Azdevify chat-with-your-data-solution-accelerator.

.devcontainer/devcontainer.json

@@ -0,0 +1,31 @@
+{
+  "name": "Chat with your data Solution Accelerator",
+  "image": "mcr.microsoft.com/devcontainers/python:3.11",
+  "features": {
+      "ghcr.io/devcontainers/features/node:1": {
+          "version": "16",
+          "nodeGypDependencies": false
+      },
+      "ghcr.io/devcontainers/features/powershell:1.1.1": {},
+      "ghcr.io/devcontainers/features/azure-cli:1.2.1": {},
+      "ghcr.io/azure/azure-dev/azd:latest": {}
+  },
+  "customizations": {
+      "vscode": {
+          "extensions": [
+              "ms-azuretools.azure-dev",
+              "ms-azuretools.vscode-bicep",
+              "ms-python.python",
+              "esbenp.prettier-vscode"
+          ]
+      }
+  },
+  "forwardPorts": [
+      50505
+  ],
+  "postCreateCommand": "",
+  "remoteUser": "vscode",
+  "hostRequirements": {
+      "memory": "8gb"
+  }
+}

README.md

@@ -104,8 +104,46 @@ Out-of-the-box, you can upload the following file types:
 
     ![A screenshot of the chat app.](./media/chat-app.png)
 
+## Running the sample using the Azure Developer CLI (azd)
 
-## Development and run the accelerator locally
+The Azure Developer CLI (`azd`) is a developer-centric command-line interface (CLI) tool for creating Azure applications.
+
+You need to install it before running and deploying with the Azure Developer CLI.
+
+### Windows
+
+```powershell
+powershell -ex AllSigned -c "Invoke-RestMethod 'https://aka.ms/install-azd.ps1' | Invoke-Expression"
+```
+
+### Linux/MacOS
+
+```
+curl -fsSL https://aka.ms/install-azd.sh | bash
+```
+
+After logging in with the following command, you will be able to use azd cli to quickly provision and deploy the application.
+
+```
+azd auth login
+```
+
+Then, execute the `azd init` command to initialize the environment.
+```
+azd init -t chat-with-your-data-solution-accelerator
+```
+According to the prompt, enter an environment name.
+
+Run `azd up` to provision all the resources to Azure and deploy the code to those resources.
+```
+azd up 
+```
+
+According to the prompt, select `subscription` and `location`, these are the necessary parameters when you create resources. After that, choose a resource group or create a new resource group. Wait a moment for the resource deployment to complete, click the Website endpoint and you will see the web app page.
+
+You can also run the sample directly locally (See below).
+
+## Develop and run the accelerator locally
 
 To customize the accelerator or run it locally, first, copy the `.env.sample` file to your development environment's `.env` file, and edit it according to [environment variable values table](#environment-variables) below.
 

app.py

@@ -2,7 +2,7 @@
 import os
 import logging
 import requests
-import openai
+from openai import AzureOpenAI
 
 # Fixing MIME types for static files under Windows
 import mimetypes
@@ -13,6 +13,8 @@
 from flask import Flask, Response, request, jsonify
 from dotenv import load_dotenv
 from backend.utilities.QuestionHandler import QuestionHandler
+from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from azure.keyvault.secrets import SecretClient
 
 load_dotenv()
 
@@ -23,10 +25,20 @@
 def static_file(path):
     return app.send_static_file(path)
 
+AUTH_TYPE = os.environ.get("AUTH_TYPE")
+
+if not AUTH_TYPE == 'rbac' and os.environ.get("USE_KEY_VAULT"):
+    credential = DefaultAzureCredential()
+    secret_client = SecretClient(os.environ.get("AZURE_KEY_VAULT_ENDPOINT"), credential)
+    AZURE_SEARCH_KEY = secret_client.get_secret(os.environ.get("AZURE_SEARCH_KEY")).value
+    AZURE_OPENAI_KEY = secret_client.get_secret(os.environ.get("AZURE_OPENAI_KEY")).value
+else:
+    AZURE_SEARCH_KEY = None if AUTH_TYPE == 'rbac' else os.environ.get("AZURE_SEARCH_KEY")
+    AZURE_OPENAI_KEY = "" if AUTH_TYPE == 'rbac' else os.environ.get("AZURE_OPENAI_KEY")
+
 # ACS Integration Settings
 AZURE_SEARCH_SERVICE = os.environ.get("AZURE_SEARCH_SERVICE")
 AZURE_SEARCH_INDEX = os.environ.get("AZURE_SEARCH_INDEX")
-AZURE_SEARCH_KEY = os.environ.get("AZURE_SEARCH_KEY")
 AZURE_SEARCH_USE_SEMANTIC_SEARCH = os.environ.get("AZURE_SEARCH_USE_SEMANTIC_SEARCH", False)
 AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG = os.environ.get("AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG", "default")
 AZURE_SEARCH_TOP_K = os.environ.get("AZURE_SEARCH_TOP_K", 5)
@@ -39,7 +51,6 @@ def static_file(path):
 # AOAI Integration Settings
 AZURE_OPENAI_RESOURCE = os.environ.get("AZURE_OPENAI_RESOURCE")
 AZURE_OPENAI_MODEL = os.environ.get("AZURE_OPENAI_MODEL")
-AZURE_OPENAI_KEY = os.environ.get("AZURE_OPENAI_KEY")
 AZURE_OPENAI_TEMPERATURE = os.environ.get("AZURE_OPENAI_TEMPERATURE", 0)
 AZURE_OPENAI_TOP_P = os.environ.get("AZURE_OPENAI_TOP_P", 1.0)
 AZURE_OPENAI_MAX_TOKENS = os.environ.get("AZURE_OPENAI_MAX_TOKENS", 1000)
@@ -48,6 +59,7 @@ def static_file(path):
 AZURE_OPENAI_API_VERSION = os.environ.get("AZURE_OPENAI_API_VERSION", "2023-06-01-preview")
 AZURE_OPENAI_STREAM = os.environ.get("AZURE_OPENAI_STREAM", "true")
 AZURE_OPENAI_MODEL_NAME = os.environ.get("AZURE_OPENAI_MODEL_NAME", "gpt-35-turbo") # Name of the model, e.g. 'gpt-35-turbo' or 'gpt-4'
+AZURE_TOKEN_PROVIDER = get_bearer_token_provider(DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default")
 
 SHOULD_STREAM = True if AZURE_OPENAI_STREAM.lower() == "true" else False
 
@@ -191,10 +203,10 @@ def stream_without_data(response):
 
 
 def conversation_without_data(request):
-    openai.api_type = "azure"
-    openai.api_base = f"https://{AZURE_OPENAI_RESOURCE}.openai.azure.com/"
-    openai.api_version = "2023-03-15-preview"
-    openai.api_key = AZURE_OPENAI_KEY
+    if AUTH_TYPE == 'rbac':
+        openai_client = AzureOpenAI(azure_endpoint=f"https://{AZURE_OPENAI_RESOURCE}.openai.azure.com/",  api_version=AZURE_OPENAI_API_VERSION, azure_ad_token_provider=AZURE_TOKEN_PROVIDER)
+    else:
+        openai_client = AzureOpenAI(azure_endpoint=f"https://{AZURE_OPENAI_RESOURCE}.openai.azure.com/",  api_version=AZURE_OPENAI_API_VERSION, api_key=AZURE_OPENAI_KEY)
 
     request_messages = request.json["messages"]
     messages = [
@@ -210,8 +222,8 @@ def conversation_without_data(request):
             "content": message["content"]
         })
 
-    response = openai.ChatCompletion.create(
-        engine=AZURE_OPENAI_MODEL,
+    response = openai_client.chat.completions.create(
+        model=AZURE_OPENAI_MODEL,
         messages = messages,
         temperature=float(AZURE_OPENAI_TEMPERATURE),
         max_tokens=int(AZURE_OPENAI_MAX_TOKENS),

azure.yaml

@@ -0,0 +1,27 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
+
+name: chat-with-your-data-solution-accelerator
+metadata:
+  template: [email protected]
+services:
+  web:
+    project: .
+    language: py
+    host: appservice
+    hooks:
+      prepackage:
+        windows:
+          shell: pwsh
+          run:  cd ./frontend;npm install;npm run build
+          interactive: true
+          continueOnError: false
+
+  adminweb:
+    project: ./backend
+    language: py
+    host: appservice
+
+  function:
+    project: ./backend
+    language: py
+    host: function

backend/pages/01_Ingest_Data.py

@@ -7,7 +7,9 @@
 from datetime import datetime, timedelta
 import logging
 import requests
-from azure.storage.blob import BlobServiceClient, generate_blob_sas, ContentSettings
+from azure.identity import DefaultAzureCredential
+from azure.keyvault.secrets import SecretClient
+from azure.storage.blob import BlobServiceClient, generate_blob_sas, ContentSettings, UserDelegationKey
 import urllib.parse
 from utilities.helpers.ConfigHelper import ConfigHelper
 from dotenv import load_dotenv
@@ -24,6 +26,18 @@
             """
 st.markdown(mod_page_style, unsafe_allow_html=True)
 
+def request_user_delegation_key(blob_service_client: BlobServiceClient) -> UserDelegationKey:
+    # Get a user delegation key that's valid for 1 day
+    delegation_key_start_time = datetime.utcnow()
+    delegation_key_expiry_time = delegation_key_start_time + timedelta(days=1)
+
+    user_delegation_key = blob_service_client.get_user_delegation_key(
+        key_start_time=delegation_key_start_time,
+        key_expiry_time=delegation_key_expiry_time
+    )
+
+    return user_delegation_key
+
 def remote_convert_files_and_add_embeddings(process_all=False):
     backend_url = urllib.parse.urljoin(os.getenv('BACKEND_URL','http://localhost:7071'), "/api/BatchStartProcessing")
     params = {}
@@ -65,18 +79,31 @@ def upload_file(bytes_data: bytes, file_name: str, content_type: Optional[str] =
         charset = f"; charset={chardet.detect(bytes_data)['encoding']}" if content_type == 'text/plain' else ''
         content_type = content_type if content_type != None else 'text/plain'
     account_name = os.getenv('AZURE_BLOB_ACCOUNT_NAME')
-    account_key =  os.getenv('AZURE_BLOB_ACCOUNT_KEY')
-    container_name = os.getenv('AZURE_BLOB_CONTAINER_NAME')
-    if account_name == None or account_key == None or container_name == None:
-        raise ValueError("Please provide values for AZURE_BLOB_ACCOUNT_NAME, AZURE_BLOB_ACCOUNT_KEY and AZURE_BLOB_CONTAINER_NAME")
-    connect_str = f"DefaultEndpointsProtocol=https;AccountName={account_name};AccountKey={account_key};EndpointSuffix=core.windows.net"
-    blob_service_client : BlobServiceClient = BlobServiceClient.from_connection_string(connect_str)
-    # Create a blob client using the local file name as the name for the blob
-    blob_client = blob_service_client.get_blob_client(container=container_name, blob=file_name)
-    # Upload the created file
-    blob_client.upload_blob(bytes_data, overwrite=True, content_settings=ContentSettings(content_type=content_type+charset))
-    # Generate a SAS URL to the blob and return it
-    st.session_state['file_url'] = blob_client.url + '?' + generate_blob_sas(account_name, container_name, file_name,account_key=account_key,  permission="r", expiry=datetime.utcnow() + timedelta(hours=3))
+    if os.environ.get("AUTH_TYPE") == 'rbac':
+        credential = DefaultAzureCredential()
+        account_url = f"https://{account_name}.blob.core.windows.net/"
+        blob_service_client = BlobServiceClient(account_url=account_url, credential=credential)
+        user_delegation_key = request_user_delegation_key(blob_service_client=blob_service_client)
+        container_name = os.getenv('AZURE_BLOB_CONTAINER_NAME')
+        blob_client = blob_service_client.get_blob_client(container=container_name, blob=file_name)
+        blob_client.upload_blob(bytes_data, overwrite=True, content_settings=ContentSettings(content_type=content_type+charset))
+        st.session_state['file_url'] = blob_client.url + '?' + generate_blob_sas(account_name, container_name, file_name,user_delegation_key=user_delegation_key,  permission="r", expiry=datetime.utcnow() + timedelta(hours=3))
+    else:
+        if os.environ.get("USE_KEY_VAULT"):
+            credential = DefaultAzureCredential()
+            secret_client = SecretClient(os.environ.get("AZURE_KEY_VAULT_ENDPOINT"), credential)
+        account_key =  secret_client.get_secret(os.getenv("AZURE_BLOB_ACCOUNT_KEY")).value if os.getenv("USE_KEY_VAULT") else os.getenv("AZURE_BLOB_ACCOUNT_KEY")
+        container_name = os.getenv('AZURE_BLOB_CONTAINER_NAME')
+        if account_name == None or account_key == None or container_name == None:
+            raise ValueError("Please provide values for AZURE_BLOB_ACCOUNT_NAME, AZURE_BLOB_ACCOUNT_KEY and AZURE_BLOB_CONTAINER_NAME")
+        connect_str = f"DefaultEndpointsProtocol=https;AccountName={account_name};AccountKey={account_key};EndpointSuffix=core.windows.net"
+        blob_service_client : BlobServiceClient = BlobServiceClient.from_connection_string(connect_str)
+        # Create a blob client using the local file name as the name for the blob
+        blob_client = blob_service_client.get_blob_client(container=container_name, blob=file_name)
+        # Upload the created file
+        blob_client.upload_blob(bytes_data, overwrite=True, content_settings=ContentSettings(content_type=content_type+charset))
+        # Generate a SAS URL to the blob and return it
+        st.session_state['file_url'] = blob_client.url + '?' + generate_blob_sas(account_name, container_name, file_name,account_key=account_key,  permission="r", expiry=datetime.utcnow() + timedelta(hours=3))
 
 try:
     with st.expander("Add documents in Batch", expanded=True):

backend/requirements.txt

@@ -1,7 +1,7 @@
 azure-functions
 
 streamlit==1.24.0
-openai==0.27.8
+openai==1.6.1
 matplotlib==3.6.3
 plotly==5.12.0
 scipy==1.10.0
@@ -10,17 +10,18 @@ transformers==4.30.0
 python-dotenv==1.0.0
 azure-ai-formrecognizer==3.2.0
 azure-storage-blob==12.14.1
-azure-identity==1.12.0
-azure-ai-contentsafety==1.0.0b1
+azure-identity==1.15.0
+azure-ai-contentsafety==1.0.0
 requests==2.31.0
 tiktoken==0.2.0
 azure-storage-queue==12.5.0
-langchain==0.0.274
+langchain==0.0.354
 beautifulsoup4==4.12.0
 fake-useragent==1.1.3
 chardet==5.1.0
 --extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple/
 azure-search-documents==11.4.0b8
 opencensus-ext-azure==1.1.9
 pandas==1.5.1
-python-docx==0.8.11
+python-docx==0.8.11
+azure-keyvault-secrets==4.4.*

backend/utilities/QuestionHandler.py

@@ -1,5 +1,4 @@
 import os
-import openai
 import logging
 import re
 import json