Skip to content

refactor: Refactor authentication handling and update role assignment#977

Merged
Avijit-Microsoft merged 3 commits into
bs-generic-kmfrom
pk-km-modularity
Jun 25, 2026
Merged

refactor: Refactor authentication handling and update role assignment#977
Avijit-Microsoft merged 3 commits into
bs-generic-kmfrom
pk-km-modularity

Conversation

@Pavan1-Microsoft

@Pavan1-Microsoft Pavan1-Microsoft commented Jun 25, 2026

Copy link
Copy Markdown

Purpose

This pull request introduces several key changes focused on improving authentication flexibility and simplifying API route security. The main updates include adding utility functions for extracting user authentication details, providing a sample user for development, and removing enforced authentication dependencies from multiple API routers. Additionally, there are infrastructure enhancements related to Azure role assignments.

Authentication & Authorization Improvements:

  • Added get_authenticated_user_details and get_tenantid utility functions in src/api/auth/auth_utils.py to extract user details and tenant ID from request headers, supporting both Easy Auth and a local development fallback.
  • Introduced a sample_user dictionary in src/api/auth/sample_user.py to allow the app to function without authentication in development environments.
  • Removed the get_current_user dependency from all API endpoints in src/api/modules/embeddings/router.py, src/api/modules/ingestion/router.py, src/api/modules/pipelines/router.py, and src/api/modules/processing/router.py, making endpoints accessible without enforced authentication. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]

Infrastructure & Azure Role Assignments:

  • Added a new Azure role assignment resource searchContribRole in infra/modules/roles.bicep to grant the backend service principal contributor access to the search service.
  • Commented out the AI agent setup step in azure.yaml to prevent failures during deployment when the agent is not required. [1] [2]

These changes collectively improve the developer experience, simplify local development, and enhance infrastructure role management.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

@Pavan1-Microsoft
Refactor authentication handling: integrate user details extraction a…
07a9403 
…nd simplify user role checks

Add search contributor role assignment in Bicep template
Comment out AI agent setup steps in Azure YAML
Update dependencies in requirements.txt for compatibility
@Pavan1-Microsoft
Fix: downgrade numpy version to 2.4.6 for compatibility
e818168
@Pavan1-Microsoft
Add flake8 configuration for code style enforcement
6ae53a3
@Pavan1-Microsoft Pavan1-Microsoft marked this pull request as ready for review June 25, 2026 11:56
@Avijit-Microsoft Avijit-Microsoft merged commit 18d4208 into bs-generic-km Jun 25, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Avijit-Microsoft approved these changes
@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner
@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner
@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner
@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi is a code owner
@dgp10801 dgp10801 Awaiting requested review from dgp10801 dgp10801 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Pavan1-Microsoft @Avijit-Microsoft