pyvespa icon indicating copy to clipboard operation
pyvespa copied to clipboard
verified publisher icon vespa-engine

Add cert_content and key_content parameters to Vespa class for direct certificate content

Open Copilot opened this issue 5 months ago • 0 comments

This PR adds support for providing certificate and key content directly as strings to the Vespa class constructor, eliminating the need to write certificates to temporary files when they are stored in environment variables or retrieved from secret management systems.

Changes

New Parameters

  • cert_content: Optional[str] - Content of the data plane certificate as a string
  • key_content: Optional[str] - Content of the data plane key as a string

Key Features

  • Mutual exclusivity validation: cert/cert_content and key/key_content are mutually exclusive
  • Automatic temporary file handling: When content parameters are used, temporary files are created automatically and cleaned up when context managers exit
  • Full backward compatibility: Existing cert and key file path parameters continue to work unchanged
  • Support for both sync and async: Works with both VespaSync and VespaAsync classes

Usage Examples

# New functionality - certificate content directly from environment variables
app = Vespa(
    url="https://my-endpoint.vespa-app.cloud",
    cert_content=os.getenv('VESPA_CERT_CONTENT'),
    key_content=os.getenv('VESPA_KEY_CONTENT')
)

# Traditional file-based approach still works
app = Vespa(
    url="https://my-endpoint.vespa-app.cloud", 
    cert="/path/to/cert.pem",
    key="/path/to/key.pem"
)

# Use with context managers for automatic cleanup
with app.syncio() as sync_app:
    response = sync_app.query(body={"yql": "select * from sources *"})

async with app.asyncio() as async_app:
    response = await async_app.query(body={"yql": "select * from sources *"})

Validation

The implementation includes comprehensive validation:

  • cert_content and key_content must be provided together
  • Cannot mix file paths with content parameters
  • Clear error messages for invalid parameter combinations

Testing

  • 8 new unit tests covering parameter validation, temporary file handling, and content verification
  • 3 new integration tests demonstrating end-to-end functionality
  • Example script showing real-world usage patterns
  • All existing tests continue to pass

This enhancement is particularly useful for containerized deployments, CI/CD pipelines, and environments where certificates are managed through secret management systems rather than filesystem access.

Fixes #1118.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot avatar Sep 16 '25 07:09 Copilot