Hmm Is the Flytectl config and pyflyte supposed to be the sa Flyte #flyte-support

Hmm. Is the Flytectl config and pyflyte supposed t...

gentle-tomato-480

04/16/2024, 9:39 AM

Hmm. Is the Flytectl config and pyflyte supposed to be the same? What seeems to have worked for pyflyte is causing issues in flytectl

gentle-tomato-480

04/16/2024, 9:55 AM

Currently getting this:

Copy code

{"json":{"src":"viper.go:400"},"level":"debug","msg":"Config section [admin] updated. Firing updated event.","ts":"2024-04-16T11:53:55+02:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [storage] updated. No update handler registered.","ts":"2024-04-16T11:53:55+02:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [root] updated. No update handler registered.","ts":"2024-04-16T11:53:55+02:00"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [files] updated. No update handler registered.","ts":"2024-04-16T11:53:55+02:00"}
{"json":{"src":"client.go:63"},"level":"info","msg":"Initialized Admin client","ts":"2024-04-16T11:53:55+02:00"}
{"json":{"src":"auth_interceptor.go:86"},"level":"debug","msg":"Request failed due to [rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken]. If it's an unauthenticated error, we will attempt to establish an authenticated context.","ts":"2024-04-16T11:53:56+02:00"}
{"json":{"src":"auth_interceptor.go:91"},"level":"debug","msg":"Request failed due to [Unauthenticated]. Attempting to establish an authenticated connection and trying again.","ts":"2024-04-16T11:53:56+02:00"}
{"json":{"src":"base_token_orchestrator.go:63"},"level":"info","msg":"found the token in the cache","ts":"2024-04-16T11:53:57+02:00"}
Error: Connection Info: [Endpoint: <REDACTED>, InsecureConnection?: false, AuthMode: Pkce]: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken
{"json":{"src":"main.go:13"},"level":"error","msg":"Connection Info: [Endpoint: <REDACTED>, InsecureConnection?: false, AuthMode: Pkce]: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2024-04-16T11:53:57+02:00"}

gentle-tomato-480

04/16/2024, 9:57 AM

I've also tried authMode

clientSecret

and

ClientSecret

which also do not seem to work

gentle-tomato-480

04/16/2024, 9:57 AM

But pyflyte can reach it just fine

proud-answer-87162

04/16/2024, 1:52 PM

hello - can you show what you use for your config.yaml?

proud-answer-87162

04/16/2024, 1:53 PM

and to confirm, you're seeing the above error when running

pyflyte run --remote

gentle-tomato-480

04/16/2024, 2:58 PM

No, I'm seeing the above error when running

flytectl get task-resource-attributes -p flytesnacks -d development

gentle-tomato-480

04/16/2024, 2:59 PM

pyflyte is actually doing ok

gentle-tomato-480

04/16/2024, 3:01 PM

So, the config seems to be fine for pyflyte, but not for flytectl. This is the config, @proud-answer-87162 :

Copy code

admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///<REDACTED>
  clientSecretLocation: /path/to/secret
  clientId: flytepropeller
  authType: clientSecret
  verify: true
logger:
  show-source: true
  level: 5

gentle-tomato-480

04/16/2024, 3:13 PM

This config gives btw a different error in flytectl:

Copy code

ERRO[0000] Failed to umarshal Data: clientSecret. Error: clientSecret does not belong to AuthType values. Skipping jsonUnmarshalHook 
Error: 

1 error(s) decoding:

* cannot parse 'authType' as uint: strconv.ParseUint: parsing "clientSecret": invalid syntax

1 error(s) decoding:

* '' has invalid keys: evel

So I change it to authtype to

ClientSecret

proud-answer-87162

04/16/2024, 3:16 PM

sorry, i'm not familiar with the flytectl auth model. we'll have to wait for one of the devs to offer thoughts

gentle-tomato-480

04/16/2024, 3:17 PM

(The 'evel' is from a typo.. Should have been

logger.level

)

gentle-tomato-480

04/16/2024, 3:22 PM

Hmm. Now seems to work 🤔 Just tried

flytectl get execution -p flytesnacks -d development

and I do get a table of executions: However, I still get this message:

Copy code

"json":{"src":"auth_interceptor.go:86"},"level":"debug","msg":"Request failed due to [rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken]. If it's an unauthenticated error, we will attempt to establish an authenticated context.","ts":"2024-04-16T17:20:55+02:00"}
{"json":{"src":"auth_interceptor.go:91"},"level":"debug","msg":"Request failed due to [Unauthenticated]. Attempting to establish an authenticated connection and trying again.","ts":"2024-04-16T17:20:55+02:00"}
{"json":{"src":"execution.go:148"},"level":"info","msg":"Retrieved 100 executions","ts":"2024-04-16T17:20:56+02:00"}

So this is just a warning then?

proud-answer-87162

04/16/2024, 3:25 PM

the fact that it's

"level":"debug"

makes it seem so. maybe part of the auth hunt order? (pure speculation)

gentle-tomato-480

04/16/2024, 3:26 PM

Could be! Wonder if I had some other typo in there that was preventing it. Or maybe it did succeed before and I was thrown off guard by the debug auth logs

average-finland-92144

04/16/2024, 4:46 PM

I think is a warning too, I see it when browsing logs

9 Views

Open in Slack

Previous Next