Once the credentials are added to the application, you�ll then need to enable managed identity in your application and grant access to the resource.
-
-1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
-2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
-3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
-4. Find the Grant access to this resource card and click on **Add role assignment**
-5. Search for the **Cognitive Services OpenAI User** role and click **Next**
-6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
-7. Next, click on **+Select Members**  and find your web app
-8. Click **Review + assign**
-
-Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
-
 ### API Keys and Endpoints
 
 In order to make calls to OpenAI with your client, you need to first grab the Keys and Endpoint values from Azure OpenAI, or OpenAI and add them as secrets for use in your application. Retrieve and save the values for later use.
 
-For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. For our application, you need the following values:
+For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. If you're planning to use [managed identity](../../overview-managed-identity.md) to secure your app you'll only need the `api_version` and `azure__endpoint` values.  Otherwise, you need each of the following:
 
 - `api_key`
 - `api_version`
 - `azure_deployment`
+- `azure_endpoint`
 - `model_name`
 
 For OpenAI, see this [documentation](https://platform.openai.com/docs/api-reference) to retrieve the API keys. For our application, you need the following values:
@@ -202,7 +164,7 @@ from langchain_openai import AzureOpenAI~~
 
 After LangChain is imported into our file, you can add the code that will call to OpenAI with the LangChain invoke chat method. Update *app.py `http://app.py`* to include the following code:
 
-For Azure OpenAI, use the following code:
+For Azure OpenAI, use the following code. If you plan to use managed identity you can use the credentials outlined in the following section for the Azure OpenAI parameters. 
 
 ```python
 @app.route('/hello', methods=['POST'])
@@ -294,6 +256,45 @@ if __name__ == '__main__':
 
 Now save the application and follow the next steps to deploy it to App Service. If you would like to test it locally first at this step, you can swap out the key and endpoint values with the literal string values of your OpenAI service. For example: model_name = 'gpt-4-turbo';
 
+### Secure your app with managed identity
+
+Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
+
+Follow the steps below to secure your application:
+
+Add the identity package `Azure.Identity`. This package enables using Azure credentials in your app.  Install the package and import the default credential and bearer token provider.
+
+```python
+from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+```
+
+Next, include the default Azure credentials and token provider in the AzureOpenAI options.
+
+```python
+token_provider = get_bearer_token_provider(
+    DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default"
+)
+
+client = AzureOpenAI(
+    api_version="2024-02-15-preview",
+    azure_endpoint="https://{your-custom-endpoint}.openai.azure.com/",
+    azure_ad_token_provider=token_provider
+)
+```
+
+Once the credentials are added to the application, you�ll then need to enable managed identity in your application and grant access to the resource.
+
+1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
+2. Once System assigned identity is turned on, it registers the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
+3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
+4. Find the Grant access to this resource card and click on **Add role assignment**
+5. Search for the **Cognitive Services OpenAI User** role and click **Next**
+6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
+7. Next, click on **+Select Members**  and find your web app
+8. Click **Review + assign**
+
+Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
+
 ### Deploy to App Service
 
 Before deploying to App Service, you need to edit the *requirments.txt* file and add an environment variable to your web app so it recognizes the LangChain library and build properly.
