Vertex-ai providers with application_default_credentials.json #1312
Comments
|
Hey there! Unfortunately this isn't currently supported but this is something we're actively working on, see #1328. We're expecting it to land on Monday. |
github-merge-queue bot
pushed a commit
that referenced
this issue
Jan 18, 2025
Implement support for GCP application default credentials and everything else that the `gcp_auth` crate supports. Also make `BAML_LOG=debug` useful for customers debugging the GCP auth decision graph. In theory I could probably fork `gcp_auth` and make it work in wasm (the compile errors suggest to me that the underlying rand/ring implementations just need to get swapped out for wasm-compatible ones to make it work) but it was more time-bounded to just reuse the existing implementation. (We should strongly look into using `gcp_auth`, though, or at least upgrading to using the `oauth2` crate to handle the exchange.) Tested on cloud run:  Tested with `gcloud auth application-default login`: <img width="924" alt="image" src="https://github.com/user-attachments/assets/a08abb81-fba5-43e9-b5b0-d939fbac8b9a" /> Tested with `gcloud auth print-access-token` fallback: <img width="928" alt="image" src="https://github.com/user-attachments/assets/e9c85ae7-ffc6-4d42-be48-b2d15095e112" /> Fixes #1312 <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Implement GCP authentication chain for Vertex AI clients using `gcp_auth` crate, update documentation, and modify build/test scripts. > > - **Authentication**: > - Implement GCP authentication chain for Vertex AI clients using `gcp_auth` crate in `vertex.rs`. > - Introduce `UnresolvedGcpAuthStrategy` and `ResolvedGcpAuthStrategy` enums for handling different auth strategies. > - Add `VertexAuth` struct in `std_auth.rs` and `wasm_auth.rs` for standard and WASM environments. > - **Documentation**: > - Update `vertex.mdx` to include new authentication strategies and examples. > - **Build and Test**: > - Update `tools/build` to include new test paths and commands for Vertex AI. > - Modify `.github/workflows/build-python-release.reusable.yaml` to track new branches. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=BoundaryML%2Fbaml&utm_source=github&utm_medium=referral)<sup> for 7674f18. It will automatically update as commits are pushed.</sup> <!-- ELLIPSIS_HIDDEN -->
|
Release is planned for Monday! Will close when it goes out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Service account keys could pose a security risk if compromised. GCP recommend you avoid downloading service account keys.
Instead of using a service account key to run these tools, let them use your credentials by running gcloud auth login (for gcloud and gsutil) or
gcloud auth application-default loginCurrently, when giving the content of
application_default_credentials.jsonI am unable of creating an ai-plateform request using baml.[2025-01-11T01:15:12Z ERROR baml_runtime::tracing] Failed to create clients from client_registry Traceback (most recent call last): ^^^^^^^^^^^^^^^^^^^ File "/home/test/baml_client/sync_client.py", line 62, in ImageDescription raw = self.__runtime.call_function_sync( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ baml_py.BamlError: Failed to create clients from client_registry Caused by: 0: Failed to parse client: VertexAI 1: Failed to parse service account JSON 2: missing field `token_uri` at line 8 column 1Is there a way to make a request while being authenticated with the CLI instead of a Service account keys?
The text was updated successfully, but these errors were encountered: