Reinstate AAD on AOAI (#135)

howieleung · web-flow · commit 45572c850a90 · 2025-06-13T16:57:15.000-07:00
diff --git a/infra/core/ai/cognitiveservices.bicep b/infra/core/ai/cognitiveservices.bicep
@@ -5,7 +5,7 @@ param location string = resourceGroup().location
 param tags object = {}
 @description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
 param customSubDomainName string = aiServiceName
-param disableLocalAuth bool = false
+param disableLocalAuth bool = true
 param deployments array = []
 param appInsightsId string
 param appInsightConnectionString string
@@ -51,16 +51,13 @@ resource aiServiceConnection 'Microsoft.CognitiveServices/accounts/connections@2
   parent: account
   properties: {
     category: 'AzureOpenAI'
-    authType: 'ApiKey'
+    authType: 'AAD'
     isSharedToAll: true
     target: account.properties.endpoints['OpenAI Language Model Instance API']
     metadata: {
       ApiType: 'azure'
       ResourceId: account.id
     }
-    credentials: {
-      key: account.listKeys().key1
-    }
   }
 }
 
diff --git a/src/api/search_index_manager.py b/src/api/search_index_manager.py
@@ -64,7 +64,7 @@ def __init__(
             model: str,
             deployment_name: str,
             embedding_endpoint: str, 
-            embed_api_key: str,
+            embed_api_key: Optional[str],
             embedding_client: Optional[Any] = None
         ) -> None:
         """Constructor."""
diff --git a/src/gunicorn.conf.py b/src/gunicorn.conf.py
@@ -20,7 +20,7 @@
     FileSearchTool,
     Tool,
 )
-from azure.ai.projects.models import ConnectionType
+from azure.ai.projects.models import ConnectionType, ApiKeyCredentials
 from azure.identity.aio import DefaultAzureCredential
 from azure.core.credentials_async import AsyncTokenCredential
 
@@ -74,18 +74,11 @@ async def create_index_maybe(
         except ValueError as e:
             logger.error("Error creating index: {e}")
             return
-        if aoai_connection.credentials is None or aoai_connection.credentials.api_key is None: 
-            err = "Error getting the connection to Azure Open AI service. {}"
-            if aoai_connection is not None and (aoai_connection.key is None or  aoai_connection.credentials.api_key is None):
-                logger.error(
-                    err.format(
-                        "Please configure "
-                        f"{aoai_connection.name} to use API key."))
-            else:
-                logger.error(
-                    err.format("Azure Open AI service connection is absent."))
-            return
         
+        embed_api_key = None
+        if aoai_connection.credentials and isinstance(aoai_connection.credentials, ApiKeyCredentials):
+            embed_api_key = aoai_connection.credentials.api_key
+
         search_mgr = SearchIndexManager(
             endpoint=endpoint,
             credential=creds,
@@ -94,7 +87,7 @@ async def create_index_maybe(
             model=embedding,
             deployment_name=embedding,
             embedding_endpoint=aoai_connection.target,
-            embed_api_key=aoai_connection.credentials.api_key
+            embed_api_key=embed_api_key
         )
         # If another application instance already have created the index,
         # do not upload the documents.
