Search code examples
azureazure-ai-search

Azure AI Search Custom Skill, unable to keep the authResourceId in a skillset

I try to access an Azure Function which is protected by Microsoft Entra ID from an Azure AI Search Custom Web Skill. https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-configuration

According to the document, I can access the function with the authResourceId, but it disappears after saving a skillset on Azure Portal. And of course, a request to the function fails due to the authentication.

enter image description here

https://learn.microsoft.com/en-us/azure/search/cognitive-search-custom-skill-web-api

My skill definition right after saving on the portal. There is no error message while saving.

enter image description here

Then reopen the same skillset. The authResourceId has gone. It happens after saving edited a skill setting on a debug session too.

enter image description here

Both the AI Search Indexer and the Azure Function work great if I disable the Entra ID authentication stuff.

===EDIT===
I tried to make a skillset by REST API via REST Client extension of VS Code, but the authResourceId didn't persist either. This is the request. I omitted some parts for simplicity.

@endpoint=https://XXXX.search.windows.net

POST {{endpoint}}/skillsets?api-version=2023-10-01-Preview
    Content-type: application/json
    Authorization: Bearer {{token}}

{
  "name": "test04-index-custom-skillset",
  "skills": [
    {
      "@odata.type": "#Microsoft.Skills.Custom.WebApiSkill",
      "name": "custom-embeding-skill",
      "description": "Custom-Skill-AzureFunctions",
      "context": "/document/pages/*",
      "inputs": [
        {
          "name": "text",
          "source": "/document/pages/*",
          "inputs": []
        }
      ],
      "outputs": [
        {
          "name": "vector",
          "targetName": "text_vector"
        }
      ],
      "authResourceId": "api://appKey",
      "uri": "https://xxxx.azurewebsites.net/api/vectorize",
      "httpHeaders": {},
      "httpMethod": "POST",
      "timeout": "PT30S",
      "batchSize": 1000
    }
  ],
  "indexProjections": {
    "selectors": [
      {
        "targetIndexName": "test02-custom-skill-index",
        "parentKeyFieldName": "parent_id",
        "sourceContext": "/document/pages/*",
        "mappings": [
          {
            "name": "contentVector",
            "source": "/document/pages/*/text_vector"
          }
      }
    ],
    "parameters": {
      "projectionMode": "skipIndexingParentDocuments"
    }
  }
}

And the response is.

HTTP/1.1 201 Created
Transfer-Encoding: chunked
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; charset=utf-8
ETag: "0x8DD02DF818256FB"
Location: https://XXXX.search.windows.net:443/skillsets('test04-index-custom-skillset')?api-version=2023-10-01-Preview
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=2592000, max-age=15724800; includeSubDomains
Preference-Applied: odata.include-annotations="*"
OData-Version: 4.0
request-id: b4b1880e-7391-4e3a-8e6f-736d1279458e
elapsed-time: 75
Date: Tue, 12 Nov 2024 06:01:53 GMT
Connection: close

{
  "@odata.context": "https://XXXX.search.windows.net/$metadata#skillsets/$entity",
  "name": "test04-index-custom-skillset",
  "description": null,
  "skills": [
    {
      "@odata.type": "#Microsoft.Skills.Custom.WebApiSkill",
      "name": "custom-embeding-skill",
      "description": "Custom-Skill-AzureFunctions",
      "context": "/document/pages/*",
      "uri": "https://xxxx.azurewebsites.net/api/vectorize",
      "httpMethod": "POST",
      "timeout": "PT30S",
      "batchSize": 1000,
      "degreeOfParallelism": null,
      "authResourceId": "api://appKey",
      "inputs": [
        {
          "name": "text",
          "source": "/document/pages/*",
          "sourceContext": null,
          "inputs": []
        }
      ],
      "outputs": [
        {
          "name": "vector",
          "targetName": "text_vector"
        }
      ],
      "httpHeaders": {},
      "authIdentity": null
    }
  ],
  "cognitiveServices": null,
  "knowledgeStore": null,
  "indexProjections": {
    "selectors": [
      {
        "targetIndexName": "test02-custom-skill-index",
        "parentKeyFieldName": "parent_id",
        "sourceContext": "/document/pages/*",
        "mappings": [
          {
            "name": "contentVector",
            "source": "/document/pages/*/text_vector",
            "sourceContext": null,
            "inputs": []
          }
        ]
      }
    ],
    "parameters": {
      "projectionMode": "skipIndexingParentDocuments"
    }
  },
  "encryptionKey": null
}

The authResourceId was there, but when I check it on the portal, it's gone.

enter image description here

Solution

  • According to the documentation to use authResourceId parameter you need to call API with api-version=2023-10-01-Preview.

    Same thing i got, after saving the skillset it is not visible when i refreshed. but you update the skillset using REST API with version 2023-10-01-Preview

    Below is the sample i tested.

    enter image description here

    Next, it won't be visible in portal that is possibly due to the Api version used by portal to configure the search service.

    You list the skillset using the rest Api itself you will the correct configuration.

    enter image description here

    Now you try to run indexer it will work, make sure you configured all the things properly when adding identity provider as per this documentation.