how might i enforce that every task execution always first runs some arbitrary setup script?
entrypoints support some plugin?
otherwise, would it be too deviating to replace the use of these
execution commands with our own entrypoints?
09/30/2022, 6:06 PM
can you describe your goals here?
i know it’s auth related, but i’m still not clear on exactly how it fits into the system
10/03/2022, 6:23 PM
two use cases related to authz:
1. we want our flyte users to be able to use boto3 for accessing s3, but we need to globally patch boto3 to first fetch a signed s3 request from our internal s3-authorization service, before making the request to AWS s3. this signing needs to take place immediately before making the request to s3.
2. our users submit spark apps to our hadoop clusters. before doing that, we want to globally “exchange” the kube JWT for an internal cert, which is validated by our hadoop interface.
in both cases, we cannot expect our users to import some python package in their workflow/task code. it’s also not secure.