Generating key/cert in pyvespa is both risky (many things might diverge between client/server way of doing it), and is now marked as deprecated.
It is also what creates issues with deploy_to_prod in CI.
We could instead check if vespacliis installed, and generate with that, if they don't exists.
Also, for all our cloud example notebooks, we do this:
import os
os.environ["TENANT_NAME"] = "vespa-team" # Replace with your tenant name
application = "hybridsearch"
vespa_cli_command = (
f'vespa config set application {os.environ["TENANT_NAME"]}.{application}'
)
!vespa config set target cloud
!{vespa_cli_command}
!vespa auth cert -N
from os.path import exists
from pathlib import Path
cert_path = (
Path.home()
/ ".vespa"
/ f"{os.environ['TENANT_NAME']}.{application}.default/data-plane-public-cert.pem"
)
key_path = (
Path.home()
/ ".vespa"
/ f"{os.environ['TENANT_NAME']}.{application}.default/data-plane-private-key.pem"
)
if not exists(cert_path) or not exists(key_path):
print(
"ERROR: set the correct paths to security credentials. Correct paths above and rerun until you do not see this error"
)
# The following step will print the following message:
# To use this key in Vespa Cloud click 'Add custom key' at
# https://console.vespa-cloud.com/tenant/TENANT_NAME/account/keys
# and paste the entire public key including the BEGIN and END lines.
!vespa auth api-key
from pathlib import Path
api_key_path = Path.home() / ".vespa" / f"{os.environ['TENANT_NAME']}.api-key.pem"
from vespa.deployment import VespaCloud
def read_secret():
"""Read the API key from the environment variable. This is
only used for CI/CD purposes."""
t = os.getenv("VESPA_TEAM_API_KEY")
if t:
return t.replace(r"\n", "\n")
else:
return t
vespa_cloud = VespaCloud(
tenant=os.environ["TENANT_NAME"],
application=application,
key_content=read_secret() if read_secret() else None,
key_location=api_key_path,
application_package=package,
)
Generating key/cert in pyvespa is both risky (many things might diverge between client/server way of doing it), and is now marked as deprecated. It is also what creates issues with
deploy_to_prod
in CI.We could instead check if
vespacli
is installed, and generate with that, if they don't exists.Also, for all our cloud example notebooks, we do this:
With a couple of steps, this could be cut down to
Which would be very nice.