Cody: Azure OpenAI allow authentication requests to use a proxy

[chwarwick]

Because Azure get token requests are sent to login.microsoftonline.com sometimes it is required to direct the request through a proxy, however if not all outgoing requests can be directed though the proxy it is not possible to use standard proxy environment variables.

This adds the CODY_AZURE_OPENAI_IDENTITY_HTTP_PROXY environment variable for this specific purpose. If set the credential requests will use a separate http.Client with the proxy specified.

resolves https://github.com/sourcegraph/sourcegraph/issues/58827

Test plan

Created an Azure SPN with cert
Created a local proxy
az logout -- to ensure that i'm not getting credentials from az
export CODY_AZURE_OPENAI_IDENTITY_HTTP_PROXY=localhost:29100
set azure environment credential env variables
start proxy
sg start

2023/12/08 14:32:41 [001] INFO: Running 0 CONNECT handlers
2023/12/08 14:32:41 [001] INFO: Accepting CONNECT to login.microsoftonline.com:443   <---- worker embeddings 
2023/12/08 14:32:57 [002] INFO: Running 0 CONNECT handlers
2023/12/08 14:32:57 [002] INFO: Accepting CONNECT to login.microsoftonline.com:443  <---- frontend embeddings (search)
2023/12/08 14:32:57 [003] INFO: Running 0 CONNECT handlers
2023/12/08 14:32:57 [003] INFO: Accepting CONNECT to login.microsoftonline.com:443  <---- frontend completions

verified 3 connections though proxy to authenticate each client

shutdown proxy and verified error

Request failed: DefaultAzureCredential: failed to acquire a token. Attempted credentials: ClientCertificateCredential: unable to resolve an endpoint: server response error: Get "https://login.microsoftonline.com/....": proxyconnect tcp: dial tcp 127.0.0.1:29100: connect: connection refused

unset CODY_AZURE_OPENAI_IDENTITY_HTTP_PROXY
no proxy running
Verified chat & embeddings work

restarted proxy
unset CODY_AZURE_OPENAI_IDENTITY_HTTP_PROXY
Verified chat & embeddings work
verified no requests logged to proxy

Preview 🤩

Preview Link

[sourcegraph-release-bot]

The backport to 5.2 failed at https://github.com/sourcegraph/sourcegraph/actions/runs/7168367273:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-5.2 5.2
# Navigate to the new working tree
cd .worktrees/backport-5.2
# Create a new branch
git switch --create backport-58862-to-5.2
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 a6d8032e6c9af7a6d0b70698fdf1ceaeeed7a97b
# Push it to GitHub
git push --set-upstream origin backport-58862-to-5.2
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.2

If you encouter conflict, first resolve the conflict and stage all files, then run the commands below:

git cherry-pick --continue
# Push it to GitHub
git push --set-upstream origin backport-58862-to-5.2
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.2

• Follow above instructions to backport the commit.
• Create a pull request where the base branch is 5.2 and the compare/head branch is backport-58862-to-5.2., click here to create the pull request.
• Make sure to tag @sourcegraph/release-guild in the pull request description.
• Once the backport pull request is created, kindly remove the release-blocker from this pull request.