:wave: I'm trying to add a custom `Principal` to Flyte execution metadata, but it seems like Flyte A...

gentle-night-59824

11/21/2023, 10:29 PM

👋 I'm trying to add a custom

Principal

to Flyte execution metadata, but it seems like Flyte Admin overrides what we pass in execution_manager.go#L769. We currently have a custom auth layer using a Flyte Admin proxy service to handle auth (e.g. a custom

UserInfo

function, a custom

CreateExecution

function that adds security context, labels, etc. before calling the admin client, etc). This is where I tried adding the

Principal

but I think it gets overriden. If we can't update this directly from the proxy, is there any way to update the identity context so that Flyte Admin recognizes the correct user? We want this so that the database record for the execution is updated with the correct

user

field. The docs for ExecutionMetadata did mention that

Principal

is overriden only if using Flyte back-end auth, but not sure how to disable the override. Happy to hear any suggestions/thoughts!

gentle-night-59824

11/22/2023, 1:40 AM

I tried to vendor in Flyte Admin code to manually change the context's value at

ContextKeyIdentityContext

to be a custom

IdentityContext

before we call Flyte Admin itself, but the vendor results in a lot of added dependencies and some more issues, and I'm not sure if this is a good solution here I tried to vendor in

tall-lock-23197

11/22/2023, 3:04 PM

cc @average-finland-92144

4 Views

Open in Slack

Previous Next

Flyte

Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.