diff --git a/README.md b/README.md
index 4729b8363..5f56db617 100644
--- a/README.md
+++ b/README.md
@@ -306,7 +306,6 @@ name: foo bar baz
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -531,7 +530,6 @@ name: foo bar baz
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -639,7 +637,6 @@ It is possible to configure CORS handling. This configuration is part of service
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/dev-tools/test-configs/mcp-mock-test.yaml b/dev-tools/test-configs/mcp-mock-test.yaml
index 4760e03cf..d32973cdc 100644
--- a/dev-tools/test-configs/mcp-mock-test.yaml
+++ b/dev-tools/test-configs/mcp-mock-test.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service - MCP Mock Server Test
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/docs/config.html b/docs/config.html
index a58451783..8c365a38a 100644
--- a/docs/config.html
+++ b/docs/config.html
@@ -1351,11 +1351,6 @@ ServiceConfiguration
support.
- | auth_enabled |
- boolean |
- Enables the authentication subsystem |
-
-
| workers |
integer |
Number of Uvicorn worker processes to start |
diff --git a/docs/config.json b/docs/config.json
index f9f1e0234..25fcc096a 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -953,12 +953,6 @@
"title": "Port",
"type": "integer"
},
- "auth_enabled": {
- "default": false,
- "description": "Enables the authentication subsystem",
- "title": "Authentication enabled",
- "type": "boolean"
- },
"workers": {
"default": 1,
"description": "Number of Uvicorn worker processes to start",
diff --git a/docs/config.md b/docs/config.md
index 99df0eb4d..cff259a16 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -505,7 +505,6 @@ the service can handle requests concurrently.
| host | string | Service hostname |
| port | integer | Service port |
| base_url | string | Externally reachable base URL for the service; needed for A2A support. |
-| auth_enabled | boolean | Enables the authentication subsystem |
| workers | integer | Number of Uvicorn worker processes to start |
| color_log | boolean | Enables colorized logging |
| access_log | boolean | Enables logging of all access information |
diff --git a/docs/config.puml b/docs/config.puml
index 250c4a4b6..526956263 100644
--- a/docs/config.puml
+++ b/docs/config.puml
@@ -169,7 +169,6 @@ class "SQLiteDatabaseConfiguration" as src.models.config.SQLiteDatabaseConfigura
}
class "ServiceConfiguration" as src.models.config.ServiceConfiguration {
access_log : bool
- auth_enabled : bool
color_log : bool
cors
host : str
diff --git a/docs/config.svg b/docs/config.svg
index 7c7d91186..2dfc0958f 100644
--- a/docs/config.svg
+++ b/docs/config.svg
@@ -366,8 +366,7 @@
ServiceConfiguration
access_log : bool
- auth_enabled : bool
- color_log : bool
+ color_log : bool
cors
host : str
port
diff --git a/docs/deployment_guide.md b/docs/deployment_guide.md
index a619d8a31..6791dbe10 100644
--- a/docs/deployment_guide.md
+++ b/docs/deployment_guide.md
@@ -1086,7 +1086,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -1241,7 +1240,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/docs/getting_started.md b/docs/getting_started.md
index d75596f3b..0d9f0fc45 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -252,7 +252,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/docs/openapi.json b/docs/openapi.json
index cfbed3a8c..b528e0087 100644
--- a/docs/openapi.json
+++ b/docs/openapi.json
@@ -1829,7 +1829,6 @@
},
"service": {
"access_log": true,
- "auth_enabled": false,
"color_log": true,
"cors": {
"allow_credentials": false,
@@ -5499,7 +5498,6 @@
},
"service": {
"access_log": true,
- "auth_enabled": false,
"color_log": true,
"cors": {
"allow_credentials": false,
@@ -8526,12 +8524,6 @@
"title": "Base URL",
"description": "Externally reachable base URL for the service; needed for A2A support."
},
- "auth_enabled": {
- "type": "boolean",
- "title": "Authentication enabled",
- "description": "Enables the authentication subsystem",
- "default": false
- },
"workers": {
"type": "integer",
"exclusiveMinimum": 0.0,
diff --git a/docs/openapi.md b/docs/openapi.md
index c000004a0..8bfd6311e 100644
--- a/docs/openapi.md
+++ b/docs/openapi.md
@@ -5351,7 +5351,6 @@ the service can handle requests concurrently.
| host | string | Service hostname |
| port | integer | Service port |
| base_url | | Externally reachable base URL for the service; needed for A2A support. |
-| auth_enabled | boolean | Enables the authentication subsystem |
| workers | integer | Number of Uvicorn worker processes to start |
| color_log | boolean | Enables colorized logging |
| access_log | boolean | Enables logging of all access information |
diff --git a/examples/lightspeed-stack-a2a-state-pg.yaml b/examples/lightspeed-stack-a2a-state-pg.yaml
index 0c003a670..9feaae3e3 100644
--- a/examples/lightspeed-stack-a2a-state-pg.yaml
+++ b/examples/lightspeed-stack-a2a-state-pg.yaml
@@ -3,7 +3,6 @@ service:
host: localhost
port: 8080
base_url: "https://lightspeed.example.com"
- auth_enabled: false
workers: 4
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-a2a-state-sqlite.yaml b/examples/lightspeed-stack-a2a-state-sqlite.yaml
index fd800f966..7d57ec970 100644
--- a/examples/lightspeed-stack-a2a-state-sqlite.yaml
+++ b/examples/lightspeed-stack-a2a-state-sqlite.yaml
@@ -3,7 +3,6 @@ service:
host: localhost
port: 8080
base_url: "http://localhost:8080"
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-api-key-auth.yaml b/examples/lightspeed-stack-api-key-auth.yaml
index 29efd001c..d107250dc 100644
--- a/examples/lightspeed-stack-api-key-auth.yaml
+++ b/examples/lightspeed-stack-api-key-auth.yaml
@@ -2,7 +2,6 @@ name: API Key Token Authentication Example
service:
host: localhost
port: 8080
- auth_enabled: true
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-azure-entraid-lib.yaml b/examples/lightspeed-stack-azure-entraid-lib.yaml
index 47932ac3d..e5b3993c6 100644
--- a/examples/lightspeed-stack-azure-entraid-lib.yaml
+++ b/examples/lightspeed-stack-azure-entraid-lib.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-azure-entraid-service.yaml b/examples/lightspeed-stack-azure-entraid-service.yaml
index fcbbc1218..eb779d143 100644
--- a/examples/lightspeed-stack-azure-entraid-service.yaml
+++ b/examples/lightspeed-stack-azure-entraid-service.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-byok-rag.yaml b/examples/lightspeed-stack-byok-rag.yaml
index 7780ac21f..a9639a4c9 100644
--- a/examples/lightspeed-stack-byok-rag.yaml
+++ b/examples/lightspeed-stack-byok-rag.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-conversation-cache-pg.yaml b/examples/lightspeed-stack-conversation-cache-pg.yaml
index 4ad044341..45f91a679 100644
--- a/examples/lightspeed-stack-conversation-cache-pg.yaml
+++ b/examples/lightspeed-stack-conversation-cache-pg.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-conversation-cache-sqlite.yaml b/examples/lightspeed-stack-conversation-cache-sqlite.yaml
index 20f16c89a..983548b98 100644
--- a/examples/lightspeed-stack-conversation-cache-sqlite.yaml
+++ b/examples/lightspeed-stack-conversation-cache-sqlite.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-lls-external.yaml b/examples/lightspeed-stack-lls-external.yaml
index e38f2dd62..aee1c0179 100644
--- a/examples/lightspeed-stack-lls-external.yaml
+++ b/examples/lightspeed-stack-lls-external.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-lls-library.yaml b/examples/lightspeed-stack-lls-library.yaml
index 386a97ea3..7c01a20a6 100644
--- a/examples/lightspeed-stack-lls-library.yaml
+++ b/examples/lightspeed-stack-lls-library.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-mcp-servers.yaml b/examples/lightspeed-stack-mcp-servers.yaml
index e71d0eb20..c88e95aab 100644
--- a/examples/lightspeed-stack-mcp-servers.yaml
+++ b/examples/lightspeed-stack-mcp-servers.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-quota-limiter-pg.yaml b/examples/lightspeed-stack-quota-limiter-pg.yaml
index 889f1ce44..255794103 100644
--- a/examples/lightspeed-stack-quota-limiter-pg.yaml
+++ b/examples/lightspeed-stack-quota-limiter-pg.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-quota-limiter-sqlite.yaml b/examples/lightspeed-stack-quota-limiter-sqlite.yaml
index f222ab43f..90b527c68 100644
--- a/examples/lightspeed-stack-quota-limiter-sqlite.yaml
+++ b/examples/lightspeed-stack-quota-limiter-sqlite.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-rh-identity.yaml b/examples/lightspeed-stack-rh-identity.yaml
index 8c6e9edac..c1b09dbda 100644
--- a/examples/lightspeed-stack-rh-identity.yaml
+++ b/examples/lightspeed-stack-rh-identity.yaml
@@ -2,7 +2,6 @@ name: Red Hat Identity Authentication Example
service:
host: localhost
port: 8080
- auth_enabled: true
workers: 1
color_log: true
access_log: true
diff --git a/examples/lightspeed-stack-rlsapi-cla.yaml b/examples/lightspeed-stack-rlsapi-cla.yaml
index 8dcedfa2b..d9b454c53 100644
--- a/examples/lightspeed-stack-rlsapi-cla.yaml
+++ b/examples/lightspeed-stack-rlsapi-cla.yaml
@@ -7,7 +7,6 @@ name: RHEL Lightspeed CLA Configuration Example
service:
host: localhost
port: 8080
- auth_enabled: true
workers: 1
color_log: true
access_log: true
diff --git a/examples/quota-limiter-configuration-pg.yaml b/examples/quota-limiter-configuration-pg.yaml
index d5a46aa9e..f2e46a9bb 100644
--- a/examples/quota-limiter-configuration-pg.yaml
+++ b/examples/quota-limiter-configuration-pg.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/examples/quota-limiter-configuration-sqlite.yaml b/examples/quota-limiter-configuration-sqlite.yaml
index 2bceaafb7..8c8e863dd 100644
--- a/examples/quota-limiter-configuration-sqlite.yaml
+++ b/examples/quota-limiter-configuration-sqlite.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/lightspeed-stack.yaml b/lightspeed-stack.yaml
index ba29f85fa..06110b025 100644
--- a/lightspeed-stack.yaml
+++ b/lightspeed-stack.yaml
@@ -3,7 +3,6 @@ service:
host: 0.0.0.0
port: 8080
base_url: http://localhost:8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/src/authentication/k8s.py b/src/authentication/k8s.py
index 311f17b94..bf65f4b95 100644
--- a/src/authentication/k8s.py
+++ b/src/authentication/k8s.py
@@ -224,6 +224,7 @@ def get_user_info(token: str) -> Optional[kubernetes.client.V1TokenReview]:
Raises:
HTTPException: If unable to connect to Kubernetes API or unexpected error occurs.
"""
+ logger.debug("Starting Kubernetes TokenReview for token validation")
try:
auth_api = K8sClientSingleton.get_authn_api()
except Exception as e:
@@ -240,7 +241,18 @@ def get_user_info(token: str) -> Optional[kubernetes.client.V1TokenReview]:
try:
response = auth_api.create_token_review(token_review)
if response.status.authenticated:
+ logger.debug(
+ "TokenReview succeeded: user='%s', uid='%s', groups=%s",
+ response.status.user.username,
+ response.status.user.uid,
+ response.status.user.groups,
+ )
return response.status
+ logger.debug(
+ "TokenReview failed: token not authenticated. "
+ "Error from API: %s",
+ getattr(response.status, "error", "no error message"),
+ )
return None
except Exception as e: # pylint: disable=broad-exception-caught
logger.error("API exception during TokenReview: %s", e)
@@ -294,22 +306,45 @@ async def __call__(self, request: Request) -> tuple[str, str, bool, str]:
Raises:
HTTPException: If authentication or authorization fails.
"""
+ logger.debug(
+ "K8S auth: processing request to path='%s', virtual_path='%s'",
+ request.url.path,
+ self.virtual_path,
+ )
+
# LCORE-694: Config option to skip authorization for readiness and liveness probe
if not request.headers.get("Authorization"):
if configuration.authentication_configuration.skip_for_health_probes:
if request.url.path in ("/readiness", "/liveness"):
+ logger.debug(
+ "Skipping auth for health probe endpoint: %s", request.url.path
+ )
return NO_AUTH_TUPLE
token = extract_user_token(request.headers)
user_info = get_user_info(token)
if user_info is None:
+ logger.debug(
+ "K8S auth: authentication failed - token validation returned no user info. "
+ "Token may be invalid or expired."
+ )
response = UnauthorizedResponse(cause="Invalid or expired Kubernetes token")
raise HTTPException(**response.model_dump())
+ logger.debug(
+ "K8S auth: token validated successfully for user='%s', uid='%s'",
+ user_info.user.username,
+ user_info.user.uid,
+ )
+
if user_info.user.username == "kube:admin":
try:
user_info.user.uid = K8sClientSingleton.get_cluster_id()
+ logger.debug(
+ "K8S auth: kube:admin user detected, using cluster_id as uid='%s'",
+ user_info.user.uid,
+ )
except ClusterIDUnavailableError as e:
logger.error("Failed to get cluster ID: %s", e)
response = InternalServerErrorResponse(
@@ -329,7 +364,14 @@ async def __call__(self, request: Request) -> tuple[str, str, bool, str]:
),
)
)
- response = authorization_api.create_subject_access_review(sar)
+ logger.debug(
+ "K8S auth: submitting SubjectAccessReview - user='%s', groups=%s, "
+ "path='%s', verb='get'",
+ user_info.user.username,
+ user_info.user.groups,
+ self.virtual_path,
+ )
+ sar_response = authorization_api.create_subject_access_review(sar)
except Exception as e:
logger.error("API exception during SubjectAccessReview: %s", e)
@@ -339,10 +381,27 @@ async def __call__(self, request: Request) -> tuple[str, str, bool, str]:
)
raise HTTPException(**response.model_dump()) from e
- if not response.status.allowed:
+ if not sar_response.status.allowed:
+ logger.debug(
+ "K8S auth: SubjectAccessReview DENIED - user='%s', uid='%s', "
+ "groups=%s, path='%s', verb='get', reason='%s', evaluationError='%s'",
+ user_info.user.username,
+ user_info.user.uid,
+ user_info.user.groups,
+ self.virtual_path,
+ getattr(sar_response.status, "reason", "no reason provided"),
+ getattr(sar_response.status, "evaluation_error", "none"),
+ )
response = ForbiddenResponse.endpoint(user_id=user_info.user.uid)
raise HTTPException(**response.model_dump())
+ logger.debug(
+ "K8S auth: SubjectAccessReview ALLOWED - user='%s', uid='%s', path='%s'",
+ user_info.user.username,
+ user_info.user.uid,
+ self.virtual_path,
+ )
+
return (
user_info.user.uid,
user_info.user.username,
diff --git a/src/authentication/utils.py b/src/authentication/utils.py
index bad539f72..0847c4127 100644
--- a/src/authentication/utils.py
+++ b/src/authentication/utils.py
@@ -1,9 +1,13 @@
"""Authentication utility functions."""
+import logging
+
from fastapi import HTTPException
from starlette.datastructures import Headers
from models.responses import UnauthorizedResponse
+logger = logging.getLogger(__name__)
+
def extract_user_token(headers: Headers) -> str:
"""Extract the bearer token from an HTTP Authorization header.
@@ -18,14 +22,36 @@ def extract_user_token(headers: Headers) -> str:
Raises:
HTTPException: If the Authorization header is missing or malformed.
"""
+ # Log all header names (not values) for debugging
+ header_names = list(headers.keys())
+ logger.debug("Received request headers: %s", header_names)
+
authorization_header = headers.get("Authorization")
if not authorization_header:
+ logger.debug(
+ "Authentication failed: No Authorization header found. "
+ "Available headers: %s",
+ header_names,
+ )
response = UnauthorizedResponse(cause="No Authorization header found")
raise HTTPException(**response.model_dump())
scheme_and_token = authorization_header.strip().split()
if len(scheme_and_token) != 2 or scheme_and_token[0].lower() != "bearer":
+ logger.debug(
+ "Authentication failed: Authorization header malformed. "
+ "Expected 'Bearer ', got scheme='%s' with %d parts",
+ scheme_and_token[0] if scheme_and_token else "empty",
+ len(scheme_and_token),
+ )
response = UnauthorizedResponse(cause="No token found in Authorization header")
raise HTTPException(**response.model_dump())
- return scheme_and_token[1]
+ # Log token presence without exposing the actual token
+ token = scheme_and_token[1]
+ logger.debug(
+ "Successfully extracted bearer token (length=%d, first_chars=%s...)",
+ len(token),
+ token[:10] if len(token) > 10 else token[:4] + "...",
+ )
+ return token
diff --git a/src/models/config.py b/src/models/config.py
index 9356464cb..ae875db71 100644
--- a/src/models/config.py
+++ b/src/models/config.py
@@ -374,12 +374,6 @@ class ServiceConfiguration(ConfigurationBase):
description="Externally reachable base URL for the service; needed for A2A support.",
)
- auth_enabled: bool = Field(
- False,
- title="Authentication enabled",
- description="Enables the authentication subsystem",
- )
-
workers: PositiveInt = Field(
1,
title="Number of workers",
diff --git a/src/models/responses.py b/src/models/responses.py
index 9b0051315..e8072f3d7 100644
--- a/src/models/responses.py
+++ b/src/models/responses.py
@@ -1205,7 +1205,6 @@ class ConfigurationResponse(AbstractSuccessfulResponse):
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/configuration/lightspeed-stack-proper-name.yaml b/tests/configuration/lightspeed-stack-proper-name.yaml
index ffa9fb5bb..562f353c7 100644
--- a/tests/configuration/lightspeed-stack-proper-name.yaml
+++ b/tests/configuration/lightspeed-stack-proper-name.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/configuration/lightspeed-stack.yaml b/tests/configuration/lightspeed-stack.yaml
index d2b4ab1fa..b0fa418fd 100644
--- a/tests/configuration/lightspeed-stack.yaml
+++ b/tests/configuration/lightspeed-stack.yaml
@@ -2,7 +2,6 @@ name: foo bar baz
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/configuration/rh-identity-config.yaml b/tests/configuration/rh-identity-config.yaml
index 368b69f90..7e5a8a03c 100644
--- a/tests/configuration/rh-identity-config.yaml
+++ b/tests/configuration/rh-identity-config.yaml
@@ -2,7 +2,6 @@ name: RH Identity Test Configuration
service:
host: localhost
port: 8080
- auth_enabled: true
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e-prow/rhoai/configs/lightspeed-stack.yaml b/tests/e2e-prow/rhoai/configs/lightspeed-stack.yaml
index cd667a4f0..b9a03ac3f 100644
--- a/tests/e2e-prow/rhoai/configs/lightspeed-stack.yaml
+++ b/tests/e2e-prow/rhoai/configs/lightspeed-stack.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/library-mode/lightspeed-stack-auth-noop-token.yaml b/tests/e2e/configuration/library-mode/lightspeed-stack-auth-noop-token.yaml
index 4ab62b2b5..66b594388 100644
--- a/tests/e2e/configuration/library-mode/lightspeed-stack-auth-noop-token.yaml
+++ b/tests/e2e/configuration/library-mode/lightspeed-stack-auth-noop-token.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/library-mode/lightspeed-stack-invalid-feedback-storage.yaml b/tests/e2e/configuration/library-mode/lightspeed-stack-invalid-feedback-storage.yaml
index f29418fb1..87b3dee36 100644
--- a/tests/e2e/configuration/library-mode/lightspeed-stack-invalid-feedback-storage.yaml
+++ b/tests/e2e/configuration/library-mode/lightspeed-stack-invalid-feedback-storage.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/library-mode/lightspeed-stack-no-cache.yaml b/tests/e2e/configuration/library-mode/lightspeed-stack-no-cache.yaml
index d54a8ab52..af8d68e2b 100644
--- a/tests/e2e/configuration/library-mode/lightspeed-stack-no-cache.yaml
+++ b/tests/e2e/configuration/library-mode/lightspeed-stack-no-cache.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/library-mode/lightspeed-stack.yaml b/tests/e2e/configuration/library-mode/lightspeed-stack.yaml
index 47257bfb1..bce4a2901 100644
--- a/tests/e2e/configuration/library-mode/lightspeed-stack.yaml
+++ b/tests/e2e/configuration/library-mode/lightspeed-stack.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/server-mode/lightspeed-stack-auth-noop-token.yaml b/tests/e2e/configuration/server-mode/lightspeed-stack-auth-noop-token.yaml
index 960919eda..c15362c57 100644
--- a/tests/e2e/configuration/server-mode/lightspeed-stack-auth-noop-token.yaml
+++ b/tests/e2e/configuration/server-mode/lightspeed-stack-auth-noop-token.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/server-mode/lightspeed-stack-invalid-feedback-storage.yaml b/tests/e2e/configuration/server-mode/lightspeed-stack-invalid-feedback-storage.yaml
index 2474cefa4..9a038260e 100644
--- a/tests/e2e/configuration/server-mode/lightspeed-stack-invalid-feedback-storage.yaml
+++ b/tests/e2e/configuration/server-mode/lightspeed-stack-invalid-feedback-storage.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/server-mode/lightspeed-stack-no-cache.yaml b/tests/e2e/configuration/server-mode/lightspeed-stack-no-cache.yaml
index 03ae32ab8..40b8d2474 100644
--- a/tests/e2e/configuration/server-mode/lightspeed-stack-no-cache.yaml
+++ b/tests/e2e/configuration/server-mode/lightspeed-stack-no-cache.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/e2e/configuration/server-mode/lightspeed-stack.yaml b/tests/e2e/configuration/server-mode/lightspeed-stack.yaml
index cc699ba89..65e13acc5 100644
--- a/tests/e2e/configuration/server-mode/lightspeed-stack.yaml
+++ b/tests/e2e/configuration/server-mode/lightspeed-stack.yaml
@@ -2,7 +2,6 @@ name: Lightspeed Core Service (LCS)
service:
host: 0.0.0.0
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/integration/test_configuration.py b/tests/integration/test_configuration.py
index 294042a51..bf7ab573e 100644
--- a/tests/integration/test_configuration.py
+++ b/tests/integration/test_configuration.py
@@ -54,7 +54,6 @@ def test_loading_proper_configuration(configuration_filename: str) -> None:
# check 'service' section
svc_config = cfg.service_configuration
assert svc_config.host == "localhost"
- assert svc_config.auth_enabled is False
assert svc_config.workers == 1
assert svc_config.color_log is True
assert svc_config.access_log is True
diff --git a/tests/unit/__init__.py b/tests/unit/__init__.py
index a3b151630..b06148043 100644
--- a/tests/unit/__init__.py
+++ b/tests/unit/__init__.py
@@ -8,7 +8,6 @@
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/app/endpoints/test_a2a.py b/tests/unit/app/endpoints/test_a2a.py
index a6ac3db24..c371f6686 100644
--- a/tests/unit/app/endpoints/test_a2a.py
+++ b/tests/unit/app/endpoints/test_a2a.py
@@ -68,7 +68,6 @@ def setup_configuration_fixture(mocker: MockerFixture) -> AppConfig:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"base_url": "http://localhost:8080",
},
"llama_stack": {
@@ -377,7 +376,6 @@ def test_get_agent_card_with_custom_protocol_version(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"base_url": "http://localhost:8080",
},
"llama_stack": {
diff --git a/tests/unit/app/endpoints/test_conversations.py b/tests/unit/app/endpoints/test_conversations.py
index 7e12da21a..8863ca557 100644
--- a/tests/unit/app/endpoints/test_conversations.py
+++ b/tests/unit/app/endpoints/test_conversations.py
@@ -156,7 +156,6 @@ def setup_configuration_fixture() -> AppConfig:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/app/endpoints/test_info.py b/tests/unit/app/endpoints/test_info.py
index 71ffafec4..ce77ecea7 100644
--- a/tests/unit/app/endpoints/test_info.py
+++ b/tests/unit/app/endpoints/test_info.py
@@ -25,7 +25,6 @@ async def test_info_endpoint(mocker: MockerFixture) -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -97,7 +96,6 @@ async def test_info_endpoint_connection_error(mocker: MockerFixture) -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/app/endpoints/test_models.py b/tests/unit/app/endpoints/test_models.py
index a477d7b28..e3a52fbce 100644
--- a/tests/unit/app/endpoints/test_models.py
+++ b/tests/unit/app/endpoints/test_models.py
@@ -63,7 +63,6 @@ async def test_models_endpoint_handler_configuration_loaded(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -120,7 +119,6 @@ async def test_models_endpoint_handler_unable_to_retrieve_models_list(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -177,7 +175,6 @@ async def test_models_endpoint_llama_stack_connection_error(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/app/endpoints/test_query.py b/tests/unit/app/endpoints/test_query.py
index 98981f34c..ebb5edb74 100644
--- a/tests/unit/app/endpoints/test_query.py
+++ b/tests/unit/app/endpoints/test_query.py
@@ -145,7 +145,6 @@ def setup_configuration_fixture() -> AppConfig:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -2015,7 +2014,6 @@ async def test_query_endpoint_rejects_model_provider_override_without_permission
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/app/endpoints/test_shields.py b/tests/unit/app/endpoints/test_shields.py
index d6fe7efb7..0740569c9 100644
--- a/tests/unit/app/endpoints/test_shields.py
+++ b/tests/unit/app/endpoints/test_shields.py
@@ -64,7 +64,6 @@ async def test_shields_endpoint_handler_improper_llama_stack_configuration(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -137,7 +136,6 @@ async def test_shields_endpoint_handler_configuration_loaded(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -195,7 +193,6 @@ async def test_shields_endpoint_handler_unable_to_retrieve_shields_list(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -259,7 +256,6 @@ async def test_shields_endpoint_llama_stack_connection_error(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -319,7 +315,6 @@ async def test_shields_endpoint_handler_success_with_shields_data(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/app/endpoints/test_streaming_query.py b/tests/unit/app/endpoints/test_streaming_query.py
index aad26903a..a3f878d71 100644
--- a/tests/unit/app/endpoints/test_streaming_query.py
+++ b/tests/unit/app/endpoints/test_streaming_query.py
@@ -325,7 +325,6 @@ def setup_configuration_fixture() -> AppConfig:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -1979,7 +1978,6 @@ async def test_streaming_query_endpoint_rejects_model_provider_override_without_
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/authentication/test_k8s.py b/tests/unit/authentication/test_k8s.py
index a200aaad0..203565795 100644
--- a/tests/unit/authentication/test_k8s.py
+++ b/tests/unit/authentication/test_k8s.py
@@ -243,7 +243,6 @@ async def test_auth_dependency_no_token_readiness_liveness_endpoints_1(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -318,7 +317,6 @@ async def test_auth_dependency_no_token_readiness_liveness_endpoints_2(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -403,7 +401,6 @@ async def test_auth_dependency_no_token_normal_endpoints(
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/models/config/test_dump_configuration.py b/tests/unit/models/config/test_dump_configuration.py
index 86edcd488..ceb219840 100644
--- a/tests/unit/models/config/test_dump_configuration.py
+++ b/tests/unit/models/config/test_dump_configuration.py
@@ -110,7 +110,6 @@ def test_dump_configuration(tmp_path: Path) -> None:
"host": "localhost",
"port": 8080,
"base_url": None,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -430,7 +429,6 @@ def test_dump_configuration_with_quota_limiters(tmp_path: Path) -> None:
"host": "localhost",
"port": 8080,
"base_url": None,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -647,7 +645,6 @@ def test_dump_configuration_with_quota_limiters_different_values(
"host": "localhost",
"port": 8080,
"base_url": None,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -844,7 +841,6 @@ def test_dump_configuration_byok(tmp_path: Path) -> None:
"host": "localhost",
"port": 8080,
"base_url": None,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -1030,7 +1026,6 @@ def test_dump_configuration_pg_namespace(tmp_path: Path) -> None:
"host": "localhost",
"port": 8080,
"base_url": None,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/models/config/test_service_configuration.py b/tests/unit/models/config/test_service_configuration.py
index 2a2f4563b..4598bb1f5 100644
--- a/tests/unit/models/config/test_service_configuration.py
+++ b/tests/unit/models/config/test_service_configuration.py
@@ -17,7 +17,6 @@ def test_service_configuration_constructor() -> None:
assert s.host == "localhost"
assert s.port == 8080
- assert s.auth_enabled is False
assert s.workers == 1
assert s.color_log is True
assert s.access_log is True
diff --git a/tests/unit/test_configuration.py b/tests/unit/test_configuration.py
index 3edd3999a..555ccf9cd 100644
--- a/tests/unit/test_configuration.py
+++ b/tests/unit/test_configuration.py
@@ -108,7 +108,6 @@ def test_init_from_dict() -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -148,7 +147,6 @@ def test_init_from_dict() -> None:
# check for service_configuration subsection
assert cfg.service_configuration.host == "localhost"
assert cfg.service_configuration.port == 8080
- assert cfg.service_configuration.auth_enabled is False
assert cfg.service_configuration.workers == 1
assert cfg.service_configuration.color_log is True
assert cfg.service_configuration.access_log is True
@@ -180,7 +178,6 @@ def test_init_from_dict_with_mcp_servers() -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -225,7 +222,6 @@ def test_init_from_dict_with_authorization_configuration() -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -256,7 +252,6 @@ def test_load_proper_configuration(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -286,7 +281,6 @@ def test_load_configuration_with_mcp_servers(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -323,7 +317,6 @@ def test_mcp_servers_property_empty() -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -354,7 +347,6 @@ def test_mcp_servers_property_with_servers() -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
@@ -448,7 +440,6 @@ def test_load_configuration_with_customization_system_prompt_path(tmpdir: Path)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -486,7 +477,6 @@ def test_load_configuration_with_customization_system_prompt(tmpdir: Path) -> No
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -529,7 +519,6 @@ def test_configuration_with_profile_customization(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -570,7 +559,6 @@ def test_configuration_with_all_customizations(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -607,7 +595,6 @@ def test_configuration_with_sqlite_conversation_cache(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -644,7 +631,6 @@ def test_configuration_with_in_memory_conversation_cache(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -681,7 +667,6 @@ def test_configuration_with_quota_handlers_no_storage(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -733,7 +718,6 @@ def test_configuration_with_quota_handlers(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -798,7 +782,6 @@ def test_load_configuration_with_azure_entra_id(tmpdir: Path) -> None:
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
@@ -833,7 +816,6 @@ def test_load_configuration_with_incomplete_azure_entra_id_raises(tmpdir: Path)
service:
host: localhost
port: 8080
- auth_enabled: false
workers: 1
color_log: true
access_log: true
diff --git a/tests/unit/utils/test_endpoints.py b/tests/unit/utils/test_endpoints.py
index b13436744..c09c8a889 100644
--- a/tests/unit/utils/test_endpoints.py
+++ b/tests/unit/utils/test_endpoints.py
@@ -143,7 +143,6 @@ def setup_configuration_fixture() -> AppConfig:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,
diff --git a/tests/unit/utils/test_transcripts.py b/tests/unit/utils/test_transcripts.py
index cbe2e5827..b3c1ed580 100644
--- a/tests/unit/utils/test_transcripts.py
+++ b/tests/unit/utils/test_transcripts.py
@@ -21,7 +21,6 @@ def test_construct_transcripts_path(mocker: MockerFixture) -> None:
"service": {
"host": "localhost",
"port": 8080,
- "auth_enabled": False,
"workers": 1,
"color_log": True,
"access_log": True,