search

Azure-Samples / azure-search-openai-demo-csharp

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure Cognitive Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
MIT License
615 stars 403 forks source link

Devcontainer fails due to lack of managed identity #194

Closed aaronpowell closed 11 months ago

aaronpowell commented 11 months ago

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

  1. Initialise project with devcontainer
  2. Deploy resources to Azure with azd up (or use existing resources)
  3. Launch the Minimal API application in VS Code (either via CLI or the launch command)

Any log messages given by the failure

Exception has occurred: CLR/Azure.Identity.AuthenticationFailedException
An unhandled exception of type 'Azure.Identity.AuthenticationFailedException' occurred in System.Private.CoreLib.dll: 'ManagedIdentityCredential authentication failed: Service request failed.
Status: 403 (connecting to <snip>: connecting to <snip>: dial tcp <snip>: connectex: A socket operation was attempted to an unreachable host.)

Headers:
Connection: close

See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot'
 Inner exceptions found, see $exception in variables window for more details.
 Innermost exception     Azure.RequestFailedException : Service request failed.
Status: 403 (connecting to <snip>: connecting to <snip>: dial tcp <snip>: connectex: A socket operation was attempted to an unreachable host.)

Headers:
Connection: close
   at Azure.Identity.ManagedIdentitySource.<HandleResponseAsync>d__11.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
   at Azure.Identity.ImdsManagedIdentitySource.<HandleResponseAsync>d__16.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
   at Azure.Identity.ManagedIdentitySource.<AuthenticateAsync>d__10.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
   at Azure.Identity.ImdsManagedIdentitySource.<AuthenticateAsync>d__15.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
   at Azure.Identity.ManagedIdentityClient.<AuthenticateCoreAsync>d__17.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
   at Azure.Identity.ManagedIdentityClient.<AppTokenProviderImpl>d__18.MoveNext()
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<SendTokenRequestToProviderAsync>d__4.MoveNext()
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<FetchNewAccessTokenAsync>d__3.MoveNext()
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext()
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
   at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.<ExecuteAsync>d__3.MoveNext()
   at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.<ExecuteAsync>d__0`1.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at Azure.Identity.MsalConfidentialClient.<AcquireTokenForClientCoreAsync>d__21.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at Azure.Identity.MsalConfidentialClient.<AcquireTokenForClientAsync>d__20.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at Azure.Identity.ManagedIdentityClient.<AuthenticateAsync>d__16.MoveNext()
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
   at Azure.Identity.ManagedIdentityCredential.<GetTokenImplAsync>d__16.MoveNext()

Expected/desired behavior

You can launch the Minimal API service

OS and Version?

devcontainer

Mention any other details that might be useful

This is happening because we expect you to be able to use managed identity to authenticate against KeyVault here https://github.com/Azure-Samples/azure-search-openai-demo-csharp/blob/main/app/backend/Extensions/KeyVaultConfigurationBuilderExtensions.cs#L12-L13

But in a devcontainer your AAD identity isn't passed through (this is probably also existing in Codespaces), so we should check if you have provided a KeyVault access token instead.

aaronpowell commented 11 months ago

Turns out that my devcontainer auth was corrupt, rebuilt and reauthenticated with azd then it worked.