Shahwar Saleem
09/28/2022, 9:09 PMUNKNOWN
state. I was wondering what could be possible cause for this?
Do we need to inform any service other than Flyte Admin about the Auth? For Example Flyte Propeller?
CC: @Prafulla MahindrakarYee
Shahwar Saleem
09/28/2022, 9:15 PMYee
Ketan (kumare3)
Shahwar Saleem
09/29/2022, 2:20 PMKetan (kumare3)
Yee
Shahwar Saleem
10/05/2022, 6:32 PMcan you try with flytectl?I just confirmed with my team that our Auth0 server does require an
Audience
even from clientSecret
flow. So, I believe to make this work with the Auth server we do need Audience properly set.Yee
Andrew Achkar
10/06/2022, 4:16 PMShahwar Saleem
10/06/2022, 4:18 PMAndrew Achkar
10/06/2022, 5:21 PMHaytham Abuelfutuh
Andrew Achkar
10/06/2022, 5:29 PMHaytham Abuelfutuh
Andrew Achkar
10/06/2022, 5:31 PMHaytham Abuelfutuh
Yee
Shahwar Saleem
10/06/2022, 5:55 PMpropeller
, scheduler
, and flytectl
.Yee
Shahwar Saleem
10/12/2022, 6:40 PMflyteadmin
and flyteidl
for providing Audience.
I was successfully able to create flytescheduler and propeller images.
After I supply audience value, propeller is created fine. But scheduler is continuously in PodInitialization, unable to debug it further
I have supplied the values to audience in my config maps like:
admin.yaml: |
admin:
clientId: <clientId>
clientSecretLocation: /etc/secrets/client_secret
audience: <audience_value>
endpoint: flyteadmin:81
insecure: true
CC: @Yee please let me know what could I be doing wrongYee
Shahwar Saleem
10/12/2022, 6:44 PMflytescheduler-check
is in CrashLoopBackOff state:
terminated
Reason: Error - exit code: 2
Started at: 2022-10-12T14:39:43-04:00
Finished at: 2022-10-12T14:39:44-04:00
Yee
Shahwar Saleem
10/12/2022, 6:44 PMAudience
error anymore.Yee
Shahwar Saleem
10/12/2022, 6:46 PMYee
Shahwar Saleem
10/12/2022, 6:49 PMtoken_source_provider
file to return EndPointParams
. Which are then going to be used to return Audience parameter.Yee
Shahwar Saleem
10/12/2022, 6:51 PMaudienceValue := cfg.Audience
if len(audienceValue) == 0 {
audienceValue = clientMetadata.Audience
}
tokenProvider, err = NewClientCredentialsTokenSourceProvider(ctx, cfg, scopes, tokenURL, audienceValue)
Yee
Shahwar Saleem
10/12/2022, 6:52 PMEndPointParams
to be passed.Yee
Shahwar Saleem
10/12/2022, 6:53 PMflyteadmin
flytepropeller
flytescheduler
Yee
Shahwar Saleem
10/12/2022, 6:55 PMYee
Shahwar Saleem
10/12/2022, 6:57 PMNo audience parameter was provided, and no default audience has been configured
Yee
Shahwar Saleem
10/12/2022, 6:58 PMYee
Shahwar Saleem
10/12/2022, 7:12 PMYee
Shahwar Saleem
10/12/2022, 7:20 PMYee
Shahwar Saleem
10/12/2022, 7:20 PMYee
Shahwar Saleem
10/20/2022, 5:41 PMKetan (kumare3)
Shahwar Saleem
10/20/2022, 9:43 PMKetan (kumare3)
Jonathan Lamiel
12/18/2022, 5:38 PMKetan (kumare3)
Jonathan Lamiel
12/20/2022, 2:44 PMNo audience parameter was provided, and no default audience has been configured
and this on the admin side:
{"json":{"src":"cookie.go:88"},"level":"debug","msg":"Existing [flyte_idt] cookie found","ts":"2022-12-20T14:30:01Z"}
{"json":{"src":"cookie.go:88"},"level":"debug","msg":"Existing [flyte_at] cookie found","ts":"2022-12-20T14:30:01Z"}
{"json":{"src":"cookie.go:88"},"level":"debug","msg":"Existing [flyte_rt] cookie found","ts":"2022-12-20T14:30:01Z"}
{"json":{"src":"cookie.go:88"},"level":"debug","msg":"Existing [flyte_user_info] cookie found","ts":"2022-12-20T14:30:01Z"}
{"json":{"src":"handlers.go:235"},"level":"debug","msg":"Running authentication gRPC interceptor","ts":"2022-12-20T14:30:01Z"}
{"json":{"src":"token.go:83"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2022-12-20T14:30:01Z"}
{"json":{"src":"handlers.go:245"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2022-12-20T14:30:01Z"}
I’m using the v1.2.1
images and added the audience conf as below
thirdPartyConfig:
flyteClient:
clientId: clientId
redirectUri: <https://xxxx.auth0.com/callback>
scopes:
- offline
- all
audience: <https://xxxx.auth0.com/api/v2/>
And the audience is correctly return by is correctly return by the admin endpoint /config/v1/flyte_client
I’m not sure what I’m doing wrong thereKetan (kumare3)
Prafulla Mahindrakar
12/20/2022, 4:26 PMJonathan Lamiel
12/20/2022, 4:34 PMPrafulla Mahindrakar
12/20/2022, 5:44 PMJonathan Lamiel
12/23/2022, 3:05 PMError: unknown command "RedisClient" for "mockery"
Error: unknown command "HandlerFactory" for "mockery"
I’m not a go dev, so it surely is an issue on my setup 😅Ketan (kumare3)
Prafulla Mahindrakar
12/23/2022, 8:11 PMgo get <http://github.com/flyteorg/flyteidl|github.com/flyteorg/flyteidl>
<http://github.com/flyteorg/flyteidl@956c7a259b50a6607aa82a9d3cc0bcbe51919f84|github.com/flyteorg/flyteidl@956c7a259b50a6607aa82a9d3cc0bcbe51919f84>
which uses the commit from the PR
• go mod tidy
• make docker_build
. this will build the propeller image with the idl changes
• Push the built image to your local image repo and use the same in your flyte deployment. With the change you can now configure flytepropeller to send the audience field when having flyteadmin relay auth with auth0 provider. In your propeller config map you should be able add the audience key and value https://github.com/flyteorg/flyteidl/pull/329/files#diff-91f1e2cdbc64e0a780abe3c3eddfeb4bc61a1e099e7393a1331ff7f27be30c5cR56 in the admin sectionJonathan Lamiel
01/03/2023, 2:41 PMPrafulla Mahindrakar
01/03/2023, 5:47 PMJonathan Lamiel
01/03/2023, 7:32 PMPrafulla Mahindrakar
01/03/2023, 9:03 PMKetan (kumare3)
Prafulla Mahindrakar
01/04/2023, 3:46 AM