microsoft · christian-andersen-msft · Nov 12, 2024 · Nov 12, 2024 · Nov 12, 2024 · Nov 26, 2024
@@ -0,0 +1,35 @@
+namespace System.AI;
+
+table 7767 "AOAIAccountVerificationLog"
+{
+    Caption = 'AOAI Account Verification Log';
+    Access = Internal;
+    Extensible = false;
+    InherentEntitlements = RIMDX;
+    InherentPermissions = X;
+    DataPerCompany = false;
+    ReplicateData = false;
+
+    fields
+    {
+        field(1; AccountName; Text[100])
+        {
+            Caption = 'Account Name';
+            DataClassification = CustomerContent;
+        }
+
+        field(2; LastSuccessfulVerification; DateTime)
+        {
+            Caption = 'Access Verified';
+            DataClassification = SystemMetadata;
+        }
+    }
+
+    keys
+    {
+        key(PrimaryKey; AccountName)
+        {
+            Clustered = false;
+        }
+    }
+}
@@ -5,7 +5,7 @@
 namespace System.AI;
 
 using System;
-
+using System.Telemetry;
 /// <summary>
 /// Store the authorization information for the AOAI service.
 /// </summary>
@@ -14,6 +14,7 @@ codeunit 7767 "AOAI Authorization"
     Access = Internal;
     InherentEntitlements = X;
     InherentPermissions = X;
+    Permissions = tabledata AOAIAccountVerificationLog = RIMD;
 
     var
         [NonDebuggable]
@@ -25,6 +26,10 @@ codeunit 7767 "AOAI Authorization"
         [NonDebuggable]
         ManagedResourceDeployment: Text;
         ResourceUtilization: Enum "AOAI Resource Utilization";
+        [NonDebuggable]
+        FirstPartyAuthorization: Boolean;
+        SelfManagedAuthorization: Boolean;
+        MicrosoftManagedAuthorization: Boolean;
 
     [NonDebuggable]
     procedure IsConfigured(CallerModule: ModuleInfo): Boolean
@@ -37,11 +42,11 @@ codeunit 7767 "AOAI Authorization"
 
         case ResourceUtilization of
             Enum::"AOAI Resource Utilization"::"First Party":
-                exit((ManagedResourceDeployment <> '') and ALCopilotFunctions.IsPlatformAuthorizationConfigured(CallerModule.Publisher(), CurrentModule.Publisher()));
+                exit(FirstPartyAuthorization and ALCopilotFunctions.IsPlatformAuthorizationConfigured(CallerModule.Publisher(), CurrentModule.Publisher()));
             Enum::"AOAI Resource Utilization"::"Self-Managed":
-                exit((Deployment <> '') and (Endpoint <> '') and (not ApiKey.IsEmpty()));
+                exit(SelfManagedAuthorization);
             Enum::"AOAI Resource Utilization"::"Microsoft Managed":
-                exit((Deployment <> '') and (Endpoint <> '') and (not ApiKey.IsEmpty()) and (ManagedResourceDeployment <> '') and AzureOpenAiImpl.IsTenantAllowlistedForFirstPartyCopilotCalls());
+                exit(MicrosoftManagedAuthorization and AzureOpenAiImpl.IsTenantAllowlistedForFirstPartyCopilotCalls());
         end;
 
         exit(false);
@@ -57,6 +62,22 @@ codeunit 7767 "AOAI Authorization"
         Deployment := NewDeployment;
         ApiKey := NewApiKey;
         ManagedResourceDeployment := NewManagedResourceDeployment;
+        MicrosoftManagedAuthorization := true;
+    end;
+
+    [NonDebuggable]
+    procedure SetMicrosoftManagedAuthorization(AOAIAccountName: Text; NewApiKey: SecretText; NewManagedResourceDeployment: Text)
+    var
+        IsVerified: Boolean;
+    begin
+        ClearVariables();
+        IsVerified := VerifyAOAIAccount(AOAIAccountName, NewApiKey.Unwrap());
+
+        if IsVerified then begin
+            ResourceUtilization := Enum::"AOAI Resource Utilization"::"Microsoft Managed";
+            ManagedResourceDeployment := NewManagedResourceDeployment;
+            MicrosoftManagedAuthorization := true;
+        end;
     end;
 
     [NonDebuggable]
@@ -68,6 +89,7 @@ codeunit 7767 "AOAI Authorization"
         Endpoint := NewEndpoint;
         Deployment := NewDeployment;
         ApiKey := NewApiKey;
+        SelfManagedAuthorization := true;
     end;
 
     [NonDebuggable]
@@ -77,6 +99,7 @@ codeunit 7767 "AOAI Authorization"
 
         ResourceUtilization := Enum::"AOAI Resource Utilization"::"First Party";
         ManagedResourceDeployment := NewDeployment;
+        FirstPartyAuthorization := true;
     end;
 
     [NonDebuggable]
@@ -115,5 +138,131 @@ codeunit 7767 "AOAI Authorization"
         Clear(Deployment);
         Clear(ManagedResourceDeployment);
         Clear(ResourceUtilization);
+        Clear(FirstPartyAuthorization);
+        clear(SelfManagedAuthorization);
+        Clear(MicrosoftManagedAuthorization);
+    end;
+
+    [NonDebuggable]
+    local procedure PerformAOAIAccountVerification(AOAIAccountName: Text; NewApiKey: Text): Boolean
+    var
+        HttpClient: HttpClient;
+        HttpRequestMessage: HttpRequestMessage;
+        HttpResponseMessage: HttpResponseMessage;
+        HttpContent: HttpContent;
+        ContentHeaders: HttpHeaders;
+        Url: Text;
+        IsSuccessful: Boolean;
+        UrlFormatTxt: Label 'https://%1.openai.azure.com/openai/models?api-version=2024-06-01', Locked = true;
+    begin
+        Url := StrSubstNo(UrlFormatTxt, AOAIAccountName);
+
+        HttpContent.GetHeaders(ContentHeaders);
+        if ContentHeaders.Contains('Content-Type') then
+            ContentHeaders.Remove('Content-Type');
+        ContentHeaders.Add('Content-Type', 'application/json');
+        ContentHeaders.Add('api-key', NewApiKey);
+
+        HttpRequestMessage.Method := 'GET';
+        HttpRequestMessage.SetRequestUri(Url);
+        HttpRequestMessage.Content(HttpContent);
+
+        IsSuccessful := HttpClient.Send(HttpRequestMessage, HttpResponseMessage);
+
+        if not IsSuccessful then
+            exit(false);
+
+        if not HttpResponseMessage.IsSuccessStatusCode() then
+            exit(false);
+
+        exit(true);
+    end;
+
+    local procedure VerifyAOAIAccount(AOAIAccountName: Text; NewApiKey: Text): Boolean
+    var
+        Notif: Notification;
+        IsVerified: Boolean;
+        GracePeriod: Duration;
+        CachePeriod: Duration;
+        TruncatedAccountName: Text[100];
+    begin
+        GracePeriod := 15 * 60 * 1000;//14 * 24 * 60 * 60 * 1000; // 2 weeks in milliseconds
+        CachePeriod := 1 * 60 * 1000;//24 * 60 * 60 * 1000; // 1 day in milliseconds
+
+        TruncatedAccountName := CopyStr(AOAIAccountName, 1, 100);
+
+        if IsAccountVerifiedWithinPeriod(TruncatedAccountName, CachePeriod) then begin
+            Message('Verification skipped (within cache period).');
+            exit(true);
+        end;
+
+        IsVerified := PerformAOAIAccountVerification(AOAIAccountName, NewApiKey);
+
+        // Handle failed verification
+        if not IsVerified then begin
+            SendNotification(Notif);
+            LogTelemetry(AOAIAccountName, Today);
+            if IsAccountVerifiedWithinPeriod(TruncatedAccountName, GracePeriod) then begin
+                Message('Verification failed, but account is still valid (within grace period).');
+                exit(true); // Verified if within grace period
+            end;
+            Message('Verification failed, and account is no longer valid (grace period expired).');
+            exit(false); // Failed verification if grace period has been exceeded
+        end;
+        SaveVerificationTime(TruncatedAccountName);
+        Message('Verification successful. Record saved.');
+        exit(true);
+    end;
+
+    local procedure IsAccountVerifiedWithinPeriod(AccountName: Text[100]; Period: Duration): Boolean
+    var
+        Rec: Record "AOAIAccountVerificationLog";
+    begin
+        if Rec.Get(AccountName) then
+            exit(CurrentDateTime - Rec.LastSuccessfulVerification <= Period);
+        exit(false);
+    end;
+
+    local procedure SaveVerificationTime(AccountName: Text[100])
+    var
+        Rec: Record "AOAIAccountVerificationLog";
+    begin
+        if Rec.Get(AccountName) then begin
+            Rec.LastSuccessfulVerification := CurrentDateTime;
+            Rec.Modify(true);
+        end else begin
+            Rec.Init();
+            Rec.AccountName := AccountName;
+            Rec.LastSuccessfulVerification := CurrentDateTime;
+            Rec.Insert(true);
+        end;
+    end;
+
+    local procedure SendNotification(var Notif: Notification)
+    var
+        MessageLbl: Label 'Azure Open AI authorization failed. AI functionality will be disabled within 2 weeks. Please contact your system administrator or the extension developer for assistance.';
+    begin
+        Notif.Message := MessageLbl;
+        Notif.Scope := NotificationScope::LocalScope;
+        Notif.Send();
+    end;
+
+    local procedure LogTelemetry(AccountName: Text; VerificationDate: Date)
+    var
+        Telemetry: Codeunit Telemetry;
+        MessageLbl: Label 'Azure Open AI authorization failed for account %1 on %2 because it is not authorized to access AI services. The connection will be terminated within 2 weeks if not rectified', Comment = 'Telemetry message where %1 is the name of the Azure Open AI account name and %2 is the date where verification has taken place';
+        CustomDimensions: Dictionary of [Text, Text];
+    begin
+        CustomDimensions.Add('AccountName', AccountName);
+        CustomDimensions.Add('VerificationDate', Format(VerificationDate, 0, '<Year4>-<Month,2>-<Day,2>'));
+
+        Telemetry.LogMessage(
+            '0000AA1', // Event ID
+            StrSubstNo(MessageLbl, AccountName, VerificationDate), // Message
+            Verbosity::Warning,
+            DataClassification::SystemMetadata,
+            Enum::"AL Telemetry Scope"::All,
+            CustomDimensions
+        );
     end;
 }
@@ -105,6 +105,20 @@ codeunit 7771 "Azure OpenAI"
         AzureOpenAIImpl.SetManagedResourceAuthorization(ModelType, Endpoint, Deployment, ApiKey, ManagedResourceDeployment);
     end;
 
+    /// <summary>
+    /// Sets the managed Azure OpenAI API authorization to use for a specific model type.
+    /// This will send the Azure OpenAI call to the deployment specified in <paramref name="ManagedResourceDeployment"/>, and will use the other parameters to verify that you have access to Azure OpenAI.
+    /// </summary>
+    /// <param name="ModelType">The model type to set authorization for.</param>
+    /// <param name="AOAIAccountName">Azure OpenAI account name)</param>
+    /// <param name="ApiKey">The API key to use  to verify access to Azure OpenAI. This is used only for verification, not for actual Azure OpenAI calls.</param>
+    /// <param name="ManagedResourceDeployment">The managed deployment to use for the model type.</param>
+    [NonDebuggable]
+    procedure SetManagedResourceAuthorization(ModelType: Enum "AOAI Model Type"; AOAIAccountName: Text; ApiKey: SecretText; ManagedResourceDeployment: Text)
+    begin
+        AzureOpenAIImpl.SetManagedResourceAuthorization(ModelType, AOAIAccountName, ApiKey, ManagedResourceDeployment);
+    end;
+
     /// <summary>
     /// Sets the Azure OpenAI API authorization to use for a specific model type and endpoint.
     /// </summary>

@@ -202,6 +202,21 @@ codeunit 7772 "Azure OpenAI Impl"
         end;
     end;
 
+    [NonDebuggable]
+    procedure SetManagedResourceAuthorization(ModelType: Enum "AOAI Model Type"; AOAIAccountName: Text; ApiKey: SecretText; ManagedResourceDeployment: Text)
+    begin
+        case ModelType of
+            Enum::"AOAI Model Type"::"Text Completions":
+                TextCompletionsAOAIAuthorization.SetMicrosoftManagedAuthorization(AOAIAccountName, ApiKey, ManagedResourceDeployment);
+            Enum::"AOAI Model Type"::Embeddings:
+                EmbeddingsAOAIAuthorization.SetMicrosoftManagedAuthorization(AOAIAccountName, ApiKey, ManagedResourceDeployment);
+            Enum::"AOAI Model Type"::"Chat Completions":
+                ChatCompletionsAOAIAuthorization.SetMicrosoftManagedAuthorization(AOAIAccountName, ApiKey, ManagedResourceDeployment);
+            else
+                Error(InvalidModelTypeErr);
+        end;
+    end;
+
     [NonDebuggable]
     procedure GenerateTextCompletion(Prompt: SecretText; var AOAIOperationResponse: Codeunit "AOAI Operation Response"; CallerModuleInfo: ModuleInfo): Text
     var
@@ -739,5 +754,4 @@ codeunit 7772 "Azure OpenAI Impl"
         Session.LogMessage('0000MLE', TelemetryTenantAllowlistedMsg, Verbosity::Normal, DataClassification::SystemMetadata, TelemetryScope::ExtensionPublisher, 'Category', CopilotCapabilityImpl.GetAzureOpenAICategory());
         exit(true);
     end;
-
-}
+}