Skip to content

MS Entra authentication #448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 22 commits into from
Closed

MS Entra authentication #448

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
428ab9a
MS Entra authentication
Mar 14, 2024
14b4ca5
Entra properties
Mar 15, 2024
ffa40fe
code refactor
Mar 15, 2024
70a7845
Merge remote-tracking branch 'upstream/main'
Mar 15, 2024
9b7aa99
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Mar 17, 2024
36ab2c9
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Mar 19, 2024
027430e
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Mar 27, 2024
22e25f0
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Apr 8, 2024
7c216a1
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Apr 16, 2024
9cb2415
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Apr 18, 2024
b23757c
Merge branch 'main' of https://github.com/spring-projects/spring-ai
May 19, 2024
a2a8969
merge
williamspindox May 20, 2024
0ca12f7
Merge branch 'main' of https://github.com/spring-projects/spring-ai
May 20, 2024
3eff86b
spring-javaformat:apply
May 20, 2024
d7786c7
Merge branch 'main' of https://github.com/spring-projects/spring-ai
May 24, 2024
1cb3f49
Merge branch 'main' of https://github.com/spring-projects/spring-ai
May 24, 2024
3c2345b
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Jun 3, 2024
ead3711
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Jul 3, 2024
3fe103d
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Jul 26, 2024
ee9b28a
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Jul 29, 2024
9ef0bc5
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Jul 29, 2024
7a1c9a2
Merge branch 'main' of https://github.com/spring-projects/spring-ai
Jul 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions document-readers/tika-reader/pom.xml
View file
Open in desktop
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not related to MS Entra, but it avoid a WARNING during build.

Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@
<groupId>org.apache.tika</groupId>
<artifactId>tika-parsers-standard-package</artifactId>
<version>${tika.version}</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
</dependency>


Expand Down
8 changes: 8 additions & 0 deletions spring-ai-spring-boot-autoconfigure/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,14 @@
<optional>true</optional>
</dependency>

<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory</artifactId>
<version>5.8.0</version>
</dependency>

<!-- test dependencies -->

<dependency>
<groupId>org.springframework.ai</groupId>
<artifactId>spring-ai-mongodb-atlas-store</artifactId>
Expand Down
57 changes: 50 additions & 7 deletions .../java/org/springframework/ai/autoconfigure/azure/openai/AzureOpenAiAutoConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
Expand All @@ -22,6 +22,12 @@
import com.azure.core.credential.AzureKeyCredential;
import com.azure.core.util.ClientOptions;

import com.azure.core.credential.TokenCredential;
import com.azure.core.http.policy.HttpLogDetailLevel;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ClientSecretCredentialBuilder;
import org.springframework.ai.azure.openai.AzureOpenAiChatClient;
import org.springframework.ai.azure.openai.AzureOpenAiEmbeddingClient;
import org.springframework.ai.model.function.FunctionCallback;
Expand All @@ -46,13 +52,50 @@ public class AzureOpenAiAutoConfiguration {
@ConditionalOnMissingBean
public OpenAIClient openAIClient(AzureOpenAiConnectionProperties connectionProperties) {

Assert.hasText(connectionProperties.getApiKey(), "API key must not be empty");
Assert.hasText(connectionProperties.getEndpoint(), "Endpoint must not be empty");
HttpLogOptions options = new HttpLogOptions();
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It allow to enable logging on request and response to/from Azure. NB. Response body too huge is automatically hide by azuresdk.

if (connectionProperties.getEnableLog()) {
HttpLogDetailLevel level = HttpLogDetailLevel.BODY_AND_HEADERS;
options.setLogLevel(level);
options.setPrettyPrintBody(true);
}

/*
* https://learn.microsoft.com/en-us/azure/databricks/dev-tools/service-prin-aad-
* token
*/
if ("entra".equals(connectionProperties.getAuthType())) {
Assert.hasText(connectionProperties.getEndpoint(), "Endpoint must not be empty");
Assert.hasText(connectionProperties.getClientId(), "Client ID must not be empty");
Assert.hasText(connectionProperties.getClientSecret(), "Client Secret must not be empty");
Assert.hasText(connectionProperties.getTenantId(), "Tenant ID must not be empty");

AzureProfile azureProfile = new AzureProfile(AzureEnvironment.AZURE);

TokenCredential tokenCredential = new ClientSecretCredentialBuilder()
.clientId(connectionProperties.getClientId())
.clientSecret(connectionProperties.getClientSecret())
.tenantId(connectionProperties.getTenantId())
.authorityHost(azureProfile.getEnvironment().getActiveDirectoryEndpoint())
.build();

return new OpenAIClientBuilder().endpoint(connectionProperties.getEndpoint())
.credential(new AzureKeyCredential(connectionProperties.getApiKey()))
.clientOptions(new ClientOptions().setApplicationId("spring-ai"))
.buildClient();
return new OpenAIClientBuilder().httpLogOptions(options)
.endpoint(connectionProperties.getEndpoint())
.credential(tokenCredential)
.clientOptions(new ClientOptions().setApplicationId("spring-ai"))
.buildClient();
}
else {
Assert.hasText(connectionProperties.getApiKey(), "API key must not be empty");
Assert.hasText(connectionProperties.getEndpoint(), "Endpoint must not be empty");

AzureKeyCredential keyCredential = new AzureKeyCredential(connectionProperties.getApiKey());

return new OpenAIClientBuilder().httpLogOptions(options)
.endpoint(connectionProperties.getEndpoint())
.credential(keyCredential)
.clientOptions(new ClientOptions().setApplicationId("spring-ai"))
.buildClient();
}
}

@Bean
Expand Down
78 changes: 74 additions & 4 deletions ...va/org/springframework/ai/autoconfigure/azure/openai/AzureOpenAiConnectionProperties.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,44 @@ public class AzureOpenAiConnectionProperties {
*/
private String endpoint;

/**
* Azure OpenAI API authType. From the Azure AI OpenAI `Keys and Endpoint` section
* under `Resource Management`.
*/
private String authType;

/**
* Azure OpenAI API clientId. From the Azure AI OpenAI `Keys and Endpoint` section
* under `Resource Management`.
*/
private String clientId;

/**
* Azure OpenAI API clientSecret. From the Azure AI OpenAI `Keys and Endpoint` section
* under `Resource Management`.
*/
private String clientSecret;

/**
* Azure OpenAI API tenantId. From the Azure AI OpenAI `Keys and Endpoint` section
* under `Resource Management`.
*/
private String tenantId;

/**
* Azure OpenAI API enableLog. From the Azure AI OpenAI `Keys and Endpoint` section
* under `Resource Management`.
*/
private Boolean enableLog;

public void setApiKey(String apiKey) {
this.apiKey = apiKey;
}

public String getApiKey() {
return apiKey;
}

public String getEndpoint() {
return endpoint;
}
Expand All @@ -42,12 +80,44 @@ public void setEndpoint(String endpoint) {
this.endpoint = endpoint;
}

public void setApiKey(String apiKey) {
this.apiKey = apiKey;
public String getAuthType() {
return authType;
}

public String getApiKey() {
return apiKey;
public void setAuthType(String authType) {
this.authType = authType;
}

public String getClientId() {
return clientId;
}

public void setClientId(String clientId) {
this.clientId = clientId;
}

public String getClientSecret() {
return clientSecret;
}

public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}

public String getTenantId() {
return tenantId;
}

public void setTenantId(String tenantId) {
this.tenantId = tenantId;
}

public Boolean getEnableLog() {
return enableLog;
}

public void setEnableLog(Boolean enableLog) {
this.enableLog = enableLog;
}

}