This only checks within `SourceConfig`, `ToolConfig`, and
`AuthSourceConfig`.
Error when an unknown field is provided:
`2025-01-27T22:43:46.988401-08:00 ERROR "unable to parse tool file at
\"tools.yaml\": unable to parse as \"cloud-sql-postgres\": [2:1] unknown
field \"extra\"\n 1 | database: test_database\n> 2 | extra: here\n ^\n 3
| instance: toolbox-cloudsql\n 4 | kind: cloud-sql-postgres\n 5 |
password: postgres\n 6 | "`
Error when a required field is not provided:
`2025-01-27T17:49:47.584846-08:00 ERROR "unable to parse tool file at
\"tools.yaml\": validation failed: Key: 'Config.Region' Error:Field
validation for 'Region' failed on the 'required' tag"`
---------
Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to
0.33.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dfc720dfe0"><code>dfc720d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="8e66b04771"><code>8e66b04</code></a>
html: use strings.EqualFold instead of lowering ourselves</li>
<li><a
href="b935f7b5d7"><code>b935f7b</code></a>
html: avoid endless loop on error token</li>
<li><a
href="9af49ef148"><code>9af49ef</code></a>
route: remove unused sizeof* consts</li>
<li><a
href="6705db9a4d"><code>6705db9</code></a>
quic: clean up crypto streams when dropping packet protection keys</li>
<li><a
href="4ef7588d2b"><code>4ef7588</code></a>
quic: handle ACK frame in packet which drops number space</li>
<li><a
href="552d8ac903"><code>552d8ac</code></a>
Revert "route: change from syscall to x/sys/unix"</li>
<li><a
href="13a7c0108b"><code>13a7c01</code></a>
Revert "route: remove unused sizeof* consts on freebsd"</li>
<li>See full diff in <a
href="https://github.com/golang/net/compare/v0.32.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/genai-toolbox/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan <45984206+Yuan325@users.noreply.github.com>
Add user agent to cloud databases that provides us anonymized data
request count, number of users, number of projects, and other
environment settings.
User agent is using the format: `genai-toolbox/$version+metadata`
Add integration test for CloudSQL for MySQL.
Added other integration tests' tag into `.golangci.yaml`, and fixing
lint errors.
Moved getCloudSQLDialOpts to `common_test.go` since it is used across
all three cloud sql integration tests.
This is a continuation of #218, which add a local quickstart for running
Toolbox with Python and LangGraph.
---------
Co-authored-by: Twisha Bansal <twishabansal@google.com>
Co-authored-by: Anubhav Dhawan <anubhav756@gmail.com>
Currently, we are throwing 401 error immediately after auth token
verification failure. This is not expected in the following situations:
1. Non-auth tool invocation with auth token that is invalid.
2. Auth tool invocation with all the required auth token, but the header
contains extra non-required token that is invalid
These requests should pass the authorization check but fail under the
current implementation.
Change made in this PR:
1. Do not throw error immediately after auth token verification failure.
Instead only log it and continue to the next header iteration.
2. In the parseParams() method, if an auth parameter is missing, we
should error with the message telling the user that either the auth
header is missing or is invalid.
1. `sql/database` provides a `Scan()`interface to scan query results
into typed variables. Therefore we have to create a slice of typed
variables (types retrieved from rows.ColumnTypes()) to pass them into
`Scan()`. Using []byte works but makes the printing result different
from other tools (e.g [1] instead of %!s(int32=1)]
2. MS SQL supports both named (e.g @name) and positional args (e.g @p2),
so we have to check if the name is contained in the original statement
before passing them into `db.Query()` as either named arg or as values.
Add CloudSQL for MySQL source and tool.
CloudSQLMySQL source is initialize with the following config:
```
sources:
my-cloudsqlmysql-source:
kind: cloud-sql-mysql
project: my-project-name
region: my-region
instance: my-instance-name
user: my_user
password: my_pass
database: my_db
# ipType: public # The default dialect is public.
```
MySQL tool is initialize with the following config.
```
tools:
test_tool:
kind: mysql
source: my-cloudsqlmysql-source
description: >
Testing tool.
statement: "SELECT 1;"
```
The newly implemented `ToolboxTool` class manages tool state and
supports this new feature of binding parameters along wiith the existing
OAuth.
> [!NOTE]
> These changes are done in the LlamaIndex SDK as well in #203, along
with documentation updates in #193.
# `ToolboxTool` Class
The newly implemented `ToolboxTool` class manages tool state and
supports features like bound params and OAuth.
We have also added the logic as well as state related to bound params to
`ToolboxTool` in #192.
`ToolboxTool` follows a functional approach, meaning it ensures that the
internal tool state remains unchanged and a new copy of the tool is
updated with the new values of auth tokens (or bound params from #192).
## `ToolboxTool` Class Diagram
To better explain, here's a visual diagram of the ToolboxTool class.
The boxes have member function names, and the "red" box means a function
is mutating the internal state, while "green" means it does not change
the internal state (like a C++ `const` function or JS immutable
function). The red box also shows the member variable they mutated.
## Constructor
From the diagram above, it is evident that all the state changes, or
rather setting of the state, is done in the class constructor.
For further reference, here's a visual explanation of the functionality
of the constructor showing which params we add as auth tokens, which
params we add to the underlying schema, and for what the error/warnings
are thrown.
> [!NOTE]
> Documentation updates are done by #193 and the corresponding changes
to the LlamaIndex SDK are done by #203.
- configure neo4j source with url, username, password, database
- configure neo4j tools with cypher statement and paramters
- tests based on the postgres tests
- neo4j.yaml for integration tests
---------
Co-authored-by: duwenxin <duwenxin@google.com>
1. Add generic integration test helpers for authenticated parameters and
auth-required tool invocations.
2. Call generic test helpers as Cloud SQL integration tests.
Add debug logs to Toolbox.
For example when a http fail, it will just show Error at the http level,
but not log with actual error message. err message are returned to the
api as following `{"status":"Internal Server Error","error":"error while
invoking tool: unable to execute client: spanner: code =
\"InvalidArgument\", desc = \"invalid session pool\""}`.
After adding this, if user/dev run toolbox with `--log-level=debug`, it
will output the following (debug log in addition to the error for http
request):
```
2025-01-08T14:16:25.040824-08:00 DEBUG "error while invoking tool: unable to execute client: spanner: code = \"InvalidArgument\", desc = \"invalid session pool\""
2025-01-08T14:16:25.040968-08:00 ERROR Response: 500 Server Error service: "httplog" httpRequest: {url: "http://127.0.0.1:5000/api/tool/test_tool_two/invoke" method: "POST" path: "/api/tool/test_tool_two/invoke" remoteIP: "127.0.0.1:51708" proto: "HTTP/1.1" requestID: "yuanteoh-macbookpro.roam.internal/N7LNMcLIUH-000001" scheme: "http" header: {user-agent: "curl/8.7.1" accept: "*/*" content-type: "application/json" content-length: "2"}} httpResponse: {status: 500 bytes: 167 elapsed: 0.301917}
```
This PR contains toolbox Set up and e2e tests for the following
functionality:
- Load tools
- Load toolsets
- Running tools
- Auth for tools
- Auth for tool parameters
---------
Co-authored-by: Anubhav Dhawan <anubhav756@gmail.com>
