Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] Configuring SSL proxy via openapi_config object #321

Merged
merged 6 commits into from Mar 14, 2024
Merged

[Fix] Configuring SSL proxy via openapi_config object #321

merged 6 commits into from Mar 14, 2024

Conversation

jhamon
Copy link
Collaborator

@jhamon jhamon commented Mar 12, 2024
edited

Problem

A few different problems being solved here:

  • Pinecone class accepts an optional param, openapi_config. When this is passed (usually as a vehicle for SSL configurations), it currently clobbers the api_key param so the user sees an error message about not providing an api_key (even though they did pass it) if they attempt to perform a control plane operation
from pinecone import Pinecone
from pinecone.core.client.configuration import Configuration as OpenApiConfiguration

openapi_config = OpenApiConfiguration()
openapi_config.ssl_ca_cert = '/path/to/cert'

pc = Pinecone(api_key='key, openapi_config=openapi_config)
pc.list_indexes() // error: No api-key provided
  • In a related issue, the openapi_config (with SSL configs) was not being correctly passed through to the underlying DataPlaneApi for data calls. So users with custom network configurations requiring SSL config would see SSL validation failures when attempting data operations.
from pinecone import Pinecone
from pinecone.core.client.configuration import Configuration as OpenApiConfiguration

openapi_config = OpenApiConfiguration()
openapi_config.ssl_ca_cert = '/path/to/cert'

pc = Pinecone(api_key='key, openapi_config=openapi_config)
pc.list_indexes() // error: No api-key provided

Solution

  • Adjust the ConfigBuilder to avoid clobbering API key
  • Move some logic into a util function so that behavior will be consistent across both data and control planes
  • Ensure configuration is passed to from the Pinecone object to the index client
  • deepcopy the openapi_config object before modifying it so that index-specific host changes do clobber control plane or calls to other indexes.

Future work

  • In the future, we should deprecate openapi_config and have some way of passing SSL config without all the baggage that comes with this OpenApiConfiguration object. This config object is an undocumented holdover from earlier versions of the client and breaks the abstraction the client is trying to provide to smooth out the UX of the generated SDK code.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

Test Plan

  • Added tests

@jhamon jhamon marked this pull request as ready for review March 12, 2024 22:50
jhamon
jhamon commented Mar 12, 2024
View reviewed changes
pinecone/config/config.py
@@ -46,10 +46,10 @@ def build(
if not host:
raise PineconeConfigurationError("You haven't specified a host.")

openapi_config = (
openapi_config
or kwargs.pop("openapi_config", None)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or kwargs.pop("openapi_config", None) wasn't doing anything, since openapi_config is a named param and the key should never appear in kwargs.

jhamon
jhamon commented Mar 12, 2024
View reviewed changes
pinecone/config/config.py
Comment on lines +50 to +51
openapi_config.host = host
openapi_config.api_key = {"ApiKeyAuth": api_key}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the user provides this object with some configuration in it, we want to merge the api key and host settings into it rather than building a fresh object.

jhamon
jhamon commented Mar 12, 2024
View reviewed changes
pinecone/control/pinecone.py
Comment on lines -88 to -93
if config or kwargs.get("config"):
configKwarg = config or kwargs.get("config")
if not isinstance(configKwarg, Config):
if config:
if not isinstance(config, Config):
raise TypeError("config must be of type pinecone.config.Config")
else:
self.config = configKwarg
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was more cleanup since config is a named param that should never appear in kwargs

ssmith-pc
ssmith-pc reviewed Mar 12, 2024
View reviewed changes
pinecone/control/pinecone.py Outdated
Comment on lines 527 to 540
return Index(api_key=self.config.api_key, host=normalize_host(host), pool_threads=pt, **kwargs)
return Index(
host=normalize_host(host),
api_key=api_key,
pool_threads=pt,
openapi_config=openapi_config,
**kwargs
)

if name != '':
# Otherwise, get host url from describe_index using the index name
index_host = self.index_host_store.get_host(self.index_api, self.config, name)
return Index(api_key=self.config.api_key, host=index_host, pool_threads=pt, **kwargs)
return Index(
host=index_host,
api_key=api_key,
pool_threads=pt,
openapi_config=openapi_config,
**kwargs
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may be out of the scope for this change since you're just adding the openapi_config param, but it looks like these two blocks are largely identical, differing only by how the host param is init'd

austin-denoble
austin-denoble approved these changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@austin-denoble austin-denoble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job tracking this one down and cleaning that up. 🚢

pinecone/utils/setup_openapi_client.py
from pinecone.core.client.api_client import ApiClient
from .user_agent import get_user_agent

def setup_openapi_client(api_klass, config, pool_threads):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: _klass?

tests/integration/data/test_openapi_configuration.py
from pinecone.core.client.configuration import Configuration as OpenApiConfiguration
from urllib3 import make_headers

@pytest.mark.skipif(os.getenv('USE_GRPC') != 'false', reason='Only test when using REST')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. 👍

@jhamon jhamon merged commit a201cb6 into main Mar 14, 2024
124 checks passed
@jhamon jhamon deleted the jhamon/ssl-config branch March 14, 2024 17:11
@jhamon jhamon mentioned this pull request Mar 14, 2024
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ssmith-pc ssmith-pc ssmith-pc left review comments

@austin-denoble austin-denoble austin-denoble approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jhamon @austin-denoble @ssmith-pc