[aks-agent] Fix client mode when Microsoft Entra ID (keyless) provider is selected#9845
Conversation
…ure OpenAI When using Microsoft Entra ID (keyless) provider in client mode, set the AZURE_AD_TOKEN_AUTH=True environment variable in the Docker container so the agent authenticates via Azure AD token instead of an API key. Bumps version to 1.0.0b23.
️✔️Azure CLI Extensions Breaking Change Test
|
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
Bot
requested review from
FumingZhang,
yanzhudd,
yonzhan and
zhoxing-ms
|
There was a problem hiding this comment.
Pull request overview
Fixes client-mode authentication when using the Azure OpenAI Microsoft Entra ID (keyless) provider by ensuring the Docker container is configured to use Azure AD token auth when no API key is present, and bumps the extension version to 1.0.0b23.
Changes:
- Pass
AZURE_AD_TOKEN_AUTH=Trueinto the client-modedocker runinvocation when anazure/...model has noapi_key. - Bump
aks-agentextension version to1.0.0b23. - Add release note entry for
1.0.0b23.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/aks-agent/azext_aks_agent/agent/k8s/aks_agent_manager.py |
Adds conditional env var injection for Azure AD token auth in client-mode Docker execution. |
src/aks-agent/setup.py |
Bumps package version to 1.0.0b23. |
src/aks-agent/HISTORY.rst |
Adds 1.0.0b23 release note entry describing the fix. |
…client mode Add tests covering exec_aks_agent to assert AZURE_AD_TOKEN_AUTH=True is included in the Docker command when an azure/ model has no api_key or a whitespace-only api_key, and excluded when a valid api_key is present. Also align the empty-API-key check with _create_helm_values by treating whitespace-only api_key values as empty via .strip().
|
[Release] Update index.json for extension [ aks-agent-1.0.0b23 ] : https://dev.azure.com/msazure/One/_build/results?buildId=162912488&view=results |
Summary
AZURE_AD_TOKEN_AUTH=Trueto the Docker container when no API key is configured for an Azure model1.0.0b23Test plan
az aks agent-initand select client mode with Microsoft Entra ID (keyless) provideraz aks agentand verify the agent authenticates via Azure AD token