Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.63k stars 2.84k forks source link

AI hub Storage account access type not set Identity-based access #38536

Open AjitPadhi-Microsoft opened 1 week ago

AjitPadhi-Microsoft commented 1 week ago

Describe the bug We are using below code to create hub with storage account but issue in hub creation. Hub creates with storage account access as Credential-based access instead Identity-based access `from azure.ai.ml import MLClient from azure.ai.ml.entities import ( Hub, Project, ApiKeyConfiguration, AzureAISearchConnection, AzureOpenAIConnection, IdentityConfiguration, ) from azure.keyvault.secrets import SecretClient from azure.identity import DefaultAzureCredential from azure.storage.blob import BlobServiceClient from azure.mgmt.storage import StorageManagementClient from azure.mgmt.storage.models import ( StorageAccountCreateParameters, Sku, Kind, )

key_vault_name = "kv_to-be-replaced" subscription_id = "subscription_to-be-replaced" resource_group_name = "rg_to-be-replaced" aihub_name = "aihub" + "solutionname_to-be-replaced" project_name = "aiproject" + "solutionname_to-be-replaced" deployment_name = "draftsinference-" + "solutionname_to-be-replaced" solutionLocation = "solutionlocation_to-be-replaced" storage_account_name = "storageaihub" + "solutionname_to-be-replaced"

credential = DefaultAzureCredential() ml_client = MLClient( workspace_name=aihub_name, resource_group_name=resource_group_name, subscription_id=subscription_id, credential=credential, )

Create a Storage Management client

storage_client = StorageManagementClient(credential, subscription_id)

Create the storage account if it doesn't exist

storage_account_params = StorageAccountCreateParameters( sku=Sku(name="Standard_LRS"), kind=Kind.STORAGE_V2, location=solutionLocation, identity={"type": "SystemAssigned"}, allow_shared_key_access=False, ) storage_account = storage_client.storage_accounts.begin_create( resource_group_name, storage_account_name, storage_account_params ).result()

Define the Hub with Managed Identity

my_hub = Hub( name=aihub_name, location=solutionLocation, display_name=aihub_name, storage_account=storage_account.id, identity=IdentityConfiguration(type="SystemAssigned"), )

Create the Hub

created_hub = ml_client.workspaces.begin_create( my_hub, update_dependent_resources=True ).result()

Construct the project

my_project = Project( name=project_name, location=solutionLocation, display_name=project_name, hub_id=created_hub.id, )

created_project = ml_client.workspaces.begin_create(workspace=my_project).result()`

To Reproduce Steps to reproduce the behavior:

  1. Use the above code to create Hub and storage The hub creates with credential based access

Expected behavior It should create AI hub and storage account based on identity based access.

Screenshots Image

Additional context Add any other context about the problem here.

github-actions[bot] commented 1 week ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jalauzon-msft @vincenttran-msft.

AjitPadhi-Microsoft commented 3 days ago

@jalauzon-msft @vincenttran-msft Waiting for the update on this. Please let us know the fix for this. Thanks.

kristapratico commented 17 hours ago

@azureml-github can you take a look at this issue?