forked from phoenix/litellm-mirror
use _delete_virtual_keys_from_secret_manager
This commit is contained in:
Ishaan Jaff
parent
4dab664cdc
commit
5d8f7758d1
2 changed files with 68 additions and 5 deletions
|
|
@ -3,16 +3,18 @@ import json
|
||||||
import uuid
|
import uuid
|
||||||
from datetime import datetime, timezone
|
from datetime import datetime, timezone
|
||||||
from re import A
|
from re import A
|
||||||
from typing import Any, Optional
|
from typing import Any, List, Optional
|
||||||
|
|
||||||
from fastapi import status
|
from fastapi import status
|
||||||
|
|
||||||
import litellm
|
import litellm
|
||||||
|
from litellm._logging import verbose_proxy_logger
|
||||||
from litellm.proxy._types import (
|
from litellm.proxy._types import (
|
||||||
GenerateKeyRequest,
|
GenerateKeyRequest,
|
||||||
KeyManagementSystem,
|
KeyManagementSystem,
|
||||||
KeyRequest,
|
KeyRequest,
|
||||||
LiteLLM_AuditLogs,
|
LiteLLM_AuditLogs,
|
||||||
|
LiteLLM_VerificationToken,
|
||||||
LitellmTableNames,
|
LitellmTableNames,
|
||||||
ProxyErrorTypes,
|
ProxyErrorTypes,
|
||||||
ProxyException,
|
ProxyException,
|
||||||
|
|
@ -125,6 +127,7 @@ class KeyManagementEventHooks:
|
||||||
@staticmethod
|
@staticmethod
|
||||||
async def async_key_deleted_hook(
|
async def async_key_deleted_hook(
|
||||||
data: KeyRequest,
|
data: KeyRequest,
|
||||||
|
keys_being_deleted: List[LiteLLM_VerificationToken],
|
||||||
response: dict,
|
response: dict,
|
||||||
user_api_key_dict: UserAPIKeyAuth,
|
user_api_key_dict: UserAPIKeyAuth,
|
||||||
litellm_changed_by: Optional[str] = None,
|
litellm_changed_by: Optional[str] = None,
|
||||||
|
|
@ -177,6 +180,10 @@ class KeyManagementEventHooks:
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
# delete the keys from the secret manager
|
||||||
|
await KeyManagementEventHooks._delete_virtual_keys_from_secret_manager(
|
||||||
|
keys_being_deleted=keys_being_deleted
|
||||||
|
)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
@ -205,6 +212,33 @@ class KeyManagementEventHooks:
|
||||||
secret_value=secret_token,
|
secret_value=secret_token,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
async def _delete_virtual_keys_from_secret_manager(
|
||||||
|
keys_being_deleted: List[LiteLLM_VerificationToken],
|
||||||
|
):
|
||||||
|
"""
|
||||||
|
Deletes virtual keys from the secret manager
|
||||||
|
|
||||||
|
Args:
|
||||||
|
keys_being_deleted: List of keys being deleted, this is passed down from the /key/delete operation
|
||||||
|
"""
|
||||||
|
if litellm._key_management_settings is not None:
|
||||||
|
if litellm._key_management_settings.store_virtual_keys is True:
|
||||||
|
from litellm.secret_managers.aws_secret_manager_v2 import (
|
||||||
|
AWSSecretsManagerV2,
|
||||||
|
)
|
||||||
|
|
||||||
|
if isinstance(litellm.secret_manager_client, AWSSecretsManagerV2):
|
||||||
|
for key in keys_being_deleted:
|
||||||
|
if key.key_alias is not None:
|
||||||
|
await litellm.secret_manager_client.async_delete_secret(
|
||||||
|
secret_name=key.key_alias
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
verbose_proxy_logger.warning(
|
||||||
|
f"KeyManagementEventHooks._delete_virtual_key_from_secret_manager: Key alias not found for key {key.token}. Skipping deletion from secret manager."
|
||||||
|
)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
async def _send_key_created_email(response: dict):
|
async def _send_key_created_email(response: dict):
|
||||||
from litellm.proxy.proxy_server import general_settings, proxy_logging_obj
|
from litellm.proxy.proxy_server import general_settings, proxy_logging_obj
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ import secrets
|
||||||
import traceback
|
import traceback
|
||||||
import uuid
|
import uuid
|
||||||
from datetime import datetime, timedelta, timezone
|
from datetime import datetime, timedelta, timezone
|
||||||
from typing import List, Optional
|
from typing import List, Optional, Tuple
|
||||||
|
|
||||||
import fastapi
|
import fastapi
|
||||||
from fastapi import APIRouter, Depends, Header, HTTPException, Query, Request, status
|
from fastapi import APIRouter, Depends, Header, HTTPException, Query, Request, status
|
||||||
|
|
@ -450,6 +450,9 @@ async def delete_key_fn(
|
||||||
user_custom_key_generate,
|
user_custom_key_generate,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if prisma_client is None:
|
||||||
|
raise Exception("Not connected to DB!")
|
||||||
|
|
||||||
keys = data.keys
|
keys = data.keys
|
||||||
if len(keys) == 0:
|
if len(keys) == 0:
|
||||||
raise ProxyException(
|
raise ProxyException(
|
||||||
|
|
@ -469,7 +472,8 @@ async def delete_key_fn(
|
||||||
and user_api_key_dict.user_role == LitellmUserRoles.PROXY_ADMIN
|
and user_api_key_dict.user_role == LitellmUserRoles.PROXY_ADMIN
|
||||||
):
|
):
|
||||||
user_id = None # unless they're admin
|
user_id = None # unless they're admin
|
||||||
number_deleted_keys = await delete_verification_token(
|
|
||||||
|
number_deleted_keys, _keys_being_deleted = await delete_verification_token(
|
||||||
tokens=keys, user_id=user_id
|
tokens=keys, user_id=user_id
|
||||||
)
|
)
|
||||||
if number_deleted_keys is None:
|
if number_deleted_keys is None:
|
||||||
|
|
@ -506,6 +510,7 @@ async def delete_key_fn(
|
||||||
asyncio.create_task(
|
asyncio.create_task(
|
||||||
KeyManagementEventHooks.async_key_deleted_hook(
|
KeyManagementEventHooks.async_key_deleted_hook(
|
||||||
data=data,
|
data=data,
|
||||||
|
keys_being_deleted=_keys_being_deleted,
|
||||||
user_api_key_dict=user_api_key_dict,
|
user_api_key_dict=user_api_key_dict,
|
||||||
litellm_changed_by=litellm_changed_by,
|
litellm_changed_by=litellm_changed_by,
|
||||||
response=number_deleted_keys,
|
response=number_deleted_keys,
|
||||||
|
|
@ -950,11 +955,35 @@ async def generate_key_helper_fn( # noqa: PLR0915
|
||||||
return key_data
|
return key_data
|
||||||
|
|
||||||
|
|
||||||
async def delete_verification_token(tokens: List, user_id: Optional[str] = None):
|
async def delete_verification_token(
|
||||||
|
tokens: List, user_id: Optional[str] = None
|
||||||
|
) -> Tuple[Optional[Dict], List[LiteLLM_VerificationToken]]:
|
||||||
|
"""
|
||||||
|
Helper that deletes the list of tokens from the database
|
||||||
|
|
||||||
|
Args:
|
||||||
|
tokens: List of tokens to delete
|
||||||
|
user_id: Optional user_id to filter by
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
Tuple[Optional[Dict], List[LiteLLM_VerificationToken]]:
|
||||||
|
Optional[Dict]:
|
||||||
|
- Number of deleted tokens
|
||||||
|
List[LiteLLM_VerificationToken]:
|
||||||
|
- List of keys being deleted, this contains information about the key_alias, token, and user_id being deleted,
|
||||||
|
this is passed down to the KeyManagementEventHooks to delete the keys from the secret manager and handle audit logs
|
||||||
|
"""
|
||||||
from litellm.proxy.proxy_server import litellm_proxy_admin_name, prisma_client
|
from litellm.proxy.proxy_server import litellm_proxy_admin_name, prisma_client
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if prisma_client:
|
if prisma_client:
|
||||||
|
tokens = [_hash_token_if_needed(token=key) for key in tokens]
|
||||||
|
_keys_being_deleted = (
|
||||||
|
await prisma_client.db.litellm_verificationtoken.find_many(
|
||||||
|
where={"token": {"in": tokens}}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
# Assuming 'db' is your Prisma Client instance
|
# Assuming 'db' is your Prisma Client instance
|
||||||
# check if admin making request - don't filter by user-id
|
# check if admin making request - don't filter by user-id
|
||||||
if user_id == litellm_proxy_admin_name:
|
if user_id == litellm_proxy_admin_name:
|
||||||
|
|
@ -984,7 +1013,7 @@ async def delete_verification_token(tokens: List, user_id: Optional[str] = None)
|
||||||
)
|
)
|
||||||
verbose_proxy_logger.debug(traceback.format_exc())
|
verbose_proxy_logger.debug(traceback.format_exc())
|
||||||
raise e
|
raise e
|
||||||
return deleted_tokens
|
return deleted_tokens, _keys_being_deleted
|
||||||
|
|
||||||
|
|
||||||
@router.post(
|
@router.post(
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue