From 906bdc4520275a894faa669266df54637b63d258 Mon Sep 17 00:00:00 2001 From: Priyanka-Microsoft Date: Mon, 14 Jul 2025 12:40:04 +0530 Subject: [PATCH 1/4] readme updated --- docs/QuotaCheck.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/QuotaCheck.md b/docs/QuotaCheck.md index f7e6767e..bcc54824 100644 --- a/docs/QuotaCheck.md +++ b/docs/QuotaCheck.md @@ -79,7 +79,7 @@ The final table lists regions with available quota. You can select any of these ![git_bash](images/readme/git_bash.png) 3. Navigate to the `scripts` folder where the script files are located and make the script as executable: ```sh - cd infra/scripts + cd Deployment chmod +x quota_check_params.sh ``` 4. Run the appropriate script based on your requirement: From 68eb75d104d8c1ef19e48baf40bdd947d4f423b3 Mon Sep 17 00:00:00 2001 From: Priyanka-Microsoft Date: Mon, 14 Jul 2025 18:28:52 +0530 Subject: [PATCH 2/4] readmeupdate --- docs/QuotaCheck.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/QuotaCheck.md b/docs/QuotaCheck.md index bcc54824..d830bc7c 100644 --- a/docs/QuotaCheck.md +++ b/docs/QuotaCheck.md @@ -77,7 +77,7 @@ The final table lists regions with available quota. You can select any of these 1. Open the terminal in VS Code or Codespaces. 2. If you're using VS Code, click the dropdown on the right side of the terminal window, and select `Git Bash`. ![git_bash](images/readme/git_bash.png) -3. Navigate to the `scripts` folder where the script files are located and make the script as executable: +3. Navigate to the `deployment` folder where the script files are located and make the script as executable: ```sh cd Deployment chmod +x quota_check_params.sh From 4376279a80b2b90fbb82c110b024d025efe32247 Mon Sep 17 00:00:00 2001 From: Priyanka-Microsoft Date: Fri, 18 Jul 2025 11:22:36 +0530 Subject: [PATCH 3/4] update model type to global standard --- .github/workflows/CI.yml | 4 ++-- Deployment/bicep/azureopenaiservicemodel.bicep | 2 +- Deployment/checkquota.ps1 | 4 ++-- Deployment/main.bicep | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 103f8222..44d6f403 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -196,7 +196,7 @@ jobs: # Increase the TPM for the Azure OpenAI models echo "Increasing TPM for Azure OpenAI models..." openai_gpt_deployment_url="/subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.rg_name }}/providers/Microsoft.CognitiveServices/accounts/$openai_resource_name/deployments/gpt-4o-mini?api-version=2023-05-01" - az rest -m put -u "$openai_gpt_deployment_url" -b "{'sku':{'name':'Standard','capacity':${{ env.GPT_CAPACITY }}},'properties': {'model': {'format': 'OpenAI','name': 'gpt-4o-mini','version': '2024-07-18'}}}" + az rest -m put -u "$openai_gpt_deployment_url" -b "{'sku':{'name':'GlobalStandard','capacity':${{ env.GPT_CAPACITY }}},'properties': {'model': {'format': 'OpenAI','name': 'gpt-4o-mini','version': '2024-07-18'}}}" if [ $? -ne 0 ]; then echo "Failed to increase TPM for GPT deployment." exit 1 @@ -204,7 +204,7 @@ jobs: echo "Successfully increased TPM for GPT deployment." fi openai_embedding_deployment_url="/subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.rg_name }}/providers/Microsoft.CognitiveServices/accounts/$openai_resource_name/deployments/text-embedding-large?api-version=2023-05-01" - az rest -m put -u "$openai_embedding_deployment_url" -b "{'sku':{'name':'Standard','capacity': ${{ env.TEXT_EMBEDDING_CAPACITY }}},'properties': {'model': {'format': 'OpenAI','name': 'text-embedding-3-large','version': '1'}}}" + az rest -m put -u "$openai_embedding_deployment_url" -b "{'sku':{'name':'GlobalStandard','capacity': ${{ env.TEXT_EMBEDDING_CAPACITY }}},'properties': {'model': {'format': 'OpenAI','name': 'text-embedding-3-large','version': '1'}}}" if [ $? -ne 0 ]; then echo "Failed to increase TPM for Text Embedding deployment." exit 1 diff --git a/Deployment/bicep/azureopenaiservicemodel.bicep b/Deployment/bicep/azureopenaiservicemodel.bicep index 712a4397..74ac1ee6 100644 --- a/Deployment/bicep/azureopenaiservicemodel.bicep +++ b/Deployment/bicep/azureopenaiservicemodel.bicep @@ -10,7 +10,7 @@ resource gpt4Deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-0 parent: openAIService name: name sku: { - name: 'Standard' + name: 'GlobalStandard' capacity: model.capacity } properties: { diff --git a/Deployment/checkquota.ps1 b/Deployment/checkquota.ps1 index 7cc9eecb..9002df52 100644 --- a/Deployment/checkquota.ps1 +++ b/Deployment/checkquota.ps1 @@ -45,8 +45,8 @@ Write-Host "✅ Azure subscription set successfully." # Define models and their minimum required capacities $MIN_CAPACITY = @{ - "OpenAI.Standard.gpt-4o-mini" = $GPT_MIN_CAPACITY - "OpenAI.Standard.text-embedding-3-large" = $TEXT_EMBEDDING_MIN_CAPACITY + "OpenAI.GlobalStandard.gpt-4o-mini" = $GPT_MIN_CAPACITY + "OpenAI.GlobalStandard.text-embedding-3-large" = $TEXT_EMBEDDING_MIN_CAPACITY } $VALID_REGION = "" diff --git a/Deployment/main.bicep b/Deployment/main.bicep index a7edfdb6..f1c88558 100644 --- a/Deployment/main.bicep +++ b/Deployment/main.bicep @@ -119,7 +119,7 @@ module gs_openaiservicemodels_gpt4o 'bicep/azureopenaiservicemodel.bicep' = { version: '2024-07-18' raiPolicyName: '' capacity: 1 - scaleType: 'Standard' + scaleType: 'GlobalStandard' } } @@ -139,7 +139,7 @@ module gs_openaiservicemodels_text_embedding 'bicep/azureopenaiservicemodel.bice version: '1' raiPolicyName: '' capacity: 1 - scaleType: 'Standard' + scaleType: 'GlobalStandard' } } dependsOn: [ From f098a92186ea0e1f1531953e7aca33ae9c1ffda7 Mon Sep 17 00:00:00 2001 From: Priyanka-Microsoft Date: Thu, 31 Jul 2025 18:02:11 +0530 Subject: [PATCH 4/4] Replace DefaultAzureCredential with ManagedIdentityCredential --- .../AppConfiguration/AppConfiguration.cs | 3 +- .../Helpers/AzureCredentialHelper.cs | 34 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs diff --git a/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs b/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs index 5bd0dc92..15c03131 100644 --- a/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs +++ b/App/backend-api/Microsoft.GS.DPS.Host/AppConfiguration/AppConfiguration.cs @@ -1,6 +1,7 @@ using Azure.Identity; using Microsoft.Extensions.Azure; using Microsoft.GS.DPSHost.AppConfiguration; +using Microsoft.GS.DPSHost.Helpers; namespace Microsoft.GS.DPSHost.AppConfiguration { @@ -16,7 +17,7 @@ public static void Config(IHostApplicationBuilder builder) //Read AppConfiguration with managed Identity builder.Configuration.AddAzureAppConfiguration(options => { - options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), new DefaultAzureCredential()); + options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), AzureCredentialHelper.GetAzureCredential()); }); //Read ServiceConfiguration diff --git a/App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs new file mode 100644 index 00000000..49fc01f5 --- /dev/null +++ b/App/backend-api/Microsoft.GS.DPS.Host/Helpers/AzureCredentialHelper.cs @@ -0,0 +1,34 @@ +using System; +using System.Threading.Tasks; +using Azure.Core; +using Azure.Identity; + +namespace Microsoft.GS.DPSHost.Helpers +{ + /// + /// The Azure Credential Helper class + /// + public static class AzureCredentialHelper + { + /// + /// Get the Azure Credentials based on the environment type + /// + /// The client Id in case of User assigned Managed identity + /// The Credential Object + public static TokenCredential GetAzureCredential(string? clientId = null) + { + var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production"; + + if (string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase)) + { + return new DefaultAzureCredential(); // CodeQL [SM05139] Okay use of DefaultAzureCredential as it is only used in development + } + else + { + return clientId != null + ? new ManagedIdentityCredential(clientId) + : new ManagedIdentityCredential(); + } + } + } +} \ No newline at end of file