I tried to follow the auth tutorials (<https://doc...
# ask-the-community
x
I tried to follow the auth tutorials (https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html), but seems it does work when try to use corresponding configuration from gitlab. To be honest, I am not quite clear about the implementation here, is there any extra efforts we should do?
d
Hi @Xuan Hu and welcome to the Flyte community. Unfortunately there isn't a tutorial for GitLab OIDC config on our docs, but in general and regardless of the Identity Provider you plan to use, what Flyte consumes is the
client_secret
and
client_id
generated by your IdP
Is this for a sandbox deployment?
I find this in the Gitlab docs that could be what you need to configure: https://docs.gitlab.com/ee/integration/oauth_provider.html#create-a-user-owned-application
x
Hi @David Espejo (he/him), thanks for your reply. I struggled with the config for several days and finally make it after asking on slack. It turns out I made a mistake on the base url for the auth part. And then flyte admin will complain about
AUTH_CONTEXT_SETUP_FAILED
. It should only contains the hostname, but I included the relative path. It seems to work now and I really appreciate your attention.
If needed, I can try to write some documentation for it.
s
Of course! Thanks for offering to contribute. Really appreciate it! Would you mind creating a docs PR?
x
The login seems to work now but I am stuck by workflow authentication. The error log for flyte admin:
Copy code
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4"},"level":"warning","msg":"Failed to fetch override values when assigning task resource default values for [resource_type:WORKFLOW project:\"flytesnacks\" domain:\"development\" name:\"flyte.workflows.example.my_wf\" version:\"auth\" ]: Resource [{Project:flytesnacks Domain:development Workflow:flyte.workflows.example.my_wf LaunchPlan: ResourceType:TASK_RESOURCE}] not found","ts":"2023-01-18T09:23:45Z"}
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4"},"level":"warning","msg":"Failed to fetch override values when assigning execution queue for [{ResourceType:WORKFLOW Project:flytesnacks Domain:development Name:flyte.workflows.example.my_wf Version:auth XXX_NoUnkeyedLiteral:{} XXX_unrecognized:[] XXX_sizecache:0}] with err: Resource [{Project:flytesnacks Domain:development Workflow:flyte.workflows.example.my_wf LaunchPlan: ResourceType:EXECUTION_QUEUE}] not found","ts":"2023-01-18T09:23:45Z"}
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4"},"level":"warning","msg":"Setting security context from auth Role","ts":"2023-01-18T09:23:45Z"}
The error log for flyte propeller:
Copy code
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4","ns":"flyte","res_ver":"53308865","routine":"worker-1","wf":"flytesnacks:development:flyte.workflows.example.my_wf"},"level":"warning","msg":"Event recording failed. Error [EventSinkError: Error sending event, caused by [rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken]]","ts":"2023-01-18T09:40:54Z"}
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4","ns":"flyte","res_ver":"53308865","routine":"worker-1","wf":"flytesnacks:development:flyte.workflows.example.my_wf"},"level":"error","msg":"Error when trying to reconcile workflow. Error [[]]. Error Type[*errors.WorkflowErrorWithCause]","ts":"2023-01-18T09:40:54Z"}
E0118 09:40:54.267779       1 workers.go:102] error syncing 'flyte/adzbtfj97xn4fkmnh2n4': Workflow[] failed. ErrorRecordingError: failed to publish event, caused by: EventSinkError: Error sending event, caused by [rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken]
I mostly followed the auth setup doc for flyte as mentioned above. Both OIDC and Oauth2 related configs are applied. To be hoest, I am not so familiar with auth related stuffs. Any clues to debug the problem?
s
Can you redeploy flytepropeller?
101 Views