Hello :wave: Question about CICD + auth
# flyte-supportb
boundless-lifeguard-61788
08/09/2024, 6:42 PMHello 👋 Question about CICD + auth
boundless-lifeguard-61788
08/09/2024, 6:46 PMWe are testing CICD and encountered some issues with authenticating.
Currently we have authentication + internal flyte authorization. We did not enable an external authorization service
The first question is can ClientSecret work with flytes internal authorization?
The requested feature is not enabled in this environment Copy code
{"json":{"src":"main.go:13"},"level":"error","msg":"authentication error! Original Error: <nil>, Auth Error: failed to issue token. Error: failed to get token: oauth2: \"access_denied\" \"The requested feature is not enabled in this environment.\"","ts":} Copy code
admin:
endpoint: dns:///[ourendpoint]
authType: ClientSecret
clientId: [clientId:]
clientSecretEnvVar: FLYTE_CLIENT_SECRET
authorizationServerUrl: https://[ouoidcurl]]
scopes:
- openid
- profile
- email
- read_user
tokenUrl: https://[ouroidtokenurl]
insecure: false
logger:
show-source: true
level: 6a
average-finland-92144
08/09/2024, 10:00 PM@boundless-lifeguard-61788 I don't think there's a limitation on ClientCredentials and the internal auth server.
A previous thread touches this topic and seems like
ClientSecretclientSecreLocationt
thankful-minister-83577
08/09/2024, 11:21 PM
@boundless-lifeguard-61788 it definitely can. we do this in one of our test environments.
👍 1
d
damp-animal-95109
08/09/2024, 11:22 PMThis is working now. The issue we were running into was we thought we needed to use the literal clientId we created for flytepropeller in okta but we actually just needed to use
flytepropeller Copy code
admin:
endpoint: dns:///<our_endpoint>
authType: ClientSecret
clientId: flytepropeller
clientSecretEnvVar: FLYTE_CLIENT_SECRET
logger:
show-source: true
level: 6flytectlpyflyte🙌🏽 1
4 Views