You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BF CLI will have to light up access of QnAMaker and LUIS services using Managed Service Identity.
We know the services support MSI.
We need to put the ground work to investigate
Do they support access via the interfaces we use (REST API)?
Do we have sufficient info to access the right resources via the CLI
Can we allow side by side migration and slowly deprecate use of keys.
References:
The BF CLI (as a client) needs to support AAD Auth. Refer to Sign in with the Azure CLI | Microsoft Docs for how Azure CLI has done that. In that case, the AAD security principal is the one created for the CLI user. That user needs to be in Cognitive Services role(s) for RBAC (ex. “Cognitive Services User”) to work.
BF CLI will have to light up access of QnAMaker and LUIS services using Managed Service Identity.
We know the services support MSI.
We need to put the ground work to investigate
References:
The BF CLI (as a client) needs to support AAD Auth. Refer to Sign in with the Azure CLI | Microsoft Docs for how Azure CLI has done that. In that case, the AAD security principal is the one created for the CLI user. That user needs to be in Cognitive Services role(s) for RBAC (ex. “Cognitive Services User”) to work.
https://docs.microsoft.com/en-us/azure/cognitive-services/authentication?tabs=powershell#authenticate-with-azure-active-directory has a sample for registered AAD app (i.e. service principal). User principal (of the CLI user) works the same way.
The Microsoft Authentication Library (MSAL) Supports Node.JS. Refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries.
QnA maker supports MSI already as documented here: Authentication - Azure Cognitive Services | Microsoft Docs
The text was updated successfully, but these errors were encountered: