gifted-train-81198
06/28/2023, 9:33 AMError: authentication error! Original Error: rpc error: code = Unauthenticated desc = Invalid IAP credentials: empty token, Auth Error: failed to initialized token source provider. Err: failed to fetch auth metadata. Error: rpc error: code = Unauthenticated desc = Invalid IAP credentials: empty token
Anyone knows how to deal with this? Is there a way to provide the identity token which can be used by flytectl, pyflyte, and flytekit_sdk for authenticationfancy-plumber-70674
06/28/2023, 9:37 AM/.flyte
directory?gifted-train-81198
06/28/2023, 9:38 AMgifted-train-81198
06/28/2023, 9:40 AMadmin:
insecure: false
insecureSkipVerify: true
endpoint: dns:///<my-url>
logger:
show-source: true
level: 0
fancy-plumber-70674
06/28/2023, 9:51 AMadmin:
endpoint:
authType: ClientSecret
clientId: ....
clientSecretLocation: /path/to/secret
useAudienceFromAdmin: true
logger:
show-source: false
level: 5
fancy-plumber-70674
06/28/2023, 9:53 AMfancy-plumber-70674
06/28/2023, 9:54 AMfancy-plumber-70674
06/28/2023, 9:54 AMgifted-train-81198
06/28/2023, 11:13 AMyou might need to specify authType and some sort of clientsecret EnvVar or Location explicitlySomething like this might help. If there is a way where combination of a authType and corresponding token can be provided in configurations
gifted-train-81198
06/28/2023, 11:14 AMgifted-train-81198
07/18/2023, 8:42 AMgifted-train-81198
07/18/2023, 8:46 AMbreezy-furniture-27916
07/18/2023, 8:56 AM[root@gpu2 .flyte]# flytectl get projects
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [storage] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [root] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:400"},"level":"debug","msg":"Config section [admin] updated. Firing updated event.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [files] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [console] updated. No update handler registered.","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"client.go:63"},"level":"info","msg":"Initialized Admin client","ts":"2023-07-18T02:43:07-04:00"}
{"json":{"src":"auth_interceptor.go:86"},"level":"debug","msg":"Request failed due to [rpc error: code = Unavailable desc = connection closed before server preface received]. If it's an unauthenticated error, we will attempt to establish an authenticated context.","ts":"2023-07-18T02:43:07-04:00"}
Error: Connection Info: [Endpoint: dns:///flyte.nginx.k8s:31120, InsecureConnection?: true, AuthMode: Pkce]: rpc error: code = Unavailable desc = connection closed before server preface received
{"json":{"src":"main.go:13"},"level":"error","msg":"Connection Info: [Endpoint: dns:///flyte.nginx.k8s:31120, InsecureConnection?: true, AuthMode: Pkce]: rpc error: code = Unavailable desc = connection closed before server preface received","ts":"2023-07-18T02:43:07-04:00"}
average-finland-92144
07/18/2023, 3:10 PMflyte-binary
or flyte-core
)
2. Is the plan to use Flyte's internal auth server for clients (flytectl, etc) and IAP only for OIDC (console)? Or IAP for everything
3. I guess your config.yaml file is missing the auth type, in this case:
authType: Pkce
adorable-australia-90343
07/18/2023, 5:50 PMaverage-finland-92144
07/18/2023, 6:02 PM