DEVHIDE
Login Or Sign up

Connect to Azure AI Translator in Azure DevOps Pipelines using Workload Identity Federation

73 Views Asked by At

I would like to use the Azure AI Text Translation from an Azure DevOps build pipeline, without having to use any secrets for authentication. I have used Workload Identity Federation for smooth authentication from pipelines before, so if that is possible also for Azure AI Translator that would be great.

I have set up a resource group in Azure Portal with a resource of type 'Translator'. I have also set up a (Azure Resource Manager) service connection in my Azure DevOps project that is referring to that resource group, and I can see that a federated credential was created for me in Microsoft Entra.

Now the next step is usually to set up permissions for the federated credential in Microsoft Entra. For my previous federated credential, I have used "Request API permissions". But there it is not obvious what to select in this case. I could use some guidance on how to set up the permissions to be able to use Text Translation from my pipeline.

authentication azure-devops federated-identity azure-text-translation azure-ai-translator
Original Q&A
1

There are 1 best solutions below

3
wade zhou - MSFT On BEST ANSWER

DevOps pipeline is used for CICD process. As per the rest api doc below for translator, you should use the KEY, Region and Web Api not Workload Identity Federation for automation.

Quickstart: Azure AI Translator REST APIs

Translator 3.0: Translate

enter image description here

The yaml sample:

pool:
  vmImage: Windows-latest

steps:
- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: |
      # Define the paramters to translate a string
          $subscriptionKey = ${env:KEY}
          $region = "eastus"
          $text = "Hello, world!"
          $toLanguage = "fr"
      # Define the function to call the Translator Text API
          function Translate-Text ($subscriptionKey, $region, $text, $toLanguage) {
              $uri = "https://api.cognitive.microsofttranslator.com/translate?api-version=3.0&to=$toLanguage"
              $headers = @{
                  "Ocp-Apim-Subscription-Key" = $subscriptionKey
                  "Ocp-Apim-Subscription-Region" = $region
                  "Content-Type" = "application/json"
              }
              $body = ConvertTo-Json @(@{ Text = $text })
      
              $response = Invoke-RestMethod -Uri $uri -Method Post -Body $body -Headers $headers
              return $response[0].translations[0].text
          }
          $translatedText = Translate-Text -subscriptionKey $subscriptionKey -region $region -text $text -toLanguage $toLanguage
          Write-Output "Translated text: $translatedText"
  env:
    KEY: $(key)

The output, it's translated to fr:

enter image description here

Edit, add for Document translation.

As per the doc Managed identity assignments, Document Translation supports system-assigned managed identity, not identity from Azure Resource Manager service connection.

enter image description here

Related Questions in AUTHENTICATION

Related Questions in AZURE-DEVOPS

Related Questions in FEDERATED-IDENTITY

Related Questions in AZURE-TEXT-TRANSLATION

Related Questions in AZURE-AI-TRANSLATOR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.