o ưiB@sdZddlZddlZddlZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z ddlmZddlmZGdddZGd d d Z dd e e eefd efd dZdS)zs This file contains the PrismaWrapper class, which is used to wrap the Prisma client and handle the RDS IAM token. N)datetime timedelta)AnyOptionalUnion)verbose_proxy_logger) str_to_boolc@seZdZdZdZdZdedefddZde e d e e fd d Z d e e d e e fd dZ d efddZde e d efddZd e e fddZ d&de de efddZd'ddZd'ddZd'dd Zd'd!d"Zd#e fd$d%ZdS)( PrismaWrappera Wrapper around Prisma client that handles RDS IAM token authentication. When iam_token_db_auth is enabled, this wrapper: 1. Proactively refreshes IAM tokens before they expire (background task) 2. Falls back to synchronous refresh if a token is found expired 3. Uses proper locking to prevent race conditions during reconnection RDS IAM tokens are valid for 15 minutes. This wrapper refreshes them 3 minutes before expiration to ensure uninterrupted database connectivity. iXoriginal_prismaiam_token_db_authcCs&||_||_d|_t|_d|_dSN)_original_prismar _token_refresh_taskasyncioLock_reconnection_lock_last_refresh_time)selfr r rU/home/app/Keep/.python/lib/python3.10/site-packages/litellm/proxy/db/prisma_client.py__init__'s   zPrismaWrapper.__init__db_urlreturncCsJ|durdSztj|}|jrtj|jWSWdSty$YdSw)aX Extract the token (password) from the DATABASE_URL. The token contains the AWS signature with X-Amz-Date and X-Amz-Expires parameters. Important: We must parse the URL while it's still encoded to preserve structure, then decode the password portion. Otherwise the '?' in the token breaks URL parsing. N)urllibparseurlparsepasswordunquote Exception)rrparsedrrr_extract_token_from_db_url0s   z(PrismaWrapper._extract_token_from_db_urltokenc Cs|durdSz@d|vrWdS|ddd}tj|}|ddgd}|ddgd}|r2|s5WdSt|d}t|}|t|dWSt ya}zt d |WYd}~dSd}~ww) z Parse the token to extract its expiration time. Returns the datetime when the token expires, or None if parsing fails. N?z X-Amz-Expiresrz X-Amz-Datez%Y%m%dT%H%M%SZsecondsz"Failed to parse token expiration: ) splitrrparse_qsgetrstrptimeintrrrdebug) rr"Z query_stringparamsZ expires_strZdate_strZ token_createdZ expires_inerrr_parse_token_expirationEs&  z%PrismaWrapper._parse_token_expirationcCsntd}||}||}|dur td|jd|jS|t|jd}t }|| }t d|S)a Calculate exactly how many seconds until we need to refresh the token. Uses precise timing: sleeps until (token_expiration - buffer_seconds). For a 15-minute (900s) token with 180s buffer, this returns ~720s (12 min). Returns: Number of seconds to sleep before the next refresh. Returns 0 if token should be refreshed immediately. Returns FALLBACK_REFRESH_INTERVAL_SECONDS if parsing fails. DATABASE_URLNz=Could not parse token expiration, using fallback interval of sr%r) osgetenvr!r/rr,!FALLBACK_REFRESH_INTERVAL_SECONDSrTOKEN_REFRESH_BUFFER_SECONDSrutcnow total_secondsmax)rrr"expiration_timeZ refresh_atnowZseconds_until_refreshrrr _calculate_seconds_until_refreshds    z.PrismaWrapper._calculate_seconds_until_refresh token_urlcCsB|durdS||}||}|durtddSt|kS)z/Check if the token in the given URL is expired.NTz5Could not parse token expiration, treating as expired)r!r/rr,rr6)rr<r"r9rrris_token_expireds   zPrismaWrapper.is_token_expiredc Cs|jrJddlm}td}td}td}td}td}||||d}d |d |d |d |d | }|rC|d |7}|tjd<|SdS)z5Generate a new RDS IAM token and update DATABASE_URL.r)generate_iam_auth_tokenZ DATABASE_HOSTZ DATABASE_PORTZ DATABASE_USERZ DATABASE_NAMEZDATABASE_SCHEMA)db_hostdb_portdb_userz postgresql://:@/z?schema=r0N)r Z litellm.proxy.auth.rds_iam_tokenr>r2r3environ) rr>r?r@rAZdb_nameZ db_schemar"Z_db_urlrrrget_rds_iam_tokens       " zPrismaWrapper.get_rds_iam_tokenN new_db_url http_clientc sddlm}z |jIdHWnty+}ztd|WYd}~nd}~ww|dur7||d|_n||_|jIdHdS)zCDisconnect and reconnect the Prisma client with a new database URL.r)PrismaNz$Failed to disconnect Prisma client: )http)prismarIrZ disconnectrrwarningconnect)rrGrHrIr.rrrrecreate_prisma_clients z$PrismaWrapper.recreate_prisma_clientcsL|js tddS|jdurtddSt||_tddS)a Start the background token refresh task. This task proactively refreshes RDS IAM tokens before they expire, preventing connection failures. Should be called after the initial Prisma client connection is established. z7IAM token auth not enabled, skipping token refresh taskNz"Token refresh task already runningz7Started RDS IAM token proactive refresh background task)r rr,rr create_task_token_refresh_loopinforrrrstart_token_refresh_tasks  z&PrismaWrapper.start_token_refresh_taskcsT|jdurdS|jz|jIdHWn tjyYnwd|_tddS)z Stop the background token refresh task gracefully. Should be called during application shutdown to clean up resources. Nz-Stopped RDS IAM token refresh background task)rcancelrCancelledErrorrrQrRrrrstop_token_refresh_tasks  z%PrismaWrapper.stop_token_refresh_taskc s td|jd z.|}|dkr-td|dd|dd d t|Id Htd |Id HWnJtjyJtd Yd Sty}z/t d|d|j dz t|j Id HWntjyyYWYd }~d SwWYd }~nd }~wwq )aU Background loop that proactively refreshes RDS IAM tokens before expiration. Uses precise timing: calculates the exact sleep duration until the token needs to be refreshed (expiration - 3 minute buffer), then refreshes. This is more efficient than polling, requiring only 1 wake-up per token cycle. z=RDS IAM token refresh loop started. Tokens will be refreshed zs before expiration.Trz#RDS IAM token refresh scheduled in z.0fz seconds (<z.1fz minutes)Nz'Proactively refreshing RDS IAM token...z$RDS IAM token refresh loop cancelledz%Error in RDS IAM token refresh loop: z. Retrying in zs...) rrQr5r;rsleep_safe_refresh_tokenrUrerrorr4)rZ sleep_secondsr.rrrrPsH    z!PrismaWrapper._token_refresh_loopc s|j4IdH5|}|r"||IdHt|_tdntdWdIdHdSWdIdHdS1IdHsCwYdS)z Refresh the RDS IAM token with proper locking to prevent race conditions. Uses an asyncio lock to ensure only one refresh operation happens at a time, preventing multiple concurrent reconnection attempts. NzFRDS IAM token refreshed successfully. New token valid for ~15 minutes.z=Failed to generate new RDS IAM token during proactive refresh) rrFrNrr6rrrQrZ)rrGrrrrYs .z!PrismaWrapper._safe_refresh_tokennamec Cst|j|}|jrftd}||rftd|}|rbt }| rRt | ||}z |jddtdWntyQ}z td|d}~wwt | |t|j|}|Std|S) a Proxy attribute access to the underlying Prisma client. If IAM token auth is enabled and the token is expired, this method provides a synchronous fallback to refresh the token. However, this should rarely be needed since the background task proactively refreshes tokens before they expire. FIXED: Now properly waits for reconnection to complete before returning, instead of the previous fire-and-forget pattern that caused the bug. r0ztRDS IAM token expired in __getattr__ - proactive refresh may have failed. Triggering synchronous fallback refresh...)timeoutz0Synchronous token refresh completed successfullyz'Failed to refresh token synchronously: NzFailed to get RDS IAM token)getattrrr r2r3r=rrLrFrget_event_loop is_runningrun_coroutine_threadsaferNresultrQrrZrun ValueError)rr[Z original_attrrrGloopfuturer.rrr __getattr__)s>      zPrismaWrapper.__getattr__r )rN)__name__ __module__ __qualname____doc__r5r4rboolrrstrr!rr/floatr;r=rFrNrSrVrPrYrgrrrrr s* $    +r c@s6eZdZedefddZed dedefddZdS) PrismaManagerrcCs$tjt}tjtj|}|S)z(Get the path to the migrations directory)r2pathabspath__file__dirname)rqdnamerrr_get_prisma_dirbs zPrismaManager._get_prisma_dirF use_migratec CstdD]}t}t}t|zzV|rWzddlm}Wn$tyC}zt d|dWYd}~WWt|dSd}~wwt}|j |dWWt|St j gd d d d WWt|d St jyt d |ddttddYn7t jy}z*d|}|dkrd|dnd}t d|d|ttddWYd}~nd}~wwWt|qt|wdS)z Set up the database using either prisma migrate or prisma db push Returns: bool: True if setup was successful, False otherwise r)ProxyExtrasDBManagerz3LiteLLM: Failed to import proxy extras. Got zNF)rv)rKdbpushz--accept-data-lossrWT)r]checkzAttempt r$z timed outz Retrying... (z attempts left)z(The process failed to execute. Details: .)ranger2getcwdroruchdirZlitellm_proxy_extras.utilsrx ImportErrorrrZsetup_database subprocessrcTimeoutExpiredrLtimerXrandom randrangeCalledProcessError)rvattemptZ original_dirZ prisma_dirrxr.Z attempts_leftZ retry_msgrrrrisX     zPrismaManager.setup_databaseN)F)rhrirj staticmethodrmrurlrrrrrroas rodisable_updatesrcCs0|dur tdd}t|trt|}t| S)ao Determines if Prisma Schema updates should be applied during startup. Args: disable_updates: Controls whether schema updates are disabled. Accepts boolean or string ('true'/'false'). Defaults to checking DISABLE_SCHEMA_UPDATE env var. Returns: bool: True if schema updates should be applied, False if updates are disabled. Examples: >>> should_update_prisma_schema() # Checks DISABLE_SCHEMA_UPDATE env var >>> should_update_prisma_schema(True) # Explicitly disable updates >>> should_update_prisma_schema("false") # Enable updates using string NZDISABLE_SCHEMA_UPDATEfalse)r2r3 isinstancermrrl)rrrrshould_update_prisma_schemas    rr )rkrr2rrrr urllib.parserrtypingrrrZlitellm._loggingrZlitellm.secret_managers.mainrr rorlrmrrrrrs,  P>