mirror of
				https://github.com/meta-llama/llama-stack.git
				synced 2025-10-26 01:12:59 +00:00 
			
		
		
		
	
		
			Some checks failed
		
		
	
	SqlStore Integration Tests / test-postgres (3.12) (push) Failing after 0s
				
			SqlStore Integration Tests / test-postgres (3.13) (push) Failing after 0s
				
			Integration Auth Tests / test-matrix (oauth2_token) (push) Failing after 2s
				
			Integration Tests (Replay) / Integration Tests (, , , client=, ) (push) Failing after 4s
				
			Python Package Build Test / build (3.12) (push) Failing after 1s
				
			Test Llama Stack Build / generate-matrix (push) Successful in 3s
				
			Test External Providers Installed via Module / test-external-providers-from-module (venv) (push) Has been skipped
				
			Python Package Build Test / build (3.13) (push) Failing after 1s
				
			Vector IO Integration Tests / test-matrix (push) Failing after 4s
				
			Test Llama Stack Build / build-single-provider (push) Failing after 4s
				
			Test Llama Stack Build / build-custom-container-distribution (push) Failing after 4s
				
			Test Llama Stack Build / build-ubi9-container-distribution (push) Failing after 4s
				
			API Conformance Tests / check-schema-compatibility (push) Successful in 11s
				
			Test Llama Stack Build / build (push) Failing after 3s
				
			Test External API and Providers / test-external (venv) (push) Failing after 5s
				
			Unit Tests / unit-tests (3.12) (push) Failing after 4s
				
			Unit Tests / unit-tests (3.13) (push) Failing after 3s
				
			UI Tests / ui-tests (22) (push) Successful in 37s
				
			Pre-commit / pre-commit (push) Successful in 2m1s
				
			The AuthenticationMiddleware was blocking all requests without an Authorization header, including health and version endpoints that are needed by monitoring tools, load balancers, and Kubernetes probes. This commit allows endpoints ending in /health or /version to bypass authentication, enabling operational tooling to function properly without requiring credentials. Closes: #3735 Signed-off-by: Derek Higgins <derekh@redhat.com>
		
			
				
	
	
		
			118 lines
		
	
	
	
		
			4.2 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			118 lines
		
	
	
	
		
			4.2 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| # Copyright (c) Meta Platforms, Inc. and affiliates.
 | |
| # All rights reserved.
 | |
| #
 | |
| # This source code is licensed under the terms described in the LICENSE file in
 | |
| # the root directory of this source tree.
 | |
| 
 | |
| from collections.abc import Callable
 | |
| from dataclasses import dataclass
 | |
| from typing import Any, TypeVar
 | |
| 
 | |
| from .strong_typing.schema import json_schema_type, register_schema  # noqa: F401
 | |
| 
 | |
| 
 | |
| class ExtraBodyField[T]:
 | |
|     """
 | |
|     Marker annotation for parameters that arrive via extra_body in the client SDK.
 | |
| 
 | |
|     These parameters:
 | |
|     - Will NOT appear in the generated client SDK method signature
 | |
|     - WILL be documented in OpenAPI spec under x-llama-stack-extra-body-params
 | |
|     - MUST be passed via the extra_body parameter in client SDK calls
 | |
|     - WILL be available in server-side method signature with proper typing
 | |
| 
 | |
|     Example:
 | |
|         ```python
 | |
|         async def create_openai_response(
 | |
|             self,
 | |
|             input: str,
 | |
|             model: str,
 | |
|             shields: Annotated[
 | |
|                 list[str] | None, ExtraBodyField("List of shields to apply")
 | |
|             ] = None,
 | |
|         ) -> ResponseObject:
 | |
|             # shields is available here with proper typing
 | |
|             if shields:
 | |
|                 print(f"Using shields: {shields}")
 | |
|         ```
 | |
| 
 | |
|         Client usage:
 | |
|         ```python
 | |
|         client.responses.create(
 | |
|             input="hello", model="llama-3", extra_body={"shields": ["shield-1"]}
 | |
|         )
 | |
|         ```
 | |
|     """
 | |
| 
 | |
|     def __init__(self, description: str | None = None):
 | |
|         self.description = description
 | |
| 
 | |
| 
 | |
| @dataclass
 | |
| class WebMethod:
 | |
|     level: str | None = None
 | |
|     route: str | None = None
 | |
|     public: bool = False
 | |
|     request_examples: list[Any] | None = None
 | |
|     response_examples: list[Any] | None = None
 | |
|     method: str | None = None
 | |
|     raw_bytes_request_body: bool | None = False
 | |
|     # A descriptive name of the corresponding span created by tracing
 | |
|     descriptive_name: str | None = None
 | |
|     required_scope: str | None = None
 | |
|     deprecated: bool | None = False
 | |
|     require_authentication: bool | None = True
 | |
| 
 | |
| 
 | |
| CallableT = TypeVar("CallableT", bound=Callable[..., Any])
 | |
| 
 | |
| 
 | |
| def webmethod(
 | |
|     route: str | None = None,
 | |
|     method: str | None = None,
 | |
|     level: str | None = None,
 | |
|     public: bool | None = False,
 | |
|     request_examples: list[Any] | None = None,
 | |
|     response_examples: list[Any] | None = None,
 | |
|     raw_bytes_request_body: bool | None = False,
 | |
|     descriptive_name: str | None = None,
 | |
|     required_scope: str | None = None,
 | |
|     deprecated: bool | None = False,
 | |
|     require_authentication: bool | None = True,
 | |
| ) -> Callable[[CallableT], CallableT]:
 | |
|     """
 | |
|     Decorator that supplies additional metadata to an endpoint operation function.
 | |
| 
 | |
|     :param route: The URL path pattern associated with this operation which path parameters are substituted into.
 | |
|     :param public: True if the operation can be invoked without prior authentication.
 | |
|     :param request_examples: Sample requests that the operation might take. Pass a list of objects, not JSON.
 | |
|     :param response_examples: Sample responses that the operation might produce. Pass a list of objects, not JSON.
 | |
|     :param required_scope: Required scope for this endpoint (e.g., 'monitoring.viewer').
 | |
|     :param require_authentication: Whether this endpoint requires authentication (default True).
 | |
|     """
 | |
| 
 | |
|     def wrap(func: CallableT) -> CallableT:
 | |
|         webmethod_obj = WebMethod(
 | |
|             route=route,
 | |
|             method=method,
 | |
|             level=level,
 | |
|             public=public or False,
 | |
|             request_examples=request_examples,
 | |
|             response_examples=response_examples,
 | |
|             raw_bytes_request_body=raw_bytes_request_body,
 | |
|             descriptive_name=descriptive_name,
 | |
|             required_scope=required_scope,
 | |
|             deprecated=deprecated,
 | |
|             require_authentication=require_authentication if require_authentication is not None else True,
 | |
|         )
 | |
| 
 | |
|         # Store all webmethods in a list to support multiple decorators
 | |
|         if not hasattr(func, "__webmethods__"):
 | |
|             func.__webmethods__ = []  # type: ignore
 | |
|         func.__webmethods__.append(webmethod_obj)  # type: ignore
 | |
| 
 | |
|         # Keep the last one as __webmethod__ for backwards compatibility
 | |
|         func.__webmethod__ = webmethod_obj  # type: ignore
 | |
|         return func
 | |
| 
 | |
|     return wrap
 |