mirror of
https://github.com/netbirdio/netbird.git
synced 2026-07-18 20:49:56 +00:00
* [management,proxy] Add per-provider skip_tls_verification for agent-network Let agent-network providers opt into skipping upstream TLS verification for self-hosted / internal gateways behind a private or self-signed cert. - provider: add SkipTLSVerification (persisted via AutoMigrate) with request/response mapping (nil on update preserves, explicit false clears). - openapi: skip_tls_verification on the provider request + response; types regenerated. - synthesizer: carry the flag into the llm_router route config so it reaches the proxy. - proxy: llm_router sets it on the UpstreamRewrite mutation, and the reverse proxy applies roundtrip.WithSkipTLSVerify per selected route when forwarding upstream (the router dials per provider, so a per-target flag alone wouldn't cover it). - tests: synthesizer route config carries the flag, router rewrite propagates it, and the request/response round-trip incl. update semantics. * [e2e] Validate per-provider skip_tls_verification end to end Add a self-signed HTTPS upstream (nginx) to the harness and a test that provisions two providers on that same upstream — one with skip_tls_verification=true, one false — behind one proxy + client. The skip=true provider's chat reaches the upstream (200); the skip=false provider's fails the TLS handshake (5xx). Same upstream, opposite outcome, which proves the flag is honoured per provider (a single target-level flag could not, since all of an account's providers share one synthesised target). * [e2e] WaitProxyPeer: require >=1 connected peer, not exact 1/1 Each proxy container registers a fresh WireGuard key and its peer is not removed on teardown, so proxy peers from earlier tests linger in the account as disconnected. WaitProxyPeer matched the exact string "1/1 Connected", which failed once a second proxy-using test ran in the same package (status "1/2"). Parse the "Peers count: X/Y Connected" line and wait for X>=1 instead: only the live proxy can be connected, and the caller's subsequent chat is the real end-to-end assertion. Fixes the CI failure of TestProviderSkipTLSVerification (runs after TestProvidersMatrix).
111 lines
4.7 KiB
Go
111 lines
4.7 KiB
Go
package llm_router
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/netbirdio/netbird/proxy/internal/middleware"
|
|
"github.com/netbirdio/netbird/proxy/internal/middleware/builtin"
|
|
)
|
|
|
|
// ProviderRoute describes one upstream LLM provider the router can
|
|
// hand a request to. Models lists the model identifiers the provider
|
|
// claims; UpstreamScheme + UpstreamHost replace the synth target's
|
|
// placeholder URL on a match. UpstreamPath is the path component of
|
|
// the configured upstream URL — the router uses it to disambiguate
|
|
// providers that claim the same model: when more than one provider
|
|
// matches the model, the route whose UpstreamPath is a prefix of the
|
|
// incoming request path is preferred (longest match wins, empty path
|
|
// is the catchall). AuthHeaderName + AuthHeaderValue are the
|
|
// per-provider credential the router injects after stripping the
|
|
// vendor auth headers from the inbound request.
|
|
//
|
|
// AllowedGroupIDs is the union of source-group IDs across every
|
|
// enabled policy that authorises this provider. The router treats it
|
|
// as a hard filter: a route whose AllowedGroupIDs has no intersection
|
|
// with the caller's UserGroups is removed from the candidate list
|
|
// before the path-prefix tiebreak. A route with empty AllowedGroupIDs
|
|
// is unreachable; the synthesiser only emits policy-bound routes.
|
|
type ProviderRoute struct {
|
|
ID string `json:"id"`
|
|
// Vendor is the parser surface this provider speaks ("openai",
|
|
// "anthropic", …), matching the llm.provider value llm_request_parser
|
|
// emits from the request. When set, the router keeps a vendor-tagged
|
|
// request on a same-vendor route so catch-all gateways of a different
|
|
// vendor can't swallow it. Empty disables vendor filtering for this
|
|
// route.
|
|
Vendor string `json:"vendor,omitempty"`
|
|
Models []string `json:"models"`
|
|
UpstreamScheme string `json:"upstream_scheme"`
|
|
UpstreamHost string `json:"upstream_host"`
|
|
UpstreamPath string `json:"upstream_path,omitempty"`
|
|
AuthHeaderName string `json:"auth_header_name"`
|
|
AuthHeaderValue string `json:"auth_header_value"`
|
|
AllowedGroupIDs []string `json:"allowed_group_ids"`
|
|
// Vertex marks a Google Vertex AI provider. Vertex requests carry the
|
|
// model in the URL path, so the router selects this route by path
|
|
// (isVertexPath) and bypasses the model/vendor table entirely.
|
|
Vertex bool `json:"vertex,omitempty"`
|
|
// Bedrock marks an AWS Bedrock provider. Bedrock requests carry the model
|
|
// in the URL path (/model/{id}/{action}), so the router selects this route
|
|
// by path (isBedrockPath) and bypasses the model/vendor table; auth is the
|
|
// static AuthHeaderValue bearer token (no token minting).
|
|
Bedrock bool `json:"bedrock,omitempty"`
|
|
// GCPServiceAccountKeyB64 is a base64-encoded GCP service-account JSON
|
|
// key. When set, the router mints + refreshes a short-lived OAuth2 access
|
|
// token from it at request time and injects it as the auth header value
|
|
// (instead of the static AuthHeaderValue) — so the gateway holds a durable
|
|
// Vertex credential rather than a 1-hour token.
|
|
GCPServiceAccountKeyB64 string `json:"gcp_sa_key_b64,omitempty"`
|
|
// SkipTLSVerify disables upstream TLS certificate verification when dialing
|
|
// this route's upstream. For self-hosted / internal gateways behind a
|
|
// private or self-signed certificate.
|
|
SkipTLSVerify bool `json:"skip_tls_verify,omitempty"`
|
|
}
|
|
|
|
// Config is the on-wire configuration accepted by the factory. An
|
|
// empty Providers slice yields a router that denies every request as
|
|
// not-routable; the synthesiser is responsible for stamping the
|
|
// account's enabled providers into this slice.
|
|
type Config struct {
|
|
Providers []ProviderRoute `json:"providers"`
|
|
}
|
|
|
|
// Factory builds llm_router instances from raw config bytes.
|
|
type Factory struct{}
|
|
|
|
// ID returns the registry identifier.
|
|
func (Factory) ID() string { return ID }
|
|
|
|
// New constructs a middleware instance. Empty, null, and {} configs
|
|
// yield a router with an empty Providers slice — every request denies
|
|
// with model_not_routable. Non-empty payloads must parse cleanly so
|
|
// misconfigurations surface at chain build time.
|
|
func (Factory) New(rawConfig []byte) (middleware.Middleware, error) {
|
|
cfg := Config{}
|
|
if !isEmptyJSON(rawConfig) {
|
|
if err := json.Unmarshal(rawConfig, &cfg); err != nil {
|
|
return nil, fmt.Errorf("decode config: %w", err)
|
|
}
|
|
}
|
|
return New(cfg), nil
|
|
}
|
|
|
|
// isEmptyJSON reports whether the payload is whitespace, null, or an
|
|
// empty object/array. The caller skips Unmarshal in that case so the
|
|
// zero-value Config flows through unchanged.
|
|
func isEmptyJSON(raw []byte) bool {
|
|
trimmed := strings.TrimSpace(string(bytes.TrimSpace(raw)))
|
|
switch trimmed {
|
|
case "", "null", "{}", "[]":
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
func init() {
|
|
builtin.Register(Factory{})
|
|
}
|