Skip to content

Instantly share code, notes, and snippets.

@nerdalert

nerdalert/extmdl.md

Last active April 15, 2026 16:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nerdalert/d7018977f87b97e9e855c5d8cb341d89 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nerdalert/d7018977f87b97e9e855c5d8cb341d89 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
extmdl.md

External Model Validation

#!/bin/bash
GW_HOST=$(kubectl get gateway maas-default-gateway -n openshift-ingress -o jsonpath='{.spec.listeners[0].hostname}')
TOKEN=$(oc whoami -t)

echo "Gateway: $GW_HOST"
echo ""


# Mint key
KEY=$(curl -sk -X POST "https://${GW_HOST}/maas-api/v1/api-keys" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"auth-test","subscription":"gpt-4o-subscription"}' | jq -r '.key')
echo "MaaS key: $KEY"
echo ""

echo "=== 1. Valid key, correct path (expect 200) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/llm/gpt-4o/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $KEY" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

echo ""
echo "=== 2. Bogus sk-oai- key (expect 403) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/llm/gpt-4o/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer sk-oai-FAKE-KEY-12345" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

echo ""
echo "=== 3. Random token (expect 401) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/llm/gpt-4o/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer randomgarbage" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

echo ""
echo "=== 4. No auth (expect 401) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/llm/gpt-4o/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

echo ""
echo "=== 5. Old path /gpt-4o without namespace (expect 404) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/gpt-4o/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $KEY" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

echo ""
echo "=== 6. Bogus key, old path (expect 404) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/gpt-4o/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer sk-oai-FAKE-KEY-12345" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

echo ""
echo "=== 7. Direct header injection (expect 401) ==="
curl -sk -w "\nHTTP: %{http_code}\n" "https://${GW_HOST}/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FAKE" \
  -H "X-Gateway-Model-Name: gpt-4o" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"hi"}]}'

Output

~/test-auth.sh
Gateway: maas.apps.ci-ln-8xf9qk2-76ef8.aws-4.ci.openshift.org

MaaS key: sk-oai-1EjEmVdrtQoQH3Ssp_gfZeom4E0qohpbNZ2np2z1p8TVNT1CCezdTlPgtEDLo

=== 1. Valid key, correct path (expect 200) ===
{
  "id": "chatcmpl-DUxUQBeCNOYTV2ZbBA26gEdZOn0Qb",
  "object": "chat.completion",
  "created": 1776270890,
  "model": "gpt-4o-2024-08-06",
  "choices": [
    {
      "index": 0,
      "message": {
        "role": "assistant",
        "content": "Hello! How can I assist you today?",
        "refusal": null,
        "annotations": []
      },
      "logprobs": null,
      "finish_reason": "stop"
    }
  ],
  "usage": {
    "prompt_tokens": 8,
    "completion_tokens": 9,
    "total_tokens": 17,
    "prompt_tokens_details": {
      "cached_tokens": 0,
      "audio_tokens": 0
    },
    "completion_tokens_details": {
      "reasoning_tokens": 0,
      "audio_tokens": 0,
      "accepted_prediction_tokens": 0,
      "rejected_prediction_tokens": 0
    }
  },
  "service_tier": "default",
  "system_fingerprint": "fp_07a5e8f420"
}

HTTP: 200

=== 2. Bogus sk-oai- key (expect 403) ===

HTTP: 403

=== 3. Random token (expect 401) ===

HTTP: 401

=== 4. No auth (expect 401) ===

HTTP: 401

=== 5. Old path /gpt-4o without namespace (expect 404) ===

HTTP: 404

=== 6. Bogus key, old path (expect 404) ===

HTTP: 404

=== 7. Direct header injection (expect 401) ===

HTTP: 401
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment