I am trying to access Azure Cognitive Search (ACS) using Managed Identity in Ruby On Rails application.
Following is the script been used
COGNITIVE_SEARCH_BASE_URL = "https://#{VaultService.get_secret('COGNITIVE-SEARCH-SERVICE-NAME')}.search.windows.net".freezeAPI_VERSION = '2020-06-30'.freezeendpoint = "#{COGNITIVE_SEARCH_BASE_URL}/indexes/temp/docs/$count?api-version=#{API_VERSION}"api_url = URI(endpoint)https = Net::HTTP.new(api_url.host, api_url.port)https.use_ssl = truerequest = Net::HTTP::Get.new(api_url)request["Content-Type"] = "application/json"request["Authorization"] = AzureAd::ManagedIdentityTokenProvider.new('https://search.azure.com', client_id: ENV['AKS_MANAGED_IDENTITY_ID']).get_authentication_headerrequest = https.request(request)JSON.parse(request.read_body)Bearer token is generated by adapting the following reference:- https://github.com/Azure/azure-sdk-for-ruby/blob/master/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb
Managed Identity has following access over roles for ACS:-
- Owner
- Search Service Contributor
- Search Index Data Contributor
Following is the configuration done for using RBAC access
Followed this documentation:- https://learn.microsoft.com/en-us/azure/search/search-security-rbac?tabs=config-svc-rest%2Croles-portal%2Ctest-rest%2Ccustom-role-portal%2Cdisable-keys-rest#test-role-assignments
When I run the above script, I get 401 unauthorized error.Could anyone please help what I am doing wrong here?