refactor (sdk): resolve Deny Exception when in oss\n\ntodo: remove fi…

…x when supertokens is introduced (in oss)
Agenta-AI · Jan 31, 2025 · abc3d0e · abc3d0e
1 parent a1e1662
commit abc3d0e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 17 deletions.
diff --git a/agenta-cli/agenta/sdk/middleware/auth.py b/agenta-cli/agenta/sdk/middleware/auth.py
@@ -17,7 +17,9 @@
 
 _CACHE_ENABLED = getenv("AGENTA_MIDDLEWARE_CACHE_ENABLED", "false").lower() in TRUTHY
 _ALWAYS_ALLOW_LIST = ["/health"]
-
+_UNAUTHORIZED_EXECUTION_ALLOWED = (
+    getenv("AGENTA_UNAUTHORIZED_EXECUTION_ALLOWED", "False").lower() in TRUTHY
+)
 _cache = TTLLRUCache(capacity=CACHE_CAPACITY, ttl=CACHE_TTL)
 
 
@@ -54,7 +56,10 @@ def __init__(self, app: FastAPI):
 
     async def dispatch(self, request: Request, call_next: Callable):
         try:
-            if request.url.path in _ALWAYS_ALLOW_LIST:
+            if (
+                request.url.path in _ALWAYS_ALLOW_LIST
+                or _UNAUTHORIZED_EXECUTION_ALLOWED
+            ):
                 request.state.auth = {}
 
             else:

diff --git a/agenta-cli/agenta/sdk/middleware/vault.py b/agenta-cli/agenta/sdk/middleware/vault.py
@@ -24,6 +24,9 @@
     if hasattr(arg, "__args__"):
         _PROVIDER_KINDS.extend(arg.__args__)
 
+_UNAUTHORIZED_EXECUTION_ALLOWED = (
+    getenv("AGENTA_UNAUTHORIZED_EXECUTION_ALLOWED", "False").lower() in TRUTHY
+)
 _CACHE_ENABLED = getenv("AGENTA_MIDDLEWARE_CACHE_ENABLED", "false").lower() in TRUTHY
 
 _cache = TTLLRUCache(capacity=CACHE_CAPACITY, ttl=CACHE_TTL)
@@ -108,23 +111,24 @@ async def _get_secrets(self, request: Request) -> Optional[Dict]:
 
         vault_secrets: List[SecretDTO] = []
 
-        try:
-            async with httpx.AsyncClient() as client:
-                response = await client.get(
-                    f"{self.host}/api/vault/v1/secrets",
-                    headers=headers,
-                )
+        if not _UNAUTHORIZED_EXECUTION_ALLOWED:
+            try:
+                async with httpx.AsyncClient() as client:
+                    response = await client.get(
+                        f"{self.host}/api/vault/v1/secrets",
+                        headers=headers,
+                    )
 
-                if response.status_code != 200:
-                    vault_secrets = []
+                    if response.status_code != 200:
+                        vault_secrets = []
 
-                else:
-                    secrets = response.json()
-                    vault_secrets = self._transform_secrets_response_to_secret_dto(
-                        secrets
-                    )
-        except:  # pylint: disable=bare-except
-            display_exception("Vault: Vault Secrets Exception")
+                    else:
+                        secrets = response.json()
+                        vault_secrets = self._transform_secrets_response_to_secret_dto(
+                            secrets
+                        )
+            except:  # pylint: disable=bare-except
+                display_exception("Vault: Vault Secrets Exception")
 
         merged_secrets = {}