From 02d35939a8ba9490d707393dcdde2f6a21cf74c8 Mon Sep 17 00:00:00 2001
From: Bangarraju-Microsoft <v-golib@microsoft.com>
Date: Wed, 30 Jul 2025 13:45:33 +0530
Subject: [PATCH 1/5]  Replace DefaultAzureCredential with
 ManagedIdentityCredential in Accelerator Repositories changes

---
 infra/scripts/aihub_scripts/create_ai_hub.py  |  7 +++---
 infra/scripts/azure_credential_utils.py       | 22 +++++++++++++++++++
 .../fabric_scripts/create_fabric_items.py     |  7 +++---
 .../index_scripts/create_articles_index.py    |  7 +++---
 .../index_scripts/create_drafts_index.py      |  7 +++---
 .../index_scripts/create_grants_index.py      |  7 +++---
 infra/scripts/run_create_aihub_scripts.sh     |  1 +
 infra/scripts/run_create_index_scripts.sh     |  1 +
 infra/scripts/run_fabric_items_scripts.sh     |  1 +
 9 files changed, 45 insertions(+), 15 deletions(-)
 create mode 100644 infra/scripts/azure_credential_utils.py

diff --git a/infra/scripts/aihub_scripts/create_ai_hub.py b/infra/scripts/aihub_scripts/create_ai_hub.py
index cf0b8c3a6..6567b9043 100644
--- a/infra/scripts/aihub_scripts/create_ai_hub.py
+++ b/infra/scripts/aihub_scripts/create_ai_hub.py
@@ -10,14 +10,15 @@
     AzureOpenAIConnection,
 )
 from azure.keyvault.secrets import SecretClient
-from azure.identity import DefaultAzureCredential
+
+from azure_credential_utils import get_azure_credential
 
 def get_secrets_from_kv(kv_name, secret_name):
     # Set the name of the Azure Key Vault
     key_vault_name = kv_name
 
     # Create a credential object using the default Azure credentials
-    credential = DefaultAzureCredential()
+    credential = get_azure_credential()
 
     # Create a secret client object using the credential and Key Vault name
     secret_client = SecretClient(
@@ -60,7 +61,7 @@ def get_secrets_from_kv(kv_name, secret_name):
 ai_search_key = get_secrets_from_kv(key_vault_name, "AZURE-SEARCH-KEY")
 
 # Credentials
-credential = DefaultAzureCredential()
+credential = get_azure_credential()
 
 # Create an ML client
 ml_client = MLClient(
diff --git a/infra/scripts/azure_credential_utils.py b/infra/scripts/azure_credential_utils.py
new file mode 100644
index 000000000..8e3f0305b
--- /dev/null
+++ b/infra/scripts/azure_credential_utils.py
@@ -0,0 +1,22 @@
+from azure.identity import ManagedIdentityCredential, DefaultAzureCredential
+
+APP_ENV = 'prod'  # Change to 'dev' for local development
+
+def get_azure_credential(client_id=None):
+    """
+    Retrieves the appropriate Azure credential based on the application environment.
+
+    If the application is running locally, it uses Azure CLI credentials.
+    Otherwise, it uses a managed identity credential.
+
+    Args:
+        client_id (str, optional): The client ID for the managed identity. Defaults to None.
+
+    Returns:
+        azure.identity.DefaultAzureCredential or azure.identity.ManagedIdentityCredential: 
+        The Azure credential object.
+    """
+    if APP_ENV == 'dev':
+        return DefaultAzureCredential() # CodeQL [SM05139] Okay use of DefaultAzureCredential as it is only used in development
+    else:
+        return ManagedIdentityCredential(client_id=client_id)
\ No newline at end of file
diff --git a/infra/scripts/fabric_scripts/create_fabric_items.py b/infra/scripts/fabric_scripts/create_fabric_items.py
index 510cb6699..745481368 100644
--- a/infra/scripts/fabric_scripts/create_fabric_items.py
+++ b/infra/scripts/fabric_scripts/create_fabric_items.py
@@ -4,11 +4,12 @@
 import requests
 import pandas as pd
 
-# credential = DefaultAzureCredential()
 
-from azure.identity import AzureCliCredential
 
-credential = AzureCliCredential()
+# credential = DefaultAzureCredential()
+
+from azure_credential_utils import get_azure_credential
+credential = get_azure_credential()
 
 cred = credential.get_token('https://api.fabric.microsoft.com/.default')
 token = cred.token
diff --git a/infra/scripts/index_scripts/create_articles_index.py b/infra/scripts/index_scripts/create_articles_index.py
index 21b4624c5..5c88af589 100644
--- a/infra/scripts/index_scripts/create_articles_index.py
+++ b/infra/scripts/index_scripts/create_articles_index.py
@@ -15,7 +15,8 @@
 num_pages = 10
 
 from azure.keyvault.secrets import SecretClient  
-from azure.identity import DefaultAzureCredential  
+
+from infra.scripts.azure_credential_utils import get_azure_credential
 
 def get_secrets_from_kv(kv_name, secret_name):
     
@@ -23,7 +24,7 @@ def get_secrets_from_kv(kv_name, secret_name):
   key_vault_name = kv_name 
     
   # Create a credential object using the default Azure credentials  
-  credential = DefaultAzureCredential()
+  credential = get_azure_credential()
 
     # Create a secret client object using the credential and Key Vault name  
   secret_client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net/", credential=credential)  
@@ -351,7 +352,7 @@ def chunk_data(text):
 
 
 account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
-credential = DefaultAzureCredential()
+credential = azure_credential_utils()
 
 account_url = f"https://{account_name}.dfs.core.windows.net"
 
diff --git a/infra/scripts/index_scripts/create_drafts_index.py b/infra/scripts/index_scripts/create_drafts_index.py
index 9acb0a492..f4c713f4d 100644
--- a/infra/scripts/index_scripts/create_drafts_index.py
+++ b/infra/scripts/index_scripts/create_drafts_index.py
@@ -12,7 +12,8 @@
 num_pages = 10
 
 from azure.keyvault.secrets import SecretClient  
-from azure.identity import DefaultAzureCredential  
+
+from infra.scripts.azure_credential_utils import get_azure_credential
 
 def get_secrets_from_kv(kv_name, secret_name):
     
@@ -20,7 +21,7 @@ def get_secrets_from_kv(kv_name, secret_name):
   key_vault_name = kv_name 
     
   # Create a credential object using the default Azure credentials  
-  credential = DefaultAzureCredential()
+  credential = get_azure_credential()
 
   # Create a secret client object using the credential and Key Vault name  
   secret_client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net/", credential=credential)  
@@ -342,7 +343,7 @@ def chunk_data(text):
 
 
 account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
-credential = DefaultAzureCredential()
+credential = get_azure_credential()
 
 account_url = f"https://{account_name}.dfs.core.windows.net"
 
diff --git a/infra/scripts/index_scripts/create_grants_index.py b/infra/scripts/index_scripts/create_grants_index.py
index a59871275..68c9cfc4c 100644
--- a/infra/scripts/index_scripts/create_grants_index.py
+++ b/infra/scripts/index_scripts/create_grants_index.py
@@ -11,7 +11,8 @@
 num_pages = 10
 
 from azure.keyvault.secrets import SecretClient  
-from azure.identity import DefaultAzureCredential  
+
+from infra.scripts.azure_credential_utils import get_azure_credential 
 
 def get_secrets_from_kv(kv_name, secret_name):
     
@@ -19,7 +20,7 @@ def get_secrets_from_kv(kv_name, secret_name):
   key_vault_name = kv_name 
     
   # Create a credential object using the default Azure credentials  
-  credential = DefaultAzureCredential()
+  credential = get_azure_credential()
 
   # Create a secret client object using the credential and Key Vault name  
   secret_client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net/", credential=credential)  
@@ -340,7 +341,7 @@ def chunk_data(text):
 
 
 account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
-credential = DefaultAzureCredential()
+credential = get_azure_credential()
 
 account_url = f"https://{account_name}.dfs.core.windows.net"
 
diff --git a/infra/scripts/run_create_aihub_scripts.sh b/infra/scripts/run_create_aihub_scripts.sh
index 939837410..a67b085a8 100644
--- a/infra/scripts/run_create_aihub_scripts.sh
+++ b/infra/scripts/run_create_aihub_scripts.sh
@@ -21,6 +21,7 @@ echo "Download Started"
 
 # Download the create_index python files
 curl --output "create_ai_hub.py" ${baseUrl}"infra/scripts/aihub_scripts/create_ai_hub.py"
+curl --output "azure_credential_utils.py" "${baseUrl}infra/scripts/azure_credential_utils.py"
 
 # Download the requirement file
 curl --output "$requirementFile" "$requirementFileUrl"
diff --git a/infra/scripts/run_create_index_scripts.sh b/infra/scripts/run_create_index_scripts.sh
index 33dc40e8d..6b59d744d 100644
--- a/infra/scripts/run_create_index_scripts.sh
+++ b/infra/scripts/run_create_index_scripts.sh
@@ -13,6 +13,7 @@ echo "Download Started"
 curl --output "create_articles_index.py" ${baseUrl}"infra/scripts/index_scripts/create_articles_index.py"
 curl --output "create_grants_index.py" ${baseUrl}"infra/scripts/index_scripts/create_grants_index.py"
 curl --output "create_drafts_index.py" ${baseUrl}"infra/scripts/index_scripts/create_drafts_index.py"
+curl --output "azure_credential_utils.py" "${baseUrl}infra/scripts/azure_credential_utils.py"
 
 # Download the requirement file
 curl --output "$requirementFile" "$requirementFileUrl"
diff --git a/infra/scripts/run_fabric_items_scripts.sh b/infra/scripts/run_fabric_items_scripts.sh
index d631745c2..ec64bfc0c 100644
--- a/infra/scripts/run_fabric_items_scripts.sh
+++ b/infra/scripts/run_fabric_items_scripts.sh
@@ -16,6 +16,7 @@ curl --output "create_fabric_items.py" ${baseUrl}"infra/scripts/fabric_scripts/c
 curl --output "create_articles_index.ipynb" ${baseUrl}"infra/scripts/fabric_scripts/create_articles_index.ipynb"
 curl --output "create_grants_index.ipynb" ${baseUrl}"infra/scripts/fabric_scripts/create_grants_index.ipynb"
 curl --output "create_drafts_index.ipynb" ${baseUrl}"infra/scripts/fabric_scripts/create_drafts_index.ipynb"
+curl --output "azure_credential_utils.py" "${baseUrl}infra/scripts/azure_credential_utils.py"
 
 # Download the requirement file
 curl --output "$requirementFile" "$requirementFileUrl"

From 174089448a9cc4c2fbb8d193a2448086f67b40c8 Mon Sep 17 00:00:00 2001
From: Bangarraju-Microsoft <v-golib@microsoft.com>
Date: Wed, 30 Jul 2025 14:17:52 +0530
Subject: [PATCH 2/5] comment resolved and updated

---
 infra/scripts/index_scripts/create_articles_index.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/scripts/index_scripts/create_articles_index.py b/infra/scripts/index_scripts/create_articles_index.py
index 5c88af589..932904d06 100644
--- a/infra/scripts/index_scripts/create_articles_index.py
+++ b/infra/scripts/index_scripts/create_articles_index.py
@@ -352,7 +352,7 @@ def chunk_data(text):
 
 
 account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
-credential = azure_credential_utils()
+credential = get_azure_credential()
 
 account_url = f"https://{account_name}.dfs.core.windows.net"
 

From f4f0444c66416d1ccc50e6b5d2a245e1a476a4b9 Mon Sep 17 00:00:00 2001
From: Bangarraju-Microsoft <v-golib@microsoft.com>
Date: Wed, 30 Jul 2025 18:30:36 +0530
Subject: [PATCH 3/5] changing to dev

---
 infra/scripts/azure_credential_utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/scripts/azure_credential_utils.py b/infra/scripts/azure_credential_utils.py
index 8e3f0305b..30c949e48 100644
--- a/infra/scripts/azure_credential_utils.py
+++ b/infra/scripts/azure_credential_utils.py
@@ -1,6 +1,6 @@
 from azure.identity import ManagedIdentityCredential, DefaultAzureCredential
 
-APP_ENV = 'prod'  # Change to 'dev' for local development
+APP_ENV = 'dev'  # Change to 'dev' for local development
 
 def get_azure_credential(client_id=None):
     """

From 00c889410919e894c6eaf22c4a813918ed8a73a3 Mon Sep 17 00:00:00 2001
From: Bangarraju-Microsoft <v-golib@microsoft.com>
Date: Wed, 30 Jul 2025 19:05:45 +0530
Subject: [PATCH 4/5] changing to prod

---
 infra/scripts/azure_credential_utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/scripts/azure_credential_utils.py b/infra/scripts/azure_credential_utils.py
index 30c949e48..8e3f0305b 100644
--- a/infra/scripts/azure_credential_utils.py
+++ b/infra/scripts/azure_credential_utils.py
@@ -1,6 +1,6 @@
 from azure.identity import ManagedIdentityCredential, DefaultAzureCredential
 
-APP_ENV = 'dev'  # Change to 'dev' for local development
+APP_ENV = 'prod'  # Change to 'dev' for local development
 
 def get_azure_credential(client_id=None):
     """

From 7859eea145bd01c3f4665d57ad483ca04c661fd0 Mon Sep 17 00:00:00 2001
From: Bangarraju-Microsoft <v-golib@microsoft.com>
Date: Thu, 31 Jul 2025 11:46:47 +0530
Subject: [PATCH 5/5] modified file path

---
 infra/scripts/aihub_scripts/create_ai_hub.py        | 2 +-
 infra/scripts/fabric_scripts/create_fabric_items.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infra/scripts/aihub_scripts/create_ai_hub.py b/infra/scripts/aihub_scripts/create_ai_hub.py
index 6567b9043..8ec5e36b7 100644
--- a/infra/scripts/aihub_scripts/create_ai_hub.py
+++ b/infra/scripts/aihub_scripts/create_ai_hub.py
@@ -11,7 +11,7 @@
 )
 from azure.keyvault.secrets import SecretClient
 
-from azure_credential_utils import get_azure_credential
+from infra.scripts.azure_credential_utils import get_azure_credential
 
 def get_secrets_from_kv(kv_name, secret_name):
     # Set the name of the Azure Key Vault
diff --git a/infra/scripts/fabric_scripts/create_fabric_items.py b/infra/scripts/fabric_scripts/create_fabric_items.py
index 745481368..de724645a 100644
--- a/infra/scripts/fabric_scripts/create_fabric_items.py
+++ b/infra/scripts/fabric_scripts/create_fabric_items.py
@@ -8,7 +8,7 @@
 
 # credential = DefaultAzureCredential()
 
-from azure_credential_utils import get_azure_credential
+from infra.scripts.azure_credential_utils import get_azure_credential
 credential = get_azure_credential()
 
 cred = credential.get_token('https://api.fabric.microsoft.com/.default')