Merge pull request #2403 from solliancenet/cj-fix-authorization-097-beta1352

Fix issue with role assignment deletion

Author: ciprianjichici

.gitignore

@@ -403,3 +403,4 @@ dist
 **/foundationallm-certificates.SecretProviderClass.json
 **/foundationallm_external_modules**
 certs.zip
+/samples/python/.env

samples/python/.env.example

@@ -0,0 +1,8 @@
+# This file is an example of the .env file that should be created in the same directory as this file.
+MANAGEMENT_API_SCOPE = "MANAGEMENT_API_CLIENT_ID/.default" # Replace MANAGEMENT_API_CLIENT_ID with the actual client ID of the Management API application.
+MANAGEMENT_API_ENDPOINT = "https://..." # Replace with the actual endpoint of the Management API application.
+
+CORE_API_SCOPE = "CORE_API_CLIENT_ID/.default" # Replace CORE_API_CLIENT_ID with the actual client ID of the Core API application.
+CORE_API_ENDPOINT = "https://..." # Replace with the actual endpoint of the Core API application.
+
+FOUNDATIONALLM_INSTANCE_ID = "FOUNDATIONALLM_INSTANCE_ID" # Replace FOUNDATIONALLM_INSTANCE_ID with the actual FoundationaLLM instance identifier.

samples/python/clients/__init__.py

@@ -0,0 +1,2 @@
+from .core_client import CoreClient
+from .management_client import ManagementClient\

samples/python/clients/api_client.py

@@ -0,0 +1,105 @@
+'''
+Generic API client for FoundationLLM.
+This client is used to interact with the FoundationLLM APIs.
+'''
+
+from urllib.parse import urlparse
+
+import requests
+from simple_jwt import jwt
+
+from azure.identity import AzureCliCredential
+
+class APIClient:
+    '''
+    Generic API client for FoundationLLM.
+    This client is used to interact with the FoundationLLM APIs.
+    '''
+
+    def __init__(
+        self,
+        api_scope: str,
+        api_endpoint: str,
+        foundationallm_instance_id: str):
+
+        self.__api_scope = api_scope
+        self.__api_endpoint = api_endpoint
+        self.__foundationallm_instance_id = foundationallm_instance_id
+
+        self.__verify_ssl = (urlparse(api_endpoint.lower()).hostname != "localhost")
+
+        self.__credential = AzureCliCredential()
+        self.__token = self.__credential.get_token(self.__api_scope).token
+
+    def __ensure_valid_token(self):
+        '''
+        Ensure that the token is valid.
+        If the token is expired, get a new one.
+        '''
+        if not self.__token:
+            self.__token = self.__credential.get_token(self.__api_scope).token
+
+        if jwt.is_expired(self.__token):
+            self.__token = self.__credential.get_token(self.__api_scope).token
+
+    def post_request(
+            self,
+            route: str,
+            data: dict,
+            include_instance: bool = True) -> dict:
+        '''
+        Post a request to the API.
+        - param data: The data to post.
+        - param route: The route to post to.
+        - param include_instance: Whether to include the instance ID in the route.
+        
+        Return: The response from the API.
+        '''
+        self.__ensure_valid_token()
+
+        headers = {
+            "Authorization": f"Bearer {self.__token}",
+            "Content-Type": "application/json"
+        }
+
+        response = requests.post(
+            f"{self.__api_endpoint}/instances/{self.__foundationallm_instance_id}/{route}" if include_instance \
+                else f"{self.__api_endpoint}/{route}",
+            headers=headers,
+            json=data,
+            timeout=60,
+            verify=self.__verify_ssl
+        )
+
+        response.raise_for_status()
+
+        return response.json()
+
+    def get_request(
+            self,
+            route:str,
+            include_instance: bool = True) -> dict:
+        '''
+        Post a request to the API.
+        - param route: The route to post to.
+        - param include_instance: Whether to include the instance ID in the route.
+        
+        Return: The response from the API.
+        '''
+        self.__ensure_valid_token()
+
+        headers = {
+            "Authorization": f"Bearer {self.__token}"
+        }
+
+        response = requests.get(
+            f"{self.__api_endpoint}/instances/{self.__foundationallm_instance_id}/{route}" if include_instance \
+                else f"{self.__api_endpoint}/{route}",
+            headers=headers,
+            timeout=60,
+            verify=self.__verify_ssl
+        )
+
+        response.raise_for_status()
+
+        return response.json()

samples/python/clients/core_client.py

@@ -0,0 +1,23 @@
+'''
+Core API client for FoundationLLM.
+This client is used to interact with the FoundationLLM Core API.
+'''
+
+from .api_client import APIClient
+
+class CoreClient(APIClient):
+    '''
+    Core API client for FoundationLLM.
+    This client is used to interact with the FoundationLLM Core API.
+    '''
+
+    def get_agents(self) -> dict:
+        '''
+        Retrieves the list of agents.
+        '''
+
+        result = self.get_request(
+            "completions/agents"
+        )
+
+        return result

samples/python/clients/management_client.py

@@ -0,0 +1,128 @@
+'''
+Management API client for FoundationLLM.
+This client is used to interact with the FoundationLLM Management API.
+'''
+
+from .api_client import APIClient
+
+class ManagementClient(APIClient):
+    '''
+    Management API client for FoundationLLM.
+    This client is used to interact with the FoundationLLM Management API.
+    '''
+
+    def __init__(
+        self,
+        api_scope: str,
+        api_endpoint: str,
+        foundationallm_instance_id: str):
+
+        super().__init__(
+            api_scope,
+            api_endpoint,
+            foundationallm_instance_id
+        )
+
+        self.default_text_partitioning_profile = "text_partition_default"
+        self.default_text_embedding_profile = "text_embedding_profile_gateway_embedding3large"
+
+    # region: Agents
+
+    # region: Agent workflows
+
+    def get_agent_workflows(self) -> dict:
+        '''
+        Retrieves the list of agent workflows.
+        '''
+
+        result = self.get_request(
+            "providers/FoundationaLLM.Agent/workflows"
+        )
+
+        return result
+
+    # endregion
+
+    # endregion
+
+    # region: Vectorization pipelines
+
+    def create_vectorization_pipeline(
+        self,
+        pipeline_name: str,
+        pipeline_description: str,
+        data_source_name: str,
+        vector_store_name: str
+    ) -> dict:
+        '''
+        Creates a vectorization pipeline.
+        - pipeline_name: The name of the pipeline.
+        - pipeline_description: The description of the pipeline.
+        - data_source_name: The name of the data source.
+        - vector_store_name: The name of the vector store.
+        '''
+        
+        result = self.post_request(
+            f"providers/FoundationaLLM.Vectorization/vectorizationPipelines/{pipeline_name}",
+            {
+                "name": pipeline_name,
+                "description": pipeline_description,
+                "data_source_object_id": f"/instances/{self.__foundationallm_instance_id}/providers/FoundationaLLM.DataSource/dataSources/{data_source_name}",
+                "text_partitioning_profile_object_id": f"/instances/{self.__foundationallm_instance_id}/providers/FoundationaLLM.Vectorization/textPartitioningProfiles/{self.default_text_partitioning_profile}",
+                "text_embedding_profile_object_id": f"/instances/{self.__foundationallm_instance_id}/providers/FoundationaLLM.Vectorization/textEmbeddingProfiles/{self.default_text_embedding_profile}",
+                "indexing_profile_object_id": f"/instances/{self.__foundationallm_instance_id}/providers/FoundationaLLM.Vectorization/indexingProfiles/{vector_store_name}",
+                "trigger_type": "Manual"
+            }
+        )
+
+        return result
+
+    def get_vectorization_pipeline(
+        self,
+        pipeline_name: str
+    ) -> dict:
+        '''
+        Retrieves a vectorization pipeline.
+        - pipeline_name: The name of the pipeline.
+        '''
+
+        result = self.get_request(
+            f"providers/FoundationaLLM.Vectorization/vectorizationPipelines/{pipeline_name}"
+        )
+
+        return result
+
+    def activate_vectorization_pipeline(
+        self,
+        pipeline_name: str
+    ) -> dict:
+        '''
+        Activates a vectorization pipeline.
+        - pipeline_name: The name of the pipeline.
+        '''
+
+        result = self.post_request(
+            f"providers/FoundationaLLM.Vectorization/vectorizationPipelines/{pipeline_name}/activate",
+            {}
+        )
+
+        return result
+
+    def get_vectorization_pipeline_execution(
+        self,
+        pipeline_name: str,
+        execution_id: str
+    ) -> dict:
+        '''
+        Retrieves a vectorization pipeline execution.
+        - pipeline_name: The name of the pipeline.
+        - execution_id: The ID of the execution.
+        '''
+
+        result = self.get_request(
+            f"providers/FoundationaLLM.Vectorization/vectorizationPipelines/{pipeline_name}/vectorizationPipelineExecutions/{execution_id}"
+        )
+
+        return result
+    
+    # endregion

samples/python/core_agents.py

@@ -0,0 +1,21 @@
+'''
+This samepl shows how to retrieve the list of agents available to the user.
+'''
+
+import os
+from dotenv import load_dotenv
+
+from clients import CoreClient
+
+# Load environment variables from .env file
+load_dotenv()
+
+core_client = CoreClient(
+    os.getenv("CORE_API_SCOPE"),
+    os.getenv("CORE_API_ENDPOINT"),
+    os.getenv("FOUNDATIONALLM_INSTANCE_ID")
+)
+
+result = core_client.get_agents()
+
+print(result)

samples/python/management_agents_workflows.py

@@ -0,0 +1,21 @@
+'''
+This sample shows how to retrieve the list of agent workflows.
+'''
+
+import os
+from dotenv import load_dotenv
+
+from clients import ManagementClient
+
+# Load environment variables from .env file
+load_dotenv()
+
+management_client = ManagementClient(
+    os.getenv("MANAGEMENT_API_SCOPE"),
+    os.getenv("MANAGEMENT_API_ENDPOINT"),
+    os.getenv("FOUNDATIONALLM_INSTANCE_ID")
+)
+
+result = management_client.get_agent_workflows()
+
+print(result)

src/dotnet/Agent/ResourceProviders/AgentResourceProviderService.cs

@@ -435,7 +435,7 @@ private async Task<ResourceProviderUpsertResult> UpdateAgent(
                     var roleAssignmentDescription = $"Reader role for the {agent.Name} agent's virtual security group";
                     var roleAssignmentResult = await _authorizationServiceClient.CreateRoleAssignment(
                         _instanceSettings.Id,
-                        new RoleAssignmentRequest()
+                        new RoleAssignmentCreateRequest()
                         {
                             Name = roleAssignmentName,
                             Description = roleAssignmentDescription,
@@ -458,7 +458,7 @@ private async Task<ResourceProviderUpsertResult> UpdateAgent(
                         roleAssignmentName = Guid.NewGuid().ToString();
                         roleAssignmentResult = await _authorizationServiceClient.CreateRoleAssignment(
                             _instanceSettings.Id,
-                            new RoleAssignmentRequest()
+                            new RoleAssignmentCreateRequest()
                             {
                                 Name = roleAssignmentName,
                                 Description = roleAssignmentDescription,

src/dotnet/Authorization/ResourceProviders/AuthorizationResourceProviderService.cs

@@ -128,7 +128,7 @@ private async Task<ResourceProviderUpsertResult> UpdateRoleAssignments(ResourceP
 
             var roleAssignmentResult = await _authorizationServiceClient.CreateRoleAssignment(
                 _instanceSettings.Id,
-                new RoleAssignmentRequest()
+                new RoleAssignmentCreateRequest()
                 {
                     Name = roleAssignment.Name,
                     Description = roleAssignment.Description,

src/dotnet/AuthorizationAPI/Controllers/RoleAssignmentsController.cs

@@ -35,21 +35,21 @@ public IActionResult GetRoleAssignments(string instanceId, [FromBody] RoleAssign
         /// Assigns a role to an Entra ID user or group.
         /// </summary>
         /// <param name="instanceId">The FoundationaLLM instance identifier.</param>
-        /// <param name="roleAssignmentRequest">The role assignment request.</param>
+        /// <param name="roleAssignmentCreateRequest">The role assignment create request.</param>
         /// <returns>The role assignment result.</returns>
         [HttpPost]
-        public async Task<IActionResult> AssignRole(string instanceId, RoleAssignmentRequest roleAssignmentRequest) =>
-            new OkObjectResult(await _authorizationCore.CreateRoleAssignment(instanceId, roleAssignmentRequest));
+        public async Task<IActionResult> AssignRole(string instanceId, RoleAssignmentCreateRequest roleAssignmentCreateRequest) =>
+            new OkObjectResult(await _authorizationCore.CreateRoleAssignment(instanceId, roleAssignmentCreateRequest));
 
         /// <summary>
         /// Revokes a role from an Entra ID user or group.
         /// </summary>
         /// <param name="instanceId">The FoundationaLLM instance identifier.</param>
-        /// <param name="roleAssignment">The role assignment object identifier.</param>
+        /// <param name="roleAssignmentName">The role assignment object identifier.</param>
         /// <returns>The role assignment result.</returns>
-        [HttpDelete("{*roleAssignment}")]
-        public async Task<IActionResult> RevokeRoleAssignment(string instanceId, string roleAssignment) =>
-            new OkObjectResult(await _authorizationCore.DeleteRoleAssignment(instanceId, roleAssignment));
+        [HttpDelete("{*roleAssignmentName}")]
+        public async Task<IActionResult> RevokeRoleAssignment(string instanceId, string roleAssignmentName) =>
+            new OkObjectResult(await _authorizationCore.DeleteRoleAssignment(instanceId, roleAssignmentName));
 
         #endregion
     }