Hi all. Any advice where to add authorization pol...
# ask-the-communitya
avesuni
01/05/2024, 8:25 PMHi all. Any advice where to add authorization policy? I can't find much information about internal authorization server. I have implemented Google as IdP and I was hoping to authorize based on email domain. I'm using flyte-core. Many thanks.
s
Samhita Alla
01/06/2024, 9:40 AM
@David Espejo (he/him)
a
avesuni
01/06/2024, 5:30 PMPerhaps alternatively, is there any documentation about
proxyCommand~/.flyte/config.yamlapiVersion: <http://security.istio.io/v1beta1|security.istio.io/v1beta1>kind: AuthorizationPolicymetadata:name: jwt-authznamespace: istio-systemspec:selector:matchLabels:istio: ingressgatewayaction: CUSTOMprovider:name: oauth2-proxyrules:- to:- operation:hosts: ["<http://flyteadmin.foo.com|flyteadmin.foo.com>"]<http://flyteadmin.foo.com|flyteadmin.foo.com>Error: Connection Info: [Endpoint: dns:///flyteadmin.foo.com, InsecureConnection?: false, AuthMode: Pkce]: rpc error: code = Unknown desc ={"json":{},"level":"error","msg":"Connection Info: [Endpoint: dns:///flyteadmin.foo.com, InsecureConnection?: false, AuthMode: Pkce]: rpc error: code = Unknown desc = ","ts":"2024-01-06T19:18:13+02:00"}proxyCommandd
David Espejo (he/him)
01/09/2024, 3:22 PMI was hoping to authorize based on email domainI don't think the internal auth server support this. In the alternative you mention, you should be able to follow the steps in the docs, depending on the Helm chart you used to install Flyte. By default, the
authTypeconfig.yamlPkcea
avesuni
01/09/2024, 4:19 PMThanks @David Espejo (he/him). I kept getting the same error so I switched back to port-forwarding via a shell script that opens the two port-forwards at once. The good thing about this is that I don't need to update config.yaml when I switch between dev, staging and production clusters.
3 Views