From 1ebc7e188bb187d7d6a54de132546691f8fd1978 Mon Sep 17 00:00:00 2001 From: "Marlon (Esolitos) Saglia" Date: Thu, 29 Aug 2024 11:25:54 +0200 Subject: [PATCH] Revert "infer auth method without request" --- vespa/application.py | 56 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 9 deletions(-) diff --git a/vespa/application.py b/vespa/application.py index d9393f19..d61c2381 100644 --- a/vespa/application.py +++ b/vespa/application.py @@ -8,6 +8,7 @@ from concurrent.futures import ThreadPoolExecutor, Future, as_completed from queue import Queue, Empty import threading +import requests from requests import Session from requests.models import Response from requests.exceptions import ConnectionError, HTTPError, JSONDecodeError @@ -124,7 +125,7 @@ def __init__( token = environ.get(VESPA_CLOUD_SECRET_TOKEN, None) if token is not None: self.vespa_cloud_secret_token = token - self.auth_method = self._get_valid_auth_method() + self.auth_method = None def asyncio( self, connections: Optional[int] = 8, total_timeout: int = 10 @@ -255,20 +256,55 @@ def _get_valid_auth_method(self) -> Optional[str]: :return: Auth method used for Vespa connection. Either 'token','mtls_key_cert','mtls_cert' or 'http'. None if not able to authenticate. """ + endpoint = f"{self.end_point}/ApplicationStatus" + + if self.auth_method: + return self.auth_method + + # Plain HTTP + response = requests.get(endpoint, headers=self.base_headers) + if response.status_code == 200: + print( + f"Using plain HTTP to connect to Vespa endpoint {self.end_point}", + file=self.output_file, + ) + return "http" + # Vespa Cloud Secret Token if self.vespa_cloud_secret_token is not None: - return "token" + headers = {"Authorization": f"Bearer {self.vespa_cloud_secret_token}"} + response = requests.get(endpoint, headers={**self.base_headers, **headers}) + if response.status_code == 200: + print( + f"Using Vespa Cloud Secret Token to connect to Vespa endpoint {self.end_point}", + file=self.output_file, + ) + return "token" # Mutual TLS with key and cert - elif self.key and self.cert: - return "mtls_key_cert" + if self.key and self.cert: + response = requests.get( + endpoint, headers=self.base_headers, cert=(self.cert, self.key) + ) + if response.status_code == 200: + print( + f"Using Mutual TLS with key and cert to connect to Vespa endpoint {self.end_point}", + file=self.output_file, + ) + return "mtls_key_cert" # Mutual TLS with cert - elif self.cert: - return "mtls_cert" - # Plain HTTP - else: - return "http" + if self.cert: + response = requests.get(endpoint, headers=self.base_headers, cert=self.cert) + if response.status_code == 200: + print( + f"Using Mutual TLS with cert to connect to Vespa endpoint {self.end_point}", + file=self.output_file, + ) + return "mtls_cert" + + # There may be some cases where ApplicationStatus is not available, such as http://api.cord19.vespa.ai + return None def get_application_status(self) -> Optional[Response]: """ @@ -1018,6 +1054,7 @@ def __init__( self.cert = (self.app.cert, self.app.key) else: self.cert = self.app.cert + self.app.auth_method = self.app._get_valid_auth_method() self.headers = self.app.base_headers.copy() if self.app.auth_method == "token" and self.app.vespa_cloud_secret_token: # Bearer and user-agent @@ -1435,6 +1472,7 @@ def __init__( self.httpx_client = None self.connections = connections self.total_timeout = total_timeout + self.app.auth_method = self.app._get_valid_auth_method() self.headers = self.app.base_headers.copy() if self.app.auth_method == "token" and self.app.vespa_cloud_secret_token: # Bearer and user-agent