diff --git a/deploy/starter/infra/shared/eventgrid.bicep b/deploy/starter/infra/shared/eventgrid.bicep
index 6e91a9f328..87f6f9b1a2 100644
--- a/deploy/starter/infra/shared/eventgrid.bicep
+++ b/deploy/starter/infra/shared/eventgrid.bicep
@@ -20,7 +20,7 @@ resource namespace 'Microsoft.EventGrid/namespaces@2023-12-15-preview' = {
type: 'SystemAssigned'
}
properties: {
- isZoneRedundant: true
+ isZoneRedundant: false
publicNetworkAccess: 'Enabled'
inboundIpRules: []
}
diff --git a/deploy/starter/infra/shared/storage.bicep b/deploy/starter/infra/shared/storage.bicep
index 3d3b321544..0208050670 100644
--- a/deploy/starter/infra/shared/storage.bicep
+++ b/deploy/starter/infra/shared/storage.bicep
@@ -30,18 +30,39 @@ resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: 'Standard_LRS'
}
tags: tags
+
+ properties: {
+ accessTier: 'Hot'
+ allowBlobPublicAccess: false
+ isHnsEnabled: true
+ minimumTlsVersion: 'TLS1_2'
+ supportsHttpsTrafficOnly: true
+ }
}
resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
parent: storage
name: 'default'
+
+ properties: {
+ containerDeleteRetentionPolicy: {
+ days: 30
+ enabled: true
+ }
+
+ deleteRetentionPolicy: {
+ allowPermanentDelete: false
+ days: 30
+ enabled: true
+ }
+ }
}
resource blobContainers 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = [
- for container in containers: {
- parent: blobService
- name: container.name
- }
+for container in containers: {
+ parent: blobService
+ name: container.name
+}
]
resource queueService 'Microsoft.Storage/storageAccounts/queueServices@2023-01-01' = {
@@ -50,35 +71,35 @@ resource queueService 'Microsoft.Storage/storageAccounts/queueServices@2023-01-0
}
resource storageQueues 'Microsoft.Storage/storageAccounts/queueServices/queues@2023-01-01' = [
- for queue in queues: {
- parent: queueService
- name: queue.name
- }
+for queue in queues: {
+ parent: queueService
+ name: queue.name
+}
]
resource blobFiles 'Microsoft.Resources/deploymentScripts@2020-10-01' = [
- for file in files: {
- name: file.file
- location: location
- kind: 'AzureCLI'
- properties: {
- azCliVersion: '2.26.1'
- timeout: 'PT5M'
- retentionInterval: 'PT1H'
- environmentVariables: [
- {
- name: 'AZURE_STORAGE_ACCOUNT'
- value: storage.name
- }
- {
- name: 'AZURE_STORAGE_KEY'
- secureValue: storage.listKeys().keys[0].value
- }
- ]
- scriptContent: 'echo "${file.content}" > ${file.file} && az storage blob upload -f ${file.file} -c ${file.container} -n ${file.path}'
- }
- dependsOn: [ blobContainers ]
+for file in files: {
+ name: file.file
+ location: location
+ kind: 'AzureCLI'
+ properties: {
+ azCliVersion: '2.26.1'
+ timeout: 'PT5M'
+ retentionInterval: 'PT1H'
+ environmentVariables: [
+ {
+ name: 'AZURE_STORAGE_ACCOUNT'
+ value: storage.name
+ }
+ {
+ name: 'AZURE_STORAGE_KEY'
+ secureValue: storage.listKeys().keys[0].value
+ }
+ ]
+ scriptContent: 'echo "${file.content}" > ${file.file} && az storage blob upload -f ${file.file} -c ${file.container} -n ${file.path}'
}
+ dependsOn: [ blobContainers ]
+}
]
resource keyvault 'Microsoft.KeyVault/vaults@2023-02-01' existing = {
@@ -86,14 +107,14 @@ resource keyvault 'Microsoft.KeyVault/vaults@2023-02-01' existing = {
}
resource storageConnectionString 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = [
- for secretName in secretNames: {
- name: secretName
- parent: keyvault
- tags: tags
- properties: {
- value: 'DefaultEndpointsProtocol=https;AccountName=${name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=core.windows.net'
- }
+for secretName in secretNames: {
+ name: secretName
+ parent: keyvault
+ tags: tags
+ properties: {
+ value: 'DefaultEndpointsProtocol=https;AccountName=${name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=core.windows.net'
}
+}
]
output connectionSecretName string = storageConnectionString[0].name
diff --git a/src/dotnet/AgentFactoryAPI/Program.cs b/src/dotnet/AgentFactoryAPI/Program.cs
index 393e8b9321..b01462dad6 100644
--- a/src/dotnet/AgentFactoryAPI/Program.cs
+++ b/src/dotnet/AgentFactoryAPI/Program.cs
@@ -51,7 +51,7 @@ public static void Main(string[] args)
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
options.ConfigureKeyVault(options =>
{
- options.SetCredential(new DefaultAzureCredential());
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_APIs);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_AgentFactory);
@@ -61,6 +61,8 @@ public static void Main(string[] args)
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
+ DefaultAuthentication.Production = builder.Environment.IsProduction();
+
// Add services to the container.
// Add the OpenTelemetry telemetry service and send telemetry data to Azure Monitor.
builder.Services.AddOpenTelemetry().UseAzureMonitor(options =>
diff --git a/src/dotnet/Common/Authentication/DefaultAuthentication.cs b/src/dotnet/Common/Authentication/DefaultAuthentication.cs
index e26f310419..e611a4abb3 100644
--- a/src/dotnet/Common/Authentication/DefaultAuthentication.cs
+++ b/src/dotnet/Common/Authentication/DefaultAuthentication.cs
@@ -1,5 +1,6 @@
using Azure.Core;
using Azure.Identity;
+using FoundationaLLM.Common.Constants;
namespace FoundationaLLM.Common.Authentication
{
@@ -9,21 +10,16 @@ namespace FoundationaLLM.Common.Authentication
public static class DefaultAuthentication
{
///
- /// The default Azure credential to use for authentication.
+ /// Indicates whether the environment we run in is production or not.
///
- public static TokenCredential GetAzureCredential(bool development = false) => new DefaultAzureCredential(new DefaultAzureCredentialOptions
- {
- ExcludeAzureDeveloperCliCredential = true,
- ExcludeAzurePowerShellCredential = true,
- ExcludeEnvironmentCredential = true,
- ExcludeInteractiveBrowserCredential = true,
- ExcludeSharedTokenCacheCredential = true,
- ExcludeVisualStudioCodeCredential = true,
- ExcludeVisualStudioCredential = true,
- ExcludeWorkloadIdentityCredential = true,
+ public static bool Production { get; set; }
- ExcludeAzureCliCredential = !development,
- ExcludeManagedIdentityCredential = development
- });
+ ///
+ /// The default Azure credential to use for authentication.
+ ///
+ public static TokenCredential GetAzureCredential() =>
+ Production
+ ? new ManagedIdentityCredential(Environment.GetEnvironmentVariable(EnvironmentVariables.AzureClientId))
+ : new AzureCliCredential();
}
}
diff --git a/src/dotnet/Common/Constants/EnvironmentVariables.cs b/src/dotnet/Common/Constants/EnvironmentVariables.cs
index d508f8d63d..8123d6c204 100644
--- a/src/dotnet/Common/Constants/EnvironmentVariables.cs
+++ b/src/dotnet/Common/Constants/EnvironmentVariables.cs
@@ -11,6 +11,11 @@ namespace FoundationaLLM.Common.Constants
///
public static class EnvironmentVariables
{
+ ///
+ /// The client id of the user assigned managed identity.
+ ///
+ public const string AzureClientId = "AZURE_CLIENT_ID";
+
///
/// The Azure Container App or Azure Kubernetes Service hostname.
///
diff --git a/src/dotnet/Common/Services/Azure/AzureResourceManagerService.cs b/src/dotnet/Common/Services/Azure/AzureResourceManagerService.cs
index 8aaa73a733..b5529d0567 100644
--- a/src/dotnet/Common/Services/Azure/AzureResourceManagerService.cs
+++ b/src/dotnet/Common/Services/Azure/AzureResourceManagerService.cs
@@ -17,14 +17,11 @@ namespace FoundationaLLM.Common.Services.Azure
///
/// Provides services to interact with the Azure Resource Manager (ARM) infrastructure.
///
- /// The providing details about the environment.
/// The logger used for logging.
public class AzureResourceManagerService(
- IHostEnvironment environment,
ILogger logger) : IAzureResourceManagerService
{
- private readonly ArmClient _armClient = new(DefaultAuthentication.GetAzureCredential(
- environment.IsDevelopment()));
+ private readonly ArmClient _armClient = new(DefaultAuthentication.GetAzureCredential());
private readonly ILogger _logger = logger;
///
diff --git a/src/dotnet/Common/Services/Events/AzureEventGridEventService.cs b/src/dotnet/Common/Services/Events/AzureEventGridEventService.cs
index 6b50824768..ce0ee80ad5 100644
--- a/src/dotnet/Common/Services/Events/AzureEventGridEventService.cs
+++ b/src/dotnet/Common/Services/Events/AzureEventGridEventService.cs
@@ -1,6 +1,7 @@
using Azure;
using Azure.Identity;
using Azure.Messaging.EventGrid.Namespaces;
+using FoundationaLLM.Common.Authentication;
using FoundationaLLM.Common.Constants;
using FoundationaLLM.Common.Exceptions;
using FoundationaLLM.Common.Interfaces;
@@ -331,7 +332,7 @@ private void ValidateAPIKey(string? value)
try
{
ValidateEndpoint(_settings.Endpoint);
- client = new EventGridClient(new Uri(_settings.Endpoint!), new DefaultAzureCredential());
+ client = new EventGridClient(new Uri(_settings.Endpoint!), DefaultAuthentication.GetAzureCredential());
}
catch (Exception ex)
{
diff --git a/src/dotnet/Common/Services/Storage/BlobStorageService.cs b/src/dotnet/Common/Services/Storage/BlobStorageService.cs
index 444822a9af..cf1a9a0a3c 100644
--- a/src/dotnet/Common/Services/Storage/BlobStorageService.cs
+++ b/src/dotnet/Common/Services/Storage/BlobStorageService.cs
@@ -4,6 +4,7 @@
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using Azure.Storage.Blobs.Specialized;
+using FoundationaLLM.Common.Authentication;
using FoundationaLLM.Common.Exceptions;
using FoundationaLLM.Common.Extensions;
using FoundationaLLM.Common.Interfaces;
@@ -169,6 +170,6 @@ protected override void CreateClientFromConnectionString(string connectionString
protected override void CreateClientFromIdentity(string accountName) =>
_blobServiceClient = new BlobServiceClient(
new Uri($"https://{accountName}.dfs.core.windows.net"),
- new DefaultAzureCredential());
+ DefaultAuthentication.GetAzureCredential());
}
}
diff --git a/src/dotnet/Common/Services/Storage/DataLakeStorageService.cs b/src/dotnet/Common/Services/Storage/DataLakeStorageService.cs
index 7f2a0827b2..bc7309a4a1 100644
--- a/src/dotnet/Common/Services/Storage/DataLakeStorageService.cs
+++ b/src/dotnet/Common/Services/Storage/DataLakeStorageService.cs
@@ -2,6 +2,7 @@
using Azure.Identity;
using Azure.Storage;
using Azure.Storage.Files.DataLake;
+using FoundationaLLM.Common.Authentication;
using FoundationaLLM.Common.Exceptions;
using FoundationaLLM.Common.Interfaces;
using FoundationaLLM.Common.Models.Configuration.Storage;
@@ -112,6 +113,6 @@ protected override void CreateClientFromConnectionString(string connectionString
protected override void CreateClientFromIdentity(string accountName) =>
_dataLakeClient = new DataLakeServiceClient(
new Uri($"https://{accountName}.dfs.core.windows.net"),
- new DefaultAzureCredential());
+ DefaultAuthentication.GetAzureCredential());
}
}
diff --git a/src/dotnet/Configuration/Services/DependencyInjection.cs b/src/dotnet/Configuration/Services/DependencyInjection.cs
index bf7fc849da..0bf96c3511 100644
--- a/src/dotnet/Configuration/Services/DependencyInjection.cs
+++ b/src/dotnet/Configuration/Services/DependencyInjection.cs
@@ -33,8 +33,7 @@ public static void AddConfigurationResourceProvider(this IHostApplicationBuilder
{
var keyVaultUri = builder.Configuration[AppConfigurationKeys.FoundationaLLM_Configuration_KeyVaultURI];
clientBuilder.AddSecretClient(new Uri(keyVaultUri!))
- .WithCredential(DefaultAuthentication.GetAzureCredential(
- builder.Environment.IsDevelopment()));
+ .WithCredential(DefaultAuthentication.GetAzureCredential());
clientBuilder.AddConfigurationClient(
builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
});
diff --git a/src/dotnet/CoreAPI/Program.cs b/src/dotnet/CoreAPI/Program.cs
index ef2737ec97..399ebc9cfc 100644
--- a/src/dotnet/CoreAPI/Program.cs
+++ b/src/dotnet/CoreAPI/Program.cs
@@ -47,7 +47,7 @@ public static void Main(string[] args)
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
options.ConfigureKeyVault(options =>
{
- options.SetCredential(new DefaultAzureCredential());
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_APIs);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_CosmosDB);
@@ -58,7 +58,9 @@ public static void Main(string[] args)
});
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
-
+
+ DefaultAuthentication.Production = builder.Environment.IsProduction();
+
var allowAllCorsOrigins = "AllowAllOrigins";
builder.Services.AddCors(policyBuilder =>
{
diff --git a/src/dotnet/CoreWorker/Program.cs b/src/dotnet/CoreWorker/Program.cs
index 9432bcfe2a..a38b47237d 100644
--- a/src/dotnet/CoreWorker/Program.cs
+++ b/src/dotnet/CoreWorker/Program.cs
@@ -1,4 +1,5 @@
using Azure.Identity;
+using FoundationaLLM.Common.Authentication;
using FoundationaLLM.Common.Constants;
using FoundationaLLM.Core.Interfaces;
using FoundationaLLM.Core.Models.Configuration;
@@ -16,7 +17,7 @@
options.ConfigureKeyVault(options =>
{
- options.SetCredential(new DefaultAzureCredential());
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_CoreWorker);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_CosmosDB);
diff --git a/src/dotnet/GatekeeperAPI/Program.cs b/src/dotnet/GatekeeperAPI/Program.cs
index 460626272b..bbcf392c1d 100644
--- a/src/dotnet/GatekeeperAPI/Program.cs
+++ b/src/dotnet/GatekeeperAPI/Program.cs
@@ -46,7 +46,7 @@ public static void Main(string[] args)
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
options.ConfigureKeyVault(options =>
{
- options.SetCredential(new DefaultAzureCredential());
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_APIs);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_Refinement);
@@ -55,6 +55,8 @@ public static void Main(string[] args)
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
+ DefaultAuthentication.Production = builder.Environment.IsProduction();
+
// Add services to the container.
// Add the OpenTelemetry telemetry service and send telemetry data to Azure Monitor.
builder.Services.AddOpenTelemetry().UseAzureMonitor(options =>
diff --git a/src/dotnet/ManagementAPI/Program.cs b/src/dotnet/ManagementAPI/Program.cs
index 5b7d922581..faa7a319ef 100644
--- a/src/dotnet/ManagementAPI/Program.cs
+++ b/src/dotnet/ManagementAPI/Program.cs
@@ -51,7 +51,7 @@ public static async Task Main(string[] args)
builder.Configuration.AddAzureAppConfiguration(options =>
{
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
- options.ConfigureKeyVault(options => { options.SetCredential(new DefaultAzureCredential()); });
+ options.ConfigureKeyVault(options => { options.SetCredential(DefaultAuthentication.GetAzureCredential()); });
options.Select(AppConfigurationKeyFilters.FoundationaLLM_Instance);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_APIs);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_CosmosDB);
@@ -67,6 +67,8 @@ public static async Task Main(string[] args)
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
+ DefaultAuthentication.Production = builder.Environment.IsProduction();
+
// Add the Configuration resource provider
builder.AddConfigurationResourceProvider();
diff --git a/src/dotnet/SemanticKernel/Services/AzureAISearchIndexingService.cs b/src/dotnet/SemanticKernel/Services/AzureAISearchIndexingService.cs
index 5e46e8c93f..b2b7a80a82 100644
--- a/src/dotnet/SemanticKernel/Services/AzureAISearchIndexingService.cs
+++ b/src/dotnet/SemanticKernel/Services/AzureAISearchIndexingService.cs
@@ -1,4 +1,5 @@
using Azure.Identity;
+using FoundationaLLM.Common.Authentication;
using FoundationaLLM.Common.Exceptions;
using FoundationaLLM.Common.Interfaces;
using FoundationaLLM.Common.Models.TextEmbedding;
@@ -77,7 +78,7 @@ private AzureAISearchMemoryStore CreateMemoryStoreFromAPIKey(string endpoint, st
/// The endpoint of the Azure AI Search deployment.
/// The instance.
private AzureAISearchMemoryStore CreateMemoryStoreFromIdentity(string endpoint) =>
- new(endpoint, new DefaultAzureCredential());
+ new(endpoint, DefaultAuthentication.GetAzureCredential());
private void ValidateEndpoint(string? value)
{
diff --git a/src/dotnet/SemanticKernel/Services/SemanticKernelTextEmbeddingService.cs b/src/dotnet/SemanticKernel/Services/SemanticKernelTextEmbeddingService.cs
index 1ab4983d68..b4807e4cb5 100644
--- a/src/dotnet/SemanticKernel/Services/SemanticKernelTextEmbeddingService.cs
+++ b/src/dotnet/SemanticKernel/Services/SemanticKernelTextEmbeddingService.cs
@@ -1,4 +1,5 @@
using Azure.Identity;
+using FoundationaLLM.Common.Authentication;
using FoundationaLLM.Common.Exceptions;
using FoundationaLLM.Common.Interfaces;
using FoundationaLLM.Common.Models.TextEmbedding;
@@ -76,7 +77,7 @@ private Kernel CreateKernelFromAPIKey(string deploymentName, string endpoint, st
private Kernel CreateKernelFromIdentity(string deploymentName, string endpoint)
{
var builder = Kernel.CreateBuilder();
- builder.AddAzureOpenAITextEmbeddingGeneration(deploymentName, endpoint, new DefaultAzureCredential());
+ builder.AddAzureOpenAITextEmbeddingGeneration(deploymentName, endpoint, DefaultAuthentication.GetAzureCredential());
return builder.Build();
}
diff --git a/src/dotnet/SemanticKernelAPI/Program.cs b/src/dotnet/SemanticKernelAPI/Program.cs
index 386762bd0f..9ff47cdafe 100644
--- a/src/dotnet/SemanticKernelAPI/Program.cs
+++ b/src/dotnet/SemanticKernelAPI/Program.cs
@@ -38,7 +38,7 @@ public static void Main(string[] args)
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
options.ConfigureKeyVault(options =>
{
- options.SetCredential(new DefaultAzureCredential());
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_APIs);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_DurableSystemPrompt);
@@ -53,6 +53,8 @@ public static void Main(string[] args)
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
+ DefaultAuthentication.Production = builder.Environment.IsProduction();
+
// Add services to the container.
//builder.Services.AddApplicationInsightsTelemetry();
builder.Services.AddAuthorization();
diff --git a/src/dotnet/Vectorization/Services/ContentSources/ContentSourceServiceFactory.cs b/src/dotnet/Vectorization/Services/ContentSources/ContentSourceServiceFactory.cs
index b1b8cf0cf0..d29fe83a72 100644
--- a/src/dotnet/Vectorization/Services/ContentSources/ContentSourceServiceFactory.cs
+++ b/src/dotnet/Vectorization/Services/ContentSources/ContentSourceServiceFactory.cs
@@ -8,6 +8,7 @@
using FoundationaLLM.Vectorization.Models.Resources;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace FoundationaLLM.Vectorization.Services.ContentSources
@@ -20,14 +21,17 @@ namespace FoundationaLLM.Vectorization.Services.ContentSources
///
/// The vectorization resource provider service.
/// The global configuration provider.
+ /// The hosting environment.
/// The logger factory used to create loggers.
public class ContentSourceServiceFactory(
[FromKeyedServices(DependencyInjectionKeys.FoundationaLLM_ResourceProvider_Vectorization)] IResourceProviderService vectorizationResourceProviderService,
IConfiguration configuration,
+ IHostEnvironment environment,
ILoggerFactory loggerFactory) : IVectorizationServiceFactory
{
private readonly IResourceProviderService _vectorizationResourceProviderService = vectorizationResourceProviderService;
private readonly IConfiguration _configuration = configuration;
+ private readonly IHostEnvironment _environment = environment;
private readonly ILoggerFactory _loggerFactory = loggerFactory;
///
diff --git a/src/dotnet/Vectorization/Services/ContentSources/SharePointOnlineContentSourceService.cs b/src/dotnet/Vectorization/Services/ContentSources/SharePointOnlineContentSourceService.cs
index fc701994bf..c285c484d3 100644
--- a/src/dotnet/Vectorization/Services/ContentSources/SharePointOnlineContentSourceService.cs
+++ b/src/dotnet/Vectorization/Services/ContentSources/SharePointOnlineContentSourceService.cs
@@ -13,6 +13,7 @@
using System;
using PnP.Core.Model.SharePoint;
using FoundationaLLM.Common.Models.TextEmbedding;
+using FoundationaLLM.Common.Authentication;
namespace FoundationaLLM.Vectorization.Services.ContentSources
{
@@ -90,11 +91,11 @@ private async Task GetCertificate()
{
ValidateSettings();
- var certificateClient = new CertificateClient(new Uri(_settings.KeyVaultURL!), new DefaultAzureCredential());
+ var certificateClient = new CertificateClient(new Uri(_settings.KeyVaultURL!), DefaultAuthentication.GetAzureCredential());
var certificateWithPolicy = await certificateClient.GetCertificateAsync(_settings.CertificateName);
var certificateIdentifier = new KeyVaultSecretIdentifier(certificateWithPolicy.Value.SecretId);
- var secretClient = new SecretClient(new Uri(_settings.KeyVaultURL!), new DefaultAzureCredential());
+ var secretClient = new SecretClient(new Uri(_settings.KeyVaultURL!), DefaultAuthentication.GetAzureCredential());
var secret = await secretClient.GetSecretAsync(certificateIdentifier.Name, certificateIdentifier.Version);
var secretBytes = Convert.FromBase64String(secret.Value.Value);
diff --git a/src/dotnet/VectorizationAPI/Program.cs b/src/dotnet/VectorizationAPI/Program.cs
index 4b4b9215e3..204ff2b812 100644
--- a/src/dotnet/VectorizationAPI/Program.cs
+++ b/src/dotnet/VectorizationAPI/Program.cs
@@ -33,8 +33,7 @@
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
options.ConfigureKeyVault(options =>
{
- options.SetCredential(DefaultAuthentication.GetAzureCredential(
- builder.Environment.IsDevelopment()));
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_Instance);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_Vectorization);
@@ -45,6 +44,8 @@
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
+DefaultAuthentication.Production = builder.Environment.IsProduction();
+
// Add the Configuration resource provider
builder.AddConfigurationResourceProvider();
diff --git a/src/dotnet/VectorizationWorker/Program.cs b/src/dotnet/VectorizationWorker/Program.cs
index cf3ae0481f..9b6629f349 100644
--- a/src/dotnet/VectorizationWorker/Program.cs
+++ b/src/dotnet/VectorizationWorker/Program.cs
@@ -34,7 +34,7 @@
options.Connect(builder.Configuration[EnvironmentVariables.FoundationaLLM_AppConfig_ConnectionString]);
options.ConfigureKeyVault(options =>
{
- options.SetCredential(new DefaultAzureCredential());
+ options.SetCredential(DefaultAuthentication.GetAzureCredential());
});
options.Select(AppConfigurationKeyFilters.FoundationaLLM_Instance);
options.Select(AppConfigurationKeyFilters.FoundationaLLM_Vectorization);
@@ -46,6 +46,8 @@
if (builder.Environment.IsDevelopment())
builder.Configuration.AddJsonFile("appsettings.development.json", true, true);
+DefaultAuthentication.Production = builder.Environment.IsProduction();
+
// Add the Configuration resource provider
builder.AddConfigurationResourceProvider();
diff --git a/tests/dotnet/SemanticKernel.Tests/Services/AzureAISearchIndexingServiceTests.cs b/tests/dotnet/SemanticKernel.Tests/Services/AzureAISearchIndexingServiceTests.cs
index e4dbb90e45..0a16a465d0 100644
--- a/tests/dotnet/SemanticKernel.Tests/Services/AzureAISearchIndexingServiceTests.cs
+++ b/tests/dotnet/SemanticKernel.Tests/Services/AzureAISearchIndexingServiceTests.cs
@@ -9,6 +9,7 @@
using Azure.Search.Documents.Indexes.Models;
using SemanticKernel.Tests.Models;
using FoundationaLLM.Common.Models.TextEmbedding;
+using FoundationaLLM.Common.Authentication;
namespace FoundationaLLM.SemanticKernel.Tests.Services
{
@@ -23,7 +24,7 @@ public AzureAISearchIndexingServiceTests()
var endpoint = Environment.GetEnvironmentVariable("AzureAISearchIndexingServiceTestsSearchEndpoint") ?? "";
_searchIndexClient = new SearchIndexClient(
new Uri(endpoint),
- new DefaultAzureCredential()
+ DefaultAuthentication.GetAzureCredential()
);
_indexingService = new AzureAISearchIndexingService(
Options.Create(