[DKM] Use ManagedIdentityCredential Instead of DefaultAzureCredential Across Repositories

Author: Priyanka-Microsoft

App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs

@@ -1,6 +1,7 @@
 using Azure.Identity;
 using Microsoft.Extensions.Azure;
 using Microsoft.GS.DPSHost.AppConfiguration;
+using Microsoft.GS.DPSHost.Helpers;
 
 namespace Microsoft.GS.DPSHost.AppConfiguration
 {
@@ -16,7 +17,7 @@ public static void Config(IHostApplicationBuilder builder)
             //Read AppConfiguration with managed Identity
             builder.Configuration.AddAzureAppConfiguration(options =>
             {
-                options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), new DefaultAzureCredential());
+                options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), AzureCredentialHelper.GetAzureCredential());
             });
 
             //Read ServiceConfiguration

App/backend-api/Microsoft.GS.DPS.Host/Helpers/azure_credential_utils.cs

@@ -0,0 +1,31 @@
+using System;
+using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Identity;
+
+namespace Microsoft.GS.DPSHost.Helpers
+{
+    public static class AzureCredentialHelper
+    {
+        public static TokenCredential GetAzureCredential(string clientId = null)
+        {
+            var env = Environment.GetEnvironmentVariable("APP_ENV") ?? "prod";
+
+            if (string.Equals(env, "dev", StringComparison.OrdinalIgnoreCase))
+            {
+                return new DefaultAzureCredential(); // For local development
+            }
+            else
+            {
+                return clientId != null
+                    ? new ManagedIdentityCredential(clientId)
+                    : new ManagedIdentityCredential();
+            }
+        }
+
+        public static Task<TokenCredential> GetAzureCredentialAsync(string clientId = null)
+        {
+            return Task.FromResult(GetAzureCredential(clientId));
+        }
+    }
+}

App/kernel-memory/Directory.Packages.props

@@ -7,7 +7,7 @@
     <PackageVersion Include="AWSSDK.S3" Version="3.7.310.4" />
     <PackageVersion Include="Azure.AI.DocumentIntelligence" Version="1.0.0" />
     <PackageVersion Include="Azure.AI.FormRecognizer" Version="4.1.0" />
-    <PackageVersion Include="Azure.Core" Version="1.42.0" />
+    <PackageVersion Include="Azure.Core" Version="1.47.1" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.3.1" />
     <PackageVersion Include="Azure.Identity" Version="1.12.0" />
     <PackageVersion Include="Azure.Search.Documents" Version="11.5.1" />

App/kernel-memory/Helpers/Helpers.csproj

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Azure.Core" />
+    <PackageReference Include="Azure.Identity" />
+  </ItemGroup>
+
+</Project>

App/kernel-memory/Helpers/azure_credential_utils.cs

@@ -0,0 +1,29 @@
+using System;
+using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Identity;
+namespace Helpers;
+
+public static class azure_credential_utils
+{
+    public static TokenCredential GetAzureCredential(string clientId = null)
+    {
+        var env = Environment.GetEnvironmentVariable("APP_ENV") ?? "prod";
+
+        if (string.Equals(env, "dev", StringComparison.OrdinalIgnoreCase))
+        {
+            return new DefaultAzureCredential(); // For local development
+        }
+        else
+        {
+            return clientId != null
+                ? new ManagedIdentityCredential(clientId)
+                : new ManagedIdentityCredential();
+        }
+    }
+
+    public static Task<TokenCredential> GetAzureCredentialAsync(string clientId = null)
+    {
+        return Task.FromResult(GetAzureCredential(clientId));
+    }
+}

App/kernel-memory/extensions/AzureAIDocIntel/AzureAIDocIntel.csproj

@@ -8,10 +8,6 @@
         <NoWarn>$(NoWarn);KMEXP02;CA1724;CA1308;</NoWarn>
     </PropertyGroup>
 
-    <ItemGroup>
-        <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
-    </ItemGroup>
-
     <ItemGroup>
         <PackageReference Include="Azure.Identity" />
         <PackageReference Include="Azure.AI.FormRecognizer" />
@@ -30,4 +26,9 @@
         <None Include="README.md" Link="README.md" Pack="true" PackagePath="." Visible="false" />
     </ItemGroup>
 
+    <ItemGroup>
+      <ProjectReference Include="..\..\Helpers\Helpers.csproj" />
+      <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
+    </ItemGroup>
+
 </Project>

App/kernel-memory/extensions/AzureAIDocIntel/AzureAIDocIntelEngine.cs

@@ -8,9 +8,11 @@
 using Azure;
 using Azure.AI.FormRecognizer.DocumentAnalysis;
 using Azure.Identity;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.Diagnostics;
 
+
 namespace Microsoft.KernelMemory.DataFormats.AzureAIDocIntel;
 
 /// <summary>
@@ -36,7 +38,7 @@ public AzureAIDocIntelEngine(
         switch (config.Auth)
         {
             case AzureAIDocIntelConfig.AuthTypes.AzureIdentity:
-                this._recognizerClient = new DocumentAnalysisClient(new Uri(config.Endpoint), new DefaultAzureCredential());
+                this._recognizerClient = new DocumentAnalysisClient(new Uri(config.Endpoint), azure_credential_utils.GetAzureCredential());
                 break;
 
             case AzureAIDocIntelConfig.AuthTypes.APIKey:

App/kernel-memory/extensions/AzureAISearch/AzureAISearch/AzureAISearch.csproj

@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <ProjectReference Include="..\..\..\Helpers\Helpers.csproj" />
         <ProjectReference Include="..\..\..\service\Abstractions\Abstractions.csproj" />
     </ItemGroup>
 

App/kernel-memory/extensions/AzureAISearch/AzureAISearch/AzureAISearchMemory.cs

@@ -14,6 +14,7 @@
 using Azure.Search.Documents.Indexes;
 using Azure.Search.Documents.Indexes.Models;
 using Azure.Search.Documents.Models;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.AI;
 using Microsoft.KernelMemory.Diagnostics;
@@ -66,7 +67,7 @@ public AzureAISearchMemory(
             case AzureAISearchConfig.AuthTypes.AzureIdentity:
                 this._adminClient = new SearchIndexClient(
                     new Uri(config.Endpoint),
-                    new DefaultAzureCredential(),
+                    azure_credential_utils.GetAzureCredential(),
                     GetClientOptions());
                 break;
 

App/kernel-memory/extensions/AzureBlobs/AzureBlobs.csproj

@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <ProjectReference Include="..\..\Helpers\Helpers.csproj" />
         <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
     </ItemGroup>