I’m following the doc on how to set up Authorization in Weaviate here
My config:
# docker compose: (env variables)
..
environment:
AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'false'
AUTHENTICATION_APIKEY_ENABLED: 'true'
AUTHENTICATION_APIKEY_ALLOWED_KEYS: 'key-1,key-2'
AUTHENTICATION_APIKEY_USERS: 'admin,read-only'
AUTHORIZATION_ADMINLIST_ENABLED: 'true'
AUTHORIZATION_ADMINLIST_USERS: 'admin'
AUTHORIZATION_ADMINLIST_READONLY_USERS: 'read-only'
When instanciating the client (using weaviate 4.15.1):
import weaviate
from weaviate.connect import ConnectionParams
from weaviate.classes.init import Auth
weaviate_auth = Auth.api_key(os.environ["WEAVIATE_AUTH_KEY"])
weaviate_client = weaviate.WeaviateClient(
connection_params=ConnectionParams.from_params(
...http and grpc configs
),
auth_client_secret=weaviate_auth,
)
I don’t see any way in auth configuration or connection params to specify which user is being used. I tested passing different keys in weaviate_auth : key-1 vs key-2 and indeed when I pass key-2 I can’t create an index (since key-2 is mapped to a read only user)
Is weaviate determining which user is making the API call based on the auth key ?
My guy feeling was to use the same auth key for both and mention in the client init which user am I using.