Configure apiKey, additionalHeaders, and host through environment variables
#22
Conversation
…ent variables, add logic for using passed params over environment variables where applicable, add new unit tests
…ough NewClientParams or environment variables, add tests
austin-denoble
changed the title
apiKey, additionalHeaders, and host through environment variables
There was a problem hiding this comment.
Could we have two different constructors? One that requires an ApiKey and the other that requires a different auth mechanism (bearer token? oauth token?). It feels clunky that the "ApiKey is required unless..."
There was a problem hiding this comment.
That does seem reasonable. I'm less clear on what this would look like though since we don't officially offer alternative methods of authentication quite yet. The other clients require an API key for instance.
If the user is able to supply headers directly then they could technically always pass their own auth headers. I think this would also be an issue on Python and TypeScript since they don't do any checking of the headers that are provided. You could also consider this a user-error that they'd need to resolve themselves.
I'm a bit unsure of what would make the most sense here to be honest. 🤔
True, responded here: #22 (comment) |
.github/workflows/ci.yaml
Outdated
| INTEGRATION_PINECONE_API_KEY: ${{ secrets.API_KEY }} |
There was a problem hiding this comment.
This doesn't seem to match up with .env.example above
There was a problem hiding this comment.
I split things out a bit and there are 2 environment keys for setting the API key:
PINECONE_API_KEYINTEGRATION_PINECONE_API_KEY
Let me know if that's too confusing. Trying to test properly while one env value was used in both situations (the client vs. the tests) felt trickier than just having explicit values for it.
There was a problem hiding this comment.
To keep the "test" key usage more clear, I updated the name to TEST_PINECONE_API_KEY.
.env.example should also be updated:
PINECONE_API_KEY="<Project API Key>"
TEST_PINECONE_API_KEY="<Test Project API Key>"
TEST_POD_INDEX_NAME="<Pod based Index name>"
TEST_SERVERLESS_INDEX_NAME="<Serverless based Index name>"
pinecone/client.go
Outdated
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| client, err := control.NewClient("https://api.pinecone.io", clientOptions...) | ||
| controlHostOverride := valueOrFallback(in.Host, os.Getenv("PINECONE_CONTROLLER_HOST")) |
There was a problem hiding this comment.
"CONTROL" vs "CONTROLLER"? (Assuming this is talking about the control plane?
There was a problem hiding this comment.
I went with PINECONE_CONTROLLER_HOST because that's the env key that's used in the Python and TypeScript clients for the same config value:
- https://github.com/pinecone-io/pinecone-python-client/blob/1fad23f00c114aa8ef33242b91b969da2825c360/pinecone/config/pinecone_config.py#L15
- https://github.com/pinecone-io/pinecone-ts-client/blob/00d7c36bb34867a933170312070a91306f94c058/src/pinecone.ts#L165
I suppose it is a bit confusing given it's applied as an override to the control plane. I think staying consistent makes sense, although the variable name here is confusing. What do you think?
pinecone/client.go
Outdated
| @@ -16,25 +18,41 @@ import ( | |||
|
|
|||
| type Client struct { | |||
| apiKey string | |||
There was a problem hiding this comment.
Is apiKey still needed in the Client struct?
There was a problem hiding this comment.
Removed from Client as well as IndexConnection.
| Headers map[string]string | ||
| Host string | ||
| RestClient *http.Client | ||
| SourceTag string | ||
| } | ||
|
|
||
| func NewClient(in NewClientParams) (*Client, error) { |
There was a problem hiding this comment.
I'd expect this func to just call NewClientBase and configure the ApiKey as an auth header
There was a problem hiding this comment.
It now ultimately calls NewClientBase and passes the ApiKey through as part of the Headers map.
pinecone/client.go
Outdated
| @@ -421,39 +460,82 @@ func derefOrDefault[T any](ptr *T, defaultValue T) T { | |||
| return *ptr | |||
| } | |||
|
|
|||
| func buildClientOptions(in NewClientParams) ([]control.ClientOption, error) { | |||
| func (ncp *NewClientParams) buildClientOptions() ([]control.ClientOption, error) { | |||
There was a problem hiding this comment.
could buildClientOptions to be a wrapper around buildClientBaseOptions?
There was a problem hiding this comment.
I slimmed things down to just buildClientBaseOptions, lemme know if that makes sense.
pinecone/client_test.go
Outdated
| os.Unsetenv("PINECONE_ADDITIONAL_HEADERS") | ||
| } | ||
|
|
||
| // func (ts *ClientTests) TestAuthorizationHeaderOverridesApiKey() { |
There was a problem hiding this comment.
Meant to remove entirely, the PR wasn't really in a finished state. 😅 The client no longer does any explicit juggling of ApiKey and any auth header you may have passed.
…unc and add NewClientBase, update tests to support the new interface for creating clients, remove apiKey from Client and IndexConnection, handle turning apiKey into a header early, and allowing for complete control over headers without using apiKey
.env.example
Outdated
| @@ -1,3 +1,4 @@ | |||
| API_KEY="<Project API Key>" | |||
| PINECONE_API_KEY="<Project API Key>" | |||
| TEST_PINECONE_API_KEY="<Test Project API Key>" | |||
There was a problem hiding this comment.
Good point. 😄
pinecone/client.go
Outdated
| if err != nil { | ||
| return nil, err | ||
| osApiKey := os.Getenv("PINECONE_API_KEY") | ||
| hasApiKey := (in.ApiKey != "" || osApiKey != "") |
There was a problem hiding this comment.
This functionality (of having an environment variable) instead of requiring the in.ApiKey seems unclear. On L26 it says that the ApiKey is required. Here, it seems it's optional if I set an environment variable.
There was a problem hiding this comment.
True, I updated the comment to call that out, and also the error that's returned if you don't pass a key. I think adding docstrings we can make this a bit more clear and explicit.
| return nil, fmt.Errorf("no API key provided, please pass an API key for authorization") | ||
| } | ||
|
|
||
| apiKeyHeader := struct{ Key, Value string }{"Api-Key", valueOrFallback(in.ApiKey, osApiKey)} |
There was a problem hiding this comment.
Seems that valueOrFallback could be utilized for the "hasApiKey" check?
pinecone/client.go
Outdated
| func minOne(x int32) int32 { | ||
| if x < 1 { | ||
| return 1 | ||
| func ensureHTTPS(inputURL string) (string, error) { |
There was a problem hiding this comment.
can we add the option to disable https? (i'm thinking for local dev)
There was a problem hiding this comment.
The way it's written currently means if you provide a Host or PINECONE_CONTROLLER_HOST, you're able to use whatever scheme as long as url.Parse() can read it out. https is only applied if there's no scheme, do you think that's sufficient?
For example, you should be able to pass http://localhost:9999 properly without "https" being added.
There was a problem hiding this comment.
yup that works. The function name is a bit confusing...
| clientOptions := buildClientBaseOptions(in) | ||
| var err error | ||
|
|
||
| controlHostOverride := valueOrFallback(in.Host, os.Getenv("PINECONE_CONTROLLER_HOST")) |
There was a problem hiding this comment.
Nice job throwing this in for consistency with other clients.
… env value, remove unnecessary test
Problem
There was a request to add additional configuration validation to the Go client as you could make requests with an empty
apiKey. An empty check and early error return were added in a previous PR when passingapiKeydirectly: https://github.com/pinecone-io/go-pinecone/pull/18/files#diff-37c3a14781b4b6e74bcc0cfc8b2462ee2ae243a720a42669256248a3cb005f01R442-R444We're also lacking the ability to specify an api key or headers through environment variables like the Python client, which can be a nice UX tweak for options in how you configure the client. Additionally, there's no way to specify a control plane host override, which is useful in situations where we need to hit a staging URL.
Solution
buildClientOptions()into a method on theNewClientParamsstruct rather than a function which receives the struct.PINECONE_API_KEY,PINECONE_ADDITIONAL_HEADERS, andPINECONE_CONTROLLER_HOSTthrough environment variables. I kept the naming aligned with Python for now.NewClientParamsdirectly, the passed value will override anything set in the environment.Type of Change
Test Plan
CI and new unit tests.