Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support the flytectl config.yaml admin.clientSecretEnvVar option in flytekit #1819

Merged
merged 3 commits into from
Sep 6, 2023
Merged

Support the flytectl config.yaml admin.clientSecretEnvVar option in flytekit #1819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
638653d
Support the flytectl config.yaml admin.clientSecretEnvVar option in f…
chaohengstudent Sep 4, 2023
4cb1286
remove helper of getting env var.
chaohengstudent Sep 5, 2023
25e624a
refactor variable name.
chaohengstudent Sep 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions flytekit/configuration/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,19 +418,31 @@
kwargs, "client_credentials_secret", _internal.Credentials.CLIENT_CREDENTIALS_SECRET.read(config_file)
)

is_client_secret = False
client_credentials_secret = read_file_if_exists(
_internal.Credentials.CLIENT_CREDENTIALS_SECRET_LOCATION.read(config_file)
)
if client_credentials_secret and client_credentials_secret.endswith("\n"):
logger.info("Newline stripped from client secret")
client_credentials_secret = client_credentials_secret.strip()
if client_credentials_secret:
is_client_secret = True

Check warning on line 426 in flytekit/configuration/__init__.py

View check run for this annotation

Codecov / codecov/patch

flytekit/configuration/__init__.py#L426 

Added line #L426 was not covered by tests
if client_credentials_secret.endswith("\n"):
logger.info("Newline stripped from client secret")
client_credentials_secret = client_credentials_secret.strip()

Check warning on line 429 in flytekit/configuration/__init__.py

View check run for this annotation

Codecov / codecov/patch

flytekit/configuration/__init__.py#L428-L429 

Added lines #L428 - L429 were not covered by tests
kwargs = set_if_exists(
kwargs,
"client_credentials_secret",
client_credentials_secret,
)

client_credentials_secret_env_var = _internal.Credentials.CLIENT_CREDENTIALS_SECRET_ENV_VAR.read(config_file)
if client_credentials_secret_env_var:
client_credentials_secret = os.getenv(client_credentials_secret_env_var)

Check warning on line 438 in flytekit/configuration/__init__.py

View check run for this annotation

Codecov / codecov/patch

flytekit/configuration/__init__.py#L438 

Added line #L438 was not covered by tests
if client_credentials_secret:
is_client_secret = True

Check warning on line 440 in flytekit/configuration/__init__.py

View check run for this annotation

Codecov / codecov/patch

flytekit/configuration/__init__.py#L440 

Added line #L440 was not covered by tests
kwargs = set_if_exists(kwargs, "client_credentials_secret", client_credentials_secret)
kwargs = set_if_exists(kwargs, "scopes", _internal.Credentials.SCOPES.read(config_file))
kwargs = set_if_exists(kwargs, "auth_mode", _internal.Credentials.AUTH_MODE.read(config_file))
if is_client_secret:
kwargs = set_if_exists(kwargs, "auth_mode", AuthType.CLIENTSECRET.value)

Check warning on line 445 in flytekit/configuration/__init__.py

View check run for this annotation

Codecov / codecov/patch

flytekit/configuration/__init__.py#L445 

Added line #L445 was not covered by tests
kwargs = set_if_exists(kwargs, "endpoint", _internal.Platform.URL.read(config_file))
kwargs = set_if_exists(kwargs, "console_endpoint", _internal.Platform.CONSOLE_ENDPOINT.read(config_file))

Expand Down
8 changes: 8 additions & 0 deletions flytekit/configuration/internal.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,14 @@ class Credentials(object):
password from a mounted file.
"""

CLIENT_CREDENTIALS_SECRET_ENV_VAR = ConfigEntry(
LegacyConfigEntry(SECTION, "client_secret_env_var"), YamlConfigEntry("admin.clientSecretEnvVar")
)
"""
Used for basic auth, which is automatically called during pyflyte. This will allow the Flyte engine to read the
password from a mounted environment variable.
"""

SCOPES = ConfigEntry(LegacyConfigEntry(SECTION, "scopes", list), YamlConfigEntry("admin.scopes", list))

AUTH_MODE = ConfigEntry(LegacyConfigEntry(SECTION, "auth_mode"), YamlConfigEntry("admin.authType"))
Expand Down
13 changes: 13 additions & 0 deletions tests/flytekit/unit/configuration/configs/creds_secret_env_var.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
admin:
# For GRPC endpoints you might want to use dns:///flyte.myexample.com
endpoint: dns:///flyte.mycorp.io
clientSecretEnvVar: FAKE_SECRET_NAME
insecure: true
clientId: propeller
scopes:
- all
storage:
connection:
access-key: minio
endpoint: http://localhost:30084
secret-key: miniostorage
21 changes: 20 additions & 1 deletion tests/flytekit/unit/configuration/test_internal.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

import mock

from flytekit.configuration import PlatformConfig, get_config_file, read_file_if_exists
from flytekit.configuration import AuthType, PlatformConfig, get_config_file, read_file_if_exists

Check warning on line 5 in tests/flytekit/unit/configuration/test_internal.py

View check run for this annotation

Codecov / codecov/patch

tests/flytekit/unit/configuration/test_internal.py#L5 

Added line #L5 was not covered by tests
from flytekit.configuration.internal import AWS, Credentials, Images


Expand Down Expand Up @@ -45,6 +45,25 @@
# Assert that secret in platform config does not contain a newline
platform_cfg = PlatformConfig.auto(cfg)
assert platform_cfg.client_credentials_secret == "hello"
assert platform_cfg.auth_mode == AuthType.CLIENTSECRET.value

Check warning on line 48 in tests/flytekit/unit/configuration/test_internal.py

View check run for this annotation

Codecov / codecov/patch

tests/flytekit/unit/configuration/test_internal.py#L48 

Added line #L48 was not covered by tests


@mock.patch.dict("os.environ")
def test_client_secret_env_var():
cfg = get_config_file(os.path.join(os.path.dirname(os.path.realpath(__file__)), "configs/sample.yaml"))
secret_env_var = Credentials.CLIENT_CREDENTIALS_SECRET_ENV_VAR.read(cfg)
assert secret_env_var is None

Check warning on line 55 in tests/flytekit/unit/configuration/test_internal.py

View check run for this annotation

Codecov / codecov/patch

tests/flytekit/unit/configuration/test_internal.py#L51-L55 

Added lines #L51 - L55 were not covered by tests

cfg = get_config_file(

Check warning on line 57 in tests/flytekit/unit/configuration/test_internal.py

View check run for this annotation

Codecov / codecov/patch

tests/flytekit/unit/configuration/test_internal.py#L57 

Added line #L57 was not covered by tests
os.path.join(os.path.dirname(os.path.realpath(__file__)), "configs/creds_secret_env_var.yaml")
)
secret_env_var = Credentials.CLIENT_CREDENTIALS_SECRET_ENV_VAR.read(cfg)
assert secret_env_var == "FAKE_SECRET_NAME"

Check warning on line 61 in tests/flytekit/unit/configuration/test_internal.py

View check run for this annotation

Codecov / codecov/patch

tests/flytekit/unit/configuration/test_internal.py#L60-L61 

Added lines #L60 - L61 were not covered by tests

os.environ["FAKE_SECRET_NAME"] = "fake_secret_value"
platform_cfg = PlatformConfig.auto(cfg)
assert platform_cfg.client_credentials_secret == "fake_secret_value"
assert platform_cfg.auth_mode == AuthType.CLIENTSECRET.value

Check warning on line 66 in tests/flytekit/unit/configuration/test_internal.py

View check run for this annotation

Codecov / codecov/patch

tests/flytekit/unit/configuration/test_internal.py#L63-L66 

Added lines #L63 - L66 were not covered by tests


def test_read_file_if_exists():
Expand Down
Loading