Skip to content

Add cert_content and key_content parameters to Vespa class for direct certificate content #1119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Add cert_content and key_content parameters to Vespa class for direct certificate content #1119

wants to merge 3 commits into from
+507 −5

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Sep 16, 2025
edited
Loading

This PR adds support for providing certificate and key content directly as strings to the Vespa class constructor, eliminating the need to write certificates to temporary files when they are stored in environment variables or retrieved from secret management systems.

Changes

New Parameters

  • cert_content: Optional[str] - Content of the data plane certificate as a string
  • key_content: Optional[str] - Content of the data plane key as a string

Key Features

  • Mutual exclusivity validation: cert/cert_content and key/key_content are mutually exclusive
  • Automatic temporary file handling: When content parameters are used, temporary files are created automatically and cleaned up when context managers exit
  • Full backward compatibility: Existing cert and key file path parameters continue to work unchanged
  • Support for both sync and async: Works with both VespaSync and VespaAsync classes

Usage Examples

# New functionality - certificate content directly from environment variables
app = Vespa(
    url="https://my-endpoint.vespa-app.cloud",
    cert_content=os.getenv('VESPA_CERT_CONTENT'),
    key_content=os.getenv('VESPA_KEY_CONTENT')
)

# Traditional file-based approach still works
app = Vespa(
    url="https://my-endpoint.vespa-app.cloud", 
    cert="/path/to/cert.pem",
    key="/path/to/key.pem"
)

# Use with context managers for automatic cleanup
with app.syncio() as sync_app:
    response = sync_app.query(body={"yql": "select * from sources *"})

async with app.asyncio() as async_app:
    response = await async_app.query(body={"yql": "select * from sources *"})

Validation

The implementation includes comprehensive validation:

  • cert_content and key_content must be provided together
  • Cannot mix file paths with content parameters
  • Clear error messages for invalid parameter combinations

Testing

  • 8 new unit tests covering parameter validation, temporary file handling, and content verification
  • 3 new integration tests demonstrating end-to-end functionality
  • Example script showing real-world usage patterns
  • All existing tests continue to pass

This enhancement is particularly useful for containerized deployments, CI/CD pipelines, and environments where certificates are managed through secret management systems rather than filesystem access.

Fixes #1118.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@Copilot Copilot AI changed the title [WIP] Accept data plane key/cert directly (not only from file) Add cert_content and key_content parameters to Vespa class for direct certificate content Sep 16, 2025
@Copilot Copilot AI requested a review from thomasht86 September 16, 2025 07:34
Copilot finished work on behalf of thomasht86 September 16, 2025 07:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasht86 thomasht86 Awaiting requested review from thomasht86

At least 1 approving review is required to merge this pull request.

Assignees

@thomasht86 thomasht86

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Accept data plane key/cert directly (not only from file)
2 participants
@Copilot @thomasht86