Skip to content

Fix AAD authentication in ACA environments for RedTeam#44938

Merged
slister1001 merged 1 commit intoAzure:mainfrom
slister1001:fix/aca-entra-credential-auth
Feb 4, 2026
Merged

Fix AAD authentication in ACA environments for RedTeam#44938
slister1001 merged 1 commit intoAzure:mainfrom
slister1001:fix/aca-entra-credential-auth

Conversation

@slister1001
Copy link
Member

@slister1001 slister1001 commented Jan 30, 2026

When running red team scans in ACA environments, DefaultAzureCredential fails because Azure CLI is not available. This fix allows passing an explicit credential from the RedTeam instance to get_chat_target().

Changes:

  • Add credential parameter to get_chat_target() function
  • Add _create_token_provider() helper to create callable from credential
  • Pass self.credential from RedTeam.scan() to get_chat_target()
  • Add credential field to AzureOpenAIModelConfiguration TypedDict
  • Add tests for credential-based authentication paths

Auth priority: api_key > credential > use_aad_auth (DefaultAzureCredential)

Description

Please add an informative description that covers that changes made by the pull request and link all relevant issues.

If an SDK is being regenerated based on a new API spec, a link to the pull request containing these API spec changes should be included above.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

@github-actions github-actions bot added the Evaluation Issues related to the client library for Azure AI Evaluation label Jan 30, 2026
@slister1001 slister1001 force-pushed the fix/aca-entra-credential-auth branch 3 times, most recently from 60565c6 to ec98609 Compare January 30, 2026 15:39
@slister1001 slister1001 marked this pull request as ready for review January 30, 2026 15:39
@slister1001 slister1001 requested a review from a team as a code owner January 30, 2026 15:39
Copilot AI review requested due to automatic review settings January 30, 2026 15:39
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Summary:
This PR fixes AAD authentication failures in Azure Container Apps (ACA) environments for RedTeam operations. The fix allows passing an explicit credential from the RedTeam instance to get_chat_target(), avoiding reliance on DefaultAzureCredential which fails when Azure CLI is not available in containerized environments.

Changes:

  • Added optional credential parameter to get_chat_target() function for explicit credential passing
  • Modified RedTeam.scan() to pass self.credential to get_chat_target() for use in ACA environments
  • Added comprehensive test coverage for credential-based authentication with different priority scenarios
  • Updated AzureOpenAIModelConfiguration TypedDict to include credential field

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
azure/ai/evaluation/red_team/_utils/strategy_utils.py Added credential parameter to get_chat_target() function with proper authentication priority handling (api_key > credential > DefaultAzureCredential). Includes code formatting improvements.
azure/ai/evaluation/red_team/_red_team.py Modified scan() method to pass self.credential to get_chat_target(). Includes extensive code formatting improvements throughout the file.
tests/unittests/test_redteam/test_strategy_utils.py Added three new test cases covering credential parameter usage, precedence testing, and various authentication scenarios. Includes code formatting improvements.

@slister1001 slister1001 force-pushed the fix/aca-entra-credential-auth branch from ec98609 to ae92eb7 Compare January 30, 2026 15:59
@slister1001
Fix AAD authentication in ACA environments for RedTeam
99ee749 
When running red team scans in ACA environments, DefaultAzureCredential
fails because Azure CLI is not available. This fix allows passing an
explicit credential from the RedTeam instance to get_chat_target().

Changes:
- Add credential parameter to get_chat_target() function
- Add _create_token_provider() helper to create callable from credential
- Pass self.credential from RedTeam.scan() to get_chat_target()
- Add credential field to AzureOpenAIModelConfiguration TypedDict
- Add tests for credential-based authentication paths

Auth priority: api_key > credential > use_aad_auth (DefaultAzureCredential)
@slister1001 slister1001 force-pushed the fix/aca-entra-credential-auth branch from ae92eb7 to 99ee749 Compare January 30, 2026 19:05
@slister1001 slister1001 merged commit ebbe47c into Azure:main Feb 4, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@posaninagendra posaninagendra posaninagendra approved these changes

@minthigpen minthigpen minthigpen approved these changes

+1 more reviewer

@BryceByDesign BryceByDesign BryceByDesign approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Evaluation Issues related to the client library for Azure AI Evaluation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@slister1001 @posaninagendra @BryceByDesign @minthigpen