deploy/run env var

anishxyz · anishxyz · commit ec0b159df5a9 · 2025-07-22T16:18:30.000-07:00
diff --git a/src/agentex/lib/cli/handlers/auth_handlers.py b/src/agentex/lib/cli/handlers/auth_handlers.py
@@ -0,0 +1,18 @@
+import base64
+import json
+
+from agentex.lib.sdk.config.agent_manifest import AgentManifest
+
+
+# Base 64 encode principal dictionary
+def _encode_principal_context(manifest: AgentManifest):
+    if manifest.auth is None:
+        return None
+
+    principal = manifest.auth.principal
+    if principal is None:
+        return None
+
+    json_str = json.dumps(principal, separators=(',', ':'))
+    encoded_bytes = base64.b64encode(json_str.encode('utf-8'))
+    return encoded_bytes.decode('utf-8')
diff --git a/src/agentex/lib/cli/handlers/deploy_handlers.py b/src/agentex/lib/cli/handlers/deploy_handlers.py
@@ -8,8 +8,10 @@
 from pydantic import BaseModel, Field
 from rich.console import Console
 
+from agentex.lib.cli.handlers.auth_handlers import _encode_principal_context
 from agentex.lib.cli.utils.exceptions import DeploymentError, HelmError
 from agentex.lib.cli.utils.kubectl_utils import check_and_switch_cluster_context
+from agentex.lib.environment_variables import EnvVarKeys
 from agentex.lib.sdk.config.agent_config import AgentConfig
 from agentex.lib.sdk.config.agent_manifest import AgentManifest
 from agentex.lib.sdk.config.deployment_config import ClusterConfig
@@ -163,10 +165,13 @@ def merge_deployment_configs(
             helm_values[TEMPORAL_WORKER_KEY]["secretEnvVars"] = secret_env_vars
 
     # Set the agent_config env vars first to the helm values and so then it can be overriden by the cluster config
+    encoded_principal = _encode_principal_context(manifest)
     if agent_config.env:
         helm_values["env"] = agent_config.env
         if TEMPORAL_WORKER_KEY in helm_values:
             helm_values[TEMPORAL_WORKER_KEY]["env"] = agent_config.env
+        if encoded_principal:
+            helm_values["env"][EnvVarKeys.AUTH_PRINCIPAL_B64] = encoded_principal
 
     if manifest.deployment and manifest.deployment.imagePullSecrets:
         pull_secrets = [
diff --git a/src/agentex/lib/cli/handlers/run_handlers.py b/src/agentex/lib/cli/handlers/run_handlers.py
@@ -6,10 +6,12 @@
 from rich.console import Console
 from rich.panel import Panel
 
+from agentex.lib.cli.handlers.auth_handlers import _encode_principal_context
 from agentex.lib.cli.handlers.cleanup_handlers import (
     cleanup_agent_workflows,
     should_cleanup_on_restart
 )
+from agentex.lib.environment_variables import EnvVarKeys
 from agentex.lib.sdk.config.agent_manifest import AgentManifest
 from agentex.lib.utils.logging import make_logger
 
@@ -427,6 +429,11 @@ def create_agent_environment(manifest: AgentManifest) -> dict[str, str]:
         "ACP_PORT": str(manifest.local_development.agent.port),
     }
 
+    # Add authorization principal if set
+    encoded_principal = _encode_principal_context(manifest)
+    if encoded_principal:
+        env_vars[EnvVarKeys.AUTH_PRINCIPAL_B64] = encoded_principal
+
     # Add description if available
     if manifest.agent.description:
         env_vars["AGENT_DESCRIPTION"] = manifest.agent.description
diff --git a/src/agentex/lib/environment_variables.py b/src/agentex/lib/environment_variables.py
@@ -27,7 +27,7 @@ class EnvVarKeys(str, Enum):
     # Workflow Configuraiton
     WORKFLOW_NAME = "WORKFLOW_NAME"
     WORKFLOW_TASK_QUEUE = "WORKFLOW_TASK_QUEUE"
-    BASE64_AUTH_PRINCIPAL = "BASE64_AUTH_PRINCIPAL"
+    AUTH_PRINCIPAL_B64 = "AUTH_PRINCIPAL_B64"
 
 
 class Environment(str, Enum):
diff --git a/src/agentex/lib/sdk/config/agent_manifest.py b/src/agentex/lib/sdk/config/agent_manifest.py
@@ -15,7 +15,7 @@
 
 from agentex.lib.sdk.config.agent_config import AgentConfig
 from agentex.lib.sdk.config.build_config import BuildConfig
-from agentex.lib.sdk.config.deployment_config import DeploymentConfig
+from agentex.lib.sdk.config.deployment_config import DeploymentConfig, AuthenticationConfig
 from agentex.lib.sdk.config.local_development_config import LocalDevelopmentConfig
 from agentex.lib.utils.logging import make_logger
 from agentex.lib.utils.model_utils import BaseModel
@@ -36,6 +36,7 @@ class AgentManifest(BaseModel):
     deployment: DeploymentConfig | None = Field(
         default=None, description="Deployment configuration for the agent"
     )
+    auth: AuthenticationConfig | None = Field(default=None, description="Authentication configuration")
 
     def context_manager(self, build_context_root: Path) -> BuildContextManager:
         """
diff --git a/src/agentex/lib/sdk/config/deployment_config.py b/src/agentex/lib/sdk/config/deployment_config.py
@@ -1,4 +1,4 @@
-from typing import Any
+from typing import Any, Dict
 
 from pydantic import Field
 
@@ -90,6 +90,10 @@ class ClusterConfig(BaseModel):
     )
 
 
+class AuthenticationConfig(BaseModel):
+    principal: Dict[str, Any] = Field(description="Principal used for authorization on registration")
+
+
 class InjectedImagePullSecretValues(BaseModel):
     """Values for image pull secrets"""
 
