Hey all. I'm having trouble using a ShellTask with...
# announcementsj
JP Kosymna
01/26/2022, 11:19 PMHey all. I'm having trouble using a ShellTask with secrets. In the following task I would expect an environment variable possibly named
AWS-ACCESS-KEY_AWS_ACCESS_KEY_ID Copy code
task_with_secrets = ShellTask(
debug=True,
name="task_with_secrets",
script='''
set -ex
env > out_env
''',
inputs=kwtypes(source=str),
output_locs=[
OutputLocation(var="x", var_type=FlyteFile, location="out_env")
],
secret_requests=[
Secret(
group='aws-access-key',
key='AWS_ACCESS_KEY_ID',
mount_requirement=Secret.MountType.ENV_VAR
),
Secret(
group='aws-access-key',
key='AWS_SECRET_ACCESS_KEY',
mount_requirement=Secret.MountType.ENV_VAR
),
]
)k
Ketan (kumare3)
01/26/2022, 11:31 PM
ohhh i think we are not injecting this env variable
Ketan (kumare3)
01/26/2022, 11:31 PM
i think it should be available as the context var
Ketan (kumare3)
01/26/2022, 11:31 PM
ohh thank you for trying the shell task
j
JP Kosymna
01/26/2022, 11:41 PMIs there a way to access the context var in the ShellTask?
k
Ketan (kumare3)
01/26/2022, 11:49 PM
sadly we dont - oversight - https://github.com/flyteorg/flytekit/blob/master/flytekit/extras/tasks/shell.py#L176
Ketan (kumare3)
01/26/2022, 11:49 PM
but should be a trivial change
Ketan (kumare3)
01/26/2022, 11:49 PM
do you mind opening an issue?
Ketan (kumare3)
01/26/2022, 11:49 PM
i can push in a change soon if you would like
j
JP Kosymna
01/26/2022, 11:51 PMSure that would be awesome.
k
Ketan (kumare3)
01/26/2022, 11:53 PM
also the shell task is updated now - Zach from Zymergen contributed it.
Ketan (kumare3)
01/27/2022, 6:18 AM
Hi JP, once you create an issue, I can check this in - https://github.com/flyteorg/flytekit/pull/832
Ketan (kumare3)
01/27/2022, 6:19 AM
Also let me know if this works
j
JP Kosymna
01/27/2022, 8:59 PMSo I am able to run
export X='{ctx.execution_id}'export y="{ctx.secrets.get('aws-access-key', 'AWS_ACCESS_KEY_ID')}" Copy code
[3/3] currentAttempt done. Last Error: SYSTEM::Traceback (most recent call last):
File "/venv/lib/python3.10/site-packages/flytekit/exceptions/scopes.py", line 165, in system_entry_point
return wrapped(*args, **kwargs)
File "/venv/lib/python3.10/site-packages/flytekit/core/base_task.py", line 481, in dispatch_execute
raise e
File "/venv/lib/python3.10/site-packages/flytekit/core/base_task.py", line 478, in dispatch_execute
native_outputs = self.execute(**native_inputs)
File "/venv/lib/python3.10/site-packages/flytekit/extras/tasks/shell.py", line 191, in execute
gen_script = self._interpolizer.interpolate(self._script, inputs=kwargs, outputs=outputs)
File "/venv/lib/python3.10/site-packages/flytekit/extras/tasks/shell.py", line 82, in interpolate
return self._Formatter().format(tmpl, **consolidated_args)
File "/usr/local/lib/python3.10/string.py", line 161, in format
return self.vformat(format_string, args, kwargs)
File "/usr/local/lib/python3.10/string.py", line 165, in vformat
result, _ = self._vformat(format_string, args, kwargs, used_args, 2)
File "/usr/local/lib/python3.10/string.py", line 205, in _vformat
obj, arg_used = self.get_field(field_name, args, kwargs)
File "/usr/local/lib/python3.10/string.py", line 276, in get_field
obj = getattr(obj, i)
Message:
'SecretsManager' object has no attribute 'get('aws-access-key', 'AWS_ACCESS_KEY_ID')'
SYSTEM ERROR! Contact platform administrators.JP Kosymna
01/27/2022, 9:25 PMAlso it looks like the template syntax has changed
flytekit v0.26.0
export AWS_SECRET_ACCESS_KEY='{{.inputs.AWS_SECRET_ACCESS_KEY}}'export AWS_ACCESS_KEY_ID='{AWS_ACCESS_KEY_ID}'k
Ketan (kumare3)
01/27/2022, 9:41 PM
ya, so this is what I was telling you. since the shell task was alpha, we were working through a couple different syntax options
Ketan (kumare3)
01/27/2022, 9:41 PM
and the new syntax is in the latest beta
Ketan (kumare3)
01/27/2022, 9:41 PM
it is simpler and makes using variables like using format strings in python
Ketan (kumare3)
01/27/2022, 9:41 PM
this change was contributed by zymergen and we did this, after some feedback from them and another user
Ketan (kumare3)
01/27/2022, 9:42 PM
Extremely sorry if this broke you, but we had no idea that you were using it already 🙂
Ketan (kumare3)
01/27/2022, 9:43 PM
seems like a usage issue - let me see. I think it does not
eval'SecretsManager' object has no attribute 'get('aws-access-key', 'AWS_ACCESS_KEY_ID')’Ketan (kumare3)
01/27/2022, 9:44 PM
I think i will need to implement a
attribute getterj
JP Kosymna
01/27/2022, 9:47 PMOk cool, no problem. One issue with the new syntax could be collisions in input names, ctx, and output variable names. Who wins if I have an input and an output named ctx ?
JP Kosymna
01/27/2022, 9:48 PMI have a work around now by having a different task return the secrets and then the workflow passes them in using inputs. So this is not a blocker for me.
k
Ketan (kumare3)
01/27/2022, 9:59 PM
it will not allow you to do that 😞
j
JP Kosymna
01/27/2022, 10:15 PMI'd vote to namespace both inputs and outputs so there is no chance for collisions. But that's just me.
k
Ketan (kumare3)
01/27/2022, 11:07 PM
hmm
Ketan (kumare3)
01/27/2022, 11:07 PM
sure
179 Views