phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-10-11 21:48:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(auth): allow unauthenticated access to health and version endpoints (#3736)
Some checks failed
SqlStore Integration Tests / test-postgres (3.12) (push) Failing after 0s
Details
SqlStore Integration Tests / test-postgres (3.13) (push) Failing after 0s
Details
Integration Auth Tests / test-matrix (oauth2_token) (push) Failing after 2s
Details
Integration Tests (Replay) / Integration Tests (, , , client=, ) (push) Failing after 4s
Details
Python Package Build Test / build (3.12) (push) Failing after 1s
Details
Test Llama Stack Build / generate-matrix (push) Successful in 3s
Details
Test External Providers Installed via Module / test-external-providers-from-module (venv) (push) Has been skipped
Details
Python Package Build Test / build (3.13) (push) Failing after 1s
Details
Vector IO Integration Tests / test-matrix (push) Failing after 4s
Details
Test Llama Stack Build / build-single-provider (push) Failing after 4s
Details
Test Llama Stack Build / build-custom-container-distribution (push) Failing after 4s
Details
Test Llama Stack Build / build-ubi9-container-distribution (push) Failing after 4s
Details
API Conformance Tests / check-schema-compatibility (push) Successful in 11s
Details
Test Llama Stack Build / build (push) Failing after 3s
Details
Test External API and Providers / test-external (venv) (push) Failing after 5s
Details
Unit Tests / unit-tests (3.12) (push) Failing after 4s
Details
Unit Tests / unit-tests (3.13) (push) Failing after 3s
Details
UI Tests / ui-tests (22) (push) Successful in 37s
Details
Pre-commit / pre-commit (push) Successful in 2m1s
Details

Browse source 
The AuthenticationMiddleware was blocking all requests without an
Authorization header, including health and version endpoints that are
needed by monitoring tools, load balancers, and Kubernetes probes.

This commit allows endpoints ending in /health or /version to bypass
authentication, enabling operational tooling to function properly
without requiring credentials.

Closes: #3735

Signed-off-by: Derek Higgins <derekh@redhat.com>
This commit is contained in:
Derek Higgins 2025-10-10 21:41:43 +01:00 committed by GitHub
parent 32fde8d9a8
commit 6954fe2274
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 116 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

4
llama_stack/schema_utils.py
View file

@ -61,6 +61,7 @@ class WebMethod:
descriptive_name: str | None = None
required_scope: str | None = None
deprecated: bool | None = False
require_authentication: bool | None = True
CallableT = TypeVar("CallableT", bound=Callable[..., Any])
@ -77,6 +78,7 @@ def webmethod(
descriptive_name: str | None = None,
required_scope: str | None = None,
deprecated: bool | None = False,
require_authentication: bool | None = True,
) -> Callable[[CallableT], CallableT]:
"""
Decorator that supplies additional metadata to an endpoint operation function.
@ -86,6 +88,7 @@ def webmethod(
:param request_examples: Sample requests that the operation might take. Pass a list of objects, not JSON.
:param response_examples: Sample responses that the operation might produce. Pass a list of objects, not JSON.
:param required_scope: Required scope for this endpoint (e.g., 'monitoring.viewer').
:param require_authentication: Whether this endpoint requires authentication (default True).
"""
def wrap(func: CallableT) -> CallableT:
@ -100,6 +103,7 @@ def webmethod(
descriptive_name=descriptive_name,
required_scope=required_scope,
deprecated=deprecated,
require_authentication=require_authentication if require_authentication is not None else True,
)
# Store all webmethods in a list to support multiple decorators