From eb0a357eda72812b9dc03274fca15d78240b483b Mon Sep 17 00:00:00 2001 From: Krrish Dholakia Date: Fri, 22 Nov 2024 23:11:58 +0530 Subject: [PATCH] docs: add docs on restricting key creation --- docs/my-website/docs/proxy/configs.md | 1 + docs/my-website/docs/proxy/self_serve.md | 8 ++- docs/my-website/docs/proxy/virtual_keys.md | 69 ++++++++++++++++++++++ 3 files changed, 77 insertions(+), 1 deletion(-) diff --git a/docs/my-website/docs/proxy/configs.md b/docs/my-website/docs/proxy/configs.md index 6f54df2ae..df22a29e3 100644 --- a/docs/my-website/docs/proxy/configs.md +++ b/docs/my-website/docs/proxy/configs.md @@ -755,6 +755,7 @@ general_settings: | cache_params.supported_call_types | array of strings | The types of calls to cache. [Further docs](./caching) | | cache_params.mode | string | The mode of the cache. [Further docs](./caching) | | disable_end_user_cost_tracking | boolean | If true, turns off end user cost tracking on prometheus metrics + litellm spend logs table on proxy. | +| key_generation_settings | object | Restricts who can generate keys. [Further docs](./virtual_keys.md#restricting-key-generation) | ### general_settings - Reference diff --git a/docs/my-website/docs/proxy/self_serve.md b/docs/my-website/docs/proxy/self_serve.md index e04aa4b44..494d9e60d 100644 --- a/docs/my-website/docs/proxy/self_serve.md +++ b/docs/my-website/docs/proxy/self_serve.md @@ -217,4 +217,10 @@ litellm_settings: max_parallel_requests: 1000 # (Optional[int], optional): Max number of requests that can be made in parallel. Defaults to None. tpm_limit: 1000 #(Optional[int], optional): Tpm limit. Defaults to None. rpm_limit: 1000 #(Optional[int], optional): Rpm limit. Defaults to None. -``` \ No newline at end of file + + key_generation_settings: # Restricts who can generate keys. [Further docs](./virtual_keys.md#restricting-key-generation) + team_key_generation: + allowed_team_member_roles: ["admin"] + personal_key_generation: # maps to 'Default Team' on UI + allowed_user_roles: ["proxy_admin"] +``` diff --git a/docs/my-website/docs/proxy/virtual_keys.md b/docs/my-website/docs/proxy/virtual_keys.md index 3b9a2a03e..98b06d33b 100644 --- a/docs/my-website/docs/proxy/virtual_keys.md +++ b/docs/my-website/docs/proxy/virtual_keys.md @@ -811,6 +811,75 @@ litellm_settings: team_id: "core-infra" ``` +### Restricting Key Generation + +Use this to control who can generate keys. Useful when letting others create keys on the UI. + +```yaml +litellm_settings: + key_generation_settings: + team_key_generation: + allowed_team_member_roles: ["admin"] + personal_key_generation: # maps to 'Default Team' on UI + allowed_user_roles: ["proxy_admin"] +``` + +#### Spec + +```python +class TeamUIKeyGenerationConfig(TypedDict): + allowed_team_member_roles: List[str] + + +class PersonalUIKeyGenerationConfig(TypedDict): + allowed_user_roles: List[LitellmUserRoles] + + +class StandardKeyGenerationConfig(TypedDict, total=False): + team_key_generation: TeamUIKeyGenerationConfig + personal_key_generation: PersonalUIKeyGenerationConfig + + +class LitellmUserRoles(str, enum.Enum): + """ + Admin Roles: + PROXY_ADMIN: admin over the platform + PROXY_ADMIN_VIEW_ONLY: can login, view all own keys, view all spend + ORG_ADMIN: admin over a specific organization, can create teams, users only within their organization + + Internal User Roles: + INTERNAL_USER: can login, view/create/delete their own keys, view their spend + INTERNAL_USER_VIEW_ONLY: can login, view their own keys, view their own spend + + + Team Roles: + TEAM: used for JWT auth + + + Customer Roles: + CUSTOMER: External users -> these are customers + + """ + + # Admin Roles + PROXY_ADMIN = "proxy_admin" + PROXY_ADMIN_VIEW_ONLY = "proxy_admin_viewer" + + # Organization admins + ORG_ADMIN = "org_admin" + + # Internal User Roles + INTERNAL_USER = "internal_user" + INTERNAL_USER_VIEW_ONLY = "internal_user_viewer" + + # Team Roles + TEAM = "team" + + # Customer Roles - External users of proxy + CUSTOMER = "customer" +``` + + ## **Next Steps - Set Budgets, Rate Limits per Virtual Key** [Follow this doc to set budgets, rate limiters per virtual key with LiteLLM](users)