(oidc): Add support for loading tokens via a file, environment variable, and from a file path set in an env var.

2024-08-16 20:11:24 +00:00 · 2024-08-16 20:11:24 +00:00 · 11668c31c1
commit 11668c31c1
parent 9c3124c5a7
2 changed files with 80 additions and 0 deletions
--- a/litellm/tests/test_secret_manager.py
+++ b/litellm/tests/test_secret_manager.py
@ -5,6 +5,8 @@ from dotenv import load_dotenv
 load_dotenv()
 import os
 from uuid import uuid4
 import tempfile
 sys.path.insert(
    0, os.path.abspath("../..")
@ -135,3 +137,62 @@ def test_oidc_circle_v1_with_amazon_fips():
        aws_session_name="assume-v1-session-fips",
        aws_sts_endpoint="https://sts-fips.us-west-1.amazonaws.com",
    )
 def test_oidc_env_variable():
    # Create a unique environment variable name
    env_var_name = "OIDC_TEST_PATH_" + uuid4().hex
    os.environ[env_var_name] = "secret-" + uuid4().hex
    secret_val = get_secret(
        f"oidc/env/{env_var_name}"
    )
    print(f"secret_val: {redact_oidc_signature(secret_val)}")
    assert secret_val == os.environ[env_var_name]
    # now unset the environment variable
    del os.environ[env_var_name]
 def test_oidc_file():
    # Create a temporary file
    with tempfile.NamedTemporaryFile(mode='w+') as temp_file:
        secret_value = "secret-" + uuid4().hex
        temp_file.write(secret_value)
        temp_file.flush()
        temp_file_path = temp_file.name
        secret_val = get_secret(
            f"oidc/file/{temp_file_path}"
        )
        print(f"secret_val: {redact_oidc_signature(secret_val)}")
        assert secret_val == secret_value
 def test_oidc_env_path():
    # Create a temporary file
    with tempfile.NamedTemporaryFile(mode='w+') as temp_file:
        secret_value = "secret-" + uuid4().hex
        temp_file.write(secret_value)
        temp_file.flush()
        temp_file_path = temp_file.name
        # Create a unique environment variable name
        env_var_name = "OIDC_TEST_PATH_" + uuid4().hex
        # Set the environment variable to the temporary file path
        os.environ[env_var_name] = temp_file_path
        # Test getting the secret using the environment variable
        secret_val = get_secret(
            f"oidc/env_path/{env_var_name}"
        )
        print(f"secret_val: {redact_oidc_signature(secret_val)}")
        assert secret_val == secret_value
        del os.environ[env_var_name]
--- a/litellm/utils.py
+++ b/litellm/utils.py
@ -8433,6 +8433,25 @@ def get_secret(
            with open(azure_federated_token_file, "r") as f:
                oidc_token = f.read()
                return oidc_token
        elif oidc_provider == "file":
            # Load token from a file
            with open(oidc_aud, "r") as f:
                oidc_token = f.read()
                return oidc_token
        elif oidc_provider == "env":
            # Load token directly from an environment variable
            oidc_token = os.getenv(oidc_aud)
            if oidc_token is None:
                raise ValueError(f"Environment variable {oidc_aud} not found")
            return oidc_token
        elif oidc_provider == "env_path":
            # Load token from a file path specified in an environment variable
            token_file_path = os.getenv(oidc_aud)
            if token_file_path is None:
                raise ValueError(f"Environment variable {oidc_aud} not found")
            with open(token_file_path, "r") as f:
                oidc_token = f.read()
                return oidc_token
        else:
            raise ValueError("Unsupported OIDC provider")