Stephen
03/15/2023, 2:13 PMscopes
defined in FlyteAdmin correctly. I am asking because when I use Flytekit v1.3.1
, I only get the scope ['all']
for the PlatformConfig
PlatformConfig(endpoint='<http://flyteurl.com|flyteurl.com>', insecure=False, insecure_skip_verify=False, console_endpoint=None, command=None, client_id='github-client', client_credentials_secret='nice_secret', scopes=['all'], auth_mode='ClientSecret')
And when I use Flytekit v1.4.1
then I get different scopes
/.venv/lib/python3.9/site-packages/flytekit/clients/auth/authenticator.py(193)get_token()
-> if scopes is not None:
(Pdb) scopes
['offline', 'all']
Flytekit v1.4.1
correctly reflects the scopes we have but I was wondering how come v1.3.1
has different scopes?Ketan (kumare3)
Stephen
03/15/2023, 2:20 PMKetan (kumare3)
Franco Bocci
03/17/2023, 11:47 AMscopes
passed from the PlatformConfig are 100% ignored, and the ones defined in that RemoteClientConfigStore.get_client_config
are used, which are [offline, all]
. Shouldn’t there be something like a merge if those values are defined by us?
I was about to open an issue for this but wanted to double check before doing soKetan (kumare3)
Franco Bocci
03/17/2023, 2:02 PMfrom flytekit.configuration import Config
from flytekit.remote import FlyteRemote
def get_latest_workflow_version(project, domain, workflow):
cfg = Config.auto(config_file=path)
remote = FlyteRemote(cfg)
wf_version = remote.fetch_workflow(project, domain, workflow).id.version
return wf_version
with a config like:
admin:
endpoint: dns:///console.flyte.dev.foo.bar.com
insecure: false
authType: ClientSecret
clientId: github-client
clientSecretLocation: /etc/secrets/client_secret
scopes: ["all"]
and that “scopes” is ignored, ['offline', 'all']
are used, and causes an error authenticatingflytekit
. With the 1.3
version it works okayKetan (kumare3)
Franco Bocci
03/17/2023, 2:11 PMHaytham Abuelfutuh
Franco Bocci
03/17/2023, 3:40 PM