Skip to content

feat: Replace DefaultAzureCredential with ManagedIdentityCredential in Acc… #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jul 31, 2025
Merged

feat: Replace DefaultAzureCredential with ManagedIdentityCredential in Acc… #627

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
02d3593
Replace DefaultAzureCredential with ManagedIdentityCredential in Acc…
Bangarraju-Microsoft Jul 30, 2025
1740894
comment resolved and updated
Bangarraju-Microsoft Jul 30, 2025
f4f0444
changing to dev
Bangarraju-Microsoft Jul 30, 2025
00c8894
changing to prod
Bangarraju-Microsoft Jul 30, 2025
7859eea
modified file path
Bangarraju-Microsoft Jul 31, 2025
a6cd5c4
Merge branch 'byoc-researcher' of https://github.com/microsoft/Build-…
Bangarraju-Microsoft Jul 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions infra/scripts/aihub_scripts/create_ai_hub.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@
AzureOpenAIConnection,
)
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

from infra.scripts.azure_credential_utils import get_azure_credential

def get_secrets_from_kv(kv_name, secret_name):
# Set the name of the Azure Key Vault
key_vault_name = kv_name

# Create a credential object using the default Azure credentials
credential = DefaultAzureCredential()
credential = get_azure_credential()

# Create a secret client object using the credential and Key Vault name
secret_client = SecretClient(
Expand Down Expand Up @@ -60,7 +61,7 @@ def get_secrets_from_kv(kv_name, secret_name):
ai_search_key = get_secrets_from_kv(key_vault_name, "AZURE-SEARCH-KEY")

# Credentials
credential = DefaultAzureCredential()
credential = get_azure_credential()

# Create an ML client
ml_client = MLClient(
Expand Down
22 changes: 22 additions & 0 deletions infra/scripts/azure_credential_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
from azure.identity import ManagedIdentityCredential, DefaultAzureCredential

APP_ENV = 'prod' # Change to 'dev' for local development

def get_azure_credential(client_id=None):
"""
Retrieves the appropriate Azure credential based on the application environment.

If the application is running locally, it uses Azure CLI credentials.
Otherwise, it uses a managed identity credential.

Args:
client_id (str, optional): The client ID for the managed identity. Defaults to None.

Returns:
azure.identity.DefaultAzureCredential or azure.identity.ManagedIdentityCredential:
The Azure credential object.
"""
if APP_ENV == 'dev':
return DefaultAzureCredential() # CodeQL [SM05139] Okay use of DefaultAzureCredential as it is only used in development
else:
return ManagedIdentityCredential(client_id=client_id)
7 changes: 4 additions & 3 deletions infra/scripts/fabric_scripts/create_fabric_items.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,12 @@
import requests
import pandas as pd

# credential = DefaultAzureCredential()

from azure.identity import AzureCliCredential

credential = AzureCliCredential()
# credential = DefaultAzureCredential()

from infra.scripts.azure_credential_utils import get_azure_credential
credential = get_azure_credential()

cred = credential.get_token('https://api.fabric.microsoft.com/.default')
token = cred.token
Expand Down
7 changes: 4 additions & 3 deletions infra/scripts/index_scripts/create_articles_index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,16 @@
num_pages = 10

from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

from infra.scripts.azure_credential_utils import get_azure_credential

def get_secrets_from_kv(kv_name, secret_name):

# Set the name of the Azure Key Vault
key_vault_name = kv_name

# Create a credential object using the default Azure credentials
credential = DefaultAzureCredential()
credential = get_azure_credential()

# Create a secret client object using the credential and Key Vault name
secret_client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net/", credential=credential)
Expand Down Expand Up @@ -351,7 +352,7 @@ def chunk_data(text):


account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
credential = DefaultAzureCredential()
credential = get_azure_credential()

account_url = f"https://{account_name}.dfs.core.windows.net"

Expand Down
7 changes: 4 additions & 3 deletions infra/scripts/index_scripts/create_drafts_index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,16 @@
num_pages = 10

from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

from infra.scripts.azure_credential_utils import get_azure_credential

def get_secrets_from_kv(kv_name, secret_name):

# Set the name of the Azure Key Vault
key_vault_name = kv_name

# Create a credential object using the default Azure credentials
credential = DefaultAzureCredential()
credential = get_azure_credential()

# Create a secret client object using the credential and Key Vault name
secret_client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net/", credential=credential)
Expand Down Expand Up @@ -342,7 +343,7 @@ def chunk_data(text):


account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
credential = DefaultAzureCredential()
credential = get_azure_credential()

account_url = f"https://{account_name}.dfs.core.windows.net"

Expand Down
7 changes: 4 additions & 3 deletions infra/scripts/index_scripts/create_grants_index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,16 @@
num_pages = 10

from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

from infra.scripts.azure_credential_utils import get_azure_credential

def get_secrets_from_kv(kv_name, secret_name):

# Set the name of the Azure Key Vault
key_vault_name = kv_name

# Create a credential object using the default Azure credentials
credential = DefaultAzureCredential()
credential = get_azure_credential()

# Create a secret client object using the credential and Key Vault name
secret_client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net/", credential=credential)
Expand Down Expand Up @@ -340,7 +341,7 @@ def chunk_data(text):


account_name = get_secrets_from_kv(key_vault_name, "ADLS-ACCOUNT-NAME")
credential = DefaultAzureCredential()
credential = get_azure_credential()

account_url = f"https://{account_name}.dfs.core.windows.net"

Expand Down
1 change: 1 addition & 0 deletions infra/scripts/run_create_aihub_scripts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ echo "Download Started"

# Download the create_index python files
curl --output "create_ai_hub.py" ${baseUrl}"infra/scripts/aihub_scripts/create_ai_hub.py"
curl --output "azure_credential_utils.py" "${baseUrl}infra/scripts/azure_credential_utils.py"

# Download the requirement file
curl --output "$requirementFile" "$requirementFileUrl"
Expand Down
1 change: 1 addition & 0 deletions infra/scripts/run_create_index_scripts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ echo "Download Started"
curl --output "create_articles_index.py" ${baseUrl}"infra/scripts/index_scripts/create_articles_index.py"
curl --output "create_grants_index.py" ${baseUrl}"infra/scripts/index_scripts/create_grants_index.py"
curl --output "create_drafts_index.py" ${baseUrl}"infra/scripts/index_scripts/create_drafts_index.py"
curl --output "azure_credential_utils.py" "${baseUrl}infra/scripts/azure_credential_utils.py"

# Download the requirement file
curl --output "$requirementFile" "$requirementFileUrl"
Expand Down
1 change: 1 addition & 0 deletions infra/scripts/run_fabric_items_scripts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ curl --output "create_fabric_items.py" ${baseUrl}"infra/scripts/fabric_scripts/c
curl --output "create_articles_index.ipynb" ${baseUrl}"infra/scripts/fabric_scripts/create_articles_index.ipynb"
curl --output "create_grants_index.ipynb" ${baseUrl}"infra/scripts/fabric_scripts/create_grants_index.ipynb"
curl --output "create_drafts_index.ipynb" ${baseUrl}"infra/scripts/fabric_scripts/create_drafts_index.ipynb"
curl --output "azure_credential_utils.py" "${baseUrl}infra/scripts/azure_credential_utils.py"

# Download the requirement file
curl --output "$requirementFile" "$requirementFileUrl"
Expand Down