645 lines
23 KiB
Go
645 lines
23 KiB
Go
package tables
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/bytedance/sonic"
|
|
"github.com/maximhq/bifrost/core/schemas"
|
|
"github.com/maximhq/bifrost/framework/encrypt"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// TableKey represents an API key configuration in the database
|
|
type TableKey struct {
|
|
ID uint `gorm:"primaryKey;autoIncrement" json:"id"`
|
|
Name string `gorm:"type:varchar(255);uniqueIndex:idx_key_name;not null" json:"name"`
|
|
ProviderID uint `gorm:"index;not null" json:"provider_id"`
|
|
Provider string `gorm:"index;type:varchar(50)" json:"provider"` // ModelProvider as string
|
|
KeyID string `gorm:"type:varchar(255);uniqueIndex:idx_key_id;not null" json:"key_id"` // UUID from schemas.Key
|
|
Value schemas.EnvVar `gorm:"type:text;not null" json:"value"`
|
|
ModelsJSON string `gorm:"type:text" json:"-"` // JSON serialized []string
|
|
BlacklistedModelsJSON string `gorm:"type:text" json:"-"` // JSON serialized []string
|
|
Weight *float64 `json:"weight"`
|
|
Enabled *bool `gorm:"default:true" json:"enabled,omitempty"`
|
|
CreatedAt time.Time `gorm:"index;not null" json:"created_at"`
|
|
UpdatedAt time.Time `gorm:"index;not null" json:"updated_at"`
|
|
|
|
// Config hash is used to detect changes synced from config.json file
|
|
ConfigHash string `gorm:"type:varchar(255);null" json:"config_hash"`
|
|
|
|
// Unified aliases
|
|
AliasesJSON *string `gorm:"type:text" json:"-"` // JSON serialized schemas.KeyAliases
|
|
|
|
// Azure config fields (embedded instead of separate table for simplicity)
|
|
AzureEndpoint *schemas.EnvVar `gorm:"type:text" json:"azure_endpoint,omitempty"`
|
|
AzureAPIVersion *schemas.EnvVar `gorm:"type:text" json:"azure_api_version,omitempty"`
|
|
AzureClientID *schemas.EnvVar `gorm:"type:text" json:"azure_client_id,omitempty"`
|
|
AzureClientSecret *schemas.EnvVar `gorm:"type:text" json:"azure_client_secret,omitempty"`
|
|
AzureTenantID *schemas.EnvVar `gorm:"type:text" json:"azure_tenant_id,omitempty"`
|
|
AzureScopesJSON *string `gorm:"column:azure_scopes;type:text" json:"-"` // JSON serialized []string
|
|
|
|
// Vertex config fields (embedded)
|
|
VertexProjectID *schemas.EnvVar `gorm:"type:text" json:"vertex_project_id,omitempty"`
|
|
VertexProjectNumber *schemas.EnvVar `gorm:"type:text" json:"vertex_project_number,omitempty"`
|
|
VertexRegion *schemas.EnvVar `gorm:"type:text" json:"vertex_region,omitempty"`
|
|
VertexAuthCredentials *schemas.EnvVar `gorm:"type:text" json:"vertex_auth_credentials,omitempty"`
|
|
|
|
// Bedrock config fields (embedded)
|
|
BedrockAccessKey *schemas.EnvVar `gorm:"type:text" json:"bedrock_access_key,omitempty"`
|
|
BedrockSecretKey *schemas.EnvVar `gorm:"type:text" json:"bedrock_secret_key,omitempty"`
|
|
BedrockSessionToken *schemas.EnvVar `gorm:"type:text" json:"bedrock_session_token,omitempty"`
|
|
BedrockRegion *schemas.EnvVar `gorm:"type:text" json:"bedrock_region,omitempty"`
|
|
BedrockARN *schemas.EnvVar `gorm:"type:text" json:"bedrock_arn,omitempty"`
|
|
BedrockRoleARN *schemas.EnvVar `gorm:"type:text" json:"bedrock_role_arn,omitempty"`
|
|
BedrockExternalID *schemas.EnvVar `gorm:"type:text" json:"bedrock_external_id,omitempty"`
|
|
BedrockRoleSessionName *schemas.EnvVar `gorm:"type:text" json:"bedrock_role_session_name,omitempty"`
|
|
BedrockBatchS3ConfigJSON *string `gorm:"type:text" json:"-"` // JSON serialized schemas.BatchS3Config
|
|
|
|
// VLLM config fields (embedded)
|
|
VLLMUrl *schemas.EnvVar `gorm:"type:text" json:"vllm_url,omitempty"`
|
|
VLLMModelName *string `gorm:"type:varchar(255)" json:"vllm_model_name,omitempty"`
|
|
|
|
// Replicate config fields (embedded)
|
|
ReplicateUseDeploymentsEndpoint *bool `gorm:"column:replicate_use_deployments_endpoint" json:"replicate_use_deployments_endpoint,omitempty"`
|
|
|
|
// Ollama config fields (embedded)
|
|
OllamaUrl *schemas.EnvVar `gorm:"type:text" json:"ollama_url,omitempty"`
|
|
|
|
// SGL config fields (embedded)
|
|
SGLUrl *schemas.EnvVar `gorm:"type:text" json:"sgl_url,omitempty"`
|
|
|
|
// Batch API configuration
|
|
UseForBatchAPI *bool `gorm:"default:false" json:"use_for_batch_api,omitempty"` // Whether this key can be used for batch API operations
|
|
|
|
Status string `gorm:"type:varchar(50);default:'unknown'" json:"status"`
|
|
Description string `gorm:"type:text" json:"description,omitempty"`
|
|
|
|
EncryptionStatus string `gorm:"type:varchar(20);default:'plain_text'" json:"-"`
|
|
|
|
// Virtual fields for runtime use (not stored in DB)
|
|
Models schemas.WhiteList `gorm:"-" json:"models"` // ["*"] allows all models; empty denies all (deny-by-default)
|
|
BlacklistedModels schemas.BlackList `gorm:"-" json:"blacklisted_models"`
|
|
Aliases schemas.KeyAliases `gorm:"-" json:"aliases,omitempty"`
|
|
AzureKeyConfig *schemas.AzureKeyConfig `gorm:"-" json:"azure_key_config,omitempty"`
|
|
VertexKeyConfig *schemas.VertexKeyConfig `gorm:"-" json:"vertex_key_config,omitempty"`
|
|
BedrockKeyConfig *schemas.BedrockKeyConfig `gorm:"-" json:"bedrock_key_config,omitempty"`
|
|
VLLMKeyConfig *schemas.VLLMKeyConfig `gorm:"-" json:"vllm_key_config,omitempty"`
|
|
ReplicateKeyConfig *schemas.ReplicateKeyConfig `gorm:"-" json:"replicate_key_config,omitempty"`
|
|
OllamaKeyConfig *schemas.OllamaKeyConfig `gorm:"-" json:"ollama_key_config,omitempty"`
|
|
SGLKeyConfig *schemas.SGLKeyConfig `gorm:"-" json:"sgl_key_config,omitempty"`
|
|
}
|
|
|
|
// TableName sets the table name for each model
|
|
func (TableKey) TableName() string { return "config_keys" }
|
|
|
|
// BeforeSave is a GORM hook that serializes runtime config structs into JSON columns and
|
|
// encrypts sensitive fields (API key value, Azure endpoint/client ID/secret/tenant ID/API version,
|
|
// Vertex project ID/project number/region/credentials, Bedrock keys/region/ARN/deployments/
|
|
// batch S3 config) before writing to the database. Encryption runs last to ensure it
|
|
// operates on the final serialized values.
|
|
func (k *TableKey) BeforeSave(tx *gorm.DB) error {
|
|
if err := k.Models.Validate(); err != nil {
|
|
return err
|
|
}
|
|
data, err := json.Marshal(k.Models)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
k.ModelsJSON = string(data)
|
|
if err := k.BlacklistedModels.Validate(); err != nil {
|
|
return err
|
|
}
|
|
data, err = json.Marshal(k.BlacklistedModels)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
k.BlacklistedModelsJSON = string(data)
|
|
if k.Enabled == nil {
|
|
enabled := true // DB default
|
|
k.Enabled = &enabled
|
|
}
|
|
if k.UseForBatchAPI == nil {
|
|
useForBatchAPI := false // DB default
|
|
k.UseForBatchAPI = &useForBatchAPI
|
|
}
|
|
// IMPORTANT: All *EnvVar fields assigned from provider config structs (AzureKeyConfig,
|
|
// VertexKeyConfig, BedrockKeyConfig) MUST be value-copied before assignment. The caller
|
|
// may retain the config struct pointer; if BeforeSave (or future encryption) mutates a
|
|
// shared pointer, the caller's in-memory config is silently corrupted.
|
|
// See: TestBeforeSave_DoesNotMutateSharedProviderConfigs
|
|
if k.AzureKeyConfig != nil {
|
|
if k.AzureKeyConfig.Endpoint.IsSet() {
|
|
ep := k.AzureKeyConfig.Endpoint
|
|
k.AzureEndpoint = &ep
|
|
} else {
|
|
k.AzureEndpoint = nil
|
|
}
|
|
if k.AzureKeyConfig.APIVersion != nil {
|
|
av := *k.AzureKeyConfig.APIVersion
|
|
k.AzureAPIVersion = &av
|
|
} else {
|
|
k.AzureAPIVersion = nil
|
|
}
|
|
if k.AzureKeyConfig.ClientID != nil {
|
|
cid := *k.AzureKeyConfig.ClientID
|
|
k.AzureClientID = &cid
|
|
} else {
|
|
k.AzureClientID = nil
|
|
}
|
|
if k.AzureKeyConfig.ClientSecret != nil {
|
|
cs := *k.AzureKeyConfig.ClientSecret
|
|
k.AzureClientSecret = &cs
|
|
} else {
|
|
k.AzureClientSecret = nil
|
|
}
|
|
if k.AzureKeyConfig.TenantID != nil {
|
|
tid := *k.AzureKeyConfig.TenantID
|
|
k.AzureTenantID = &tid
|
|
} else {
|
|
k.AzureTenantID = nil
|
|
}
|
|
if len(k.AzureKeyConfig.Scopes) > 0 {
|
|
data, err := json.Marshal(k.AzureKeyConfig.Scopes)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
s := string(data)
|
|
k.AzureScopesJSON = &s
|
|
} else {
|
|
k.AzureScopesJSON = nil
|
|
}
|
|
} else {
|
|
k.AzureEndpoint = nil
|
|
k.AzureAPIVersion = nil
|
|
k.AzureClientID = nil
|
|
k.AzureClientSecret = nil
|
|
k.AzureTenantID = nil
|
|
k.AzureScopesJSON = nil
|
|
}
|
|
if k.VertexKeyConfig != nil {
|
|
if k.VertexKeyConfig.ProjectID.IsSet() {
|
|
pid := k.VertexKeyConfig.ProjectID
|
|
k.VertexProjectID = &pid
|
|
} else {
|
|
k.VertexProjectID = nil
|
|
}
|
|
if k.VertexKeyConfig.ProjectNumber.IsSet() {
|
|
pn := k.VertexKeyConfig.ProjectNumber
|
|
k.VertexProjectNumber = &pn
|
|
} else {
|
|
k.VertexProjectNumber = nil
|
|
}
|
|
if k.VertexKeyConfig.Region.IsSet() {
|
|
vr := k.VertexKeyConfig.Region
|
|
k.VertexRegion = &vr
|
|
} else {
|
|
k.VertexRegion = nil
|
|
}
|
|
if k.VertexKeyConfig.AuthCredentials.IsSet() {
|
|
ac := k.VertexKeyConfig.AuthCredentials
|
|
k.VertexAuthCredentials = &ac
|
|
} else {
|
|
k.VertexAuthCredentials = nil
|
|
}
|
|
} else {
|
|
k.VertexProjectID = nil
|
|
k.VertexProjectNumber = nil
|
|
k.VertexRegion = nil
|
|
k.VertexAuthCredentials = nil
|
|
}
|
|
if k.BedrockKeyConfig != nil {
|
|
if k.BedrockKeyConfig.AccessKey.IsSet() {
|
|
// Copy to avoid encrypting the shared BedrockKeyConfig through the pointer
|
|
ak := k.BedrockKeyConfig.AccessKey
|
|
k.BedrockAccessKey = &ak
|
|
} else {
|
|
k.BedrockAccessKey = nil
|
|
}
|
|
if k.BedrockKeyConfig.SecretKey.IsSet() {
|
|
// Copy to avoid encrypting the shared BedrockKeyConfig through the pointer
|
|
sk := k.BedrockKeyConfig.SecretKey
|
|
k.BedrockSecretKey = &sk
|
|
} else {
|
|
k.BedrockSecretKey = nil
|
|
}
|
|
// Copy to avoid encrypting the shared BedrockKeyConfig through the pointer
|
|
if k.BedrockKeyConfig.SessionToken != nil {
|
|
st := *k.BedrockKeyConfig.SessionToken
|
|
k.BedrockSessionToken = &st
|
|
} else {
|
|
k.BedrockSessionToken = nil
|
|
}
|
|
if k.BedrockKeyConfig.Region != nil {
|
|
br := *k.BedrockKeyConfig.Region
|
|
k.BedrockRegion = &br
|
|
} else {
|
|
k.BedrockRegion = nil
|
|
}
|
|
if k.BedrockKeyConfig.ARN != nil {
|
|
ba := *k.BedrockKeyConfig.ARN
|
|
k.BedrockARN = &ba
|
|
} else {
|
|
k.BedrockARN = nil
|
|
}
|
|
if k.BedrockKeyConfig.RoleARN != nil {
|
|
bra := *k.BedrockKeyConfig.RoleARN
|
|
k.BedrockRoleARN = &bra
|
|
} else {
|
|
k.BedrockRoleARN = nil
|
|
}
|
|
if k.BedrockKeyConfig.ExternalID != nil {
|
|
ei := *k.BedrockKeyConfig.ExternalID
|
|
k.BedrockExternalID = &ei
|
|
} else {
|
|
k.BedrockExternalID = nil
|
|
}
|
|
if k.BedrockKeyConfig.RoleSessionName != nil {
|
|
rsn := *k.BedrockKeyConfig.RoleSessionName
|
|
k.BedrockRoleSessionName = &rsn
|
|
} else {
|
|
k.BedrockRoleSessionName = nil
|
|
}
|
|
if k.BedrockKeyConfig.BatchS3Config != nil {
|
|
data, err := sonic.Marshal(k.BedrockKeyConfig.BatchS3Config)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
s := string(data)
|
|
k.BedrockBatchS3ConfigJSON = &s
|
|
} else {
|
|
k.BedrockBatchS3ConfigJSON = nil
|
|
}
|
|
} else {
|
|
k.BedrockAccessKey = nil
|
|
k.BedrockSecretKey = nil
|
|
k.BedrockSessionToken = nil
|
|
k.BedrockRegion = nil
|
|
k.BedrockARN = nil
|
|
k.BedrockRoleARN = nil
|
|
k.BedrockExternalID = nil
|
|
k.BedrockRoleSessionName = nil
|
|
k.BedrockBatchS3ConfigJSON = nil
|
|
}
|
|
|
|
if k.Aliases != nil {
|
|
if err := k.Aliases.Validate(); err != nil {
|
|
return err
|
|
}
|
|
data, err := sonic.Marshal(k.Aliases)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
s := string(data)
|
|
k.AliasesJSON = &s
|
|
} else {
|
|
k.AliasesJSON = nil
|
|
}
|
|
|
|
if k.VLLMKeyConfig != nil {
|
|
if k.VLLMKeyConfig.URL.IsSet() {
|
|
u := k.VLLMKeyConfig.URL // Value-copy to prevent shared pointer mutation
|
|
k.VLLMUrl = &u
|
|
} else {
|
|
k.VLLMUrl = nil
|
|
}
|
|
if k.VLLMKeyConfig.ModelName != "" {
|
|
mn := k.VLLMKeyConfig.ModelName
|
|
k.VLLMModelName = &mn
|
|
} else {
|
|
k.VLLMModelName = nil
|
|
}
|
|
} else {
|
|
k.VLLMUrl = nil
|
|
k.VLLMModelName = nil
|
|
}
|
|
|
|
if k.ReplicateKeyConfig != nil {
|
|
v := k.ReplicateKeyConfig.UseDeploymentsEndpoint
|
|
k.ReplicateUseDeploymentsEndpoint = &v
|
|
} else {
|
|
k.ReplicateUseDeploymentsEndpoint = nil
|
|
}
|
|
|
|
if k.OllamaKeyConfig != nil && k.OllamaKeyConfig.URL.IsSet() {
|
|
u := k.OllamaKeyConfig.URL
|
|
k.OllamaUrl = &u
|
|
} else {
|
|
k.OllamaUrl = nil
|
|
}
|
|
|
|
if k.SGLKeyConfig != nil && k.SGLKeyConfig.URL.IsSet() {
|
|
u := k.SGLKeyConfig.URL
|
|
k.SGLUrl = &u
|
|
} else {
|
|
k.SGLUrl = nil
|
|
}
|
|
|
|
// Encrypt sensitive fields after serialization
|
|
if encrypt.IsEnabled() {
|
|
if err := encryptEnvVar(&k.Value); err != nil {
|
|
return fmt.Errorf("failed to encrypt key value: %w", err)
|
|
}
|
|
// Azure
|
|
if err := encryptEnvVarPtr(&k.AzureEndpoint); err != nil {
|
|
return fmt.Errorf("failed to encrypt azure endpoint: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.AzureClientID); err != nil {
|
|
return fmt.Errorf("failed to encrypt azure client id: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.AzureClientSecret); err != nil {
|
|
return fmt.Errorf("failed to encrypt azure client secret: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.AzureTenantID); err != nil {
|
|
return fmt.Errorf("failed to encrypt azure tenant id: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.AzureAPIVersion); err != nil {
|
|
return fmt.Errorf("failed to encrypt azure api version: %w", err)
|
|
}
|
|
// Vertex
|
|
if err := encryptEnvVarPtr(&k.VertexProjectID); err != nil {
|
|
return fmt.Errorf("failed to encrypt vertex project id: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.VertexProjectNumber); err != nil {
|
|
return fmt.Errorf("failed to encrypt vertex project number: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.VertexRegion); err != nil {
|
|
return fmt.Errorf("failed to encrypt vertex region: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.VertexAuthCredentials); err != nil {
|
|
return fmt.Errorf("failed to encrypt vertex auth credentials: %w", err)
|
|
}
|
|
// Bedrock
|
|
if err := encryptEnvVarPtr(&k.BedrockAccessKey); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock access key: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockSecretKey); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock secret key: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockSessionToken); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock session token: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockRegion); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock region: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockARN); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock arn: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockRoleARN); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock role arn: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockExternalID); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock external id: %w", err)
|
|
}
|
|
if err := encryptEnvVarPtr(&k.BedrockRoleSessionName); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock role session name: %w", err)
|
|
}
|
|
if err := encryptString(k.BedrockBatchS3ConfigJSON); err != nil {
|
|
return fmt.Errorf("failed to encrypt bedrock batch s3 config: %w", err)
|
|
}
|
|
// Aliases
|
|
if err := encryptString(k.AliasesJSON); err != nil {
|
|
return fmt.Errorf("failed to encrypt aliases: %w", err)
|
|
}
|
|
// VLLM
|
|
if err := encryptEnvVarPtr(&k.VLLMUrl); err != nil {
|
|
return fmt.Errorf("failed to encrypt vllm url: %w", err)
|
|
}
|
|
// Ollama
|
|
if err := encryptEnvVarPtr(&k.OllamaUrl); err != nil {
|
|
return fmt.Errorf("failed to encrypt ollama url: %w", err)
|
|
}
|
|
// SGL
|
|
if err := encryptEnvVarPtr(&k.SGLUrl); err != nil {
|
|
return fmt.Errorf("failed to encrypt sgl url: %w", err)
|
|
}
|
|
k.EncryptionStatus = EncryptionStatusEncrypted
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AfterFind is a GORM hook that decrypts sensitive fields and reconstructs runtime config
|
|
// structs after reading from the database. Decryption runs first so that value copies into
|
|
// AzureKeyConfig, VertexKeyConfig, etc. receive plaintext data.
|
|
func (k *TableKey) AfterFind(tx *gorm.DB) error {
|
|
// Decrypt sensitive fields before deserialization/reconstruction
|
|
if k.EncryptionStatus == EncryptionStatusEncrypted {
|
|
if err := decryptEnvVar(&k.Value); err != nil {
|
|
return fmt.Errorf("failed to decrypt key value: %w", err)
|
|
}
|
|
// Azure
|
|
if err := decryptEnvVarPtr(&k.AzureEndpoint); err != nil {
|
|
return fmt.Errorf("failed to decrypt azure endpoint: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.AzureClientID); err != nil {
|
|
return fmt.Errorf("failed to decrypt azure client id: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.AzureClientSecret); err != nil {
|
|
return fmt.Errorf("failed to decrypt azure client secret: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.AzureTenantID); err != nil {
|
|
return fmt.Errorf("failed to decrypt azure tenant id: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.AzureAPIVersion); err != nil {
|
|
return fmt.Errorf("failed to decrypt azure api version: %w", err)
|
|
}
|
|
// Vertex
|
|
if err := decryptEnvVarPtr(&k.VertexProjectID); err != nil {
|
|
return fmt.Errorf("failed to decrypt vertex project id: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.VertexProjectNumber); err != nil {
|
|
return fmt.Errorf("failed to decrypt vertex project number: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.VertexRegion); err != nil {
|
|
return fmt.Errorf("failed to decrypt vertex region: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.VertexAuthCredentials); err != nil {
|
|
return fmt.Errorf("failed to decrypt vertex auth credentials: %w", err)
|
|
}
|
|
// Bedrock
|
|
if err := decryptEnvVarPtr(&k.BedrockAccessKey); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock access key: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockSecretKey); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock secret key: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockSessionToken); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock session token: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockRegion); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock region: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockARN); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock arn: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockRoleARN); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock role arn: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockExternalID); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock external id: %w", err)
|
|
}
|
|
if err := decryptEnvVarPtr(&k.BedrockRoleSessionName); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock role session name: %w", err)
|
|
}
|
|
if err := decryptString(k.BedrockBatchS3ConfigJSON); err != nil {
|
|
return fmt.Errorf("failed to decrypt bedrock batch s3 config: %w", err)
|
|
}
|
|
// Aliases
|
|
if err := decryptString(k.AliasesJSON); err != nil {
|
|
return fmt.Errorf("failed to decrypt aliases: %w", err)
|
|
}
|
|
// VLLM
|
|
if err := decryptEnvVarPtr(&k.VLLMUrl); err != nil {
|
|
return fmt.Errorf("failed to decrypt vllm url: %w", err)
|
|
}
|
|
// Ollama
|
|
if err := decryptEnvVarPtr(&k.OllamaUrl); err != nil {
|
|
return fmt.Errorf("failed to decrypt ollama url: %w", err)
|
|
}
|
|
// SGL
|
|
if err := decryptEnvVarPtr(&k.SGLUrl); err != nil {
|
|
return fmt.Errorf("failed to decrypt sgl url: %w", err)
|
|
}
|
|
}
|
|
|
|
if k.ModelsJSON != "" {
|
|
if err := json.Unmarshal([]byte(k.ModelsJSON), &k.Models); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
if k.BlacklistedModelsJSON != "" {
|
|
if err := json.Unmarshal([]byte(k.BlacklistedModelsJSON), &k.BlacklistedModels); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
if k.Enabled == nil {
|
|
enabled := true // DB default
|
|
k.Enabled = &enabled
|
|
}
|
|
if k.UseForBatchAPI == nil {
|
|
useForBatchAPI := false // DB default
|
|
k.UseForBatchAPI = &useForBatchAPI
|
|
}
|
|
// Reconstruct Azure config if fields are present
|
|
if k.AzureEndpoint != nil || k.AzureAPIVersion != nil || k.AzureClientID != nil || k.AzureClientSecret != nil || k.AzureTenantID != nil || (k.AzureScopesJSON != nil && *k.AzureScopesJSON != "") {
|
|
var scopes []string
|
|
if k.AzureScopesJSON != nil && *k.AzureScopesJSON != "" {
|
|
if err := json.Unmarshal([]byte(*k.AzureScopesJSON), &scopes); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
azureConfig := &schemas.AzureKeyConfig{
|
|
Endpoint: *schemas.NewEnvVar(""),
|
|
APIVersion: k.AzureAPIVersion,
|
|
ClientID: k.AzureClientID,
|
|
ClientSecret: k.AzureClientSecret,
|
|
TenantID: k.AzureTenantID,
|
|
Scopes: scopes,
|
|
}
|
|
|
|
if k.AzureEndpoint != nil {
|
|
azureConfig.Endpoint = *k.AzureEndpoint
|
|
}
|
|
|
|
k.AzureKeyConfig = azureConfig
|
|
}
|
|
// Reconstruct Vertex config if fields are present
|
|
if k.VertexProjectID != nil || k.VertexProjectNumber != nil || k.VertexRegion != nil || k.VertexAuthCredentials != nil {
|
|
config := &schemas.VertexKeyConfig{}
|
|
|
|
if k.VertexProjectID != nil {
|
|
config.ProjectID = *k.VertexProjectID
|
|
}
|
|
|
|
if k.VertexProjectNumber != nil {
|
|
config.ProjectNumber = *k.VertexProjectNumber
|
|
}
|
|
|
|
if k.VertexRegion != nil {
|
|
config.Region = *k.VertexRegion
|
|
}
|
|
if k.VertexAuthCredentials != nil {
|
|
config.AuthCredentials = *k.VertexAuthCredentials
|
|
}
|
|
k.VertexKeyConfig = config
|
|
}
|
|
// Reconstruct Bedrock config if fields are present
|
|
if k.BedrockAccessKey != nil || k.BedrockSecretKey != nil || k.BedrockSessionToken != nil || k.BedrockRegion != nil || k.BedrockARN != nil || k.BedrockRoleARN != nil || k.BedrockExternalID != nil || k.BedrockRoleSessionName != nil || (k.BedrockBatchS3ConfigJSON != nil && *k.BedrockBatchS3ConfigJSON != "") {
|
|
bedrockConfig := &schemas.BedrockKeyConfig{}
|
|
|
|
if k.BedrockAccessKey != nil {
|
|
bedrockConfig.AccessKey = *k.BedrockAccessKey
|
|
}
|
|
|
|
bedrockConfig.SessionToken = k.BedrockSessionToken
|
|
bedrockConfig.Region = k.BedrockRegion
|
|
bedrockConfig.ARN = k.BedrockARN
|
|
bedrockConfig.RoleARN = k.BedrockRoleARN
|
|
bedrockConfig.ExternalID = k.BedrockExternalID
|
|
bedrockConfig.RoleSessionName = k.BedrockRoleSessionName
|
|
|
|
if k.BedrockSecretKey != nil {
|
|
bedrockConfig.SecretKey = *k.BedrockSecretKey
|
|
}
|
|
|
|
if k.BedrockBatchS3ConfigJSON != nil && *k.BedrockBatchS3ConfigJSON != "" {
|
|
var batchS3Config schemas.BatchS3Config
|
|
if err := json.Unmarshal([]byte(*k.BedrockBatchS3ConfigJSON), &batchS3Config); err != nil {
|
|
return err
|
|
}
|
|
bedrockConfig.BatchS3Config = &batchS3Config
|
|
}
|
|
|
|
k.BedrockKeyConfig = bedrockConfig
|
|
}
|
|
// Reconstruct Aliases
|
|
if k.AliasesJSON != nil && *k.AliasesJSON != "" {
|
|
var aliases schemas.KeyAliases
|
|
if err := sonic.Unmarshal([]byte(*k.AliasesJSON), &aliases); err != nil {
|
|
return err
|
|
}
|
|
k.Aliases = aliases
|
|
} else {
|
|
k.Aliases = nil
|
|
}
|
|
// Reconstruct VLLM config if fields are present
|
|
if k.VLLMUrl != nil || (k.VLLMModelName != nil && *k.VLLMModelName != "") {
|
|
vllmConfig := &schemas.VLLMKeyConfig{}
|
|
if k.VLLMUrl != nil {
|
|
vllmConfig.URL = *k.VLLMUrl
|
|
}
|
|
if k.VLLMModelName != nil {
|
|
vllmConfig.ModelName = *k.VLLMModelName
|
|
}
|
|
k.VLLMKeyConfig = vllmConfig
|
|
} else {
|
|
k.VLLMKeyConfig = nil
|
|
}
|
|
// Reconstruct Replicate config if fields are present
|
|
if k.ReplicateUseDeploymentsEndpoint != nil {
|
|
k.ReplicateKeyConfig = &schemas.ReplicateKeyConfig{
|
|
UseDeploymentsEndpoint: *k.ReplicateUseDeploymentsEndpoint,
|
|
}
|
|
} else {
|
|
k.ReplicateKeyConfig = nil
|
|
}
|
|
// Reconstruct Ollama config if fields are present
|
|
if k.OllamaUrl != nil {
|
|
k.OllamaKeyConfig = &schemas.OllamaKeyConfig{
|
|
URL: *k.OllamaUrl,
|
|
}
|
|
} else {
|
|
k.OllamaKeyConfig = nil
|
|
}
|
|
// Reconstruct SGL config if fields are present
|
|
if k.SGLUrl != nil {
|
|
k.SGLKeyConfig = &schemas.SGLKeyConfig{
|
|
URL: *k.SGLUrl,
|
|
}
|
|
} else {
|
|
k.SGLKeyConfig = nil
|
|
}
|
|
return nil
|
|
}
|