Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(backend): GitHub token should be a SecretStr #6494

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(backend): GitHub token should be a SecretStr #6494

wants to merge 1 commit into from
+51 −11

Conversation

amanape
Copy link
Member

@amanape amanape commented Jan 28, 2025
edited by github-actions bot
Loading

End-user friendly description of the problem this fixes or functionality that this introduces
Instead of simply being type str, it should be SecretStr like the llm_api_key

  • Include this change in the Release Notes. If checked, you must provide an end-user friendly description for your change below

Give a summary of what the PR does, explaining any non-trivial design decisions

  • GitHub token in type SecretStr
  • Rename / introduce setting model variants: GETSettingsModel and POSTSettingsModel

Link of any specific issues this addresses

To run this PR locally, use the following command:

docker run -it --rm   -p 3000:3000   -v /var/run/docker.sock:/var/run/docker.sock   --add-host host.docker.internal:host-gateway   -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:29ba709-nikolaik   --name openhands-app-29ba709   docker.all-hands.dev/all-hands-ai/openhands:29ba709

@amanape amanape requested review from enyst and tofarr January 28, 2025 14:54
enyst
enyst reviewed Jan 28, 2025
View reviewed changes
openhands/server/routes/settings.py
filtered_settings_data['llm_api_key'] = settings_with_token_data.llm_api_key
filtered_settings_data['github_token'] = SecretStr(
settings_with_token_data.github_token
)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was llm_api_key converted too?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I've had to do this here since this was the first instance where we receive and use github_token but need it to be a SecretStr. I think llm_api_key is secret-ed via the serializer but I'm not certain. If it is, then maybe I can do the same with the github_token but I encountered a bunch of issues when I tried.

I'll wait for @tofarr to confirm

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

llm_api_key was previously converted to a secret str - but github token was added as a regular str after this was done and needed the same conversion.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I don't think the secret key conversion is strictly needed for either here - since the constructor for Settings will do the conversion if needed

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

from openhands.server.settings import Settings
Settings(llm_api_key='foobar')

>>> Settings(language=None, agent=None, max_iterations=None, security_analyzer=None, confirmation_mode=None, llm_model=None, llm_api_key=SecretStr('**********'), llm_base_url=None, remote_runtime_resource_factor=None, github_token=None, enable_default_condenser=False)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

    filtered_settings_data['github_token'] = settings_with_token_data.github_token

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make a unit test with both, to see it works as expected?

enyst
enyst approved these changes Jan 28, 2025
View reviewed changes
Copy link
Collaborator

@enyst enyst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Just a couple little questions

@amanape amanape self-assigned this Jan 28, 2025
tofarr
tofarr requested changes Jan 30, 2025
View reviewed changes
Copy link
Collaborator

@tofarr tofarr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - the only nit I have is that we don't need that explicit conversion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enyst enyst enyst approved these changes

@tofarr tofarr tofarr requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@amanape amanape

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@amanape @enyst @tofarr