search

vespa-engine / pyvespa

Python API for https://vespa.ai, the open big data serving engine
https://pyvespa.readthedocs.io/
Apache License 2.0
79 stars 24 forks source link

Make VespaCloud (optionally) create key/cert with `vespacli` #795

Closed thomasht86 closed 2 weeks ago

thomasht86 commented 1 month ago

Generating key/cert in pyvespa is both risky (many things might diverge between client/server way of doing it), and is now marked as deprecated. It is also what creates issues with deploy_to_prod in CI.

We could instead check if vespacliis installed, and generate with that, if they don't exists.

Also, for all our cloud example notebooks, we do this:

import os

os.environ["TENANT_NAME"] = "vespa-team"  # Replace with your tenant name
application = "hybridsearch"
vespa_cli_command = (
    f'vespa config set application {os.environ["TENANT_NAME"]}.{application}'
)

!vespa config set target cloud
!{vespa_cli_command}
!vespa auth cert -N

from os.path import exists
from pathlib import Path

cert_path = (
    Path.home()
    / ".vespa"
    / f"{os.environ['TENANT_NAME']}.{application}.default/data-plane-public-cert.pem"
)
key_path = (
    Path.home()
    / ".vespa"
    / f"{os.environ['TENANT_NAME']}.{application}.default/data-plane-private-key.pem"
)

if not exists(cert_path) or not exists(key_path):
    print(
        "ERROR: set the correct paths to security credentials. Correct paths above and rerun until you do not see this error"
    )

# The following step will print the following message:

# To use this key in Vespa Cloud click 'Add custom key' at
# https://console.vespa-cloud.com/tenant/TENANT_NAME/account/keys
# and paste the entire public key including the BEGIN and END lines.

!vespa auth api-key

from pathlib import Path

api_key_path = Path.home() / ".vespa" / f"{os.environ['TENANT_NAME']}.api-key.pem"

from vespa.deployment import VespaCloud

def read_secret():
    """Read the API key from the environment variable. This is
    only used for CI/CD purposes."""
    t = os.getenv("VESPA_TEAM_API_KEY")
    if t:
        return t.replace(r"\n", "\n")
    else:
        return t

vespa_cloud = VespaCloud(
    tenant=os.environ["TENANT_NAME"],
    application=application,
    key_content=read_secret() if read_secret() else None,
    key_location=api_key_path,
    application_package=package,
)

With a couple of steps, this could be cut down to

vespa_cloud = VespaCloud(
    tenant=os.environ["TENANT_NAME"],
    application=application,
    application_package=package,
)

Which would be very nice.

thomasht86 commented 2 weeks ago

Closed by #804