Through the web interface of ai.azure.com I created all the necessary services such as azure ai studio with project, storage account, open AI, AI search, etc. And I connected all the services to a private endpoint.
The problem arose only when indexing files in Ai search if it is connected to a private endpoint I get error. If it is public, then everything works fine.
Has anyone encountered this problem?
[enter image description here](https://i.sstatic.net/ieQvTJj8.png) [enter image description here]
step of ml pipeline – Creating Azure AI Search Index – Data ingestion failed
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azureml/rag/tasks/update_acs.py", line 131, in create_search_index_sdk
if acs_config["index_name"] not in index_client.list_index_names():
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azure/core/paging.py", line 123, in __next__
return next(self._page_iterator)
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azure/core/paging.py", line 75, in __next__
self._response = self._get_next(self.continuation_token)
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azure/search/documents/indexes/_generated/operations/_indexes_operations.py", line 502, in get_next
raise HttpResponseError(response=response, model=error)
azure.core.exceptions.HttpResponseError: Operation returned an invalid status 'Forbidden'
(update_acs.py:467)
[2024-10-09 16:24:22] ERROR azureml.rag.update_acs.update_acs - ActivityCompleted: Activity=update_acs, HowEnded=Failure, Duration=14317.24 [ms], Exception=HttpResponseError (activity.py:127)
Traceback (most recent call last):
File "/azureml-envs/rag-embeddings/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/azureml-envs/rag-embeddings/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
[2024-10-09 16:24:10] INFO azureml.rag.connections - Using User Identity for authentication. (connections.py:265)
[2024-10-09 16:24:10] INFO azureml.rag.update_acs - Using Index fields: {
"content": "content",
"url": "url",
"filename": "filepath",
"title": "title",
"metadata": "meta_json_string"
} (update_acs.py:309)
[2024-10-09 16:24:10] INFO azureml.rag.update_acs - Ensuring search index shy-needle-jv648s7dcq99 exists (update_acs.py:127)
_AzureMLOnBehalfOfCredential.get_token succeeded
[2024-10-09 16:24:15] ERROR azureml.rag.update_acs.update_acs - ActivityCompleted: Activity=update_acs, HowEnded=Failure, Duration=5516.44 [ms], Exception=HttpResponseError (activity.py:127)
[2024-10-09 16:24:16] ERROR azureml.rag.update_acs - Failed to update ACS index (update_acs.py:429)
[2024-10-09 16:24:17] ERROR azureml.rag.update_acs.update_acs - ServiceError: intepreted error = Rag system error, original error = Operation returned an invalid status 'Forbidden' (exceptions.py:124)
[2024-10-09 16:24:22] ERROR azureml.rag.update_acs.update_acs - update_acs failed with exception: Traceback (most recent call last):
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azureml/rag/tasks/update_acs.py", line 465, in main_wrapper
map_exceptions(main, activity_logger, args, logger, activity_logger)
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azureml/rag/utils/exceptions.py", line 126, in map_exceptions
raise e
File "/azureml-envs/rag-embeddings/lib/python3.9/site-packages/azureml/rag/utils/exceptions.py", line 118, in map_exceptions
return func(*func_args, **kwargs)
I tried adding different access rights (roles) but it didn’t help
2
Answers
To my surprise, your advice helped. But what's interesting is that I tried to change the connection types (AI Key and also Microsoft Entra ID) but it didn't work before until I deleted the connection(in AI Studio) - to AI search and added it again (private endpoint was active).
I also left only the API key type enabled in the AI search (settings) - as the only one possible method (there was another recommendation in the Microsoft article)
Thanks for the recommendation!
I’ve had the same issue and just fixed it.
This is how:
Set the API key based access control for the search service in the azure portal
Set the admin key for the same resource in Azure Ai Studio
in the project settings > connected resources > choose the Azure AI Search (Cognitive Search) type resource, then edit. Check also if the target is set correctly!