Merge branch 'main' into anx/streaming_query

Author: Anxhela21

build-args-konflux.conf

@@ -0,0 +1,4 @@
+BUILDER_BASE_IMAGE=registry.redhat.io/rhai/base-image-cpu-rhel9:3.2
+BUILDER_DNF_COMMAND=dnf
+RUNTIME_BASE_IMAGE=registry.redhat.io/rhai/base-image-cpu-rhel9:3.2
+RUNTIME_DNF_COMMAND=dnf

redhat.repo

@@ -0,0 +1,69 @@
+[codeready-builder-for-rhel-9-$basearch-eus-rpms]
+name = Red Hat CodeReady Linux Builder for RHEL 9 $basearch - Extended Update Support (RPMs)
+baseurl = https://cdn.redhat.com/content/eus/rhel9/9.6/$basearch/codeready-builder/os
+enabled = 1
+gpgcheck = 1
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+sslverify = 1
+sslcacert = /etc/rhsm/ca/redhat-uep.pem
+sslverifystatus = 1
+metadata_expire = 86400
+enabled_metadata = 0
+sslclientkey = $SSL_CLIENT_KEY
+sslclientcert = $SSL_CLIENT_CERT
+
+[rhel-9-for-$basearch-appstream-eus-rpms]
+name = Red Hat Enterprise Linux 9 for $basearch - AppStream - Extended Update Support (RPMs)
+baseurl = https://cdn.redhat.com/content/eus/rhel9/9.6/$basearch/appstream/os
+enabled = 1
+gpgcheck = 1
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+sslverify = 1
+sslcacert = /etc/rhsm/ca/redhat-uep.pem
+sslverifystatus = 1
+metadata_expire = 86400
+enabled_metadata = 0
+sslclientkey = $SSL_CLIENT_KEY
+sslclientcert = $SSL_CLIENT_CERT
+
+[rhel-9-for-$basearch-baseos-eus-rpms]
+name = Red Hat Enterprise Linux 9 for $basearch - BaseOS - Extended Update Support (RPMs)
+baseurl = https://cdn.redhat.com/content/eus/rhel9/9.6/$basearch/baseos/os
+enabled = 1
+gpgcheck = 1
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+sslverify = 1
+sslcacert = /etc/rhsm/ca/redhat-uep.pem
+sslverifystatus = 1
+metadata_expire = 86400
+enabled_metadata = 0
+sslclientkey = $SSL_CLIENT_KEY
+sslclientcert = $SSL_CLIENT_CERT
+
+[rhocp-4.17-for-rhel-9-$basearch-rpms]
+name = Red Hat OpenShift Container Platform 4.17 for RHEL 9 $basearch (RPMs)
+baseurl = https://cdn.redhat.com/content/dist/layered/rhel9/$basearch/rhocp/4.17/os
+enabled = 0
+gpgcheck = 1
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+sslverify = 1
+sslcacert = /etc/rhsm/ca/redhat-uep.pem
+sslverifystatus = 1
+metadata_expire = 86400
+enabled_metadata = 0
+sslclientkey = $SSL_CLIENT_KEY
+sslclientcert = $SSL_CLIENT_CERT
+
+[rhocp-4.17-for-rhel-9-$basearch-source-rpms]
+name = Red Hat OpenShift Container Platform 4.17 for RHEL 9 $basearch (Source RPMs)
+baseurl = https://cdn.redhat.com/content/dist/layered/rhel9/$basearch/rhocp/4.17/source/SRPMS
+enabled = 0
+gpgcheck = 1
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+sslverify = 1
+sslcacert = /etc/rhsm/ca/redhat-uep.pem
+sslverifystatus = 1
+metadata_expire = 86400
+enabled_metadata = 0
+sslclientkey = $SSL_CLIENT_KEY
+sslclientcert = $SSL_CLIENT_CERT

src/app/endpoints/query.py

@@ -2,8 +2,6 @@
 
 """Handler for REST API call to provide answer to query using Response API."""
 
-"""Handler for REST API call to provide answer to query using Response API."""
-
 import datetime
 import logging
 from typing import Annotated, Any, cast
@@ -51,6 +49,7 @@
     store_query_results,
     update_azure_token,
     validate_attachments_metadata,
+    validate_model_provider_override,
 )
 from utils.quota import check_tokens_available, get_available_quotas
 from utils.responses import (
@@ -124,13 +123,14 @@ async def query_endpoint_handler(
     """
     check_configuration_loaded(configuration)
 
-    started_at = datetime.datetime.now(datetime.timezone.utc).strftime(
-        "%Y-%m-%dT%H:%M:%SZ"
-    )
+    started_at = datetime.now(UTC).strftime("%Y-%m-%dT%H:%M:%SZ")
     user_id, _, _skip_userid_check, token = auth
     # Check token availability
     check_tokens_available(configuration.quota_limiters, user_id)
 
+    # Enforce RBAC: optionally disallow overriding model/provider in requests
+    validate_model_provider_override(query_request, request.state.authorized_actions)
+
     # Validate attachments if provided
     if query_request.attachments:
         validate_attachments_metadata(query_request.attachments)

src/app/endpoints/streaming_query.py

@@ -226,6 +226,12 @@ async def streaming_query_endpoint_handler(  # pylint: disable=too-many-locals
         doc_ids_from_chunks=doc_ids_from_chunks,
     )
 
+    response_media_type = (
+        MEDIA_TYPE_TEXT
+        if query_request.media_type == MEDIA_TYPE_TEXT
+        else MEDIA_TYPE_EVENT_STREAM
+    )
+
     return StreamingResponse(
         generate_response(
             generator=generator,

src/app/main.py

@@ -74,12 +74,6 @@ async def lifespan(_app: FastAPI) -> AsyncIterator[None]:
         )
         raise
 
-    # try:
-    #     await client.vector_stores.delete(vector_store_id="portal-rag")
-    #     logger.info("Successfully deregistered vector store: portal-rag")
-    # except Exception as e:
-    #     logger.warning("Failed to deregister vector store 'portal-rag': %s", e)
-
     logger.info("Registering MCP servers")
     await register_mcp_servers_async(logger, configuration.configuration)
     get_logger("app.endpoints.handlers")

src/authentication/rh_identity.py

@@ -11,7 +11,8 @@
 
 from fastapi import HTTPException, Request
 
-from authentication.interface import AuthInterface, AuthTuple
+from authentication.interface import NO_AUTH_TUPLE, AuthInterface, AuthTuple
+from configuration import configuration
 from constants import DEFAULT_VIRTUAL_PATH, NO_USER_TOKEN
 
 logger = logging.getLogger(__name__)
@@ -215,6 +216,10 @@ async def __call__(self, request: Request) -> AuthTuple:
         # Extract header
         identity_header = request.headers.get("x-rh-identity")
         if not identity_header:
+            # Skip auth for health probes when configured
+            if request.url.path.endswith(("/readiness", "/liveness")):
+                if configuration.authentication_configuration.skip_for_health_probes:
+                    return NO_AUTH_TUPLE
             logger.warning("Missing x-rh-identity header")
             raise HTTPException(status_code=401, detail="Missing x-rh-identity header")
 

src/models/responses.py

@@ -8,6 +8,7 @@
 from pydantic import BaseModel, Field
 from pydantic_core import SchemaError
 
+from constants import MEDIA_TYPE_EVENT_STREAM
 from models.config import Action, Configuration
 from quota.quota_exceed_error import QuotaExceedError
 from utils.types import RAGChunk, ReferencedDocument, ToolCallSummary, ToolResultSummary
@@ -485,8 +486,8 @@ def openapi_response(cls) -> dict[str, Any]:
             raise SchemaError(f"Examples not found in {cls.__name__}")
         example_value = model_examples[0]
         content = {
-            "text/event-stream": {
-                "schema": {"type": "string", "format": "text/event-stream"},
+            MEDIA_TYPE_EVENT_STREAM: {
+                "schema": {"type": "string", "format": MEDIA_TYPE_EVENT_STREAM},
                 "example": example_value,
             }
         }

tests/benchmarks/test_app_database.py

@@ -8,9 +8,11 @@
 from pytest_benchmark.fixture import BenchmarkFixture
 from datetime import UTC, datetime
 
+import psycopg2
+
 from app import database
 from app.database import get_session
-from configuration import configuration
+from configuration import configuration, AppConfig
 from utils.suid import get_suid
 from models.database.conversations import UserConversation
 
@@ -20,8 +22,8 @@
 LARGE_DB_RECORDS_COUNT = 10000
 
 
-@pytest.fixture(name="configuration_filename")
-def configuration_filename_fixture() -> str:
+@pytest.fixture(name="configuration_filename_sqlite")
+def configuration_filename_sqlite_fixture() -> str:
     """Retrieve configuration file name to be used by benchmarks.
 
     Parameters:
@@ -33,8 +35,21 @@ def configuration_filename_fixture() -> str:
     return "tests/configuration/benchmarks-sqlite.yaml"
 
 
+@pytest.fixture(name="configuration_filename_postgres")
+def configuration_filename_postgres_fixture() -> str:
+    """Retrieve configuration file name to be used by benchmarks.
+
+    Parameters:
+        None
+
+    Returns:
+        str: Path to the benchmark configuration file to load.
+    """
+    return "tests/configuration/benchmarks-postgres.yaml"
+
+
 @pytest.fixture(name="sqlite_database")
-def sqlite_database_fixture(configuration_filename: str, tmp_path: Path) -> None:
+def sqlite_database_fixture(configuration_filename_sqlite: str, tmp_path: Path) -> None:
     """Initialize a temporary SQLite database for benchmarking.
 
     This fixture:
@@ -44,14 +59,14 @@ def sqlite_database_fixture(configuration_filename: str, tmp_path: Path) -> None
     - Initializes the DB engine and creates required tables.
 
     Parameters:
-        configuration_filename (str): Path to the YAML configuration file to load.
+        configuration_filename_sqlite (str): Path to the YAML configuration file to load.
         tmp_path (Path): pytest-provided temporary directory for creating the DB file.
 
     Raises:
         AssertionError: If the configuration does not include an sqlite configuration.
     """
     # try to load the configuration containing SQLite database setup
-    configuration.load_configuration(configuration_filename)
+    configuration.load_configuration(configuration_filename_sqlite)
     assert configuration.database_configuration.sqlite is not None
 
     # we need to start each benchmark with empty database
@@ -62,6 +77,62 @@ def sqlite_database_fixture(configuration_filename: str, tmp_path: Path) -> None
     database.create_tables()
 
 
+def drop_postgres_tables(configuration: AppConfig) -> None:
+    """Drop postgres tables used by benchmarks.
+
+    The tables will be re-created so every benchmark start with fresh DB.
+    """
+
+    pgconfig = configuration.database_configuration.postgres
+    assert pgconfig is not None
+
+    # try to connect to Postgres
+    conn = psycopg2.connect(
+        database=pgconfig.db,
+        user=pgconfig.user,
+        password=pgconfig.password.get_secret_value(),
+        host=pgconfig.host,
+        port=pgconfig.port,
+    )
+
+    # try to drop tables used by benchmarks
+    try:
+        with conn.cursor() as cursor:
+            cursor.execute("DROP TABLE IF EXISTS user_turn;")
+            cursor.execute("DROP TABLE IF EXISTS user_conversation;")
+        conn.commit()
+    finally:
+        # closing the connection
+        conn.close()
+
+
+@pytest.fixture(name="postgres_database")
+def postgres_database_fixture(configuration_filename_postgres: str) -> None:
+    """Initialize a temporary postgres database for benchmarking.
+
+    This fixture:
+    - Loads the provided configuration file.
+    - Ensures an Postgres configuration is present.
+    - Initializes the DB engine and creates required tables.
+
+    Parameters:
+        configuration_filename_postgres (str): Path to the YAML configuration file to load.
+
+    Raises:
+        AssertionError: If the configuration does not include an postgres configuration.
+    """
+    # try to load the configuration containing postgres database setup
+    configuration.load_configuration(configuration_filename_postgres)
+    assert configuration.database_configuration.postgres is not None
+
+    # make sure all tables will be re-initialized
+    drop_postgres_tables(configuration)
+
+    # initialize database session and create tables
+    database.initialize_database()
+    database.create_tables()
+
+
 def generate_provider() -> str:
     """Return a randomly chosen provider name.
 

tests/configuration/benchmarks-postgres.yaml

@@ -0,0 +1,47 @@
+name: Lightspeed Core Service (LCS)
+service:
+  host: 0.0.0.0
+  port: 8080
+  base_url: http://localhost:8080
+  auth_enabled: false
+  workers: 1
+  color_log: true
+  access_log: true
+llama_stack:
+  # Uses a remote llama-stack service
+  # The instance would have already been started with a llama-stack-run.yaml file
+  use_as_library_client: false
+  # Alternative for "as library use"
+  # use_as_library_client: true
+  # library_client_config_path: <path-to-llama-stack-run.yaml-file>
+  url: http://llama-stack:8321
+  api_key: xyzzy
+user_data_collection:
+  feedback_enabled: true
+  feedback_storage: "/tmp/data/feedback"
+  transcripts_enabled: true
+  transcripts_storage: "/tmp/data/transcripts"
+
+database:
+  postgres:
+    host: 127.0.0.1
+    db: test
+    user: tester
+    password: 123qwe
+    ssl_mode: disable
+    gss_encmode: disable
+
+# Conversation cache for storing Q&A history
+conversation_cache:
+  type: "sqlite"
+  sqlite:
+    db_path: "/tmp/benchmarks-conversation-cache.db"  # Persistent across requests, can be deleted between test runs
+ #       host="localhost",
+ #       port=5432,
+ #       db="test",
+ #       user="testur",
+ #       password="123qwe",
+ #       namespace="public",
+
+authentication:
+  module: "noop"