[ENH] Always pass Tenant and DB as query params

.github/workflows/chroma-js-client-generate.yml

@@ -0,0 +1,36 @@
+name: Chroma Test JS Client Generation
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+      - '**'
+  workflow_dispatch:
+
+jobs:
+  generate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+      - name: Install Python Dependencies
+        run: pip install -r requirements.txt && pip install -r requirements_dev.txt
+      - name: Run Server
+        run: python -m chromadb.cli.cli run &
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install Dependencies
+        run: yarn
+        working-directory: ./clients/js
+      - name: Generate
+        run: yarn genapi
+        working-directory: ./clients/js

chromadb/api/fastapi.py

@@ -171,8 +171,8 @@ def get_database(
     ) -> Database:
         """Returns a database"""
         resp = self._session.get(
-            self._api_url + "/databases/" + name,
-            params={"tenant": tenant},
+            self._api_url + "/databases",
+            params={"tenant": tenant, "database": name},
         )
         raise_chroma_error(resp)
         resp_json = resp.json()
@@ -193,7 +193,8 @@ def create_tenant(self, name: str) -> None:
     @override
     def get_tenant(self, name: str) -> Tenant:
         resp = self._session.get(
-            self._api_url + "/tenants/" + name,
+            self._api_url + "/tenants",
+            params={"tenant": name},
         )
         raise_chroma_error(resp)
         resp_json = resp.json()

chromadb/auth/fastapi.py

@@ -178,58 +178,61 @@ def wrapped(*args: Any, **kwargs: Dict[Any, Any]) -> Any:
                 "function_kwargs": kwargs,
             }
             request = request_var.get()
-            if request:
-                _provider = authz_provider.get()
-                a_list: List[Union[str, AuthzAction]] = []
-                if not isinstance(action, list):
-                    a_list = [action]
-                else:
-                    a_list = cast(List[Union[str, AuthzAction]], action)
-                a_authz_responses = []
-                for a in a_list:
-                    _action = a if isinstance(a, AuthzAction) else AuthzAction(id=a)
-                    _resource = (
-                        resource
-                        if isinstance(resource, AuthzResource)
-                        else resource.to_authz_resource(**_dynamic_kwargs)
-                    )
-                    _context = AuthorizationContext(
-                        user=AuthzUser(
-                            id=request.state.user_identity.get_user_id()
-                            if hasattr(request.state, "user_identity")
-                            else "Anonymous",
-                            tenant=request.state.user_identity.get_user_tenant()
-                            if hasattr(request.state, "user_identity")
-                            else DEFAULT_TENANT,
-                            attributes=request.state.user_identity.get_user_attributes()
-                            if hasattr(request.state, "user_identity")
-                            else {},
-                        ),
-                        resource=_resource,
-                        action=_action,
-                    )
-
-                    if _provider:
-                        a_authz_responses.append(_provider.authorize(_context))
-                if not any(a_authz_responses):
-                    raise AuthorizationError("Unauthorized")
-                # In a multi-tenant environment, we may want to allow users to send
-                # requests without configuring a tenant and DB. If so, they can set
-                # the request tenant and DB however they like and we simply overwrite it.
-                if overwrite_singleton_tenant_database_access_from_auth:
-                    desired_tenant = request.state.user_identity.get_user_tenant()
-                    if desired_tenant and "tenant" in kwargs:
-                        if isinstance(kwargs["tenant"], str):
-                            kwargs["tenant"] = desired_tenant
-                        elif isinstance(kwargs["tenant"], chromadb.server.fastapi.types.CreateTenant):
-                            kwargs["tenant"].name = desired_tenant
-                    databases = request.state.user_identity.get_user_databases()
-                    if databases and len(databases) == 1 and "database" in kwargs:
-                        desired_database = databases[0]
-                        if isinstance(kwargs["database"], str):
-                            kwargs["database"] = desired_database
-                        elif isinstance(kwargs["database"], chromadb.server.fastapi.types.CreateDatabase):
-                            kwargs["database"].name = desired_database
+            if not request:
+                return f(*args, **kwargs)
+
+            _provider = authz_provider.get()
+            a_list: List[Union[str, AuthzAction]] = []
+            if not isinstance(action, list):
+                a_list = [action]
+            else:
+                a_list = cast(List[Union[str, AuthzAction]], action)
+            a_authz_responses = []
+            for a in a_list:
+                _action = a if isinstance(a, AuthzAction) else AuthzAction(id=a)
+                _resource = (
+                    resource
+                    if isinstance(resource, AuthzResource)
+                    else resource.to_authz_resource(**_dynamic_kwargs)
+                )
+                _context = AuthorizationContext(
+                    user=AuthzUser(
+                        id=request.state.user_identity.get_user_id()
+                        if hasattr(request.state, "user_identity")
+                        else "Anonymous",
+                        tenant=request.state.user_identity.get_user_tenant()
+                        if hasattr(request.state, "user_identity")
+                        else DEFAULT_TENANT,
+                        attributes=request.state.user_identity.get_user_attributes()
+                        if hasattr(request.state, "user_identity")
+                        else {},
+                    ),
+                    resource=_resource,
+                    action=_action,
+                )
+
+                if _provider:
+                    a_authz_responses.append(_provider.authorize(_context))
+            if not any(a_authz_responses):
+                raise AuthorizationError("Unauthorized")
+
+            # In a multi-tenant environment, we may want to allow users to send
+            # requests without configuring a tenant and DB. If so, they can set
+            # the request tenant and DB however they like and we simply overwrite it.
+            if overwrite_singleton_tenant_database_access_from_auth:
+                desired_tenant = request.state.user_identity.get_user_tenant()
+                # Only overwrite if the user didn't specify a tenant but the
+                # method requires one.
+                if desired_tenant and "tenant" in kwargs and not kwargs["tenant"]:
+                    if isinstance(kwargs["tenant"], str):
+                        kwargs["tenant"] = desired_tenant
+                databases = request.state.user_identity.get_user_databases()
+                # Only overwrite if the user didn't specify a database but the
+                # method requires one.
+                if databases and len(databases) == 1 and "database" in kwargs and not kwargs["database"]:
+                    desired_database = databases[0]
+                    if isinstance(kwargs["database"], str):
+                        kwargs["database"] = desired_database
 
             return f(*args, **kwargs)
 

chromadb/auth/fastapi_utils.py

@@ -1,43 +1,6 @@
 from functools import partial
-from typing import Any, Callable, Dict, Optional, Sequence, cast
+from typing import Any, Callable, Dict, cast
 from chromadb.api import ServerAPI
-from chromadb.auth import AuthzResourceTypes
-
-
-def find_key_with_value_of_type(
-    type: AuthzResourceTypes, **kwargs: Any
-) -> Dict[str, Any]:
-    from chromadb.server.fastapi.types import (
-        CreateCollection,
-        CreateDatabase,
-        CreateTenant,
-    )
-
-    for key, value in kwargs.items():
-        if type == AuthzResourceTypes.DB and isinstance(value, CreateDatabase):
-            return dict(value)
-        elif type == AuthzResourceTypes.COLLECTION and isinstance(
-            value, CreateCollection
-        ):
-            return dict(value)
-        elif type == AuthzResourceTypes.TENANT and isinstance(value, CreateTenant):
-            return dict(value)
-    return {}
-
-
-def attr_from_resource_object(
-    type: AuthzResourceTypes,
-    additional_attrs: Optional[Sequence[str]] = None,
-    **kwargs: Any,
-) -> Callable[..., Dict[str, Any]]:
-    def _wrap(**wkwargs: Any) -> Dict[str, Any]:
-        obj = find_key_with_value_of_type(type, **wkwargs)
-        if additional_attrs:
-            obj.update({k: wkwargs["function_kwargs"][k]
-                       for k in additional_attrs})
-        return obj
-
-    return partial(_wrap, **kwargs)
 
 
 def attr_from_collection_lookup(

chromadb/server/fastapi/__init__.py

@@ -25,7 +25,6 @@
 )
 from chromadb.auth.fastapi_utils import (
     attr_from_collection_lookup,
-    attr_from_resource_object,
 )
 from chromadb.config import DEFAULT_DATABASE, DEFAULT_TENANT, Settings, System
 import chromadb.api
@@ -38,8 +37,6 @@
 )
 from chromadb.server.fastapi.types import (
     AddEmbedding,
-    CreateDatabase,
-    CreateTenant,
     DeleteEmbedding,
     GetEmbedding,
     QueryEmbedding,
@@ -180,7 +177,7 @@ def __init__(self, settings: Settings):
         )
 
         self.router.add_api_route(
-            "/api/v1/databases/{database}",
+            "/api/v1/databases",
             self.get_database,
             methods=["GET"],
             response_model=None,
@@ -194,7 +191,7 @@ def __init__(self, settings: Settings):
         )
 
         self.router.add_api_route(
-            "/api/v1/tenants/{tenant}",
+            "/api/v1/tenants",
             self.get_tenant,
             methods=["GET"],
             response_model=None,
@@ -303,15 +300,15 @@ def version(self) -> str:
         action=AuthzResourceActions.CREATE_DATABASE,
         resource=DynamicAuthzResource(
             type=AuthzResourceTypes.DB,
-            attributes=attr_from_resource_object(
-                type=AuthzResourceTypes.DB, additional_attrs=["tenant"]
+            attributes=AuthzDynamicParams.dict_from_function_kwargs(
+                arg_names=["tenant", "database"]
             ),
         ),
     )
     def create_database(
-        self, database: CreateDatabase, tenant: str = DEFAULT_TENANT
+        self, database: str = DEFAULT_DATABASE, tenant: str = DEFAULT_TENANT
     ) -> None:
-        return self._api.create_database(database.name, tenant)
+        return self._api.create_database(database, tenant)
 
     @trace_method("FastAPI.get_database", OpenTelemetryGranularity.OPERATION)
     @authz_context(
@@ -324,7 +321,7 @@ def create_database(
             ),
         ),
     )
-    def get_database(self, database: str, tenant: str = DEFAULT_TENANT) -> Database:
+    def get_database(self, database: str = DEFAULT_DATABASE, tenant: str = DEFAULT_TENANT) -> Database:
         return self._api.get_database(database, tenant)
 
     @trace_method("FastAPI.create_tenant", OpenTelemetryGranularity.OPERATION)
@@ -334,18 +331,21 @@ def get_database(self, database: str, tenant: str = DEFAULT_TENANT) -> Database:
             type=AuthzResourceTypes.TENANT,
         ),
     )
-    def create_tenant(self, tenant: CreateTenant) -> None:
-        return self._api.create_tenant(tenant.name)
+    def create_tenant(self, tenant: str = DEFAULT_TENANT) -> None:
+        return self._api.create_tenant(tenant)
 
     @trace_method("FastAPI.get_tenant", OpenTelemetryGranularity.OPERATION)
     @authz_context(
         action=AuthzResourceActions.GET_TENANT,
         resource=DynamicAuthzResource(
             id="*",
             type=AuthzResourceTypes.TENANT,
+            attributes=AuthzDynamicParams.dict_from_function_kwargs(
+                arg_names=["tenant"]
+            ),
         ),
     )
-    def get_tenant(self, tenant: str) -> Tenant:
+    def get_tenant(self, tenant: str = DEFAULT_TENANT) -> Tenant:
         return self._api.get_tenant(tenant)
 
     @trace_method("FastAPI.list_collections", OpenTelemetryGranularity.OPERATION)

chromadb/server/fastapi/types.py

@@ -61,11 +61,3 @@ class CreateCollection(BaseModel):
 class UpdateCollection(BaseModel):
     new_name: Optional[str] = None
     new_metadata: Optional[CollectionMetadata] = None
-
-
-class CreateDatabase(BaseModel):
-    name: str
-
-
-class CreateTenant(BaseModel):
-    name: str

clients/js/genapi.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/bash
 
 # curl -s http://localhost:8000/openapi.json | jq > openapi.json
 curl -s http://localhost:8000/openapi.json | python -c "import sys, json; print(json.dumps(json.load(sys.stdin), indent=2))" > openapi.json
@@ -17,6 +17,11 @@ fi
 
 openapi-generator-plus -c config.yml
 
+if [ $? -ne 0 ]; then 
+  echo "Generation failed"
+  exit 1
+fi
+
 if [[ "$OSTYPE" == "darwin"* ]]; then
   sed -i '' -e '/import "whatwg-fetch";/d' -e 's/window.fetch/fetch/g' src/generated/runtime.ts
 else