Skip to content

fix: use service account file for vertexai client initialization#308

Open
Alameyo wants to merge 2 commits intovitali87:mainfrom
Alameyo:fix-running-on-vertex-ai
Open

fix: use service account file for vertexai client initialization#308
Alameyo wants to merge 2 commits intovitali87:mainfrom
Alameyo:fix-running-on-vertex-ai

Conversation

@Alameyo
Copy link

@Alameyo Alameyo commented Feb 19, 2026

Fixes issue #307.

There are 2 parts of this PR.

  • First, if VertexIAI is used, don't check for GOOGLE_API_KEY because the service account file is used instead.
  • Second, add vertexai variable and service account to the client initialization

Without these I was unable to run cgr on VertexAI

@gemini-code-assist
Copy link
Contributor

Summary of Changes

Hello @Alameyo, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue preventing code-graph-rag from running on VertexAI by implementing necessary changes for authentication. It ensures that the system correctly uses service account files for VertexAI client initialization and skips unnecessary API key checks, thereby enabling seamless operation within the VertexAI environment.

Highlights

  • VertexAI API Key Validation: The API key validation logic has been updated to bypass the GOOGLE_API_KEY check when the Google provider type is VertexAI, as service account files are used instead.
  • VertexAI Client Initialization: The VertexAI client initialization now explicitly sets the vertexai flag to true and passes the service_account_file as credentials, enabling proper authentication for VertexAI.
Changelog
  • codebase_rag/config.py
    • Skipped API key validation for VertexAI provider type.
  • codebase_rag/tools/document_analyzer.py
    • Added vertexai=True and credentials to genai.Client initialization for VertexAI.
  • uv.lock
    • Updated code-graph-rag package version.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly addresses an issue with VertexAI client initialization by ensuring it uses a service account file for authentication instead of an API key. The changes involve skipping API key validation for VertexAI and providing the necessary vertexai and credentials parameters during client setup. The implementation is sound, and I have one minor suggestion to improve the robustness of the configuration validation.

Comment on lines 119 to 120
if self.provider_type == cs.GoogleProviderType.VERTEX:
return
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For improved clarity and to prevent potential issues from misconfiguration, it's a good practice to explicitly check that the provider is Google before checking for the Vertex provider type. This ensures that API key validation is only skipped when both conditions are met, making the logic more robust.

Suggested change
if self.provider_type == cs.GoogleProviderType.VERTEX:
return
if self.provider.lower() == cs.Provider.GOOGLE and self.provider_type == cs.GoogleProviderType.VERTEX:
return

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 19, 2026

Greptile Summary

Enables VertexAI support by skipping GOOGLE_API_KEY validation when using VertexAI provider type and adding required vertexai=True and credentials parameters to genai.Client() initialization.

Key Changes:

  • config.py:119-120 - Added check to skip API key validation for VertexAI, allowing service account authentication
  • document_analyzer.py:38-39 - Added vertexai=True and credentials parameters to genai.Client() for VertexAI support

Note: The credentials handling in document_analyzer.py differs from the pattern in providers/base.py which converts the file path to a credentials object. Verify this works correctly with your VertexAI setup.

Confidence Score: 4/5

  • Safe to merge with minor consideration for credentials handling consistency
  • The changes correctly address the VertexAI authentication issue by skipping API key validation and adding required client parameters. However, there's a minor inconsistency in credentials handling compared to the existing pattern in providers/base.py that should be verified in testing.
  • Verify document_analyzer.py credentials handling works correctly with VertexAI in your environment

Important Files Changed

Filename Overview
codebase_rag/config.py Added check to skip API key validation for VertexAI provider type, allowing service account authentication
codebase_rag/tools/document_analyzer.py Added vertexai=True and credentials parameters to genai.Client(), but credentials handling differs from pattern in providers/base.py

Sequence Diagram

sequenceDiagram
    participant App as Application
    participant Config as ModelConfig
    participant Analyzer as DocumentAnalyzer
    participant Client as genai.Client
    participant Vertex as VertexAI

    App->>Config: validate_api_key()
    alt VertexAI Provider
        Config->>Config: Check provider_type == VERTEX
        Config-->>App: Skip validation
    else Other Providers
        Config->>Config: Validate auth token exists
        Config-->>App: Raise error if missing
    end

    App->>Analyzer: __init__(project_root)
    Analyzer->>Config: Get active_orchestrator_config
    alt VertexAI Provider
        Analyzer->>Client: genai.Client(vertexai=True, credentials, project, location)
        Client->>Vertex: Initialize with service account
        Vertex-->>Client: Authenticated client
    else GLA Provider
        Analyzer->>Client: genai.Client(auth_token)
        Client-->>Analyzer: Authenticated client
    end
    Analyzer-->>App: Ready with configured client
Loading

Last reviewed commit: 10ca677

Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

if orchestrator_config.provider_type == cs.GoogleProviderType.VERTEX:
self.client = genai.Client(
vertexai=True,
credentials=orchestrator_config.service_account_file,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent credentials handling with providers/base.py:74-81. The provider implementation converts the service account file path to a credentials object using service_account.Credentials.from_service_account_file(), but this passes the file path string directly. Consider aligning the approach for consistency.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix With AI
This is a comment left during a code review.
Path: codebase_rag/tools/document_analyzer.py
Line: 39

Comment:
Inconsistent credentials handling with `providers/base.py:74-81`. The provider implementation converts the service account file path to a credentials object using `service_account.Credentials.from_service_account_file()`, but this passes the file path string directly. Consider aligning the approach for consistency.

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

1 participant

Comments