feat: add multi model credentials (#24451)

Co-authored-by: zxhlyh <jasonapring2015@outlook.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-08 07:14:14 +00:00 · 2025-08-25 16:12:29 +08:00
parent b08bfa203a
commit 6010d5f24c
65 changed files with 5202 additions and 1814 deletions
--- a/api/migrations/versions/2025_08_09_1553-e8446f481c1e_add_provider_credential_pool_support.py
+++ b/api/migrations/versions/2025_08_09_1553-e8446f481c1e_add_provider_credential_pool_support.py
@@ -0,0 +1,177 @@
+"""Add provider multi credential support
+
+Revision ID: e8446f481c1e
+Revises: 8bcc02c9bd07
+Create Date: 2025-08-09 15:53:54.341341
+
+"""
+from alembic import op
+import models as models
+import sqlalchemy as sa
+from sqlalchemy.sql import table, column
+import uuid
+
+# revision identifiers, used by Alembic.
+revision = 'e8446f481c1e'
+down_revision = 'fa8b0fa6f407'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Create provider_credentials table
+    op.create_table('provider_credentials',
+    sa.Column('id', models.types.StringUUID(), server_default=sa.text('uuid_generate_v4()'), nullable=False),
+    sa.Column('tenant_id', models.types.StringUUID(), nullable=False),
+    sa.Column('provider_name', sa.String(length=255), nullable=False),
+    sa.Column('credential_name', sa.String(length=255), nullable=False),
+    sa.Column('encrypted_config', sa.Text(), nullable=False),
+    sa.Column('created_at', sa.DateTime(), server_default=sa.text('CURRENT_TIMESTAMP'), nullable=False),
+    sa.Column('updated_at', sa.DateTime(), server_default=sa.text('CURRENT_TIMESTAMP'), nullable=False),
+    sa.PrimaryKeyConstraint('id', name='provider_credential_pkey')
+    )
+
+    # Create index for provider_credentials
+    with op.batch_alter_table('provider_credentials', schema=None) as batch_op:
+        batch_op.create_index('provider_credential_tenant_provider_idx', ['tenant_id', 'provider_name'], unique=False)
+
+    # Add credential_id to providers table
+    with op.batch_alter_table('providers', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('credential_id', models.types.StringUUID(), nullable=True))
+
+    # Add credential_id to load_balancing_model_configs table
+    with op.batch_alter_table('load_balancing_model_configs', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('credential_id', models.types.StringUUID(), nullable=True))
+
+    migrate_existing_providers_data()
+
+    # Remove encrypted_config column from providers table after migration
+    with op.batch_alter_table('providers', schema=None) as batch_op:
+        batch_op.drop_column('encrypted_config')
+
+
+def migrate_existing_providers_data():
+    """migrate providers table data to provider_credentials"""
+
+    # Define table structure for data manipulation
+    providers_table = table('providers',
+        column('id', models.types.StringUUID()),
+        column('tenant_id', models.types.StringUUID()),
+        column('provider_name', sa.String()),
+        column('encrypted_config', sa.Text()),
+        column('created_at', sa.DateTime()),
+        column('updated_at', sa.DateTime()),
+        column('credential_id', models.types.StringUUID()),
+    )
+    
+    provider_credential_table = table('provider_credentials',
+        column('id', models.types.StringUUID()),
+        column('tenant_id', models.types.StringUUID()),
+        column('provider_name', sa.String()),
+        column('credential_name', sa.String()),
+        column('encrypted_config', sa.Text()),
+        column('created_at', sa.DateTime()),
+        column('updated_at', sa.DateTime())
+    )
+
+    # Get database connection
+    conn = op.get_bind()
+
+    # Query all existing providers data
+    existing_providers = conn.execute(
+        sa.select(providers_table.c.id, providers_table.c.tenant_id, 
+                 providers_table.c.provider_name, providers_table.c.encrypted_config,
+                 providers_table.c.created_at, providers_table.c.updated_at)
+        .where(providers_table.c.encrypted_config.isnot(None))
+    ).fetchall()
+    
+    # Iterate through each provider and insert into provider_credentials
+    for provider in existing_providers:
+        credential_id = str(uuid.uuid4())
+        if not provider.encrypted_config or provider.encrypted_config.strip() == '':
+            continue
+
+        # Insert into provider_credentials table
+        conn.execute(
+            provider_credential_table.insert().values(
+                id=credential_id,
+                tenant_id=provider.tenant_id,
+                provider_name=provider.provider_name,
+                credential_name='API_KEY1',  # Use a default name
+                encrypted_config=provider.encrypted_config,
+                created_at=provider.created_at,
+                updated_at=provider.updated_at
+            )
+        )
+
+        # Update original providers table, set credential_id
+        conn.execute(
+            providers_table.update()
+            .where(providers_table.c.id == provider.id)
+            .values(
+                credential_id=credential_id,
+            )
+        )
+
+def downgrade():
+    # Re-add encrypted_config column to providers table
+    with op.batch_alter_table('providers', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('encrypted_config', sa.Text(), nullable=True))
+
+    # Migrate data back from provider_credentials to providers
+    migrate_data_back_to_providers()
+
+    # Remove credential_id columns
+    with op.batch_alter_table('load_balancing_model_configs', schema=None) as batch_op:
+        batch_op.drop_column('credential_id')
+
+    with op.batch_alter_table('providers', schema=None) as batch_op:
+        batch_op.drop_column('credential_id')
+
+    # Drop provider_credentials table
+    op.drop_table('provider_credentials')
+
+
+def migrate_data_back_to_providers():
+    """Migrate data back from provider_credentials to providers table for downgrade"""
+    
+    # Define table structure for data manipulation
+    providers_table = table('providers',
+        column('id', models.types.StringUUID()),
+        column('tenant_id', models.types.StringUUID()),
+        column('provider_name', sa.String()),
+        column('encrypted_config', sa.Text()),
+        column('credential_id', models.types.StringUUID()),
+    )
+    
+    provider_credential_table = table('provider_credentials',
+        column('id', models.types.StringUUID()),
+        column('tenant_id', models.types.StringUUID()),
+        column('provider_name', sa.String()),
+        column('credential_name', sa.String()),
+        column('encrypted_config', sa.Text()),
+    )
+
+    # Get database connection
+    conn = op.get_bind()
+
+    # Query providers that have credential_id
+    providers_with_credentials = conn.execute(
+        sa.select(providers_table.c.id, providers_table.c.credential_id)
+        .where(providers_table.c.credential_id.isnot(None))
+    ).fetchall()
+    
+    # For each provider, get the credential data and update providers table
+    for provider in providers_with_credentials:
+        credential = conn.execute(
+            sa.select(provider_credential_table.c.encrypted_config)
+            .where(provider_credential_table.c.id == provider.credential_id)
+        ).fetchone()
+        
+        if credential:
+            # Update providers table with encrypted_config from credential
+            conn.execute(
+                providers_table.update()
+                .where(providers_table.c.id == provider.id)
+                .values(encrypted_config=credential.encrypted_config)
+            )
--- a/api/migrations/versions/2025_08_13_1605-0e154742a5fa_add_provider_model_multi_credential.py
+++ b/api/migrations/versions/2025_08_13_1605-0e154742a5fa_add_provider_model_multi_credential.py
@@ -0,0 +1,186 @@
+"""Add provider model multi credential support
+
+Revision ID: 0e154742a5fa
+Revises: e8446f481c1e
+Create Date: 2025-08-13 16:05:42.657730
+
+"""
+import uuid
+
+from alembic import op
+import models as models
+import sqlalchemy as sa
+from sqlalchemy.sql import table, column
+
+
+# revision identifiers, used by Alembic.
+revision = '0e154742a5fa'
+down_revision = 'e8446f481c1e'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Create provider_model_credentials table
+    op.create_table('provider_model_credentials',
+    sa.Column('id', models.types.StringUUID(), server_default=sa.text('uuid_generate_v4()'), nullable=False),
+    sa.Column('tenant_id', models.types.StringUUID(), nullable=False),
+    sa.Column('provider_name', sa.String(length=255), nullable=False),
+    sa.Column('model_name', sa.String(length=255), nullable=False),
+    sa.Column('model_type', sa.String(length=40), nullable=False),
+    sa.Column('credential_name', sa.String(length=255), nullable=False),
+    sa.Column('encrypted_config', sa.Text(), nullable=False),
+    sa.Column('created_at', sa.DateTime(), server_default=sa.text('CURRENT_TIMESTAMP'), nullable=False),
+    sa.Column('updated_at', sa.DateTime(), server_default=sa.text('CURRENT_TIMESTAMP'), nullable=False),
+    sa.PrimaryKeyConstraint('id', name='provider_model_credential_pkey')
+    )
+
+    # Create index for provider_model_credentials
+    with op.batch_alter_table('provider_model_credentials', schema=None) as batch_op:
+        batch_op.create_index('provider_model_credential_tenant_provider_model_idx', ['tenant_id', 'provider_name', 'model_name', 'model_type'], unique=False)
+
+    # Add credential_id to provider_models table
+    with op.batch_alter_table('provider_models', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('credential_id', models.types.StringUUID(), nullable=True))
+
+
+    # Add credential_source_type to load_balancing_model_configs table
+    with op.batch_alter_table('load_balancing_model_configs', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('credential_source_type', sa.String(length=40), nullable=True))
+
+    # Migrate existing provider_models data
+    migrate_existing_provider_models_data()
+
+    # Remove encrypted_config column from provider_models table after migration
+    with op.batch_alter_table('provider_models', schema=None) as batch_op:
+        batch_op.drop_column('encrypted_config')
+
+
+def migrate_existing_provider_models_data():
+    """migrate provider_models table data to provider_model_credentials"""
+
+    # Define table structure for data manipulation
+    provider_models_table = table('provider_models',
+        column('id', models.types.StringUUID()),
+        column('tenant_id', models.types.StringUUID()),
+        column('provider_name', sa.String()),
+        column('model_name', sa.String()),
+        column('model_type', sa.String()),
+        column('encrypted_config', sa.Text()),
+        column('created_at', sa.DateTime()),
+        column('updated_at', sa.DateTime()),
+        column('credential_id', models.types.StringUUID()),
+    )
+    
+    provider_model_credentials_table = table('provider_model_credentials',
+        column('id', models.types.StringUUID()),
+        column('tenant_id', models.types.StringUUID()),
+        column('provider_name', sa.String()),
+        column('model_name', sa.String()),
+        column('model_type', sa.String()),
+        column('credential_name', sa.String()),
+        column('encrypted_config', sa.Text()),
+        column('created_at', sa.DateTime()),
+        column('updated_at', sa.DateTime())
+    )
+
+
+    # Get database connection
+    conn = op.get_bind()
+
+    # Query all existing provider_models data with encrypted_config
+    existing_provider_models = conn.execute(
+        sa.select(provider_models_table.c.id, provider_models_table.c.tenant_id, 
+                 provider_models_table.c.provider_name, provider_models_table.c.model_name,
+                 provider_models_table.c.model_type, provider_models_table.c.encrypted_config,
+                 provider_models_table.c.created_at, provider_models_table.c.updated_at)
+        .where(provider_models_table.c.encrypted_config.isnot(None))
+    ).fetchall()
+    
+    # Iterate through each provider_model and insert into provider_model_credentials
+    for provider_model in existing_provider_models:
+        if not provider_model.encrypted_config or provider_model.encrypted_config.strip() == '':
+            continue
+
+        credential_id = str(uuid.uuid4())
+
+        # Insert into provider_model_credentials table
+        conn.execute(
+            provider_model_credentials_table.insert().values(
+                id=credential_id,
+                tenant_id=provider_model.tenant_id,
+                provider_name=provider_model.provider_name,
+                model_name=provider_model.model_name,
+                model_type=provider_model.model_type,
+                credential_name='API_KEY1',  # Use a default name
+                encrypted_config=provider_model.encrypted_config,
+                created_at=provider_model.created_at,
+                updated_at=provider_model.updated_at
+            )
+        )
+
+        # Update original provider_models table, set credential_id
+        conn.execute(
+            provider_models_table.update()
+            .where(provider_models_table.c.id == provider_model.id)
+            .values(credential_id=credential_id)
+        )
+
+
+def downgrade():
+    # Re-add encrypted_config column to provider_models table
+    with op.batch_alter_table('provider_models', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('encrypted_config', sa.Text(), nullable=True))
+
+    # Migrate data back from provider_model_credentials to provider_models
+    migrate_data_back_to_provider_models()
+
+    with op.batch_alter_table('provider_models', schema=None) as batch_op:
+        batch_op.drop_column('credential_id')
+
+    # Remove credential_source_type column from load_balancing_model_configs
+    with op.batch_alter_table('load_balancing_model_configs', schema=None) as batch_op:
+        batch_op.drop_column('credential_source_type')
+
+    # Drop provider_model_credentials table
+    op.drop_table('provider_model_credentials')
+
+
+def migrate_data_back_to_provider_models():
+    """Migrate data back from provider_model_credentials to provider_models table for downgrade"""
+    
+    # Define table structure for data manipulation
+    provider_models_table = table('provider_models',
+        column('id', models.types.StringUUID()),
+        column('encrypted_config', sa.Text()),
+        column('credential_id', models.types.StringUUID()),
+    )
+    
+    provider_model_credentials_table = table('provider_model_credentials',
+        column('id', models.types.StringUUID()),
+        column('encrypted_config', sa.Text()),
+    )
+
+    # Get database connection
+    conn = op.get_bind()
+
+    # Query provider_models that have credential_id
+    provider_models_with_credentials = conn.execute(
+        sa.select(provider_models_table.c.id, provider_models_table.c.credential_id)
+        .where(provider_models_table.c.credential_id.isnot(None))
+    ).fetchall()
+    
+    # For each provider_model, get the credential data and update provider_models table
+    for provider_model in provider_models_with_credentials:
+        credential = conn.execute(
+            sa.select(provider_model_credentials_table.c.encrypted_config)
+            .where(provider_model_credentials_table.c.id == provider_model.credential_id)
+        ).fetchone()
+        
+        if credential:
+            # Update provider_models table with encrypted_config from credential
+            conn.execute(
+                provider_models_table.update()
+                .where(provider_models_table.c.id == provider_model.id)
+                .values(encrypted_config=credential.encrypted_config)
+            )