Open aapune opened 4 days ago
Thank you for reaching out.
Could you share the repro steps?
Or where can I find search_index_creation_kv_clientsecret.py?
from azure.identity import ClientSecretCredential from azure.search.documents.indexes import SearchIndexClient from azure.search.documents.indexes.models import ( SearchIndex, SimpleField, SearchFieldDataType, SearchResourceEncryptionKey )
search_service_endpoint = 'https://<>.search.windows.net'
tenant_id = <> client_id = <> client_secret = <>
credential = ClientSecretCredential(tenant_id, client_id, client_secret)
search_client = SearchIndexClient( endpoint=search_service_endpoint, credential=credential )
key_vault_key_name = "key1" key_vault_key_version = "" # Use empty string for the latest version key_vault_uri = "https://<>.vault.azure.net/"
encryption_key = SearchResourceEncryptionKey( key_name=key_vault_key_name, key_version=key_vault_key_version, vault_uri=key_vault_uri )
fields = [ SimpleField(name="id", type=SearchFieldDataType.String, key=True), SimpleField(name="title", type=SearchFieldDataType.String, searchable=True),
]
index = SearchIndex( name='test2', fields=fields, encryption_key=encryption_key )
result = search_client.create_or_update_index(index) print(f"Index '{result.name}' created with encryption.")
Describe the bug
SearchResourceEncryptionKey does not have identity argument to use UAMI like REST api
https://learn.microsoft.com/en-us/python/api/azure-search-documents/azure.search.documents.indexes.models.searchresourceencryptionkey?view=azure-python
identity is not a known attribute of class <class 'azure.search.documents.indexes.models._models.SearchResourceEncryptionKey'> and will be ignored Traceback (most recent call last): File "C:\Users\aanikhindi\PycharmProjects\Azure_Samples_Python\search_index_creation_kv_clientsecret.py", line 61, in
result = search_client.create_or_update_index(index)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Tools\Python_3.11\Lib\site-packages\azure\core\tracing\decorator.py", line 94, in wrapper_use_tracer
return func(*args, *kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "C:\Tools\Python_3.11\Lib\site-packages\azure\search\documents\indexes_search_index_client.py", line 276, in create_or_update_index
result = self._client.indexes.create_or_update(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Tools\Python_3.11\Lib\site-packages\azure\core\tracing\decorator.py", line 94, in wrapper_use_tracer
return func(args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "C:\Tools\Python_3.11\Lib\site-packages\azure\search\documents\indexes_generated\operations_indexes_operations.py", line 701, in create_or_update
raise HttpResponseError(response=response, model=error)
azure.core.exceptions.HttpResponseError: () Invalid encryption key: service does not have managed identity defined not is an explicit identity specified or delegated - please define a managed identity for the service, or specify an explicit identity to use for access, or delegate a resource with identity, or alternatively explicitly provide Azure Key Vault access credentials.
Code:
Message: Invalid encryption key: service does not have managed identity defined not is an explicit identity specified or delegated - please define a managed identity for the service, or specify an explicit identity to use for access, or delegate a resource with identity, or alternatively explicitly provide Azure Key Vault access credentials.
To Reproduce Steps to reproduce the behavior:
credential = ClientSecretCredential(tenant_id, client_id, client_secret)
search_service_endpoint = 'https://<>.search.windows.net'
search_client = SearchIndexClient( endpoint=search_service_endpoint, credential=credential, api_version= )
key_vault_key_name = "" key_vault_key_version = "" # Use empty string for the latest version key_vault_uri = "https://<>.vault.azure.net/"
identity = {'type': 'UserAssigned', 'userAssignedIdentity': '/subscriptions/<>/rg-<>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<>'}
encryption_key = SearchResourceEncryptionKey( key_name=key_vault_key_name, key_version=key_vault_key_version, vault_uri=key_vault_uri, identity=identity
**{'identity': {'type': 'UserAssigned', 'userAssignedIdentity': '/subscriptions/<>/resourcegroups/rg-global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aniuami'}}
)
Expected behavior SDK should support identity parameter to pass UAMI or please share way to use UAMI with encryptionkey as identity
Screenshots
Additional context Add any other context about the problem here.