Share via

Managed Identity not working with creating and running indexer, although creating data source connection is ok

Tung Nguyen Xuan 70 Reputation points
2024-10-10T06:59:21.5133333+00:00

I created an user-assigned managed identity that has role Search Service Contributor to a Search Service resource and role Cognitive Services User to an Azure AI services resource.

  1. In the page of the Azure OpenAI, when I check Resource Management > Identity, I don't see the managed identity. Same thing when I go to Search Service page and check under Settings > Identity. Not sure why
  2. I create a container app that attempt to create an index, an indexer, and skillset (including chunking + azure openai embedding). Creating the index and the skillset is successful, but creating the indexer failed with "Ensure managed identity is enabled for your service.". Here's my code to replicate this error. 
       def test9():
       import os
       # from .azure_indexer import create_new_indexer
       indexer_name = "prod-indexer"
       data_source_name = "conn-test-container"
       index_name = "prod-index"
       skillset_name = "prod-index-skillset"
       # Define and create the indexer
       indexer = SearchIndexer(
           name=indexer_name,
           description=f"dummy",
           data_source_name=data_source_name,
           target_index_name=index_name,
           skillset_name=skillset_name,
           field_mappings=[
               FieldMapping(
                   source_field_name="metadata_storage_name", target_field_name="title"
               )
           ],
           parameters=None,
       )
       AZURE_CLIENT_ID = os.environ["AZURE_CLIENT_ID"]
       credential = DefaultAzureCredential(managed_identity_client_id=AZURE_CLIENT_ID)
       AZURE_SEARCH_ENDPOINT = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]
       indexer_client = SearchIndexerClient(
           endpoint=AZURE_SEARCH_ENDPOINT, credential=credential
       )
       logger.info("START TEST 9")
       indexer_client.create_or_update_indexer(indexer)
       indexer_client.run_indexer(indexer.name)
       logger.info("TEST 9 SUCCESS")

I then tried add the managed identity via the portal at Search Service page and check under Settings > Identity, then executed the container app once more, which created the indexer, but the indexer cannot run (using the Run button on the Portal UI), as it showed the same error messageUser's image

Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,340 questions
Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
4,082 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SnehaAgrawal-MSFT 22,706 Reputation points Moderator
    2024-10-10T07:17:21.01+00:00

    @Tung Nguyen Xuan Thanks for reaching here! As its mentioned in the document that-

    User-assigned managed identity assignment is in public preview under Supplemental Terms of Use. The Management preview REST API provides user-assigned managed identity assignment for Azure AI Search. Support for a system-assigned managed identity is generally available.

    Reference- https://learn.microsoft.com/en-us/azure/search/search-howto-managed-identities-data-sources?tabs=portal-sys%2Cportal-user

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.