I would like to use the Azure AI Text Translation from an Azure DevOps build pipeline, without having to use any secrets for authentication. I have used Workload Identity Federation for smooth authentication from pipelines before, so if that is possible also for Azure AI Translator that would be great.
I have set up a resource group in Azure Portal with a resource of type 'Translator'. I have also set up a (Azure Resource Manager) service connection in my Azure DevOps project that is referring to that resource group, and I can see that a federated credential was created for me in Microsoft Entra.
Now the next step is usually to set up permissions for the federated credential in Microsoft Entra. For my previous federated credential, I have used "Request API permissions". But there it is not obvious what to select in this case. I could use some guidance on how to set up the permissions to be able to use Text Translation from my pipeline.
DevOps pipeline is used for CICD process. As per the rest api doc below for translator, you should use the KEY
, Region
and Web Api
not Workload Identity Federation for automation.
Quickstart: Azure AI Translator REST APIs
The yaml sample:
pool:
vmImage: Windows-latest
steps:
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
# Define the paramters to translate a string
$subscriptionKey = ${env:KEY}
$region = "eastus"
$text = "Hello, world!"
$toLanguage = "fr"
# Define the function to call the Translator Text API
function Translate-Text ($subscriptionKey, $region, $text, $toLanguage) {
$uri = "https://api.cognitive.microsofttranslator.com/translate?api-version=3.0&to=$toLanguage"
$headers = @{
"Ocp-Apim-Subscription-Key" = $subscriptionKey
"Ocp-Apim-Subscription-Region" = $region
"Content-Type" = "application/json"
}
$body = ConvertTo-Json @(@{ Text = $text })
$response = Invoke-RestMethod -Uri $uri -Method Post -Body $body -Headers $headers
return $response[0].translations[0].text
}
$translatedText = Translate-Text -subscriptionKey $subscriptionKey -region $region -text $text -toLanguage $toLanguage
Write-Output "Translated text: $translatedText"
env:
KEY: $(key)
The output, it's translated to fr:
Edit, add for Document translation.
As per the doc Managed identity assignments, Document Translation supports system-assigned managed identity
, not identity from Azure Resource Manager service connection.