https://flyte.org logo
#ask-the-community
Title
# ask-the-community
h

Haytham Amin

08/01/2023, 4:03 PM
Hello! I am using Flyte-binary chate with GKE and I am trying to activate auth. Populated the values in chart but receving the following error in logs:
Copy code
2023-07-30 12:52:23.957 PDT time="2023-07-30T19:52:23Z" level=info msg="Using config file: [/etc/flyte/config.d/000-core.yaml /etc/flyte/config.d/001-plugins.yaml /etc/flyte/config.d/002-database.yaml /etc/flyte/config.d/003-storage.yaml /etc/flyte/config.d/004 auth.yaml /etc/flyte/config.d/012-database-secrets.yaml /etc/flyte/config.d/014-auth-secrets.yaml]"
2023-07-30 12:52:24.411 PDT Error:
2023-07-30 12:52:24.411 PDT 1 error(s) decoding:
2023-07-30 12:52:24.411 PDT {}
2023-07-30 12:52:24.411 PDT * error decoding 'appAuth.selfAuthServer.staticClients[flytepropeller].client_secret': illegal base64 data at input byte 0
2023-07-30 12:52:24.415 PDT Usage:
2023-07-30 12:52:24.415 PDT flyte secret init [flags]
2023-07-30 12:52:24.415 PDT {}
2023-07-30 12:52:24.415 PDT Flags:
2023-07-30 12:52:24.415 PDT -h, --help help for init
2023-07-30 12:52:24.415 PDT -p, --localPath string Specifies where the secrets should be written.
@Yee any suggestions?
s
h

Haytham Amin

08/02/2023, 5:35 AM
Is this for all internal clientsecret entries or just the hashed one?
Copy code
# auth Specify configuration for Flyte authentication
  auth:
    # enabled Enable Flyte authentication
    enabled: false
    # enableAuthServer Enable built-in authentication server
    enableAuthServer: true
    # oidc OIDC configuration for Flyte authentication
    oidc:
      # baseUrl URL for OIDC provider
      baseUrl: ""
      # clientId Flyte application client ID
      clientId: ""
      # clientSecret Flyte application client secret
      clientSecret: ""
    # internal Configuration for internal authentication
    # The settings for internal still need to be defined if you wish to use an external auth server
    # These credentials are used during communication beteween the FlyteAdmin and Propeller microservices
    internal:
      # clientId Client ID for internal authentication - set to flytepropeller or external auth server
      clientId: flytepropeller
      # clientSecret Client secret for internal authentication
      clientSecret: ""
      # clientSecretHash Bcrypt hash of clientSecret
      clientSecretHash: ""
      # Uncomment next line if needed - set this field if your external Auth server (ex. Auth0) requires an audience parameter
      # audience: ""
    # flyteClient Configuration for Flyte client authentication
    flyteClient:
      # clientId Client ID for Flyte client authentication
      clientId: flytectl
      # redirectUri Redirect URI for Flyte client authentication
      redirectUri: <http://localhost:53593/callback>
      # scopes Scopes for Flyte client authentication
      scopes:
        - all
      # audience Audience for Flyte client authentication
      audience: ""
    # authorizedUris Set of URIs that clients are allowed to visit the service on
    authorizedUris: []
    # clientSecretExternalSecretRef Specify an existing, external Secret containing values for `client_secret` and `oidc_client_secret`.
    # If set, a Secret will not be generated by this chart for client secrets.
    clientSecretsExternalSecretRef: ""
So ClientSecretHash is the hashed version of the clientsecret?
s

Samhita Alla

08/02/2023, 6:15 AM
Yes! Please replace the value you generate with bcrypt in
clientSecretHash
.
h

Haytham Amin

08/02/2023, 3:29 PM
I did that and still getting the same error! do I have to hash any other variable?
for example
configuration.auth.internal.clientSecret
does this needs to be in base64 or crypt?
s

Samhita Alla

08/02/2023, 4:42 PM
Can you give it a shot?
h

Haytham Amin

08/02/2023, 4:44 PM
I did! I added the hashed secret in
clientSecretHash
and regular secret string in
internal.clientSecret
and still go the same error
I also tried
internal.clientSecret
in base64 and did not change
s

Samhita Alla

08/02/2023, 4:45 PM
Hey @David Espejo (he/him), any idea what might be the issue here?
d

David Espejo (he/him)

08/02/2023, 4:55 PM
@Haytham Amin are you planning on using Flyte's internal auth server? if so, you just need to hash the secret for
flytepropeller
. A new set of instructions was merged here: https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#apply-oidc-configuration Please let us know if it answers your question
h

Haytham Amin

08/02/2023, 5:02 PM
only if I need it
If I am using external auth do we still need internal enabled? I think the values file say we need both.
d

David Espejo (he/him)

08/02/2023, 5:10 PM
Yes, even using the external auth server, you still need the internal secret. Find here the relevant section: https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#apply-external-auth-server-configuration
h

Haytham Amin

08/02/2023, 7:12 PM
@David Espejo (he/him) how do I change the callback uri from http://flyte-flyte-binary:8088/callback to my domain ?
is it being picked up from
configuration.auth.authorizedUris
?
d

David Espejo (he/him)

08/02/2023, 7:14 PM
you need to specify your domain under
authorizedUris
yes
h

Haytham Amin

08/02/2023, 11:15 PM
Ok! This worked. Now im trying to get flytecli to communicate with cluster. Why am I getting Not Found 404? Should I add
/console
to the endpoint?
Copy code
cat ./flyteconfig.yaml
admin:
  endpoint: dns:///<PUBLIC_ACCESSABLE_DOMAIN>
  insecure: false
  insecureSkipVerify: true
  authType: ClientSecret
  clientId: flytepropeller
  clientSecretEnvVar: FLYTE_CLIENTSECRET
$ flytectl --config=flyteconfig.yaml version
{"json":{},"level":"warning","msg":"using insecureSkipVerify. Server's certificate chain and host name wont be verified. Caution : shouldn't be used for production usecases","ts":"2023-08-02T23:12:21Z"}
{
  "App": "flytectl",
  "Build": "145bc5c",
  "Version": "0.6.45",
  "BuildTime": "2023-08-02 23:12:21.162374874 +0000 UTC m=+0.037043299"
}
$ flytectl register files --config=flyteconfig.yaml --project=flytesnacks --domain=development --archive flyte-package.tgz --version=v1
{"json":{},"level":"warning","msg":"using insecureSkipVerify. Server's certificate chain and host name wont be verified. Caution : shouldn't be used for production usecases","ts":"2023-08-02T23:12:26Z"}
 --------------------------------------------------------------------------------------------------------------------- -------- --------------------------------------------------- 
| NAME                                                                                                                | STATUS | ADDITIONAL INFO                                   |
 --------------------------------------------------------------------------------------------------------------------- -------- --------------------------------------------------- 
| /tmp/register3175681439/0_example_project.house_price_prediction.house_price_predictor.generate_and_split_data_1.pb | Failed | Error registering file due to rpc error: code =   |
|                                                                                                                     |        | Unimplemented desc = unexpected HTTP status code  |
|                                                                                                                     |        | received from server: 404 (Not Found); transport: |
|                                                                                                                     |        | received unexpected content-type "text/plain;     |
|                                                                                                                     |        | charset=utf-8"                                    |
 --------------------------------------------------------------------------------------------------------------------- -------- --------------------------------------------------- 
1 rows
Error: rpc error: code = Unimplemented desc = unexpected HTTP status code received from server: 404 (Not Found); transport: received unexpected content-type "text/plain; charset=utf-8"
{"json":{},"level":"error","msg":"rpc error: code = Unimplemented desc = unexpected HTTP status code received from server: 404 (Not Found); transport: received unexpected content-type \"text/plain; charset=utf-8\"","ts":"2023-08-02T23:12:26Z"}
y

Yee

08/03/2023, 12:59 AM
check your flyte/admin logs. i think maybe the data proxy service isn’t running correctly. best first check something simpler like flytectl get projects, see if that’s working
flytectl register files needs an additional endpoint to upload the local code to a signed url.
5 Views