Fetches an API key from the database and verifies it. Args: api_key_id: The API key ID. key_to_verify: Optional API key value to verify against the API key. Returns: The fetched API key. Raises: CredentialsNotValid: If the API key could not be found, is
(
api_key_id: UUID, key_to_verify: Optional[str] = None
)
| 101 | |
| 102 | |
| 103 | def _fetch_and_verify_api_key( |
| 104 | api_key_id: UUID, key_to_verify: Optional[str] = None |
| 105 | ) -> APIKeyInternalResponse: |
| 106 | """Fetches an API key from the database and verifies it. |
| 107 | |
| 108 | Args: |
| 109 | api_key_id: The API key ID. |
| 110 | key_to_verify: Optional API key value to verify against the API key. |
| 111 | |
| 112 | Returns: |
| 113 | The fetched API key. |
| 114 | |
| 115 | Raises: |
| 116 | CredentialsNotValid: If the API key could not be found, is not |
| 117 | active, if it could not be verified against the supplied key value |
| 118 | or if the associated service account is not active or is an |
| 119 | external service account. |
| 120 | """ |
| 121 | store = zen_store() |
| 122 | |
| 123 | try: |
| 124 | api_key = zen_store().get_internal_api_key(api_key_id) |
| 125 | except KeyError: |
| 126 | error = f"Authentication error: error retrieving API key {api_key_id}" |
| 127 | logger.error(error) |
| 128 | raise CredentialsNotValid(error) |
| 129 | |
| 130 | if not api_key.service_account.active: |
| 131 | error = ( |
| 132 | f"Authentication error: service account " |
| 133 | f"{api_key.service_account.name} " |
| 134 | f"associated with API key {api_key.name} is not active" |
| 135 | ) |
| 136 | logger.exception(error) |
| 137 | raise CredentialsNotValid(error) |
| 138 | |
| 139 | if api_key.service_account.external_user_id: |
| 140 | error = ( |
| 141 | "Authentication error: cannot use an API key associated with an " |
| 142 | "external service account to authenticate to the ZenML server" |
| 143 | ) |
| 144 | logger.exception(error) |
| 145 | raise CredentialsNotValid(error) |
| 146 | |
| 147 | if not api_key.active: |
| 148 | error = ( |
| 149 | f"Authentication error: API key " |
| 150 | f"{api_key.name} " |
| 151 | f"associated with service account " |
| 152 | f"{api_key.service_account.name} is not active" |
| 153 | ) |
| 154 | logger.error(error) |
| 155 | raise CredentialsNotValid(error) |
| 156 | |
| 157 | if key_to_verify is not None and not api_key.verify_key(key_to_verify): |
| 158 | error = ( |
| 159 | f"Authentication error: could not verify key value for API key " |
| 160 | f"{api_key.name}" |
no test coverage detected