This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.63k
stars
2.83k
forks
source link
AI hub Storage account access type not set Identity-based access #38536
Describe the bug
We are using below code to create hub with storage account but issue in hub creation. Hub creates with storage account access as Credential-based access instead Identity-based access
`from azure.ai.ml import MLClient
from azure.ai.ml.entities import (
Hub,
Project,
ApiKeyConfiguration,
AzureAISearchConnection,
AzureOpenAIConnection,
IdentityConfiguration,
)
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import (
StorageAccountCreateParameters,
Sku,
Kind,
)
Describe the bug We are using below code to create hub with storage account but issue in hub creation. Hub creates with storage account access as Credential-based access instead Identity-based access `from azure.ai.ml import MLClient from azure.ai.ml.entities import ( Hub, Project, ApiKeyConfiguration, AzureAISearchConnection, AzureOpenAIConnection, IdentityConfiguration, ) from azure.keyvault.secrets import SecretClient from azure.identity import DefaultAzureCredential from azure.storage.blob import BlobServiceClient from azure.mgmt.storage import StorageManagementClient from azure.mgmt.storage.models import ( StorageAccountCreateParameters, Sku, Kind, )
key_vault_name = "kv_to-be-replaced" subscription_id = "subscription_to-be-replaced" resource_group_name = "rg_to-be-replaced" aihub_name = "aihub" + "solutionname_to-be-replaced" project_name = "aiproject" + "solutionname_to-be-replaced" deployment_name = "draftsinference-" + "solutionname_to-be-replaced" solutionLocation = "solutionlocation_to-be-replaced" storage_account_name = "storageaihub" + "solutionname_to-be-replaced"
credential = DefaultAzureCredential() ml_client = MLClient( workspace_name=aihub_name, resource_group_name=resource_group_name, subscription_id=subscription_id, credential=credential, )
Create a Storage Management client
storage_client = StorageManagementClient(credential, subscription_id)
Create the storage account if it doesn't exist
storage_account_params = StorageAccountCreateParameters( sku=Sku(name="Standard_LRS"), kind=Kind.STORAGE_V2, location=solutionLocation, identity={"type": "SystemAssigned"}, allow_shared_key_access=False, ) storage_account = storage_client.storage_accounts.begin_create( resource_group_name, storage_account_name, storage_account_params ).result()
Define the Hub with Managed Identity
my_hub = Hub( name=aihub_name, location=solutionLocation, display_name=aihub_name, storage_account=storage_account.id, identity=IdentityConfiguration(type="SystemAssigned"), )
Create the Hub
created_hub = ml_client.workspaces.begin_create( my_hub, update_dependent_resources=True ).result()
Construct the project
my_project = Project( name=project_name, location=solutionLocation, display_name=project_name, hub_id=created_hub.id, )
created_project = ml_client.workspaces.begin_create(workspace=my_project).result()`
To Reproduce Steps to reproduce the behavior:
Expected behavior It should create AI hub and storage account based on identity based access.
Screenshots
Additional context Add any other context about the problem here.