g8L dZddlZddlZddlZddlZddlZddlZddlmZmZm Z ddl m Z m Z m Z mZmZddlZddlmZmZmZmZmZmZmZddlZddlmZddlmZddldd lmZm Z m!Z!m"Z"dd l#m$Z$dd l%m&Z&dd l'm(Z(dd l)m*Z*m+Z+m,Z,m-Z-ddl.m/Z/ddl0m1Z1ddl2m3Z3m4Z4m5Z5de6fdZ7de8de e9de e:fdZ;dede e9de8dee e e9d?e e/d@e=de dAfdBZVdgiidCdddddddddddddddidddDddgiidddddddf$dEe dFdGe e9d>eWdHeJdIeJdJeXdKe eXdLe e9dMe eXdNe eXdOe eXdPe e=dQe e9dRe e9d> %&..G*CM0 r,user_api_key_dictr(ct|j(|jtjjk(ry|0||jk(s!Jdj ||j|P|j |j tk(ry|j |k(s!Jdj ||j y)zz Assert user only creates keys for themselves Relevant issue: https://github.com/BerriAI/litellm/issues/7336 TzDUser can only create keys for themselves. Got user_id={}, Your ID={}zEUser can only create keys for their own team. Got={}, Your Team ID={}) user_roleLitellmUserRoles PROXY_ADMINvaluer.formatr( UI_TEAM_IDr4r.r(s r*_is_allowed_to_create_keyr=Cs ##/  ' '+;+G+G+M+M M (00 0 Q X X &..  0   % % 1!))Z7  % % 0 R Y Y &..  0 r,assigned_user_idteam_key_generationc|,t||}|tdd|d|jt||j}|jduxr'|jt j jk(}|ry|'tdd|jd|jd|vr1|j|dvr tdd|jd |dy) N)r-r.zUser=z not assigned to team= status_codedetailTallowed_team_member_roleszTeam member role z" not in allowed_team_member_roles=) r3rr(r.r6r7r8r9role)r>r-r4r?key_assigned_user_in_teamkey_creating_user_in_teamis_admins r*&_team_key_generation_team_member_checkrJhsD #$5!+;% ! % ,/00FzGYGYFZ[  !2'8'@'@! ##4/ N  ' '+;+G+G+M+M M  " *,4455KJL^L^K_`  $':: % * *"#>? @&'@'E'E&FFhi|~YjZi[\   r,required_paramscf|y|jd}|D]}||vstdd|dy)NT exclude_unsetrAzRequired param z not in datarB) model_dumpr)r%rK data_dictparams r*$_key_generation_required_param_checkrRsPd3I   !(|< ! r,ctj&dtjvrtjd}ntddg}t|j|||t ||j dy)Nr?adminr2)rE)r>r-r4r?rKT)litellmkey_generation_settingsr$rJr.rRget)r-r4r%_team_key_generations r*_team_key_generation_checkrYs~ ''3 !W%D%D D&>>?TU8'.&9 ++0  )   !23 r,personal_key_generationc|d|vry|j|dvr1tddtjddd|jy)Nallowed_user_rolesTrAzBPersonal key creation has been restricted by admin. Allowed roles=rZz . Your role=rB)r6rrUrV)r4rZs r*_personal_key_membership_checkr]s ' '> >""*ABV*WWWX_XwXwyRYSThYiXjjvwHwRwRvST  r,ctjtjjdytjd}t||t ||jdy)NrZT)rZrK)rUrVrWr]rR)r4r%_personal_key_generations r*_personal_key_generation_checkr`sl ''/  * * . ./H I Q&>>?XY" 8 )  $$%67 r,ct|}|r=|*tjtdd|j|yt |||St ||S)z^ Check if admin has restricted key creation to certain roles for teams or individuals r)rAz1Unable to find team object in database. Team ID: rBTr-r4r%)r4r%)r+rUrVrr(rYr`)r-r4r% is_team_keys r*key_generation_checkrdsuD)K  '"A"A"MJ4<<.Y  )!/  ./d  r,z /key/generatezkey management)tags dependenciesresponse_modelzThe litellm-changed-by header enables tracking of actions performed by authorized users on behalf of other users, providing an audit trail for accountability) descriptionlitellm_changed_byc K ddlm}m}m}m}m}m}tjd|rtj|r||d{} n td| jdd} | jdd } | sttj| d} |j , t#|j |||j$ d{} t)| ||  t+||j,|j t3|j4||t6j8|D]}|\}}|0|dvr,t;||t6j8j|d:|dk(r1|gk(r,t;||t6j8j|gp|dk(sv|ik(s|t;||t6j8j|it6j<|D]}|\}}t?t6j<|d}|&|t;|||6|dvr||kDs@tdd|d|d|i |dvs\tA|}tA|}||kDsztdd|d|d|i |jB}||jDtG|jD|jHxsi}|jK|jMd}|jNjPjSi||j,xs||j,xs|dd{}t?|d d}|jUdd!}d"|vr|jWd"d|d#<|||d <d$|vr|jWd$d|d%<d&|vradd'lm}|dur+|d&&td(tXjZj\|d d&|d&i|d<n |d&|dd&<|jWd&t_|jd)d|*d{tad1d+d,i|d-d,id{}|jD|d.<tjbtejf||||/tid1i|S7'7#t&$r%} tjd | d} Yd} ~ d} ~ wwxYw#t.$r} tdt1|  d} ~ wt&$r} tdt1|  d} ~ wwxYw777#t&$r=} tjjd0jmt1| to| d} ~ wwxYww)2a Generate an API key based on the provided data. Docs: https://docs.litellm.ai/docs/proxy/virtual_keys Parameters: - duration: Optional[str] - Specify the length of time the token is valid for. You can set duration as seconds ("30s"), minutes ("30m"), hours ("30h"), days ("30d"). - key_alias: Optional[str] - User defined key alias - key: Optional[str] - User defined key value. If not set, a 16-digit unique sk-key is created for you. - team_id: Optional[str] - The team id of the key - user_id: Optional[str] - The user id of the key - budget_id: Optional[str] - The budget id associated with the key. Created by calling `/budget/new`. - models: Optional[list] - Model_name's a user is allowed to call. (if empty, key is allowed to call all models) - aliases: Optional[dict] - Any alias mappings, on top of anything in the config.yaml model list. - https://docs.litellm.ai/docs/proxy/virtual_keys#managing-auth---upgradedowngrade-models - config: Optional[dict] - any key-specific configs, overrides config in config.yaml - spend: Optional[int] - Amount spent by key. Default is 0. Will be updated by proxy whenever key is used. https://docs.litellm.ai/docs/proxy/virtual_keys#managing-auth---tracking-spend - send_invite_email: Optional[bool] - Whether to send an invite email to the user_id, with the generate key - max_budget: Optional[float] - Specify max budget for a given key. - budget_duration: Optional[str] - Budget is reset at the end of specified duration. If not set, budget is never reset. You can set duration as seconds ("30s"), minutes ("30m"), hours ("30h"), days ("30d"). - max_parallel_requests: Optional[int] - Rate limit a user based on the number of parallel requests. Raises 429 error, if user's parallel requests > x. - metadata: Optional[dict] - Metadata for key, store information for key. Example metadata = {"team": "core-infra", "app": "app2", "email": "ishaan@berri.ai" } - guardrails: Optional[List[str]] - List of active guardrails for the key - permissions: Optional[dict] - key-specific permissions. Currently just used for turning off pii masking (if connected). Example - {"pii": false} - model_max_budget: Optional[Dict[str, BudgetConfig]] - Model-specific budgets {"gpt-4": {"budget_limit": 0.0005, "time_period": "30d"}}}. IF null or {} then no model specific budget. - model_rpm_limit: Optional[dict] - key-specific model rpm limit. Example - {"text-davinci-002": 1000, "gpt-3.5-turbo": 1000}. IF null or {} then no model specific rpm limit. - model_tpm_limit: Optional[dict] - key-specific model tpm limit. Example - {"text-davinci-002": 1000, "gpt-3.5-turbo": 1000}. IF null or {} then no model specific tpm limit. - allowed_cache_controls: Optional[list] - List of allowed cache control values. Example - ["no-cache", "no-store"]. See all values - https://docs.litellm.ai/docs/proxy/caching#turn-on--off-caching-per-request - blocked: Optional[bool] - Whether the key is blocked. - rpm_limit: Optional[int] - Specify rpm limit for a given key (Requests per minute) - tpm_limit: Optional[int] - Specify tpm limit for a given key (Tokens per minute) - soft_budget: Optional[float] - Specify soft budget for a given key. Will trigger a slack alert when this soft budget is reached. - tags: Optional[List[str]] - Tags for [tracking spend](https://litellm.vercel.app/docs/proxy/enterprise#tracking-spend-for-custom-tags) and/or doing [tag-based routing](https://litellm.vercel.app/docs/proxy/tag_routing). - enforced_params: Optional[List[str]] - List of enforced params for the key (Enterprise only). [Docs](https://docs.litellm.ai/docs/proxy/enterprise#enforce-required-params-for-llm-requests) Examples: 1. Allow users to turn on/off pii masking ```bash curl --location 'http://0.0.0.0:4000/key/generate' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "permissions": {"allow_pii_controls": true} }' ``` Returns: - key: (str) The generated api key - expires: (datetime) Datetime object for when key expires. - user_id: (str) Unique user id - used for tracking spend across multiple keys for same user id. r)litellm_proxy_admin_name llm_router premium_user prisma_clientuser_api_key_cacheuser_custom_key_generatezentered /key/generateNz,user_custom_key_generate must be a coroutinedecisionTmessagez(Authentication Failed - Custom Auth RulerB)r(rnroparent_otel_spanz.Error getting team object in `/key/generate`: rbr<ii)modelsrlrm) max_budgetr.r(max_parallel_requests tpm_limit rpm_limitbudget_durationrtmetadata)rurvrwrxrAerrorz. is over max limit set in config - user_value=z ; max_value=)rydurationr|) soft_budgetmodel_max_budget) exclude_none) created_by updated_byr) budget_idrNrrukey_max_budgetrykey_budget_durationre)rmz)Only premium users can add tags to keys. key_alias)rrn request_typekey table_namer~)r%responser4rizDlitellm.proxy.proxy_server.generate_key_fn(): Exception occured - {})8litellm.proxy.proxy_serverrkrlrmrnrorprdebugasyncioiscoroutinefunction ValueErrorrWrrHTTP_403_FORBIDDENr(rrs Exceptionrdr=r.AssertionErrorstr_check_model_access_grouprtrUdefault_key_generate_paramssetattrupperbound_key_generate_paramsgetattrrrr~LiteLLM_BudgetTablerjsonify_objectjsondblitellm_budgettablecreaterOpopCommonProxyErrorsnot_premium_userr9_enforce_unique_key_aliasgenerate_key_helper_fn create_taskrasync_key_generated_hookGenerateKeyResponse exceptionr:r)r%r4rirkrlrmrnrorpresultrqrrr-eelemrr9upperbound_valueupperbound_duration user_duration _budget_id budget_row new_budget_budget data_jsonrs r*generate_key_fnrsFL+   ""#:; # /**+CD7== !OPPzz*d3Hjj,VWG# & 9 9'<@ << # "#2 LL"/'9%6%G%G $  !/   %"3    ";;!%   . . :! U=S-&c7#F#F#J#J3PT#UH_"D#w'J'J'N'NsTV'WXJ&5B;D#w'J'J'N'NsTV'WX#(  1 1 =! U#*::C$ $/}c+;<# %'77&303(/C58fglfmmy{KzL2M,&'"!"!$CC2E)93/-@,OM,/BB&303(/C58fglfmmy{KzL2M,&'"!"?N^^  $)9)9)E, ,,!%!6!6!<"J'55T2J*,,@@GG "3";";"W?W"3";";"W?WHG!+t  "$**DQCH"  "$ 1v  1v  jF  $ +&& R Y YA  (** +sUAS9 Q2 AS9,&Q8Q5Q8S9&"R)BS9(S9.A$S9S9-S9 S9'CS9+S2,C"S9S5S9'S7(A S91U2S95Q88 R&R!S9!R&&S9) S/2S S/S**S//S95S97S99 T?8T::T??Unon_default_valuesexisting_metadatac`d|vr|j|d<tt|d}|jdd} |j D]\}}|t vs|||< ||d<|S#t $r7}tjdjt|Yd}~Bd}~wwxYw)zu Check LiteLLM_ManagementEndpoint_MetadataFields (proxy/_types.py) for fields that are allowed to be updated rzTrzLlitellm.proxy.proxy_server.prepare_metadata_fields(): Exception occured - {}N) copyr dictrOitems)LiteLLM_ManagementEndpoint_MetadataFieldsrrrr:r)r%rrcasted_metadatarkvrs r*prepare_metadata_fieldsr!s ++):)?)?)A:&4!3J!?@OdFI  OO%DAq==%&"&&5z"   && Z a aA    sA-A-- B-6-B((B-c|jd}|jddi}|jD]\}}|tvr|||<d|vrr|jd}|r_t |t rOt |dkDrAt|}tjtjt|z}||d<d |vrw|jd } | rdt | t rTt | dkDrFt| }tjtjt|z} | |d <| |d <|jxsi} d |vrt|d t||| }|S) NTrMrr|rr}secondsexpiresrybudget_reset_atr)r%rr)rOrrr isinstancerlenrrnowrutcrrzvalidate_model_max_budgetr) r%existing_key_rowrrrrr| duration_srry key_reset_at _metadatas r*prepare_key_update_datar>snooDo9I MM%!1 9 9  !1" ''%))*5 Hc2H 8I,h?Jll8<<09Z3PPG,3 y )..,001BC OS1O$q(,oFJ#<< 5 *8UUL4@ 0 14C 0 1 ))/RI//!"45G"HI0 &8I r,z /key/update)rerfrequestc Kddlm}m}m} |j dd}|j d}| t d|j|jdd d{} | td d d |ji t|| } t| jdd|| jd{|j|i| d|id{} t!t#|||d{t%j&t)j*|| | ||| t-dd|i| dS777j7M#t $r} t/j0dj3t5| t7| trYt9t;| ddt5| dt<j>t;| ddt;| dt@jBt7| t8r| t9dt5| zt<j>t;| ddt@jBd} ~ wwxYww) a Update an existing API key's parameters. Parameters: - key: str - The key to update - key_alias: Optional[str] - User-friendly key alias - user_id: Optional[str] - User ID associated with key - team_id: Optional[str] - Team ID associated with key - budget_id: Optional[str] - The budget id associated with the key. Created by calling `/budget/new`. - models: Optional[list] - Model_name's a user is allowed to call - tags: Optional[List[str]] - Tags for organizing keys (Enterprise only) - enforced_params: Optional[List[str]] - List of enforced params for the key (Enterprise only). [Docs](https://docs.litellm.ai/docs/proxy/enterprise#enforce-required-params-for-llm-requests) - spend: Optional[float] - Amount spent by key - max_budget: Optional[float] - Max budget for key - model_max_budget: Optional[Dict[str, BudgetConfig]] - Model-specific budgets {"gpt-4": {"budget_limit": 0.0005, "time_period": "30d"}} - budget_duration: Optional[str] - Budget reset period ("30d", "1h", etc.) - soft_budget: Optional[float] - [TODO] Soft budget limit (warning vs. hard stop). Will trigger a slack alert when this soft budget is reached. - max_parallel_requests: Optional[int] - Rate limit for parallel requests - metadata: Optional[dict] - Metadata for key. Example {"team": "core-infra", "app": "app2"} - tpm_limit: Optional[int] - Tokens per minute limit - rpm_limit: Optional[int] - Requests per minute limit - model_rpm_limit: Optional[dict] - Model-specific RPM limits {"gpt-4": 100, "claude-v1": 200} - model_tpm_limit: Optional[dict] - Model-specific TPM limits {"gpt-4": 100000, "claude-v1": 200000} - allowed_cache_controls: Optional[list] - List of allowed cache control values - duration: Optional[str] - Key validity duration ("30d", "1h", etc.) - permissions: Optional[dict] - Key-specific permissions - send_invite_email: Optional[bool] - Send invite email to user_id - guardrails: Optional[List[str]] - List of active guardrails for the key - blocked: Optional[bool] - Whether the key is blocked - aliases: Optional[dict] - Model aliases for the key - [Docs](https://litellm.vercel.app/docs/proxy/virtual_keys#model-aliases) - config: Optional[dict] - [DEPRECATED PARAM] Key-specific config. Example: ```bash curl --location 'http://0.0.0.0:4000/key/update' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "key": "sk-1234", "key_alias": "my-key", "user_id": "user-1234", "team_id": "team-1234", "max_budget": 100, "metadata": {"any_key": "any-val"}, }' ``` r)rnproxy_logging_objroTrrNNot connected to DB! find_uniquetokenr query_typeir{zTeam not found, passed team_id=rBr%rr)rrnexisting_key_tokenr)rr% hashed_tokenror)r%rrr4riz(Failed to update key got response = Noner%zBlitellm.proxy.proxy_server.update_key_fn(): Exception occured - {}rDzAuthentication Error()rQNonerCrrtyperQcodeAuthentication Error, )"rrnrrorOrrget_datarrr(rrrWr update_datar hash_tokenrrrasync_key_updated_hookrrrr:rrProxyExceptionrProxyErrorTypes auth_errorrHTTP_400_BAD_REQUEST) rr%r4rirnrrorrrrrrs r* update_key_fnrisrx J //4/P mmE"  23 3!.!7!7((u"8"    ##B4<<.!QR  5(8 ((,,[$?'/55   '22@1@7C@3   '#C1/    # : :!1!"3#5     GH Hs/hv.//[    *  && P W WA  a ' 8/DSVHA-NO$//a&1Q v/J/JK   > *G,s1v5 ++!Wf-,,    st IAE E!AE ;E< E EE ;E >IIz /key/deletec K ddlm}m}| td|j}t j d|j|j|jtjk(rd}d}g}|jrEt|j||d{\}} t|j}|j}n]|jrFt|j|||d{\}} t|j}|j}n td|+t!d t"j$d t&j( t j d |d  ||d k(sJ t j d|j,j.t1j2t5j6|| |||d |iS787#t$rt+ddd|d|d iwxYw#t$r=} t j8dj;t=| t?| d} ~ wwxYww)a Delete a key from the key management system. Parameters:: - keys (List[str]): A list of keys or hashed keys to delete. Example {"keys": ["sk-QWrxEynunsNpV1zT48HIrw", "837e17519f44683334df5291321d97b8bf1098cd490e49e215f6fea935aa28be"]} - key_aliases (List[str]): A list of key aliases to delete. Can be passed instead of `keys`.Example {"key_aliases": ["alias1", "alias2"]} Returns: - deleted_keys (List[str]): A list of deleted keys. Example {"deleted_keys": ["sk-QWrxEynunsNpV1zT48HIrw", "837e17519f44683334df5291321d97b8bf1098cd490e49e215f6fea935aa28be"]} Example: ```bash curl --location 'http://0.0.0.0:4000/key/delete' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "keys": ["sk-QWrxEynunsNpV1zT48HIrw"] }' ``` Raises: HTTPException: If an error occurs during key deletion. r)rnroNrzuser_api_key_dict.user_role: tokensror.) key_aliasesrnror.zInvalid request typezFFailed to delete keys got None response from delete_verification_tokenkeysrz/key/delete - deleted_keys= deleted_keysrAr{zNot all keys passed in were deleted. This probably means you don't have access to delete all the keys passed in. Keys passed in=z, Deleted keys =rBz#/keys/delete - cache after delete: )r%keys_being_deletedr4rirzBlitellm.proxy.proxy_server.delete_key_fn(): Exception occured - {}) rrnrorr.rrr6r7r8rdelete_verification_tokenrrdelete_key_aliasesrrrinternal_server_errorrHTTP_500_INTERNAL_SERVER_ERRORrin_memory_cache cache_dictrrrasync_key_deleted_hookrr:rr) r%r4rirnror.num_keys_to_be_deletedrnumber_deleted_keys_keys_being_deletedrs r* delete_key_fnrsFQ+P  23 3$++""+,=,G,G+H I   ' ' 3!++/?/K/KKG!" 99=Vyy#5>8 4 !4 &)^ "99L   =O ,,+#5 >8 4 !4 &))9)9%: "++L34 4  & `$::::   "")*=n*M)N O  )-@-PP PP ""12D2T2T2_2_1` a   # : :#6"3#5,    --m880  `aw`xxHI\]kIlHmn  . +&& P W WA  (** +shIBG?GAG?/G0A>DD"  r,g insert_datar)userrr|aliasesconfigspendrrrr~rublockedryr user_alias user_emailr6rvrzrwrxr)rrupdate_key_valuesrallowed_cache_controls permissionsrmodel_rpm_limitmodel_tpm_limit guardrailsteamsorganization_idr)rrsend_invite_emailc%F Kddlm}%m}&m}'|' t d| ||} ndt j d} |d}(nr&5"#">r&5"#>r!+JJx(M./ JJ'78III3@  * *  w  *  w       U  f     $%:        x %&%>&6&?& H ''(?@@8??+a/C8J4Kq4P-5__*=0%2%>%>&#)*;&?& H 33&:+? !  ! & &'H( S(5(A(A%)B)# $++>#NHZ /6#%;T0H+ ,$&H[v " Oi  #   "" Y ` `A  ""9#7#7#9: a 'G==56    soFT! G?R R A&R R R T!,R R $R *T!R R R TBTTT!rrocKddlm}m} |r|Dcgc]}t|}}|jj j dd|iid{}||k(r|j|d{}nj|j|| d{}| td |jd d}|t|k7r"td t|ztd |D]/}|j%|t'|} |j%| 1||fScc}w777#t$r[} tjdjt| tjt!j"| d} ~ wwxYww)aj Helper that deletes the list of tokens from the database Args: tokens: List of tokens to delete user_id: Optional user_id to filter by Returns: Tuple[Optional[Dict], List[LiteLLM_VerificationToken]]: Optional[Dict]: - Number of deleted tokens List[LiteLLM_VerificationToken]: - List of keys being deleted, this contains information about the key_alias, token, and user_id being deleted, this is passed down to the KeyManagementEventHooks to delete the keys from the secret manager and handle audit logs r)rkrnr rinrN)r)rr.z>Failed to delete tokens got response None when deleting tokensrzOFailed to delete all tokens. Tried to delete tokens that don't belong to user: 'DB not connected. prisma_client is NonezNlitellm.proxy.proxy_server.delete_verification_token(): Exception occured - {})rrkrnrrr find_many delete_datarrWrrrrr:rr<r= delete_cacher) rror.rkrnrrdeleted_tokens_num_deleted_tokensrrs r*rr s(S% BHI&3+#6&FI#&&@@JJ"T6N3K 22'4'@'@'@'O!O(5'@'@!7(A("")#X'5&8&8&K#&#f+5#ig,' EF F'',!# '' 5  . ..WJ"P" && \ c cA  ""9#7#7#9:sj F D&D/D&D D&3D"4D&D$AD&#8F D&"D&$D&& F /AFF  F rrncK|jjjdd|iid{}|Dcgc]}|j}}t |||d{S73cc}w7 w)NrrKrLr)rrrNrr)rrornr.rrrs r*rrQs !. 0 0 J J T TT;/0!U!$7 7#6Ccii#6F 7**rrrrrrr)rr%r4rirrmrnrrohashed_api_key _key_in_db new_tokennew_token_hashnew_token_key_namerr updated_tokenupdated_token_dictrs r*regenerate_key_fnr_aszd+   t #FGXGiGiGoGoFpq   "AA!JK  s? N'_N(++EEQQN+R    "554uK!89  ""?J?'//345 #I.%in%56$*    !8J"  ! & &'?AS T-.#22 2D +..HHOON+P     $!%m!4 $-5!w' *'_#5"3   *'_#5"3   #    y @    +'**+ssH BG0G'C G06G*7AG09G,:G0G.G0&H 'G0*G0,G0.G00 H 9 HH  H z /key/listz Page number)rhge z Page sized)rhralezFilter keys by user IDzFilter keys by team IDzFilter keys by key aliaspagesizec K ddl}ddlm}|jd||j dt dhd} t |jj| z } | r^tddj| ddj| tjdj| tj i} |rt|t r|| d <|rt|t r|| d <|rt|t r|| d <|jd | |dz |z} |jd| d||j"j$j'| | |d{} |jdt)| d|j"j$j+| d{}|jd|| |z }g}| D]4}|j-}|j/d}|j1|6||||d}|jd|S77v#t $r}t|t2rYtt5|ddt!|dtj6t5|ddt5|dtj8 t|tr|tdt!|ztj6t5|ddtj8 d}~wwxYww) NrrzEntering list_keys functionzDatabase not connected>rerfr(r.rzUnsupported parameter(s): z, z. Supported parameters: rr.r(rzFilter conditions: r`zPagination: skip=z, take=)rskiptakezFetched z keysrLzTotal count of keys: r)r total_count current_page total_pageszSuccessfully prepared responserDzerror(rrQrrCr)loggingrrnrr{rset query_paramsrrjoinrbad_request_errorrrrrrrrNrcountrrWrrrrr)rr4rerfr.r(rrmrnsupported_paramsunsupported_paramsrrhrrjrlkey_listrkey_dict_tokenrrs r* list_keysrxsZ < 34  MM2 345 5O !5!5!:!:!<=@PP  4TYY?Q5R4SSklpluluwGmHlIJ$66ii 2300   z'3/&E)  z'3/&E)  Is3!*E+  +E734qD  )$wtf=>#%%??IIJ    T 512*,,FFLLM    -k];<% ,- CxxzH\\'*F OOF # & &    67E  6  a ' 8vc!fXQ-?@$::a&1Q v/T/TU   > *G,s1v5 66!Wf-66    sPK?E(H1,H--A H18H/9A3H1,K?-H1/H11 K<:B=K77K<<K?z /key/block http_requestc0Kddlm}m}m}m}m}m} |2tdjtjj|jjdr||j} n |j} tjdur |j j"j%d| i d{} | 9t'd |jd t(j*d t,j. t1j2|t5t7t9j:t=j>t@jB|xs|jDxs||jFtHjJ| dd| jM |j j"jOd| iddid{} tQ| || d|d{} d| _)tU| | | |d{| S7M7?7)7 w)a Block an Virtual key from making any requests. Parameters: - key: str - The key to block. Can be either the unhashed key (sk-...) or the hashed key value Example: ```bash curl --location 'http://0.0.0.0:4000/key/block' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "key": "sk-Fn8Ej39NxjAXrvpUGKghGw" }' ``` Note: This is an admin-only endpoint. Only proxy admins can block keys. rcreate_audit_log_for_updaterrkrnrroN{}r.r TrrLrV not foundrrr  id updated_at changed_bychanged_by_api_keyr object_idactionupdated_values before_value request_datarWrrnrorsrruser_api_key_objror+rr|rrkrnrrorr:rdb_not_connected_errorr9r startswithrUstore_audit_logsrrrrrrqrrrrLiteLLM_AuditLogsruuiduuid4rrrrr.rLitellmTableNamesKEY_TABLE_NAMEmodel_dump_jsonr>rr r r%ryr4rir|rrkrnrrorrecord key_objects r* block_keyrqs> $5$L$L$R$RSTT xx5!!1 xx 4'$''AAMML)N   > txxj 3$66..    '.4::<('||HLL91 0(00 0/'8'@'@0??*$#'!'!7!7!9   $!##==DD %Y,=EF&!#-+ JJ !#-+   Mm 8IB>HH DHHH(H)HHHHHHz /key/unblockc0Kddlm}m}m}m}m}m} |2tdjtjj|jjdr||j} n |j} tjdur |j j"j%d| i d{} | 9t'd |jd t(j*d t,j. t1j2|t5t7t9j:t=j>t@jB|xs|jDxs||jFtHjJ| dd| jM |j j"jOd| iddid{} tQ| || d|d{} d| _)tU| | | |d{| S7M7?7)7 w)a Unblock a Virtual key to allow it to make requests again. Parameters: - key: str - The key to unblock. Can be either the unhashed key (sk-...) or the hashed key value Example: ```bash curl --location 'http://0.0.0.0:4000/key/unblock' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "key": "sk-Fn8Ej39NxjAXrvpUGKghGw" }' ``` Note: This is an admin-only endpoint. Only proxy admins can unblock keys. rr{Nr}r.r TrrLrVr~rrr rrFrWrrrrs r* unblock_keyrs> $5$L$L$R$RSTT xx5!!1 xx 4'$''AAMML)N   > txxj 3$66..    '.4::<('||HLL91 0(00 0/'8'@'@0??*$#'!'!7!7!9   $!##==DD %Y,>EF&!#-+ JJ !#-+   Mm 8rz /key/healthc xK |j}tdd}|r;d|vr7t|||dd{}||d<|jddk(rd|d <tdi|S7-#t$rG}t d t |tjt|d d tj d}~wwxYww)aS Check the health of the key Checks: - If key based logging is configured correctly - sends a test log Usage Pass the key in the request header ```bash curl -X POST "http://localhost:4000/key/health" -H "Authorization: Bearer sk-1234" -H "Content-Type: application/json" ``` Response when logging callbacks are setup correctly: ```json { "key": "healthy", "logging_callbacks": { "callbacks": [ "gcs_bucket" ], "status": "healthy", "details": "No logger exceptions triggered, system is healthy. Manually check if logs were sent to ['gcs_bucket']" } } ``` Response when logging callbacks are not setup correctly: ```json { "key": "unhealthy", "logging_callbacks": { "callbacks": [ "gcs_bucket" ], "status": "unhealthy", "details": "Logger exceptions triggered, system is unhealthy: Failed to load vertex credentials. Check to see if credentials containing partial/invalid information." } } ``` healthyN)rlogging_callbacksrm)r4r key_loggingrr unhealthyrzKey health check failed: rQrrr) rzKeyHealthResponsetest_key_loggingrWrrrrrrrr)rr4 key_metadata health_statuslogging_statusesrs r* key_healthrGsr (11 +<", I5%5"3(3&   2BM- . ##H-<'2 e$ 1=11   /Ax8 66!Wf-66    s9B:3A'A%,A'$B:%A'' B70AB22B77B:rc|jtjjk(s'|jtjjk(ry|j |k(ry|j |j k(ryy)zB Helper to check if the user has access to the key's info TF)r6r7r8r9PROXY_ADMIN_VIEW_ONLYrr.rs r*rrsi ##'7'C'C'I'II  & &*:*P*P*V*V V  " "c )   .66 6 r,rc Kddl}ddlm}ddlm}ddlm}m}g}|D]2} | jd|j| d)td|} |j| } | j|j|j} | j|  dd d d gd d } || ||||d{} t!j"di| d{t+j,dd{| j/}| j1| |rt'|dd|St'|dd|dS77i#t$$r$}t'|ddt)|cYd}~Sd}~wwxYw7~w)a3 Test the key-based logging - Test that key logging is correctly formatted and all args are passed correctly - Make a mock completion call -> user can check if it's correctly logged - Check if any logger.exceptions were triggered -> if they were then returns it to the user client side rN)StringIO)add_litellm_data_to_request)general_settings proxy_config callback_namez(callback_name is required in key_loggingzopenai/litellm-key-health-testrzQHello, this is a test from litellm /key/health. No LLM API call was made for this)rFcontentz test response)rmessages mock_response)r%r4rrrrzLogging test failed: ) callbacksrdetailsz2Logger exceptions triggered, system is unhealthy: rzWNo logger exceptions triggered, system is healthy. Manually check if logs were sent to  r)rmior$litellm.proxy.litellm_pre_call_utilsrrrrrWrr StreamHandlersetLevelERROR getLogger addHandlerrU acompletionrLoggingCallbackStatusrrsleepgetvalue removeHandler)r4rrrmrrrrrcallbacklog_capture_stringchloggerr%r log_contentss r*rrsPI#% << ( 4  $ $Xo%> ?GH H  "   1 2BKK     F b 5#r -  1/%-   !!     --   &..0L $'HW  %'mnnAABC  ?    $'+CF84   sgB&E>)E EE E !E %E>=E<>A E>E E E9E4.E9/E>4E99E>rcK|p|md|i}|rd|i|d<|jjj|d{}|/td|dtj dt jyyy78w) a( Helper to enforce unique key aliases across all keys. Args: key_alias (Optional[str]): The key alias to check prisma_client (Any): Prisma client instance existing_key_token (Optional[str]): ID of existing key being updated, to exclude from uniqueness check (The Admin UI passes key_alias, in all Edit key requests. So we need to be sure that if we find a key with the same alias, it's not the same key we're updating) Raises: ProxyException: If key alias already exists on a different key NrrNOTrLzKey with alias 'zB' already exists. Unique key aliases across all keys are required.r)rr find_firstrrrqrr)rrnr where_clause existing_keys r*rrs"!:(3Y'? #*,>"?L *--GGRRS    # *9+5wx$66!00   $";  s;A8A69A8cr |yt|dk(ry|yddlm}m}|dur"t d|j j |jD]7\}}t|tsJd|vrt|d|d<td i|9yy#t$r}t dt|dd}~wwxYw) z Validate the model_max_budget is GenericBudgetConfigType + enforce user has an enterprise license Raises: Exception: If model_max_budget is not a valid GenericBudgetConfigType Nr)rrmTz=You must have an enterprise license to set model_max_budget. budget_limitzInvalid model_max_budget: zM. Example of valid model_max_budget: https://docs.litellm.ai/docs/proxy/usersr) rrrrmrrr9rrrfloatr"r)rrrm_model _budget_infors r*rr)s  #   A %   ' R4' STeTvTvT|T|S}~)9(>(>(@$ !&#..."\138n9U3VL0,|, )A (  (Q0} ~   s"BBA:B B6B11B6r')l__doc__rrrr6r<rrrrtypingrrrr r fastapir r r rrrrrUlitellm._loggingrlitellm.cachingrlitellm.proxy._typeslitellm.proxy.auth.auth_checksrrrr$litellm.proxy.auth.user_api_key_authr.litellm.proxy.hooks.key_management_event_hooksr&litellm.proxy.management_helpers.utilsrlitellm.proxy.utilsrrrrlitellm.routerr litellm.secret_managers.mainr!litellm.types.utilsr"r#r$GenerateKeyRequestr+LiteLLM_TeamTableCachedObjrMemberr3UserAPIKeyAuthboolr=rJrRrYr]r`rdrouterpostrr BaseModelrrUnionUpdateKeyRequestRegenerateKeyRequestrr KeyRequestrr rWrrlistrintrDictLiteLLM_VerificationTokenrrr_rxBlockKeyRequestrrrrrAnyrrrrrr,r*rs    2277UUU1%" CRN "3$)$*5=c] f"%"08 "HPQT " "J*sm***&*3 *Z   /7S /B  *% :%%&CD&%-?2 34 %     <   +,-&   )00A(B(. t)H+ H+%H+! H+ H+V )-BF :(  "66 7(V)*'BS:T9U )00A(B(. t) H H H &H ! H H V)*'BS:T9U )00A(B(. t)p+ p+%p+! p+p+f  +,-  "&(/0A(B5+ : 5+%5+  5+p'(@Q8R7S '"A)00A(B J+ #J+& J+J+Z T#Y -5f-=MQ T]@#&*)-!% "&"%) ! $! $#+/!##8E(,#-/"$')&*&*!% %)37(,Woosm o  o  o o oUOo"#oo oo d^!o"c]#o$ C=%o&   'o,c]-o. /o0c]1o2 3o4}5o6$C=7o8tn9o:};o<}=o>45?o@ ~AoB}CoD%TNEoF$GoHtnIoJd^KoLd^MoNOoP D>QoRc]SoT/0UoV ~Woj"C/ C/!C/c]C/ 8D>4 9: :; C/T" c !   c]   8D>4 9: :;    +,-  ,0(/0A(B(. t) [+ [+ ' ([+&[+! [+!"[+  [+|  +,-  )00A(Ba]q9bkaC@"45MN"45MN$T7QRc c %c  c   c c] c c] c }c   c L()AR9S8T )00A(B(. t) d dd&d! d'(ddN*+7CT;U:V )00A(B(. t) d dd&d! ddN  +,-$   )00A(BP P %P  P f% #( *M %M M d38n%M  M f)- }  !   F  4 r,