Skip to content

feat: replacing DefaultAzureCredential with ManagedIdentityCredential #350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Parent: fix: Merging dev chnages for v2 version
merged 1 commit into from
Jul 29, 2025
Merged

feat: replacing DefaultAzureCredential with ManagedIdentityCredential #350

merged 1 commit into from
Jul 29, 2025

Conversation

@Ragini-Microsoft
Copy link
Contributor

Purpose

This pull request introduces changes to improve Azure credential handling by introducing a utility for managing credentials based on the environment (dev or prod). It also updates various files to use this utility, adds environment variable support for APP_ENV, and includes new tests for the credential utility.

Azure credential management improvements:

  • Added helpers/azure_credential_utils.py to provide synchronous and asynchronous credential utilities that switch between DefaultAzureCredential for dev environments and ManagedIdentityCredential for prod environments.
  • Updated src/backend/app_config.py, src/backend/config_kernel.py, src/backend/context/cosmos_memory_kernel.py, and src/backend/utils_kernel.py to replace direct usage of DefaultAzureCredential with the new utility get_azure_credential. [1] [2] [3] [4] [5] [6]

Environment variable updates:

  • Introduced APP_ENV environment variable in .env.sample files for both backend and frontend to specify the application environment (dev or prod). [1] [2]
  • Updated infra/main.bicep to include APP_ENV in container app and website configurations. [1] [2]

Testing enhancements:

  • Added src/backend/tests/helpers/test_azure_credential_utils.py to test both synchronous and asynchronous credential utilities for dev and prod environments.
  • Removed outdated tests related to DefaultAzureCredential from src/backend/tests/test_config.py.

Does this introduce a breaking change?

  • Yes
  • No

How to Test

  • Get the code
git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install
  • Test the code

What to Check

Verify that the following are valid

  • ...

Other Information

@Ragini-Microsoft Ragini-Microsoft changed the base branch from main to dev July 29, 2025 09:51
@Ragini-Microsoft Ragini-Microsoft requested a review from Copilot July 29, 2025 10:06
Copilot AI reviewed Jul 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces environment-based Azure credential management by replacing direct usage of DefaultAzureCredential with a utility that switches between DefaultAzureCredential for development environments and ManagedIdentityCredential for production environments.

  • Added azure_credential_utils.py helper module with synchronous and asynchronous credential management functions
  • Updated multiple backend files to use the new credential utility instead of directly instantiating DefaultAzureCredential
  • Added APP_ENV environment variable support across configuration files and infrastructure

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/backend/helpers/azure_credential_utils.py New utility module providing environment-based credential selection
src/backend/app_config.py Updated to use credential utility and removed deprecated get_azure_credentials method
src/backend/config_kernel.py Updated to use new credential utility
src/backend/context/cosmos_memory_kernel.py Replaced direct DefaultAzureCredential usage with utility function
src/backend/utils_kernel.py Updated credential instantiation to use utility function
src/backend/tests/helpers/test_azure_credential_utils.py Added comprehensive tests for the new credential utility
src/backend/tests/test_config.py Removed outdated credential-related tests
src/backend/.env.sample Added APP_ENV environment variable
src/frontend/.env.sample Added APP_ENV environment variable
infra/main.bicep Added APP_ENV configuration for container app and website

@Prajwal-Microsoft Prajwal-Microsoft merged commit 902a656 into dev Jul 29, 2025
8 checks passed
blessing-msft pushed a commit that referenced this pull request Aug 1, 2025
@Prajwal-Microsoft
Merge pull request #350 from microsoft/rc-psl-sfi-dev
b4ab4ad 
feat: replacing DefaultAzureCredential with ManagedIdentityCredential
@github-actions
Copy link

🎉 This PR is included in version 2.2.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Prajwal-Microsoft Prajwal-Microsoft Prajwal-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@marktayl1 marktayl1 Awaiting requested review from marktayl1 marktayl1 is a code owner

@Fr4nc3 Fr4nc3 Awaiting requested review from Fr4nc3 Fr4nc3 is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ragini-Microsoft @Prajwal-Microsoft