Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding api_key quickstart #228

Merged
merged 3 commits into from
Nov 8, 2024
Merged

Adding api_key quickstart #228

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f179fa7
Adding api_key quickstart
slyons Nov 7, 2024
269cb06
Updating with Flight/FlightSQL endpoints, improving clarity
slyons Nov 7, 2024
ad9cbd7
Update the API key quickstart
phillipleblanc Nov 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 108 additions & 0 deletions api_key/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
# Spice API Key Authentication

Spice supports securing its HTTP, Flight/FlightSQL, and OpenTelemetry endpoints using API keys.

Enable API key authentication with:

```yaml
runtime:
auth:
api-key:
enabled: true
keys:
- ${ env:API_KEY }
```

Create a `.env` file in the same directory as `spicepod.yaml` to set an API key that will be pulled from the environment:

```shell
API_KEY=foobar
```

## HTTP

1. Start Spice with `spice run`, then open a new terminal
1. To test without an API key, run:

```shell
curl -XPOST -i http://localhost:8090/v1/sql -d 'SELECT 1'
```

Expected response:

```shell
$ curl -XPOST -i http://localhost:8090/v1/sql -d 'SELECT 1'
HTTP/1.1 401 Unauthorized
content-length: 12
date: Thu, 07 Nov 2024 01:52:00 GMT

Unauthorized
```

1. Test with the API key:

```shell
curl -H "x-api-key: foobar" -XPOST -i http://localhost:8090/v1/sql -d 'SELECT 1'
```

Output:

```shell
curl -H "x-api-key: foobar" -XPOST -i http://localhost:8090/v1/sql -d 'SELECT 1'
HTTP/1.1 200 OK
content-type: text/plain; charset=utf-8
x-cache: Miss from spiceai
content-length: 16
date: Thu, 07 Nov 2024 01:53:20 GMT

[{"Int64(1)":1}]
```

## CLI

1. Start Spice with `spice run`, then open a new terminal
1. Run `spice status` without an API key

```bash
$ spice status
2024/11/07 17:29:48 ERROR getting spiced status error="error fetching runtime information: Unauthorized"
```

1. Now, run `spice status` with the API key

```bash
$ spice status --api-key foobar

NAME ENDPOINT STATUS
http 127.0.0.1:8090 Ready
flight 127.0.0.1:50051 Ready
metrics 127.0.0.1:9090 Ready
opentelemetry 127.0.0.1:50052 Ready
```

## SQL REPL

1. Start Spice with `spice run`, then open a new terminal
1. Open the SQL REPL with `spice sql`, then attempt a SQL query:

```bash
$ spice sql

sql> select 1;
Authentication Error Access denied. Invalid credentials.
```

1. Re-open the SQL REPL with the API key and try the query again:

```bash
$ spice sql --api-key foobar

sql> select 1;
+----------+
| Int64(1) |
+----------+
| 1 |
+----------+

Time: 0.007247375 seconds. 1 rows.
```
14 changes: 14 additions & 0 deletions api_key/spicepod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
version: v1beta1
kind: Spicepod
name: api_key

secrets:
- from: env
name: env

runtime:
auth:
api-key:
enabled: true
keys:
- ${ env:API_KEY }
Loading