Feature - Added Managed Identity authentication option to Enhanced Citations Storage Account Admin Setting (#412)

Bugfix 1 - Removed duplicate logo_version setting

Bugfix 2 - Fixed Video Indexer settings in Admin Settings Setup Walkthrough so that API Key is optional since Video Indexer requires ARM authentication now instead of API Key auth

Author: Xeelee33

application/single_app/config.py

@@ -611,11 +611,14 @@ def initialize_clients(settings):
 
         try:
             if enable_enhanced_citations:
-                blob_service_client = BlobServiceClient.from_connection_string(settings.get("office_docs_storage_account_url"))
-                CLIENTS["storage_account_office_docs_client"] = blob_service_client
-                
-                # Create containers if they don't exist
-                # This addresses the issue where the application assumes containers exist
+                if settings.get("office_docs_authentication_type") == "key":
+                    blob_service_client = BlobServiceClient.from_connection_string(settings.get("office_docs_storage_account_url"))
+                    CLIENTS["storage_account_office_docs_client"] = blob_service_client
+                if settings.get("office_docs_authentication_type") == "managed_identity":
+                    blob_service_client = BlobServiceClient(account_url=settings.get("office_docs_storage_account_blob_endpoint"), credential=DefaultAzureCredential())
+                    CLIENTS["storage_account_office_docs_client"] = blob_service_client
+                    # Create containers if they don't exist
+                    # This addresses the issue where the application assumes containers exist
                 for container_name in [
                     storage_account_user_documents_container_name, 
                     storage_account_group_documents_container_name, 

application/single_app/functions_settings.py

@@ -151,6 +151,7 @@ def get_settings():
         'enable_enhanced_citations_mount': False,
         'enhanced_citations_mount': '/view_documents',
         'office_docs_storage_account_url': '',
+        'office_docs_storage_account_blob_endpoint': '',
         'office_docs_authentication_type': 'key',
         'office_docs_key': '',
         'video_files_storage_account_url': '',

application/single_app/route_frontend_admin_settings.py

@@ -309,11 +309,13 @@ def admin_settings():
 
             # Enhanced Citations...
             enable_enhanced_citations = form_data.get('enable_enhanced_citations') == 'on'
+            office_docs_storage_account_blob_endpoint = form_data.get('office_docs_storage_account_blob_endpoint', '').strip()
             office_docs_storage_account_url = form_data.get('office_docs_storage_account_url', '').strip()
+
 
             # Validate that if enhanced citations are enabled, a connection string is provided
-            if enable_enhanced_citations and not office_docs_storage_account_url:
-                flash("Enhanced Citations cannot be enabled without providing a connection string. Feature has been disabled.", "danger")
+            if enable_enhanced_citations and not (office_docs_storage_account_blob_endpoint or office_docs_storage_account_url):
+                flash("Enhanced Citations cannot be enabled without providing a connection string or blob service endpoint. Feature has been disabled.", "danger")
                 enable_enhanced_citations = False
 
             # Model JSON Parsing (Your existing logic is fine)
@@ -386,7 +388,6 @@ def is_valid_url(url):
                 'logo_version': settings.get('logo_version', 1),
                 'custom_logo_dark_base64': settings.get('custom_logo_dark_base64', ''),
                 'logo_dark_version': settings.get('logo_dark_version', 1),
-                'logo_version': settings.get('logo_version', 1),
                 'custom_favicon_base64': settings.get('custom_favicon_base64', ''),
                 'favicon_version': settings.get('favicon_version', 1),
                 'landing_page_text': form_data.get('landing_page_text', ''),
@@ -477,6 +478,7 @@ def is_valid_url(url):
                 'enable_enhanced_citations': enable_enhanced_citations,
                 'enable_enhanced_citations_mount': form_data.get('enable_enhanced_citations_mount') == 'on' and enable_enhanced_citations,
                 'enhanced_citations_mount': form_data.get('enhanced_citations_mount', '/view_documents').strip(),
+                'office_docs_storage_account_blob_endpoint': office_docs_storage_account_blob_endpoint,
                 'office_docs_storage_account_url': office_docs_storage_account_url,
                 'office_docs_authentication_type': form_data.get('office_docs_authentication_type', 'key'),
                 'office_docs_key': form_data.get('office_docs_key', '').strip(),
@@ -817,6 +819,7 @@ def is_valid_url(url):
                 if updated_settings_for_file:
                     ensure_custom_logo_file_exists(app, updated_settings_for_file)
                     ensure_custom_favicon_file_exists(app, updated_settings_for_file)
+                    initialize_clients(updated_settings_for_file) # Important - reinitialize clients with new settings
                 else:
                     print("ERROR: Could not fetch settings after update to ensure logo/favicon files.")
 

application/single_app/static/js/admin/admin_settings.js

@@ -1471,14 +1471,42 @@ function setupToggles() {
     }
 
     const officeAuthType = document.getElementById('office_docs_authentication_type');
-    if (officeAuthType) {
-        officeAuthType.addEventListener('change', function(){
-            document.getElementById('office_docs_key_container').style.display =
-                (this.value === 'key') ? 'block' : 'none';
+    const connStrGroup = document.getElementById('office_docs_storage_conn_str_group');
+    const urlGroup = document.getElementById('office_docs_storage_url_group');
+    const connStrInput = document.getElementById('office_docs_storage_account_url');
+    const urlInput = document.getElementById('office_docs_storage_account_blob_endpoint');
+
+    if (officeAuthType && connStrGroup && urlGroup && connStrInput && urlInput) {
+        officeAuthType.addEventListener('change', function() {
+            if (this.value === 'managed_identity') {
+                connStrGroup.style.display = 'none';
+                urlGroup.style.display = '';
+            } else {
+                connStrGroup.style.display = '';
+                urlGroup.style.display = 'none';
+            }
             markFormAsModified();
         });
     }
 
+    // Toggle visibility of connection string
+    const toggleConnStrBtn = document.getElementById('toggle_office_conn_str');
+    if (toggleConnStrBtn && connStrInput) {
+        toggleConnStrBtn.addEventListener('click', function() {
+            connStrInput.type = connStrInput.type === 'password' ? 'text' : 'password';
+            toggleConnStrBtn.textContent = connStrInput.type === 'password' ? 'Show' : 'Hide';
+        });
+    }
+
+    // Toggle visibility of blob service endpoint URL
+    const toggleUrlBtn = document.getElementById('toggle_office_url');
+    if (toggleUrlBtn && urlInput) {
+        toggleUrlBtn.addEventListener('click', function() {
+            urlInput.type = urlInput.type === 'password' ? 'text' : 'password';
+            toggleUrlBtn.textContent = urlInput.type === 'password' ? 'Show' : 'Hide';
+        });
+    }
+
     const videoAuthType = document.getElementById('video_files_authentication_type');
     if (videoAuthType) {
         videoAuthType.addEventListener('change', function(){
@@ -2084,7 +2112,7 @@ togglePassword('toggle_azure_apim_document_intelligence_subscription_key', 'azur
 togglePassword('toggle_office_docs_key', 'office_docs_key');
 togglePassword('toggle_video_files_key', 'video_files_key');
 togglePassword('toggle_audio_files_key', 'audio_files_key');
-togglePassword('toggle_office_conn_str', 'office_docs_storage_account_url');
+togglePassword('toggle_office_conn_str', 'office_docs_storage_account_blob_endpoint');
 togglePassword('toggle_video_conn_str', 'video_files_storage_account_url');
 togglePassword('toggle_audio_conn_str', 'audio_files_storage_account_url');
 togglePassword('toggle_video_indexer_api_key', 'video_indexer_api_key');
@@ -2675,11 +2703,11 @@ function isStepComplete(stepNumber) {
             if (!workspacesEnabled || !videoEnabled) return true;
 
             // Otherwise check settings
+            const videoEndpoint = document.getElementById('video_indexer_endpoint')?.value;
             const videoLocation = document.getElementById('video_indexer_location')?.value;
             const videoAccountId = document.getElementById('video_indexer_account_id')?.value;
-            const videoApiKey = document.getElementById('video_indexer_api_key')?.value;
 
-            return videoLocation && videoAccountId && videoApiKey;
+            return videoLocation && videoAccountId && videoEndpoint;
 
         case 9: // Audio support
             const audioEnabled = document.getElementById('enable_audio_file_support').checked || false;

application/single_app/templates/admin_settings.html

@@ -349,7 +349,7 @@ <h4>8. Enable Video File Support</h4>
                             </li>
                             <li class="list-group-item d-flex justify-content-between align-items-center">
                                 <span>Video Indexer API Key</span>
-                                <span id="video-key-badge" class="badge bg-danger">Required</span>
+                                <span class="badge bg-secondary">Optional</span>
                             </li>
                         </ul>
                     </div>
@@ -1863,21 +1863,45 @@ <h5>Enhanced Citations</h5>
                         <div class="card mb-3 p-3">
                             <h6><strong>All filetypes</strong></h6>
                             <div class="mb-3">
+                                <label for="office_docs_authentication_type" class="form-label">
+                                    Storage Account Authentication Type
+                                </label>
+                                <select class="form-select" id="office_docs_authentication_type" name="office_docs_authentication_type">
+                                    <option value="key" {% if settings.office_docs_authentication_type == "key" or not settings.office_docs_authentication_type %}selected{% endif %}>Connection String</option>
+                                    <option value="managed_identity" {% if settings.office_docs_authentication_type == "managed_identity" %}selected{% endif %}>Managed Identity</option>
+                                </select>
+                            </div>
+
+                            <div class="mb-3" id="office_docs_storage_conn_str_group" {% if settings.office_docs_authentication_type == "managed_identity" %}style="display:none;"{% endif %}>
                                 <label for="office_docs_storage_account_url" class="form-label">
                                     Storage Account Connection String
                                 </label>
-                                
                                 <div class="input-group">
                                     <input
-                                        type="password" 
+                                        type="password"
                                         class="form-control"
                                         id="office_docs_storage_account_url"
                                         name="office_docs_storage_account_url"
                                         value="{{ settings.office_docs_storage_account_url or '' }}"
                                     >
                                     <button type="button" class="btn btn-outline-secondary" id="toggle_office_conn_str">Show</button>
                                 </div>
-                                
+                            </div>
+                            
+                            <div class="mb-3" id="office_docs_storage_url_group" {% if settings.office_docs_authentication_type != "managed_identity" %}style="display:none;"{% endif %}>
+                                <label for="office_docs_storage_account_blob_endpoint" class="form-label">
+                                    Storage Account Blob Service Endpoint
+                                </label>
+                                <div class="input-group">
+                                    <input
+                                        type="password"
+                                        class="form-control"
+                                        id="office_docs_storage_account_blob_endpoint"
+                                        name="office_docs_storage_account_blob_endpoint"
+                                        value="{{ settings.office_docs_storage_account_blob_endpoint or '' }}"
+                                    >
+                                    <button type="button" class="btn btn-outline-secondary" id="toggle_office_url">Show</button>
+                                </div>
                             </div>
                         </div>