https://flyte.org logo
#ask-the-community
Title
# ask-the-community
d

Denis Skakalski

02/26/2024, 10:22 AM
hi guys, I have python code where I am creating service token for Azure cloud access, using ClientSecretCredential and lambda (by installing on agent azure-identity==1.14.1 before starting of the script) ---------------------------------------------------------------------- import json from azure.identity import ClientSecretCredential resource_url = "arrrr7-4aec-uuuu-a6f0-tttt/.default" tenant_id = "c0rrrrr0-xxx-4116-a59f-eeee" client_id = "rrr-9cf3-tttt-9d9e-ttttt" secret = "5555~rrrr~tttt cred = ClientSecretCredential( tenant_id=tenant_id, client_id=client_id, client_secret=secret ) get_token = lambda cred=cred, resource=resource_url: cred.get_token(resource).token token = 'Bearer '+get_token() -------------------------------------------------------------- Could you advice what Flyte's components should I use to do the same.
c

Chris Grass

02/26/2024, 3:07 PM
can you describe what behavior you're seeing? if you want to fetch and use the token directly you should be able to do that after injecting the credentials as env_vars in your flyte task pods like we discussed in your earlier question. alternatively, you can look into setting up an Azure Workload Identity if you're in AKS and the azure ecosystem; it takes a little bit to setup but is generally more flexible and secure than managing creds directly in code. e.g., once you have the credential injected into the k8 pod you can just use
credential=DefaultAzureCredential()
in python
y

Yee

02/26/2024, 8:35 PM
yeah could you elaborate on what you’re trying to do? if you’re just hitting azure auth directly independent of flyte, nothing should change. if you’re trying to use azure idp with flyte’s oauth, it should work automatically without your having to manually get a token assuming admin has been set up properly