search

microsoft / PubSec-Info-Assistant

Information Assistant, built with Azure OpenAI Service, Industry Accelerator
MIT License
263 stars 519 forks source link

Upon uploading the new document, the website reveals the blob URL during the session #777

Open abhaymkainos opened 3 days ago

abhaymkainos commented 3 days ago

Upon uploading the new document, the website infoasst-web-*****.azurewebsites.net reveals the blob URL during the session

When attempting to secure the storage account and other resources by implementing a private endpoint, the upload files process failed because the storage blob URL needs to be accessible from the user’s machine

Steps To Reproduce

1.Create a new Virtual Network with an appropriately configured subnet. 2.Establish private endpoints for the storage account. 3.Associate the private endpoints with the storage account. 4.Restrict public access by adjusting the network settings of the storage account.

  1. Integrate VNet with the web App service. This should ensure a secure and private connection to your storage resources

What is the expected behavior? When upload the document from “Managed Content” --> "Upload files”, It upload successfully and visible in storage account. But upload failed .

  1. Add the user’s public IP address to the allowed list in the storage account’s firewall settings. This step ensures that the user’s public IP address is authorized to access the storage account, maintaining security while allowing necessary connectivity

Test the upload, it would worked.

Screenshots Screenshot attached for the blob url in the request .

If the bug is confirmed, would you be willing to submit a PR?

abhaymkainos commented 2 days ago

Build and Version 1.1.2 Azure OpenAI Instance infoasst-aoai- GPT Deployment Name gpt-35-turbo-16k GPT Model Name gpt-35-turbo-16k GPT Model Version 0613 Embeddings Deployment Name text-embedding-ada-002 Embeddings Model Name text-embedding-ada-002 Embeddings Model Version 2 Azure AI Search Service Name infoasst-search- Index Name vector-index System Configuration System Language English

dayland commented 1 day ago

With Version 1.1.2 final release, the Azure App Service that hosts the website will be vnet integrated to the private vnet. In addition to this, the current limitation is that the client machine will also need routed access to the private vnet to upload files. We will not be changing the file upload feature as part of the initial v1.1.2 release.