Robin Eklund
03/01/2023, 3:10 PMpyflyte package
+ flytectl register
to only use pyflyte register
when deploying flyte workflows - but now i get an authentication error. With flytectl
i could authenticate by writing a secret to ~/.flyte/client_secret
but seems this is not working for pyflyte
Maybe someone else had similar issues?Ketan (kumare3)
03/01/2023, 3:50 PMRobin Eklund
03/02/2023, 8:08 AMSamhita Alla
03/02/2023, 8:46 AMRobin Eklund
03/02/2023, 9:05 AM~/.flyte/client_secret
2. fetch the secret from secret manager and writes it in the newly created file
3. add an empty line in the end (because of this: https://github.com/flyteorg/flytekit/blob/70a08256adefc98ee42da86171177ab5b5136b6d/tests/flytekit/unit/configuration/test_internal.py#L42)config.yaml
admin:
endpoint: dns:///flyte.our.domain
authType: ClientSecret
clientSecretLocation: /root/.flyte/client_secret
insecure: false
logger:
show-source: true
level: 0
Samhita Alla
03/02/2023, 10:48 AMclientId
as well? Also, what's the error you're seeing?Robin Eklund
03/02/2023, 10:50 AM{
"asctime": "2023-03-02 08:56:07,735",
"name": "flytekit.cli",
"levelname": "ERROR",
"message": "Non-200 (401) received from IDP: {\"error\":\"invalid_client\",\"error_description\":\"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).\"}"
}
This is the error i receivepyflyte package
+ flytectl register
. But now when we use only pyflyte register
we got this errorSamhita Alla
03/02/2023, 11:39 AMYee
03/02/2023, 5:30 PMRobin Eklund
03/03/2023, 11:54 AM# Leave empty to use the value discovered through flyteAdmin's Auth discovery endpoint.
So i guess that made it work when i used flytectl register? Seems like pyflyte register does not work in the same way though.Ketan (kumare3)
03/03/2023, 2:45 PMRobin Eklund
03/03/2023, 2:47 PMflytectl register
the auth setup worked for us - and we didn't specify clientId inside config.yml
Ketan (kumare3)
03/03/2023, 2:49 PMRobin Eklund
03/03/2023, 2:51 PMgrpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAUTHENTICATED
details = "token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken"
debug_error_string = "UNKNOWN:Error received from peer ipv4:<ipaddress> {grpc_message:"token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken", grpc_status:16, created_time:"2023-03-02T08:56:07.716682455+00:00"}"
>
if it helps?Yee
03/06/2023, 4:38 PMRobin Eklund
03/07/2023, 3:20 PMconfigmap:
adminServer:
auth:
appAuth:
thirdPartyConfig:
flyteClient:
clientId: <the_client_id>
redirectUri: <http://the_domain/callback>
scopes:
- offline
- all
...
(We have more things there as well)
But how to create the one for pyflyte register
? because before it was working for us without specifying the clientId in config.yml when we used flytectl register
Samhita Alla
03/08/2023, 10:55 AMclientID
is the Access Key ID.Robin Eklund
03/08/2023, 11:31 AMYee
03/08/2023, 4:57 PMDavid Espejo (he/him)
03/13/2023, 4:29 PMRobin Eklund
03/15/2023, 6:49 AMpyflyte register
and one way from the ci cd pipeline with pyflyte package
+`flytectl register`