From d821e08986713006c327198c1e70bc05b333fd47 Mon Sep 17 00:00:00 2001
From: "Stephen C. Pope" <stephen@descarteslabs.com>
Date: Tue, 30 Jan 2024 13:37:20 -0700
Subject: [PATCH] [Core-249] Compute: Credentials checking (#12420)

GitOrigin-RevId: 2c13397cc5eb62d39576cb283cc0be413514108e
---
 README.md                                    |  2 ++
 descarteslabs/core/compute/compute_client.py | 25 ++++++++++++++------
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index a9a542ae..8d3c6ac7 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,8 @@ Changelog
 - The efficiency of deleting many jobs at once has been significantly improved using `Function.delete` and
   `Function.delete_jobs`. It is still possible to encounter request timeouts with very large numbers of jobs;
   workarounds are now documented in the API documentation for the `Function.delete_jobs` method.
+- The `ComputeClient.check_credentials` method has been added, so that the client can determine if valid
+  user credentials have already been registered with the Compute service.
 
 ### Vector
 
diff --git a/descarteslabs/core/compute/compute_client.py b/descarteslabs/core/compute/compute_client.py
index 79514622..8b5da702 100644
--- a/descarteslabs/core/compute/compute_client.py
+++ b/descarteslabs/core/compute/compute_client.py
@@ -58,14 +58,25 @@ def iter_log_lines(self, url: str, timestamps: bool = True) -> Iterator[str]:
 
             yield log
 
+    def check_credentials(self):
+        """Determine if valid credentials are already set for the user."""
+        _ = self.session.get("/credentials")
+
     def set_credentials(self):
-        self.session.post(
-            "/credentials",
-            json={
-                "client_id": self.auth.client_id,
-                "client_secret": self.auth.client_secret,
-            },
-        )
+        if self.auth.client_id and self.auth.client_secret:
+            self.session.post(
+                "/credentials",
+                json={
+                    "client_id": self.auth.client_id,
+                    "client_secret": self.auth.client_secret,
+                },
+            )
+        else:
+            # We only have a JWT and no client id/secret, so validate
+            # that there are already valid credentials set for the user.
+            # This situation will generally only arise when used from
+            # some backend process.
+            self.check_credentials()
 
     def get_namespace(self, function_id: str) -> Optional[str]:
         if function_id in self._namespace_cache: