feat: Identity based auth implementation

Author: Prajwal-Microsoft

Deployment/bicep/modules/azurecognitiveservice.bicep

@@ -15,6 +15,7 @@ resource cognitiveService 'Microsoft.CognitiveServices/accounts@2022-03-01' = {
   }
   kind: 'FormRecognizer'
   properties: {
+    customSubDomainName: cognitiveServiceName
   }
 }
 

Deployment/bicep/modules/azureopenaiservice.bicep

@@ -12,6 +12,7 @@ resource openAIService 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
     name: 'S0'
   }
   properties: {
+    customSubDomainName: openAIServiceName
     // Add any specific properties if needed
   }
 }

Deployment/bicep/modules/azuresearch.bicep

@@ -13,6 +13,7 @@ resource searchService 'Microsoft.Search/searchServices@2023-11-01' = {
   properties: {
     replicaCount: 1
     partitionCount: 1
+    disableLocalAuth: true
   }
 }
 

Services/src/esg-ai-doc-analysis/CFS.SK.Sustainability.AI/Services/Queue/AzureStorageQueueService.cs

@@ -158,7 +158,10 @@ public void OnDequeue(Func<string, Task<bool>> processMessageAction)
                 {
                     if (message.DequeueCount <= MaxRetryBeforePoisonQueue)
                     {
-                        bool success = await processMessageAction.Invoke(message.MessageText).ConfigureAwait(false);
+                        // Extract the original message text in case this is a re-queued poison message
+                        string messageTextToProcess = ExtractOriginalMessageText(message.MessageText);
+                        
+                        bool success = await processMessageAction.Invoke(messageTextToProcess).ConfigureAwait(false);
                         if (success)
                         {
                             this._log.LogTrace("Message '{0}' successfully processed, deleting message", message.MessageId);
@@ -283,16 +286,26 @@ private async Task DeleteMessageAsync(QueueMessage message, CancellationToken ca
 
         private async Task UnlockMessageAsync(QueueMessage message, TimeSpan delay, CancellationToken cancellationToken)
         {
-            await this._queue!.UpdateMessageAsync(message.MessageId, message.PopReceipt, visibilityTimeout: delay, cancellationToken: cancellationToken).ConfigureAwait(false);
+            // Pass the original message body to preserve it when updating visibility timeout
+            // Without passing the message content, Azure may distort the message body
+            await this._queue!.UpdateMessageAsync(
+                message.MessageId, 
+                message.PopReceipt, 
+                message.Body,
+                visibilityTimeout: delay, 
+                cancellationToken: cancellationToken).ConfigureAwait(false);
         }
 
         private async Task MoveMessageToPoisonQueueAsync(QueueMessage message, CancellationToken cancellationToken)
         {
             await this._poisonQueue!.CreateIfNotExistsAsync(cancellationToken: cancellationToken).ConfigureAwait(false);
 
+            // Extract the original message text, unwrapping if it was previously wrapped as a poison message
+            string originalMessageText = ExtractOriginalMessageText(message.MessageText);
+
             var poisonMsg = new
             {
-                MessageText = message.MessageText,
+                MessageText = originalMessageText,
                 Id = message.MessageId,
                 InsertedOn = message.InsertedOn,
                 DequeueCount = message.DequeueCount,
@@ -305,6 +318,40 @@ await this._poisonQueue.SendMessageAsync(
                 timeToLive: neverExpire, cancellationToken: cancellationToken).ConfigureAwait(false);
             await this.DeleteMessageAsync(message, cancellationToken).ConfigureAwait(false);
         }
+
+        /// <summary>
+        /// Extracts the original message text from a potentially wrapped poison message format.
+        /// This prevents double-wrapping when a message is moved to poison queue multiple times.
+        /// </summary>
+        private static string ExtractOriginalMessageText(string messageText)
+        {
+            if (string.IsNullOrEmpty(messageText))
+            {
+                return messageText;
+            }
+
+            try
+            {
+                using var doc = JsonDocument.Parse(messageText);
+                var root = doc.RootElement;
+
+                // Check if this is a wrapped poison message format (has MessageText, Id, InsertedOn, DequeueCount)
+                if (root.TryGetProperty("MessageText", out var innerMessageText) &&
+                    root.TryGetProperty("Id", out _) &&
+                    root.TryGetProperty("DequeueCount", out _))
+                {
+                    // This is a wrapped poison message, recursively extract the original
+                    return ExtractOriginalMessageText(innerMessageText.GetString() ?? messageText);
+                }
+            }
+            catch (JsonException)
+            {
+                // Not a valid JSON, return as-is
+            }
+
+            return messageText;
+        }
+
         private static string ToJson(object data, bool indented = false)
         {
             return JsonSerializer.Serialize(data, indented ? s_indentedJsonOptions : s_notIndentedJsonOptions);

Services/src/esg-ai-doc-analysis/CFS.SK.Sustainability.AI/plugins/CSRDPlugin/BenchmarkReportGenerator/config.json

@@ -3,7 +3,6 @@
   "description": "CSRD Report Disclosure Statement Benchmark Analyzer",
   "execution_settings": {
     "default": {
-      //just in case GPT-4o is not available, we can use GPT-4o-mini instead
       "max_tokens": 16384,
       "temperature": 0.3,
       "top_p": 0.0,

Services/src/kernel-memory/service/Core/DataFormats/Pdf/PdfDecoder.cs

@@ -13,6 +13,8 @@
 using DocumentFormat.OpenXml.ExtendedProperties;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
+using Utils.TokenGenerator;
+
 //using UglyToad.PdfPig;
 //using UglyToad.PdfPig.Content;
 //using UglyToad.PdfPig.DocumentLayoutAnalysis.TextExtractor;
@@ -49,7 +51,7 @@ static PdfDecoder()
             .Build();
 
         //Read configuration value under KernelMemory/Services/AzureAIDocIntel/APIKey
-        PdfDecoder.apiKey = config["KernelMemory:Services:AzureAIDocIntel:APIKey"];
+        //PdfDecoder.apiKey = config["KernelMemory:Services:AzureAIDocIntel:APIKey"];
         //Read configuration value under KernelMemory/Services/AzureAIDocIntel/Endpoint
         PdfDecoder.endpoint = config["KernelMemory:Services:AzureAIDocIntel:Endpoint"];
 
@@ -84,7 +86,8 @@ public FileContent ExtractContent(BinaryData data)
                 Retry = { Delay = TimeSpan.FromSeconds(90), MaxDelay = TimeSpan.FromSeconds(180), MaxRetries = 3, Mode = RetryMode.Exponential },
             };
 
-            this._client = new DocumentIntelligenceClient(new Uri(PdfDecoder.endpoint), new AzureKeyCredential(PdfDecoder.apiKey), options);
+            var credential = TokenCredentialProvider.GetCredential();
+            this._client = new DocumentIntelligenceClient(new Uri(PdfDecoder.endpoint), credential, options);
 
             Operation<AnalyzeResult> operation = null;
             operation = this._client.AnalyzeDocument(WaitUntil.Completed, "prebuilt-layout", content, outputContentFormat: ContentFormat.Markdown);