Add support for User Managed Identity (UMI) auth in AI endpoint security#1352
Open
chira99 wants to merge 2 commits into
Open
Add support for User Managed Identity (UMI) auth in AI endpoint security#1352chira99 wants to merge 2 commits into
chira99 wants to merge 2 commits into
Conversation
chira99
requested review from
Krishanx92,
lasanthaS,
piyumaldk and
tharikaGitHub
as code owners
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds Azure User Managed Identity (UMI) support: admin UI lets providers select UMI with explanatory text and translations; publisher endpoint editor auto-applies UMI endpoint security when the LLM provider uses UMI and shows gateway Bearer-token behavior with a new locale string. ChangesAzure User Managed Identity Authentication Integration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
ashera96
previously approved these changes
May 19, 2026
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@portals/admin/src/main/webapp/site/public/locales/fr.json`:
- Line 34: The French locale contains an English string for the key
"Admin.AiVendor.form.llm.auth.umi.info"; replace its value with a proper French
translation so French UI users see localized text (suggested translation:
"L'authentification Azure User Managed Identity (UMI) sera utilisée. Le pod de
la passerelle doit avoir le webhook AKS Workload Identity configuré avec les
variables d'environnement AZURE_TENANT_ID, AZURE_CLIENT_ID et
AZURE_FEDERATED_TOKEN_FILE appropriées. Aucune information d'identification n'a
besoin d'être stockée.").
In
`@portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/AIEndpoints/AddEditAIEndpoint.jsx`:
- Around line 482-497: The effect that sets UMI security uses useEffect and
currently depends only on llmProviderEndpointConfiguration and
state.deploymentStage, so when API.getApiEndpoint dispatches the full body and
replaces state.endpointConfig.endpoint_security the effect may not re-run;
update the dependency array of that useEffect to include the current security
and environment values (e.g., derive currentSecurityType =
state.endpointConfig.endpoint_security?.[envType]?.type and currentEnvType =
envType or state.deploymentStage) so the effect will rerun when the backend
payload replaces the saved security config and then call
saveEndpointSecurityConfig(...) as before to re-apply the UMI bootstrap.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 549c3f38-e00a-4266-8107-9c7a6f95f789
📒 Files selected for processing (5)
portals/admin/src/main/webapp/site/public/locales/en.jsonportals/admin/src/main/webapp/site/public/locales/fr.jsonportals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/AddEditAiServiceProvider.jsxportals/publisher/src/main/webapp/site/public/locales/en.jsonportals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/AIEndpoints/AddEditAIEndpoint.jsx
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/AIEndpoints/AddEditAIEndpoint.jsx`:
- Around line 487-500: Move the IS_UMI_AUTH_ENABLED constant declaration so it's
defined before the useEffect that references it: locate the useEffect that
checks IS_UMI_AUTH_ENABLED (the effect that calls saveEndpointSecurityConfig
with CONSTS.DEFAULT_ENDPOINT_SECURITY, type: 'umi', enabled: true) and cut/paste
the IS_UMI_AUTH_ENABLED const so it appears above that useEffect; ensure the
same identifier is used and imports/exports (if any) remain valid and that
currentEnvType and currentSecurityType are still in scope for the effect.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 1f2a2cae-1476-4c41-acda-4d5287d44bca
📒 Files selected for processing (1)
portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/AIEndpoints/AddEditAIEndpoint.jsx
chira99
force-pushed
the
main
branch
2 times, most recently
from
ebef60d to
c5a5dc6
Compare
chira99
requested review from
HeshanSudarshana,
PasanT9,
RakhithaRR and
hisanhunais
as code owners
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/AIEndpoints/AddEditAIEndpoint.jsx`:
- Around line 493-510: The useEffect currently only checks currentSecurityType
and can skip re-applying UMI when a persisted config has type 'umi' but enabled:
false; update the effect to also check the persisted enabled flag (e.g., read
state.endpointConfig.endpoint_security?.[currentEnvType]?.enabled into a
variable like persistedSecurityEnabled) and change the guard to reapply UMI
unless currentSecurityType === 'umi' AND persistedSecurityEnabled === true; call
saveEndpointSecurityConfig(...) when IS_UMI_AUTH_ENABLED(...) is true and the
persisted config is not both type 'umi' and enabled, and add the persisted
enabled variable to the effect dependencies so the effect runs when that flag
changes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: fe5c9aff-70a9-4877-a1fd-91041b287c5f
📒 Files selected for processing (5)
portals/admin/src/main/webapp/site/public/locales/en.jsonportals/admin/src/main/webapp/site/public/locales/fr.jsonportals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/AddEditAiServiceProvider.jsxportals/publisher/src/main/webapp/site/public/locales/en.jsonportals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/AIEndpoints/AddEditAIEndpoint.jsx
✅ Files skipped from review due to trivial changes (1)
- portals/publisher/src/main/webapp/site/public/locales/en.json
chira99
force-pushed
the
main
branch
2 times, most recently
from
30969e1 to
f6bbebb
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds UI support for Azure User Managed Identity (UMI) as an authentication type across the
Admin and Publisher portals, complementing the gateway-side UMI implementation.
Related Issue
What's changed
Admin portal — AI Service Provider form
umias a selectable authentication type alongsidenone,apikey, andawsto be stored and that the gateway pod must have the AKS Workload Identity webhook configured
Publisher portal — AI Endpoint configuration
IS_UMI_AUTH_ENABLEDhelper to detect when the LLM provider is configured for UMItype=umi, enabled=truewhen the provider's auth typeis UMI — no manual credential input required from the API publisher
inject a Bearer token using the pod's AKS Workload Identity
Backward compatibility
No changes to existing
none,apikey, orawsauthentication flows.Admin Portal:
Publisher Portal