Mohd Shahid Khan Afridi
06/28/2023, 9:33 AMError: authentication error! Original Error: rpc error: code = Unauthenticated desc = Invalid IAP credentials: empty token, Auth Error: failed to initialized token source provider. Err: failed to fetch auth metadata. Error: rpc error: code = Unauthenticated desc = Invalid IAP credentials: empty token
Anyone knows how to deal with this? Is there a way to provide the identity token which can be used by flytectl, pyflyte, and flytekit_sdk for authenticationTommy Nam
06/28/2023, 9:37 AM/.flyte
directory?Mohd Shahid Khan Afridi
06/28/2023, 9:38 AMadmin:
insecure: false
insecureSkipVerify: true
endpoint: dns:///<my-url>
logger:
show-source: true
level: 0
Tommy Nam
06/28/2023, 9:51 AMadmin:
endpoint:
authType: ClientSecret
clientId: ....
clientSecretLocation: /path/to/secret
useAudienceFromAdmin: true
logger:
show-source: false
level: 5
Mohd Shahid Khan Afridi
06/28/2023, 11:13 AMyou might need to specify authType and some sort of clientsecret EnvVar or Location explicitlySomething like this might help. If there is a way where combination of a authType and corresponding token can be provided in configurations
盛毅
07/18/2023, 8:56 AM[root@gpu2 .flyte]# flytectl get projects
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [storage] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [root] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:400"},"level":"debug","msg":"Config section [admin] updated. Firing updated event.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [files] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [console] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"client.go:63"},"level":"info","msg":"Initialized Admin client","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"auth_interceptor.go:86"},"level":"debug","msg":"Request failed due to [rpc error: code = Unavailable desc = connection closed before server preface received]. If it's an unauthenticated error, we will attempt to establish an authenticated context.","ts":"2023-07-18T02:43:07-04:00"}
Error: Connection Info: [Endpoint: dns:///flyte.nginx.k8s:31120, InsecureConnection?: true, AuthMode: Pkce]: rpc error: code = Unavailable desc = connection closed before server preface received
{"json":{"src":"main.go:13"},"level":"error","msg":"Connection Info: [Endpoint: dns:///flyte.nginx.k8s:31120, InsecureConnection?: true, AuthMode: Pkce]: rpc error: code = Unavailable desc = connection closed before server preface received","ts":"2023-07-18T02:43:07-04:00"}
David Espejo (he/him)
07/18/2023, 3:10 PMflyte-binary
or flyte-core
)
2. Is the plan to use Flyte's internal auth server for clients (flytectl, etc) and IAP only for OIDC (console)? Or IAP for everything
3. I guess your config.yaml file is missing the auth type, in this case:
authType: Pkce
Chris Green
07/18/2023, 5:50 PMDavid Espejo (he/him)
07/18/2023, 6:02 PM