fix: preserve auth for CLI concurrency sweeps#972
Conversation
Comma-list concurrency runs expand into separate benchmark configs before execution. Keep runtime-only expansion faithful so each generated run can authenticate while exported artifacts continue to redact secrets. Signed-off-by: Aaron Batilo <abatilo@coreweave.com>
Try out this PRQuick install: pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@be14801e04bb7e36ff6676c962c3d834411c0a29Recommended with virtual environment (using uv): uv venv --python 3.12 && source .venv/bin/activate
uv pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@be14801e04bb7e36ff6676c962c3d834411c0a29Last updated for commit: |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughThe pull request changes how benchmark plans preserve secrets during sweep expansion. ChangesSecret Preservation in Sweep Expansion
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
ajcasagrande
left a comment
There was a problem hiding this comment.
Thanks for the fix, @abatilo. This looks good to me.
I reviewed the build_benchmark_plan() path and the existing JSON-only api_key redaction serializer, then ran the focused tests/unit/config/test_cli_magic_list_sugar.py regression test. I also reproduced the flow with the real aiperf CLI against the in-repo mock server using --api-key sk-real-prod-key --concurrency 1,2.
To double-check the runtime behavior, I temporarily instrumented the mock server in a temp checkout to log the incoming Authorization header. The expanded sweep sent Authorization: Bearer sk-real-prod-key for requests from both concurrency variations, while generated run_config.json files kept the key redacted and a recursive artifact grep found no raw API key.
Nice targeted change, and the regression test covers the important bit.
Addresses PR ai-dynamo#982 review feedback from ajcasagrande, coderabbitai, and dynamo-ops. Three issues raised: 1. Stale env-var leakage (CRITICAL — reproduced by ajcasagrande). `_run_benchmark_subprocess` copies the parent env wholesale, then only conditionally sets AIPERF_INJECTED_* when the current run has credentials. A stale value left in the parent shell (from a prior aiperf run, CI wrapper, etc.) would pass through and the subprocess would overlay it onto a run that configured no sensitive headers, sending an unintended credential to the upstream. Reproduced by ajcasagrande with the in-repo mock server: parent env AIPERF_INJECTED_HEADERS={"Authorization":"Bearer stale"} + child run with only X-Trace-Id => upstream saw Authorization. Fix: env.pop() all three internal injection vars after os.environ.copy(), before the conditional re-set. 2. URL userinfo redaction (dynamo-ops). EndpointConfig.urls has an unconditional _redact_urls field_serializer (no when_used="json" guard), so mode="python" dumps still strip user:pass@. Two parts: (a) planners now pass context={"include_secrets": True} alongside mode="python", matching the pattern PR ai-dynamo#972 used in plan.py; (b) local_executor adds AIPERF_INJECTED_ENDPOINT_URLS env-var IPC, set only when at least one URL would be redacted, mirroring the api_key + headers channels. 3. Malformed env-var hardening (coderabbitai). JSON parsing of the injected env vars moved into the try block so malformed payloads surface via the structured error envelope; payload shape now validated (dict for headers, list[str] for urls) before use. Extracted _parse_injected_dict and _parse_injected_str_list helpers to keep main() under the cyclomatic complexity threshold. Also: type hints added to all new test functions per CLAUDE.md. Test coverage: 9 new regression tests across executor + 3 planner suites (stale-env isolation, URL userinfo end-to-end, malformed-payload rejection, planner URL userinfo preservation). Full unit suite at 12,695 passing (was 12,686 on the original commit). Pre-commit fully green including check-ergonomics and check-ruff-baselined. Signed-off-by: Jimmy Whitaker <jimmy.whitaker@baseten.co>
Comma-list concurrency runs expand into separate benchmark configs before execution. Keep runtime-only expansion faithful so each generated run can authenticate while exported artifacts continue to redact secrets.
Signed-off-by: Aaron Batilo abatilo@coreweave.com