o ưi8@s^dZddlZddlZddlmZmZmZmZmZddl m Z Gddde Z GdddZ dS) a Databricks integration utilities for LiteLLM. This module provides authentication, telemetry, and security utilities for the Databricks LLM provider integration. Authentication priority: 1. OAuth M2M (DATABRICKS_CLIENT_ID + DATABRICKS_CLIENT_SECRET) - Recommended for production 2. PAT (DATABRICKS_API_KEY) - Supported for development 3. Databricks SDK automatic auth - Fallback (uses unified auth) N)AnyDictLiteralOptionalTuple)BaseLLMExceptionc@s eZdZdS)DatabricksExceptionN)__name__ __module__ __qualname__r r [/home/app/Keep/.python/lib/python3.10/site-packages/litellm/llms/databricks/common_utils.pyrsrc@steZdZdZedejdfedejdfedejdfedejdfedejdfed ejdfgZed e d e fd d Z ede e e fd e e e ffddZ ed$dee d e fddZdee d e fddZde de de d e fddZdee dee deed ee effddZ d$dee dee ded d!eedeedee d ee effd"d#ZdS)%DatabricksBasezk Base class for Databricks integration with authentication, telemetry, and security utilities. z(Bearer\s+)[A-Za-z0-9\-_\.]+z \1[REDACTED]z(Authorization:\s*)[^\s,}]+z (api[_-]?key["\s:=]+)[^\s,}"\']+z&(client[_-]?secret["\s:=]+)[^\s,}"\']+z(dapi[a-zA-Z0-9]{32,})z[REDACTED_PAT]z%(access[_-]?token["\s:=]+)[^\s,}"\']+datareturncs|durdSt|tr|}jD] \}}|||}q|St|trJi}|D]\}}|tfdddDr@d||<q(|||<q(|St|t rXfdd|DS|S)a Redact sensitive information (tokens, secrets) from data before logging. Handles strings, dicts, and lists recursively. Keys containing sensitive terms (authorization, api_key, token, secret, password, credential) are fully redacted. Args: data: String, dict, or other data structure to redact Returns: Redacted version of the data safe for logging Nc3s|]}|vVqdSNr ).0Z sensitive) lower_keyr r Ms  z7DatabricksBase.redact_sensitive_data..) authorizationapi_keyZapikeytokensecretpasswordZ credential [REDACTED]csg|]}|qSr )redact_sensitive_data)ritem)clsr r _sz8DatabricksBase.redact_sensitive_data..) isinstancestrSENSITIVE_PATTERNSsubdictitemsloweranyrlist)rrresultpattern replacementredactedkeyvaluer )rrr r1s(     z$DatabricksBase.redact_sensitive_dataheaderscCsl|siSi}hd}|D]%\}}||vr/t|dkr*|ddd||<qd||<q|||<q|S)aR Create a copy of headers with sensitive values redacted for safe logging. Shows first 8 characters of sensitive values for debugging purposes, with the rest redacted. Args: headers: HTTP headers dictionary Returns: New dictionary with sensitive headers redacted >zx-databricks-tokenz x-api-keyrzapi-key Nz ...[REDACTED]r)r$r%len)rr.r+Zsensitive_headersr,r-r r r redact_headers_for_loggingcs    z)DatabricksBase.redact_headers_for_loggingNcustom_user_agentcCszddlm}Wn tyd}Ynw|r?|}d|vr(|dd}n|}|r?|ddddr?|d|Sd |S) a' Build the User-Agent string for Databricks API calls. If a custom user agent is provided, the partner name (part before /) is extracted and prefixed to the litellm user agent with an underscore. The custom version is ignored; LiteLLM's version is always used. Args: custom_user_agent: Optional custom user agent string (e.g., "mycompany/1.0.0") Returns: User-Agent string in format: - Default: "litellm/{version}" - With custom: "{partner}_litellm/{version}" Examples: - None -> "litellm/1.79.1" - "mycompany/1.0.0" -> "mycompany_litellm/1.79.1" - "partner_product/2.0.0" -> "partner_product_litellm/1.79.1" - "acme" -> "acme_litellm/1.79.1" r)versionz0.0.0/_-z _litellm/zlitellm/)Zlitellm._versionr4 Exceptionstripsplitreplaceisalnum)r3r4Z partner_namer r r _build_user_agents   z DatabricksBase._build_user_agentapi_basecCsN|dur%zddlm}|}|jjd}|WSty$tdddw|S)zx Get the Databricks API base URL. If not provided, attempts to get it from the Databricks SDK. Nr)WorkspaceClient/serving-endpointsz~Either set the DATABRICKS_API_BASE and DATABRICKS_API_KEY environment variables, or install the databricks-sdk Python library. status_codemessage)databricks.sdkr@confighost ImportErrorr)selfr?r@databricks_clientr r r _get_api_bases  zDatabricksBase._get_api_base client_id client_secretc Csddl}|d}d|vr|dd}|d}z|j|ddd ||fd d id d }Wn|jyC}z tddt|dd}~ww|jdkrTt|jd|jd| } | dS)a Obtain an OAuth M2M access token using client credentials flow. This is the recommended authentication method for production integrations per Databricks Partner requirements. Args: api_base: Databricks workspace URL client_id: OAuth client ID (Service Principal application ID) client_secret: OAuth client secret Returns: Access token string Raises: DatabricksException: If token request fails rNr5rAr7z/oidc/v1/tokenZclient_credentialszall-apis)Z grant_typescope Content-Typez!application/x-www-form-urlencoded)rauthr.timeoutiz OAuth M2M token request failed: rC access_token) requestsrstripr<postRequestExceptionrr rDtextjson) rJr?rMrNrVZ workspace_urlZ token_urlresponseeZ token_datar r r _get_oauth_m2m_tokens:        z#DatabricksBase._get_oauth_m2m_tokenrcCs|pddi}z-ddlm}m}|d|}|p|jjd}|dur/|j}i||}||fWSty@tdd d w) a Get Databricks credentials using the Databricks SDK. Also registers LiteLLM as a partner for proper telemetry attribution in Databricks system.access.audit table. Args: api_key: Optional API key (PAT) api_base: Optional API base URL headers: Optional existing headers Returns: Tuple of (api_base, headers) rPapplication/jsonr)r@ useragentZlitellmrANrBa If the Databricks base URL and API key are not set, the databricks-sdk Python library must be installed. Please install the databricks-sdk, set {LLM_PROVIDER}_API_BASE and {LLM_PROVIDER}_API_KEY environment variables, or provide the base URL and API key as arguments.rC) rFr@r`Z with_partnerrGrHZ authenticaterIr)rJrr?r.r@r`rKZdatabricks_auth_headersr r r _get_databricks_credentialss"     z*DatabricksBase._get_databricks_credentials endpoint_type)chat_completions embeddingscustom_endpointc Csddlm}td}td} |durtd}|r;| r;|r;|d|||| } |p.i}d| |d <d |d <n|durZ|sZ|d urKtd dd|d|j|||d\}}|durp|rftd dd|j|||d\}}|dur}d|d d}n|dur| d d|i|durd||d <| ||d<|d| ||dkr|d urd|}||fS|dkr|d urd|}||fS)a! Validate and configure the Databricks environment. Authentication priority: 1. OAuth M2M (DATABRICKS_CLIENT_ID + DATABRICKS_CLIENT_SECRET) - Recommended 2. PAT (DATABRICKS_API_KEY) - Supported for development 3. Databricks SDK automatic auth - Fallback (uses unified auth) Args: api_key: Personal access token (PAT) api_base: Databricks workspace URL with /serving-endpoints endpoint_type: Type of endpoint (chat_completions or embeddings) custom_endpoint: Whether using a custom endpoint URL headers: Existing headers dict custom_user_agent: Optional custom user agent to prefix Returns: Tuple of (api_base, headers) with authentication configured r)verbose_loggerZDATABRICKS_CLIENT_IDZDATABRICKS_CLIENT_SECRETNZDATABRICKS_API_BASEz-Using OAuth M2M authentication for DatabrickszBearer Authorizationr_rPTrBzMissing API Key - A call is being made to LLM Provider but no key is set either in the environment variables ({LLM_PROVIDER}_API_KEY) or via paramsrCz'Using Databricks SDK for authentication)r?rr.zMissing API Base - A call is being made to LLM Provider but no api base is set either in the environment variables ({LLM_PROVIDER}_API_KEY) or via paramsz Bearer {})rgrPz User-AgentzDatabricks request headers: rcz{}/chat/completionsrdz {}/embeddings) Zlitellm._loggingrfosgetenvdebugr^rraformatupdater>r2) rJrr?rbrer.r3rfrMrNrUr r r databricks_validate_environment5s`             z.DatabricksBase.databricks_validate_environmentr)r r r __doc__recompile IGNORECASEr! classmethodrrrr r2 staticmethodrr>rLr^r#rrarboolrmr r r r rsp   1$#. :  5 r) rnrhrotypingrrrrrZ)litellm.llms.base_llm.chat.transformationrrrr r r r s