Skip to content

Commit

Permalink
Support Azure OpenAI on Sovereign clouds (#944)
Browse files Browse the repository at this point in the history 
Azure OpenAI SDK does not support changing token authority/audience via
environment variables.
Added new option for Azure OpenAI config, to allow setting the token
audience.

See:
-
https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/openai/Azure.AI.OpenAI/README.md
-
https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/openai/Azure.AI.OpenAI/src/Custom/AzureOpenAIAudience.cs

See also #943
  • Loading branch information
@dluc
dluc authored Dec 16, 2024
1 parent e8ac5fc commit 3701d1a
Show file tree
Hide file tree
Showing 37 changed files with 642 additions and 379 deletions.
2 changes: 1 addition & 1 deletion Directory.Build.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<Project>
<PropertyGroup>
<!-- Central version prefix - applies to all nuget packages. -->
<Version>0.94.0</Version>
<Version>0.95.0</Version>

<!-- C# lang version, https://learn.microsoft.com/dotnet/csharp/whats-new -->
<LangVersion>12</LangVersion>
Expand Down
54 changes: 32 additions & 22 deletions applications/tests/Evaluation.Tests/appsettings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,14 @@
},
"KernelMemory": {
"Services": {
"AzureOpenAIText": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
"Auth": "AzureIdentity",
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
// The max number of tokens supported by model deployed
// See https://learn.microsoft.com/azure/ai-services/openai/concepts/models
"MaxTokenTotal": 16384,
// "ChatCompletion" or "TextCompletion"
"APIType": "ChatCompletion",
// How many times to retry in case of throttling.
"MaxRetries": 10
},
"AzureOpenAIEmbedding": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
Expand All @@ -52,19 +39,42 @@
// How many times to retry in case of throttling.
"MaxRetries": 10
},
"AzureOpenAIText": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
// The max number of tokens supported by model deployed
// See https://learn.microsoft.com/azure/ai-services/openai/concepts/models
"MaxTokenTotal": 16384,
// "ChatCompletion" or "TextCompletion"
"APIType": "ChatCompletion",
// How many times to retry in case of throttling.
"MaxRetries": 10
},
"AzureAIDocIntel": {
// "APIKey" or "AzureIdentity".
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// Required when Auth == APIKey
"APIKey": "",
"Endpoint": ""
},
"AzureAISearch": {
// "ApiKey" or "AzureIdentity". For other options see <AzureAISearchConfig>.
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
"Endpoint": "https://<...>",
"APIKey": "",
Expand Down
40 changes: 25 additions & 15 deletions examples/001-dotnet-WebClient/file9-settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,32 +14,38 @@
},
"KernelMemory": {
"Services": {
"AzureOpenAIText": {
"AzureOpenAIEmbedding": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
// The max number of tokens supported by model deployed
// See https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models
"MaxTokenTotal": 16384,
// "ChatCompletion" or "TextCompletion"
"APIType": "ChatCompletion",
"MaxRetries": 10
"MaxTokenTotal": 8191
},
"AzureOpenAIEmbedding": {
"AzureOpenAIText": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
// The max number of tokens supported by model deployed
// See https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models
"MaxTokenTotal": 8191
"MaxTokenTotal": 16384,
// "ChatCompletion" or "TextCompletion"
"APIType": "ChatCompletion",
"MaxRetries": 10
},
"OpenAI": {
// Name of the model used to generate text (text completion or chat completion)
Expand Down Expand Up @@ -84,17 +90,21 @@
},
"AzureAIDocIntel": {
// "APIKey" or "AzureIdentity".
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// Required when Auth == APIKey
"APIKey": "",
"Endpoint": ""
},
"AzureAISearch": {
// "ApiKey" or "AzureIdentity". For other options see <AzureAISearchConfig>.
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
"Endpoint": "https://<...>",
"APIKey": ""
Expand Down
38 changes: 26 additions & 12 deletions examples/002-dotnet-Serverless/appsettings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@
"Services": {
"AzureAIContentSafety": {
// "ApiKey" or "AzureIdentity". For other options see <AzureAIContentSafetyConfig>.
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
"Endpoint": "https://<...>",
"APIKey": "",
Expand All @@ -13,17 +15,21 @@
},
"AzureAIDocIntel": {
// "APIKey" or "AzureIdentity".
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// Required when Auth == APIKey
"APIKey": "",
"Endpoint": ""
},
"AzureAISearch": {
// "ApiKey" or "AzureIdentity". For other options see <AzureAISearchConfig>.
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
"Endpoint": "https://<...>",
"APIKey": "",
Expand All @@ -44,8 +50,10 @@
},
"AzureBlobs": {
// "ConnectionString" or "AzureIdentity". For other options see <AzureBlobConfig>.
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// Azure Storage account name, required when using AzureIdentity auth
// Note: you can use an env var 'KernelMemory__Services__AzureBlobs__Account' to set this
Expand All @@ -60,9 +68,12 @@
},
"AzureOpenAIEmbedding": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
// Your Azure Deployment name
Expand Down Expand Up @@ -92,9 +103,12 @@
},
"AzureOpenAIText": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
Expand Down
40 changes: 25 additions & 15 deletions examples/002-dotnet-Serverless/file9-settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,32 +14,38 @@
},
"KernelMemory": {
"Services": {
"AzureOpenAIText": {
"AzureOpenAIEmbedding": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
// The max number of tokens supported by model deployed
// See https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models
"MaxTokenTotal": 16384,
// "ChatCompletion" or "TextCompletion"
"APIType": "ChatCompletion",
"MaxRetries": 10
"MaxTokenTotal": 8191
},
"AzureOpenAIEmbedding": {
"AzureOpenAIText": {
// "ApiKey" or "AzureIdentity"
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// When the service is on sovereign clouds the AZURE_AUTHORITY_HOST env var might not work,
// in which case use this to change the client audience.
"AzureOpenAIAudience": null,
"Endpoint": "https://<...>.openai.azure.com/",
"APIKey": "",
"Deployment": "",
// The max number of tokens supported by model deployed
// See https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models
"MaxTokenTotal": 8191
"MaxTokenTotal": 16384,
// "ChatCompletion" or "TextCompletion"
"APIType": "ChatCompletion",
"MaxRetries": 10
},
"OpenAI": {
// Name of the model used to generate text (text completion or chat completion)
Expand Down Expand Up @@ -84,17 +90,21 @@
},
"AzureAIDocIntel": {
// "APIKey" or "AzureIdentity".
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
// Required when Auth == APIKey
"APIKey": "",
"Endpoint": ""
},
"AzureAISearch": {
// "ApiKey" or "AzureIdentity". For other options see <AzureAISearchConfig>.
// AzureIdentity: use automatic AAD authentication mechanism. You can test locally
// using the env vars AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET.
// AzureIdentity: use automatic Entra (AAD) authentication mechanism.
// When the service is on sovereign clouds you can use the AZURE_AUTHORITY_HOST env var to
// set the authority host. See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme
// You can test locally using the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET env vars.
"Auth": "AzureIdentity",
"Endpoint": "https://<...>",
"APIKey": ""
Expand Down
Loading

0 comments on commit 3701d1a

Please sign in to comment.