From 21ebec7986238f0282cf16585f1924c0890694db Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 25 Nov 2024 22:47:04 +0800 Subject: [PATCH 01/39] Fix for keyring errors when initializing Flyte for_sandbox config client (needs verification) Signed-off-by: taieeuu --- Stack Trace.txt | 49 +++++++++++++++++ _handle_unauthenticated_error_opt.txt | 43 +++++++++++++++ flytekit/clients/auth/keyring.py | 12 +++++ flytekit/clients/auth_helper.py | 4 ++ .../clients/grpc_utils/auth_interceptor.py | 54 ++++++++++++++++--- flytekit/configuration/__init__.py | 3 +- test_flyte.py | 17 ++++++ test_union_server.py | 10 ++++ 8 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 Stack Trace.txt create mode 100644 _handle_unauthenticated_error_opt.txt create mode 100644 test_flyte.py create mode 100644 test_union_server.py diff --git a/Stack Trace.txt b/Stack Trace.txt new file mode 100644 index 0000000000..e7933df008 --- /dev/null +++ b/Stack Trace.txt @@ -0,0 +1,49 @@ +tomnewton@ben-nevis:~/WayveCode/wayve/ai/nvs/services/workflow$ python /home/tomnewton/Documents/reproduce_key_vault_error.py +/usr/lib/python3/dist-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated +"class": algorithms.Blowfish, +╭──────────────────────────────────────────────────────────────────────────────────────────────────────────── Traceback (most recent call last) ─────────────────────────────────────────────────────────────────────────────────────────────────────────────╮ +│ /home/tomnewton/Documents/reproduce_key_vault_error.py:6 in │ +│ │ +│ ❱ 6 remote.client │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/remote/remote.py:205 in client │ +│ │ +│ ❱ 205 │ │ │ self._client = SynchronousFlyteClient(self.config.platform, **self._kwargs) │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/raw.py:44 in __init__ │ +│ │ +│ ❱ 44 │ │ self._channel = wrap_exceptions_channel(cfg, upgrade_channel_to_authenticated(cf │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth_helper.py:111 in upgrade_channel_to_authenticated │ +│ │ +│ ❱ 111 │ authenticator = get_authenticator(cfg, RemoteClientConfigStore(in_channel)) │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth_helper.py:69 in get_authenticator │ +│ │ +│ ❱ 69 │ │ return PKCEAuthenticator(cfg.endpoint, cfg_store, verify=verify) │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth/authenticator.py:102 in __init__ │ +│ │ +│ ❱ 102 │ │ super().__init__(endpoint, header_key, KeyringStore.retrieve(endpoint), verify=v │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth/keyring.py:49 in retrieve │ +│ │ +│ ❱ 49 │ │ │ refresh_token = _keyring.get_password(for_endpoint, KeyringStore._refresh_to │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/core.py:55 in get_password │ +│ │ +│ ❱ 55 │ return get_keyring().get_password(service_name, username) │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/chainer.py:49 in get_password │ +│ │ +│ ❱ 49 │ │ │ password = keyring.get_password(service, username) │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/SecretService.py:78 in get_password │ +│ │ +│ ❱ 78 │ │ collection = self.get_preferred_collection() │ +│ │ +│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/SecretService.py:67 in get_preferred_collection │ +│ │ +│ ❱ 67 │ │ │ │ raise KeyringLocked("Failed to unlock the collection!") │ +╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ +KeyringLocked: Failed to unlock the collection! diff --git a/_handle_unauthenticated_error_opt.txt b/_handle_unauthenticated_error_opt.txt new file mode 100644 index 0000000000..a4fe1086f7 --- /dev/null +++ b/_handle_unauthenticated_error_opt.txt @@ -0,0 +1,43 @@ +def _handle_unauthenticated_error(self, continuation, client_call_details, request): + """處理未認證錯誤, 觸發 PKCE 流程""" + logging.info("Received authentication error (401), starting PKCE authentication flow") + + try: + # 檢查是否需要切換到 PKCEAuthenticator + if isinstance(self._authenticator, Authenticator) and not isinstance(self._authenticator, PKCEAuthenticator): + logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") + + if not self._cfg or not self._cfg_store: + logging.error("Missing configuration for PKCEAuthenticator initialization.") + raise ValueError("Cannot switch to PKCEAuthenticator due to missing configuration.") + + from flytekit.clients.auth.authenticator import PKCEAuthenticator + session = get_session(self._cfg) + + verify = None + if self._cfg.insecure_skip_verify: + verify = False + elif self._cfg.ca_cert_file_path: + verify = self._cfg.ca_cert_file_path + + # 動態切換到 PKCEAuthenticator + self._authenticator = PKCEAuthenticator( + self._cfg.endpoint, + self._cfg_store, + scopes=self._cfg.scopes, + verify=verify, + session=session + ) + logging.info("Successfully switched to PKCEAuthenticator.") + + # 刷新憑證 + self._authenticator.refresh_credentials() + logging.info("PKCE authentication flow completed successfully") + + except Exception as e: + logging.error(f"Authentication failed during PKCE flow: {str(e)}") + raise + + # 使用新的憑證重試 gRPC 請求 + updated_call_details = self._call_details_with_auth_metadata(client_call_details) + return continuation(updated_call_details, request) \ No newline at end of file diff --git a/flytekit/clients/auth/keyring.py b/flytekit/clients/auth/keyring.py index 5ad171a369..63dca6924c 100644 --- a/flytekit/clients/auth/keyring.py +++ b/flytekit/clients/auth/keyring.py @@ -79,3 +79,15 @@ def _delete_key(key): _delete_key(KeyringStore._access_token_key) _delete_key(KeyringStore._refresh_token_key) _delete_key(KeyringStore._id_token_key) + + @staticmethod + def delete(endpoint: str): + """ + 刪除給定端點的所有存儲的令牌 + """ + import keyring as _keyring + try: + _keyring.delete_password(endpoint, KeyringStore._refresh_token_key) + _keyring.delete_password(endpoint, KeyringStore._id_token_key) + except Exception: + pass diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index b4a6b7a438..380c29935e 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -69,6 +69,10 @@ def get_authenticator(cfg: PlatformConfig, cfg_store: ClientConfigStore) -> Auth session = get_session(cfg) + if cfg_auth == AuthType.NO_AUTH: + logging.warning("No authentication required for this configuration.") + return Authenticator(cfg.endpoint, header_key="", verify=verify) + if cfg_auth == AuthType.STANDARD or cfg_auth == AuthType.PKCE: return PKCEAuthenticator(cfg.endpoint, cfg_store, scopes=cfg.scopes, verify=verify, session=session) elif cfg_auth == AuthType.BASIC or cfg_auth == AuthType.CLIENT_CREDENTIALS or cfg_auth == AuthType.CLIENTSECRET: diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index 6a73e0764e..c494ecc9cf 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -5,6 +5,11 @@ from flytekit.clients.auth.authenticator import Authenticator +import logging + +from flytekit.configuration import PlatformConfig + +from flytekit.clients.auth.authenticator import ClientConfigStore class _ClientCallDetails( namedtuple("_ClientCallDetails", ("method", "timeout", "metadata", "credentials")), @@ -25,8 +30,10 @@ class AuthUnaryInterceptor(grpc.UnaryUnaryClientInterceptor, grpc.UnaryStreamCli is needed. """ - def __init__(self, authenticator: Authenticator): + def __init__(self, authenticator: Authenticator, cfg: PlatformConfig = None, cfg_store: ClientConfigStore = None): self._authenticator = authenticator + self._cfg = cfg + self._cfg_store = cfg_store def _call_details_with_auth_metadata(self, client_call_details: grpc.ClientCallDetails) -> grpc.ClientCallDetails: """ @@ -64,9 +71,10 @@ def intercept_unary_unary( if not hasattr(e, "code"): raise e if e.code() == grpc.StatusCode.UNAUTHENTICATED or e.code() == grpc.StatusCode.UNKNOWN: - self._authenticator.refresh_credentials() - updated_call_details = self._call_details_with_auth_metadata(client_call_details) - return continuation(updated_call_details, request) + return self._handle_unauthenticated_error(fut, client_call_details, request) + # self._authenticator.refresh_credentials() + # updated_call_details = self._call_details_with_auth_metadata(client_call_details) + # return continuation(updated_call_details, request) return fut def intercept_unary_stream(self, continuation, client_call_details, request): @@ -76,7 +84,39 @@ def intercept_unary_stream(self, continuation, client_call_details, request): updated_call_details = self._call_details_with_auth_metadata(client_call_details) c: grpc.Call = continuation(updated_call_details, request) if c.code() == grpc.StatusCode.UNAUTHENTICATED: - self._authenticator.refresh_credentials() - updated_call_details = self._call_details_with_auth_metadata(client_call_details) - return continuation(updated_call_details, request) + return self._handle_unauthenticated_error(c, client_call_details, request) + # self._authenticator.refresh_credentials() + # updated_call_details = self._call_details_with_auth_metadata(client_call_details) + # return continuation(updated_call_details, request) return c + + def _handle_unauthenticated_error(self, continuation, client_call_details, request): + """處理未認證錯誤,觸發PKCE流程""" + logging.info("Received authentication error, starting PKCE authentication flow") + + try: + + if isinstance(self._authenticator, Authenticator) and not isinstance(self._authenticator, PKCEAuthenticator): + logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") + + from flytekit.clients.auth.authenticator import PKCEAuthenticator + from flytekit.clients.auth_helper import get_session + session = get_session(self._cfg) + + verify = None + if self._cfg.insecure_skip_verify: + verify = False + elif self._cfg.ca_cert_file_path: + verify = self._cfg.ca_cert_file_path + + self._authenticator = PKCEAuthenticator(self._cfg.endpoint, self._cfg_store, scopes=self._cfg.scopes, verify=verify, session=session) + + self._authenticator.refresh_credentials() + logging.info("Authentication flow completed successfully") + + except Exception as e: + logging.error(f"Authentication failed: {str(e)}") + raise + + updated_call_details = self._call_details_with_auth_metadata(client_call_details) + return continuation(updated_call_details, request) \ No newline at end of file diff --git a/flytekit/configuration/__init__.py b/flytekit/configuration/__init__.py index ee51b94399..9dd3d14b51 100644 --- a/flytekit/configuration/__init__.py +++ b/flytekit/configuration/__init__.py @@ -393,6 +393,7 @@ class AuthType(enum.Enum): PKCE = "Pkce" EXTERNALCOMMAND = "ExternalCommand" DEVICEFLOW = "DeviceFlow" + NO_AUTH = "no_auth" @dataclass(init=True, repr=True, eq=True, frozen=True) @@ -749,7 +750,7 @@ def for_sandbox(cls) -> Config: :return: Config """ return Config( - platform=PlatformConfig(endpoint="localhost:30080", auth_mode="Pkce", insecure=True), + platform=PlatformConfig(endpoint="localhost:30080", auth_mode="no_auth", insecure=True), data_config=DataConfig( s3=S3Config(endpoint="http://localhost:30002", access_key_id="minio", secret_access_key="miniostorage") ), diff --git a/test_flyte.py b/test_flyte.py new file mode 100644 index 0000000000..69f8b26748 --- /dev/null +++ b/test_flyte.py @@ -0,0 +1,17 @@ +import time +from flytekit.configuration import Config +from flytekit.remote import FlyteRemote + +def test_flyte_client(): + + try: + + config = Config.for_sandbox() + remote = FlyteRemote(config=config) + remote.client + print("成功連接到 Flyte 服務器!") + except Exception as e: + print(f"錯誤發生: {str(e)}") + +if __name__ == "__main__": + test_flyte_client() \ No newline at end of file diff --git a/test_union_server.py b/test_union_server.py new file mode 100644 index 0000000000..97552f6fbf --- /dev/null +++ b/test_union_server.py @@ -0,0 +1,10 @@ +from flytekit import task, workflow + +@task +def say_hello(name: str) -> str: + return f"Hello, {name}!" + +@workflow +def hello_world_wf(name: str = 'world') -> str: + res = say_hello(name=name) + return res \ No newline at end of file From f358477bfe06f7dd220f2be5ac066bac139c8880 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Wed, 27 Nov 2024 22:57:42 +0800 Subject: [PATCH 02/39] no_msg Signed-off-by: taieeuu --- flytekit/clients/auth/keyring.py | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/flytekit/clients/auth/keyring.py b/flytekit/clients/auth/keyring.py index 63dca6924c..188b8092f8 100644 --- a/flytekit/clients/auth/keyring.py +++ b/flytekit/clients/auth/keyring.py @@ -80,14 +80,3 @@ def _delete_key(key): _delete_key(KeyringStore._refresh_token_key) _delete_key(KeyringStore._id_token_key) - @staticmethod - def delete(endpoint: str): - """ - 刪除給定端點的所有存儲的令牌 - """ - import keyring as _keyring - try: - _keyring.delete_password(endpoint, KeyringStore._refresh_token_key) - _keyring.delete_password(endpoint, KeyringStore._id_token_key) - except Exception: - pass From 77bc862392183b7f4bc6499b8193c1a9c47e1e61 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Wed, 27 Nov 2024 23:33:24 +0800 Subject: [PATCH 03/39] no_msg Signed-off-by: taieeuu --- Stack Trace.txt | 49 --------------------------- _handle_unauthenticated_error_opt.txt | 43 ----------------------- test_flyte.py | 17 ---------- test_union_server.py | 10 ------ 4 files changed, 119 deletions(-) delete mode 100644 Stack Trace.txt delete mode 100644 _handle_unauthenticated_error_opt.txt delete mode 100644 test_flyte.py delete mode 100644 test_union_server.py diff --git a/Stack Trace.txt b/Stack Trace.txt deleted file mode 100644 index e7933df008..0000000000 --- a/Stack Trace.txt +++ /dev/null @@ -1,49 +0,0 @@ -tomnewton@ben-nevis:~/WayveCode/wayve/ai/nvs/services/workflow$ python /home/tomnewton/Documents/reproduce_key_vault_error.py -/usr/lib/python3/dist-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated -"class": algorithms.Blowfish, -╭──────────────────────────────────────────────────────────────────────────────────────────────────────────── Traceback (most recent call last) ─────────────────────────────────────────────────────────────────────────────────────────────────────────────╮ -│ /home/tomnewton/Documents/reproduce_key_vault_error.py:6 in │ -│ │ -│ ❱ 6 remote.client │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/remote/remote.py:205 in client │ -│ │ -│ ❱ 205 │ │ │ self._client = SynchronousFlyteClient(self.config.platform, **self._kwargs) │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/raw.py:44 in __init__ │ -│ │ -│ ❱ 44 │ │ self._channel = wrap_exceptions_channel(cfg, upgrade_channel_to_authenticated(cf │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth_helper.py:111 in upgrade_channel_to_authenticated │ -│ │ -│ ❱ 111 │ authenticator = get_authenticator(cfg, RemoteClientConfigStore(in_channel)) │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth_helper.py:69 in get_authenticator │ -│ │ -│ ❱ 69 │ │ return PKCEAuthenticator(cfg.endpoint, cfg_store, verify=verify) │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth/authenticator.py:102 in __init__ │ -│ │ -│ ❱ 102 │ │ super().__init__(endpoint, header_key, KeyringStore.retrieve(endpoint), verify=v │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth/keyring.py:49 in retrieve │ -│ │ -│ ❱ 49 │ │ │ refresh_token = _keyring.get_password(for_endpoint, KeyringStore._refresh_to │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/core.py:55 in get_password │ -│ │ -│ ❱ 55 │ return get_keyring().get_password(service_name, username) │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/chainer.py:49 in get_password │ -│ │ -│ ❱ 49 │ │ │ password = keyring.get_password(service, username) │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/SecretService.py:78 in get_password │ -│ │ -│ ❱ 78 │ │ collection = self.get_preferred_collection() │ -│ │ -│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/SecretService.py:67 in get_preferred_collection │ -│ │ -│ ❱ 67 │ │ │ │ raise KeyringLocked("Failed to unlock the collection!") │ -╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ -KeyringLocked: Failed to unlock the collection! diff --git a/_handle_unauthenticated_error_opt.txt b/_handle_unauthenticated_error_opt.txt deleted file mode 100644 index a4fe1086f7..0000000000 --- a/_handle_unauthenticated_error_opt.txt +++ /dev/null @@ -1,43 +0,0 @@ -def _handle_unauthenticated_error(self, continuation, client_call_details, request): - """處理未認證錯誤, 觸發 PKCE 流程""" - logging.info("Received authentication error (401), starting PKCE authentication flow") - - try: - # 檢查是否需要切換到 PKCEAuthenticator - if isinstance(self._authenticator, Authenticator) and not isinstance(self._authenticator, PKCEAuthenticator): - logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") - - if not self._cfg or not self._cfg_store: - logging.error("Missing configuration for PKCEAuthenticator initialization.") - raise ValueError("Cannot switch to PKCEAuthenticator due to missing configuration.") - - from flytekit.clients.auth.authenticator import PKCEAuthenticator - session = get_session(self._cfg) - - verify = None - if self._cfg.insecure_skip_verify: - verify = False - elif self._cfg.ca_cert_file_path: - verify = self._cfg.ca_cert_file_path - - # 動態切換到 PKCEAuthenticator - self._authenticator = PKCEAuthenticator( - self._cfg.endpoint, - self._cfg_store, - scopes=self._cfg.scopes, - verify=verify, - session=session - ) - logging.info("Successfully switched to PKCEAuthenticator.") - - # 刷新憑證 - self._authenticator.refresh_credentials() - logging.info("PKCE authentication flow completed successfully") - - except Exception as e: - logging.error(f"Authentication failed during PKCE flow: {str(e)}") - raise - - # 使用新的憑證重試 gRPC 請求 - updated_call_details = self._call_details_with_auth_metadata(client_call_details) - return continuation(updated_call_details, request) \ No newline at end of file diff --git a/test_flyte.py b/test_flyte.py deleted file mode 100644 index 69f8b26748..0000000000 --- a/test_flyte.py +++ /dev/null @@ -1,17 +0,0 @@ -import time -from flytekit.configuration import Config -from flytekit.remote import FlyteRemote - -def test_flyte_client(): - - try: - - config = Config.for_sandbox() - remote = FlyteRemote(config=config) - remote.client - print("成功連接到 Flyte 服務器!") - except Exception as e: - print(f"錯誤發生: {str(e)}") - -if __name__ == "__main__": - test_flyte_client() \ No newline at end of file diff --git a/test_union_server.py b/test_union_server.py deleted file mode 100644 index 97552f6fbf..0000000000 --- a/test_union_server.py +++ /dev/null @@ -1,10 +0,0 @@ -from flytekit import task, workflow - -@task -def say_hello(name: str) -> str: - return f"Hello, {name}!" - -@workflow -def hello_world_wf(name: str = 'world') -> str: - res = say_hello(name=name) - return res \ No newline at end of file From b42a90f5a68acbad54ea2b4b1f3d841568357927 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Thu, 28 Nov 2024 00:12:08 +0800 Subject: [PATCH 04/39] fix: run linting on codebase Signed-off-by: taieeuu --- flytekit/clients/auth/keyring.py | 1 - flytekit/clients/auth_helper.py | 2 +- .../clients/grpc_utils/auth_interceptor.py | 28 ++++++++++--------- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/flytekit/clients/auth/keyring.py b/flytekit/clients/auth/keyring.py index 435ef857da..c7667eddeb 100644 --- a/flytekit/clients/auth/keyring.py +++ b/flytekit/clients/auth/keyring.py @@ -79,4 +79,3 @@ def _delete_key(key): _delete_key(KeyringStore._access_token_key) _delete_key(KeyringStore._refresh_token_key) _delete_key(KeyringStore._id_token_key) - diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index 380c29935e..d8fc6dc9af 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -72,7 +72,7 @@ def get_authenticator(cfg: PlatformConfig, cfg_store: ClientConfigStore) -> Auth if cfg_auth == AuthType.NO_AUTH: logging.warning("No authentication required for this configuration.") return Authenticator(cfg.endpoint, header_key="", verify=verify) - + if cfg_auth == AuthType.STANDARD or cfg_auth == AuthType.PKCE: return PKCEAuthenticator(cfg.endpoint, cfg_store, scopes=cfg.scopes, verify=verify, session=session) elif cfg_auth == AuthType.BASIC or cfg_auth == AuthType.CLIENT_CREDENTIALS or cfg_auth == AuthType.CLIENTSECRET: diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index c494ecc9cf..523dd9c961 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -1,15 +1,12 @@ +import logging import typing from collections import namedtuple import grpc -from flytekit.clients.auth.authenticator import Authenticator - -import logging - +from flytekit.clients.auth.authenticator import Authenticator, ClientConfigStore from flytekit.configuration import PlatformConfig -from flytekit.clients.auth.authenticator import ClientConfigStore class _ClientCallDetails( namedtuple("_ClientCallDetails", ("method", "timeout", "metadata", "credentials")), @@ -89,18 +86,21 @@ def intercept_unary_stream(self, continuation, client_call_details, request): # updated_call_details = self._call_details_with_auth_metadata(client_call_details) # return continuation(updated_call_details, request) return c - + def _handle_unauthenticated_error(self, continuation, client_call_details, request): - """處理未認證錯誤,觸發PKCE流程""" + """Handling Unauthenticated Errors and Triggering the PKCE Flow""" + logging.info("Received authentication error, starting PKCE authentication flow") - - try: - if isinstance(self._authenticator, Authenticator) and not isinstance(self._authenticator, PKCEAuthenticator): + try: + if isinstance(self._authenticator, Authenticator) and not isinstance( + self._authenticator, PKCEAuthenticator + ): logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") - + from flytekit.clients.auth.authenticator import PKCEAuthenticator from flytekit.clients.auth_helper import get_session + session = get_session(self._cfg) verify = None @@ -109,7 +109,9 @@ def _handle_unauthenticated_error(self, continuation, client_call_details, reque elif self._cfg.ca_cert_file_path: verify = self._cfg.ca_cert_file_path - self._authenticator = PKCEAuthenticator(self._cfg.endpoint, self._cfg_store, scopes=self._cfg.scopes, verify=verify, session=session) + self._authenticator = PKCEAuthenticator( + self._cfg.endpoint, self._cfg_store, scopes=self._cfg.scopes, verify=verify, session=session + ) self._authenticator.refresh_credentials() logging.info("Authentication flow completed successfully") @@ -119,4 +121,4 @@ def _handle_unauthenticated_error(self, continuation, client_call_details, reque raise updated_call_details = self._call_details_with_auth_metadata(client_call_details) - return continuation(updated_call_details, request) \ No newline at end of file + return continuation(updated_call_details, request) From 6cb2d3f4ebcf48c8c0fceccbfa63ee0ea679fe16 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 3 Dec 2024 22:24:10 +0800 Subject: [PATCH 05/39] add grpc 401 comments Signed-off-by: taieeuu --- flytekit/clients/grpc_utils/auth_interceptor.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index 523dd9c961..bf90c3b632 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -67,11 +67,9 @@ def intercept_unary_unary( if e: if not hasattr(e, "code"): raise e + # When gRPC is UNAUTHENTICATED (401) or grpc is UNKNOWN, handle the authentication error and trigger the PKCE authenticator. if e.code() == grpc.StatusCode.UNAUTHENTICATED or e.code() == grpc.StatusCode.UNKNOWN: return self._handle_unauthenticated_error(fut, client_call_details, request) - # self._authenticator.refresh_credentials() - # updated_call_details = self._call_details_with_auth_metadata(client_call_details) - # return continuation(updated_call_details, request) return fut def intercept_unary_stream(self, continuation, client_call_details, request): @@ -80,15 +78,15 @@ def intercept_unary_stream(self, continuation, client_call_details, request): """ updated_call_details = self._call_details_with_auth_metadata(client_call_details) c: grpc.Call = continuation(updated_call_details, request) + # When gRPC is UNAUTHENTICATED (401), handle the authentication error and trigger the PKCE authenticator. if c.code() == grpc.StatusCode.UNAUTHENTICATED: return self._handle_unauthenticated_error(c, client_call_details, request) - # self._authenticator.refresh_credentials() - # updated_call_details = self._call_details_with_auth_metadata(client_call_details) - # return continuation(updated_call_details, request) return c def _handle_unauthenticated_error(self, continuation, client_call_details, request): - """Handling Unauthenticated Errors and Triggering the PKCE Flow""" + """ + Handling Unauthenticated Errors and Triggering the PKCE Flow + """ logging.info("Received authentication error, starting PKCE authentication flow") From 2214e3d2b2437db6d58035da4782df85831d21ec Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 7 Dec 2024 09:12:38 +0800 Subject: [PATCH 06/39] fix: import Signed-off-by: taieeuu --- flytekit/clients/grpc_utils/auth_interceptor.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index bf90c3b632..446207af59 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -7,6 +7,8 @@ from flytekit.clients.auth.authenticator import Authenticator, ClientConfigStore from flytekit.configuration import PlatformConfig +from flytekit.clients.auth.authenticator import PKCEAuthenticator +from flytekit.clients.auth_helper import get_session class _ClientCallDetails( namedtuple("_ClientCallDetails", ("method", "timeout", "metadata", "credentials")), @@ -96,9 +98,6 @@ def _handle_unauthenticated_error(self, continuation, client_call_details, reque ): logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") - from flytekit.clients.auth.authenticator import PKCEAuthenticator - from flytekit.clients.auth_helper import get_session - session = get_session(self._cfg) verify = None From a82cd3a1c5bf54072acbf78bff1908f8a705c3ea Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 7 Dec 2024 09:28:21 +0800 Subject: [PATCH 07/39] no_msg Signed-off-by: taieeuu --- flytekit/clients/grpc_utils/auth_interceptor.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index 446207af59..9067ea52b2 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -4,11 +4,9 @@ import grpc -from flytekit.clients.auth.authenticator import Authenticator, ClientConfigStore +from flytekit.clients.auth.authenticator import Authenticator, ClientConfigStore, PKCEAuthenticator from flytekit.configuration import PlatformConfig -from flytekit.clients.auth.authenticator import PKCEAuthenticator -from flytekit.clients.auth_helper import get_session class _ClientCallDetails( namedtuple("_ClientCallDetails", ("method", "timeout", "metadata", "credentials")), @@ -91,6 +89,7 @@ def _handle_unauthenticated_error(self, continuation, client_call_details, reque """ logging.info("Received authentication error, starting PKCE authentication flow") + from flytekit.clients.auth_helper import get_session try: if isinstance(self._authenticator, Authenticator) and not isinstance( From 8f2833398ee2a1078c357c6f3db84960726fb6bf Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sun, 22 Dec 2024 13:56:50 +0800 Subject: [PATCH 08/39] fix: update method for initializing authenticator Signed-off-by: taieeuu --- flytekit/clients/auth_helper.py | 21 ++++++-- .../clients/grpc_utils/auth_interceptor.py | 54 +++---------------- flytekit/clients/raw.py | 19 ++++--- flytekit/configuration/__init__.py | 3 +- 4 files changed, 39 insertions(+), 58 deletions(-) diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index d8fc6dc9af..b51c1fde9e 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -6,6 +6,7 @@ import requests from flyteidl.service.auth_pb2 import OAuth2MetadataRequest, PublicClientAuthConfigRequest from flyteidl.service.auth_pb2_grpc import AuthMetadataServiceStub +from grpc_health.v1 import health_pb2, health_pb2_grpc from flytekit.clients.auth.authenticator import ( Authenticator, @@ -69,10 +70,6 @@ def get_authenticator(cfg: PlatformConfig, cfg_store: ClientConfigStore) -> Auth session = get_session(cfg) - if cfg_auth == AuthType.NO_AUTH: - logging.warning("No authentication required for this configuration.") - return Authenticator(cfg.endpoint, header_key="", verify=verify) - if cfg_auth == AuthType.STANDARD or cfg_auth == AuthType.PKCE: return PKCEAuthenticator(cfg.endpoint, cfg_store, scopes=cfg.scopes, verify=verify, session=session) elif cfg_auth == AuthType.BASIC or cfg_auth == AuthType.CLIENT_CREDENTIALS or cfg_auth == AuthType.CLIENTSECRET: @@ -237,6 +234,22 @@ def wrap_exceptions_channel(cfg: PlatformConfig, in_channel: grpc.Channel) -> gr :param in_channel: grpc.Channel :return: grpc.Channel """ + + try: + health_stub = health_pb2_grpc.HealthStub(in_channel) + request = health_pb2.HealthCheckRequest() + health_stub.Check(request) + + except grpc.RpcError as e: + logging.warning(f"RPC error occurred: {e.code()}") + if e.code() == grpc.StatusCode.UNAUTHENTICATED: + in_channel = wrap_exceptions_channel( + cfg, + upgrade_channel_to_authenticated( + cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=cfg.options)) + ), + ) + return grpc.intercept_channel(in_channel, RetryExceptionWrapperInterceptor(max_retries=cfg.rpc_retries)) diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index 9067ea52b2..6a73e0764e 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -1,11 +1,9 @@ -import logging import typing from collections import namedtuple import grpc -from flytekit.clients.auth.authenticator import Authenticator, ClientConfigStore, PKCEAuthenticator -from flytekit.configuration import PlatformConfig +from flytekit.clients.auth.authenticator import Authenticator class _ClientCallDetails( @@ -27,10 +25,8 @@ class AuthUnaryInterceptor(grpc.UnaryUnaryClientInterceptor, grpc.UnaryStreamCli is needed. """ - def __init__(self, authenticator: Authenticator, cfg: PlatformConfig = None, cfg_store: ClientConfigStore = None): + def __init__(self, authenticator: Authenticator): self._authenticator = authenticator - self._cfg = cfg - self._cfg_store = cfg_store def _call_details_with_auth_metadata(self, client_call_details: grpc.ClientCallDetails) -> grpc.ClientCallDetails: """ @@ -67,9 +63,10 @@ def intercept_unary_unary( if e: if not hasattr(e, "code"): raise e - # When gRPC is UNAUTHENTICATED (401) or grpc is UNKNOWN, handle the authentication error and trigger the PKCE authenticator. if e.code() == grpc.StatusCode.UNAUTHENTICATED or e.code() == grpc.StatusCode.UNKNOWN: - return self._handle_unauthenticated_error(fut, client_call_details, request) + self._authenticator.refresh_credentials() + updated_call_details = self._call_details_with_auth_metadata(client_call_details) + return continuation(updated_call_details, request) return fut def intercept_unary_stream(self, continuation, client_call_details, request): @@ -78,43 +75,8 @@ def intercept_unary_stream(self, continuation, client_call_details, request): """ updated_call_details = self._call_details_with_auth_metadata(client_call_details) c: grpc.Call = continuation(updated_call_details, request) - # When gRPC is UNAUTHENTICATED (401), handle the authentication error and trigger the PKCE authenticator. if c.code() == grpc.StatusCode.UNAUTHENTICATED: - return self._handle_unauthenticated_error(c, client_call_details, request) - return c - - def _handle_unauthenticated_error(self, continuation, client_call_details, request): - """ - Handling Unauthenticated Errors and Triggering the PKCE Flow - """ - - logging.info("Received authentication error, starting PKCE authentication flow") - from flytekit.clients.auth_helper import get_session - - try: - if isinstance(self._authenticator, Authenticator) and not isinstance( - self._authenticator, PKCEAuthenticator - ): - logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") - - session = get_session(self._cfg) - - verify = None - if self._cfg.insecure_skip_verify: - verify = False - elif self._cfg.ca_cert_file_path: - verify = self._cfg.ca_cert_file_path - - self._authenticator = PKCEAuthenticator( - self._cfg.endpoint, self._cfg_store, scopes=self._cfg.scopes, verify=verify, session=session - ) - self._authenticator.refresh_credentials() - logging.info("Authentication flow completed successfully") - - except Exception as e: - logging.error(f"Authentication failed: {str(e)}") - raise - - updated_call_details = self._call_details_with_auth_metadata(client_call_details) - return continuation(updated_call_details, request) + updated_call_details = self._call_details_with_auth_metadata(client_call_details) + return continuation(updated_call_details, request) + return c diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index df643d554d..a991673c21 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -51,12 +51,19 @@ def __init__(self, cfg: PlatformConfig, **kwargs): # 32KB for error messages, 20MB for actual messages. options = (("grpc.max_metadata_size", 32 * 1024), ("grpc.max_receive_message_length", 20 * 1024 * 1024)) self._cfg = cfg - self._channel = wrap_exceptions_channel( - cfg, - upgrade_channel_to_authenticated( - cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=options)) - ), - ) + self.skip_auth = True + if self.skip_auth: + base_channel = get_channel(cfg, options=options) + self._channel = wrap_exceptions_channel(cfg, base_channel) + self.skip_auth = False + else: + self._channel = wrap_exceptions_channel( + cfg, + upgrade_channel_to_authenticated( + cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=options)) + ), + ) + self._stub = _admin_service.AdminServiceStub(self._channel) self._signal = signal_service.SignalServiceStub(self._channel) self._dataproxy_stub = dataproxy_service.DataProxyServiceStub(self._channel) diff --git a/flytekit/configuration/__init__.py b/flytekit/configuration/__init__.py index 9dd3d14b51..ee51b94399 100644 --- a/flytekit/configuration/__init__.py +++ b/flytekit/configuration/__init__.py @@ -393,7 +393,6 @@ class AuthType(enum.Enum): PKCE = "Pkce" EXTERNALCOMMAND = "ExternalCommand" DEVICEFLOW = "DeviceFlow" - NO_AUTH = "no_auth" @dataclass(init=True, repr=True, eq=True, frozen=True) @@ -750,7 +749,7 @@ def for_sandbox(cls) -> Config: :return: Config """ return Config( - platform=PlatformConfig(endpoint="localhost:30080", auth_mode="no_auth", insecure=True), + platform=PlatformConfig(endpoint="localhost:30080", auth_mode="Pkce", insecure=True), data_config=DataConfig( s3=S3Config(endpoint="http://localhost:30002", access_key_id="minio", secret_access_key="miniostorage") ), From db7cb2f685aa8a660e9b50b7225c9e7881cfdc35 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 00:14:38 +0800 Subject: [PATCH 09/39] fix: update the unit_test Signed-off-by: taieeuu --- flytekit/clients/auth_helper.py | 18 +--------- flytekit/clients/raw.py | 35 +++++++++++++++++--- tests/flytekit/unit/clients/test_friendly.py | 11 +++--- tests/flytekit/unit/clients/test_raw.py | 9 +++-- 4 files changed, 45 insertions(+), 28 deletions(-) diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index b51c1fde9e..c1b33720a8 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -6,7 +6,6 @@ import requests from flyteidl.service.auth_pb2 import OAuth2MetadataRequest, PublicClientAuthConfigRequest from flyteidl.service.auth_pb2_grpc import AuthMetadataServiceStub -from grpc_health.v1 import health_pb2, health_pb2_grpc from flytekit.clients.auth.authenticator import ( Authenticator, @@ -234,22 +233,7 @@ def wrap_exceptions_channel(cfg: PlatformConfig, in_channel: grpc.Channel) -> gr :param in_channel: grpc.Channel :return: grpc.Channel """ - - try: - health_stub = health_pb2_grpc.HealthStub(in_channel) - request = health_pb2.HealthCheckRequest() - health_stub.Check(request) - - except grpc.RpcError as e: - logging.warning(f"RPC error occurred: {e.code()}") - if e.code() == grpc.StatusCode.UNAUTHENTICATED: - in_channel = wrap_exceptions_channel( - cfg, - upgrade_channel_to_authenticated( - cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=cfg.options)) - ), - ) - + print("wrap_exceptions_channel") return grpc.intercept_channel(in_channel, RetryExceptionWrapperInterceptor(max_retries=cfg.rpc_retries)) diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index a991673c21..50c6119a33 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -10,6 +10,7 @@ from flyteidl.service import dataproxy_pb2_grpc as dataproxy_service from flyteidl.service import signal_pb2_grpc as signal_service from flyteidl.service.dataproxy_pb2_grpc import DataProxyServiceStub +from grpc_health.v1 import health_pb2, health_pb2_grpc from flytekit.clients.auth_helper import ( get_channel, @@ -18,6 +19,12 @@ wrap_exceptions_channel, ) from flytekit.configuration import PlatformConfig +from flytekit.exceptions.system import FlyteSystemUnavailableException +from flytekit.exceptions.user import ( + FlyteEntityAlreadyExistsException, + FlyteEntityNotExistException, + FlyteInvalidInputException, +) from flytekit.loggers import logger @@ -51,11 +58,10 @@ def __init__(self, cfg: PlatformConfig, **kwargs): # 32KB for error messages, 20MB for actual messages. options = (("grpc.max_metadata_size", 32 * 1024), ("grpc.max_receive_message_length", 20 * 1024 * 1024)) self._cfg = cfg - self.skip_auth = True - if self.skip_auth: - base_channel = get_channel(cfg, options=options) + base_channel = get_channel(cfg, options=options) + + if self.check_grpc_health_with_authentication(base_channel): self._channel = wrap_exceptions_channel(cfg, base_channel) - self.skip_auth = False else: self._channel = wrap_exceptions_channel( cfg, @@ -74,6 +80,27 @@ def __init__(self, cfg: PlatformConfig, **kwargs): # metadata will hold the value of the token to send to the various endpoints. self._metadata = None + @staticmethod + def check_grpc_health_with_authentication(in_channel): + health_stub = health_pb2_grpc.HealthStub(in_channel) + request = health_pb2.HealthCheckRequest() + try: + response = health_stub.Check(request) + if response.status == health_pb2.HealthCheckResponse.SERVING: + print("Service is healthy and ready to serve.") + return True + except grpc.RpcError as e: + if e.code() == grpc.StatusCode.UNAUTHENTICATED: + return False + elif e.code() == grpc.StatusCode.ALREADY_EXISTS: + raise FlyteEntityAlreadyExistsException() from e + elif e.code() == grpc.StatusCode.NOT_FOUND: + raise FlyteEntityNotExistException() from e + elif e.code() == grpc.StatusCode.INVALID_ARGUMENT: + raise FlyteInvalidInputException(request) from e + elif e.code() == grpc.StatusCode.UNAVAILABLE: + raise FlyteSystemUnavailableException() from e + @classmethod def with_root_certificate(cls, cfg: PlatformConfig, root_cert_file: str) -> RawSynchronousFlyteClient: b = None diff --git a/tests/flytekit/unit/clients/test_friendly.py b/tests/flytekit/unit/clients/test_friendly.py index b553ae78a0..6dbf0f6ac4 100644 --- a/tests/flytekit/unit/clients/test_friendly.py +++ b/tests/flytekit/unit/clients/test_friendly.py @@ -8,10 +8,11 @@ from flytekit.clients.friendly import SynchronousFlyteClient as _SynchronousFlyteClient from flytekit.configuration import PlatformConfig from flytekit.models.project import Project as _Project - +from grpc_health.v1 import health_pb2 @mock.patch("flytekit.clients.friendly._RawSynchronousFlyteClient.update_project") -def test_update_project(mock_raw_update_project): +@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) +def test_update_project(mock_check_health, mock_raw_update_project): client = _SynchronousFlyteClient(PlatformConfig.for_endpoint("a.b.com", True)) project = _Project("foo", "name", "description", state=_Project.ProjectState.ACTIVE) client.update_project(project) @@ -19,7 +20,8 @@ def test_update_project(mock_raw_update_project): @mock.patch("flytekit.clients.friendly._RawSynchronousFlyteClient.list_projects") -def test_list_projects_paginated(mock_raw_list_projects): +@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) +def test_list_projects_paginated(mock_check_health, mock_raw_list_projects): client = _SynchronousFlyteClient(PlatformConfig.for_endpoint("a.b.com", True)) client.list_projects_paginated(limit=100, token="") project_list_request = _project_pb2.ProjectListRequest(limit=100, token="", filters=None, sort_by=None) @@ -27,7 +29,8 @@ def test_list_projects_paginated(mock_raw_list_projects): @mock.patch("flytekit.clients.friendly._RawSynchronousFlyteClient.create_upload_location") -def test_create_upload_location(mock_raw_create_upload_location): +@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) +def test_create_upload_location(mock_check_health, mock_raw_create_upload_location): client = _SynchronousFlyteClient(PlatformConfig.for_endpoint("a.b.com", True)) client.get_upload_signed_url("foo", "bar", bytes(), "baz.qux", timedelta(minutes=42), add_content_md5_metadata=True) duration_pb = Duration() diff --git a/tests/flytekit/unit/clients/test_raw.py b/tests/flytekit/unit/clients/test_raw.py index ee4e516354..6f9b46e6f0 100644 --- a/tests/flytekit/unit/clients/test_raw.py +++ b/tests/flytekit/unit/clients/test_raw.py @@ -4,11 +4,13 @@ from flytekit.clients.raw import RawSynchronousFlyteClient from flytekit.configuration import PlatformConfig - +from grpc_health.v1 import health_pb2 @mock.patch("flytekit.clients.raw._admin_service") @mock.patch("flytekit.clients.raw.grpc.insecure_channel") -def test_update_project(mock_channel, mock_admin): +@mock.patch.object(RawSynchronousFlyteClient, "check_grpc_health_with_authentication", return_value=True) +def test_update_project(mock_check_health, mock_channel, mock_admin): + mock_health_stub = mock.Mock() client = RawSynchronousFlyteClient(PlatformConfig(endpoint="a.b.com", insecure=True)) project = _project_pb2.Project(id="foo", name="name", description="description", state=_project_pb2.Project.ACTIVE) client.update_project(project) @@ -17,7 +19,8 @@ def test_update_project(mock_channel, mock_admin): @mock.patch("flytekit.clients.raw._admin_service") @mock.patch("flytekit.clients.raw.grpc.insecure_channel") -def test_list_projects_paginated(mock_channel, mock_admin): +@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) +def test_list_projects_paginated(mock_check_health, mock_channel, mock_admin): client = RawSynchronousFlyteClient(PlatformConfig(endpoint="a.b.com", insecure=True)) project_list_request = _project_pb2.ProjectListRequest(limit=100, token="", filters=None, sort_by=None) client.list_projects(project_list_request) From 48600a7e9cb076a74b053de40744730c49b4d1de Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 00:32:29 +0800 Subject: [PATCH 10/39] fix: add grpc's health check to requirements.txt Signed-off-by: taieeuu --- dev-requirements.in | 2 ++ dev-requirements.txt | 2 ++ 2 files changed, 4 insertions(+) diff --git a/dev-requirements.in b/dev-requirements.in index 5241f02605..28e4eb417e 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -60,3 +60,5 @@ ipykernel orjson kubernetes>=12.0.1 + +grpcio-health-checking==1.67.0 \ No newline at end of file diff --git a/dev-requirements.txt b/dev-requirements.txt index 9acff98cb6..a5aa4852e3 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -564,3 +564,5 @@ zipp==3.19.1 # The following packages are considered to be unsafe in a requirements file: # setuptools + +grpcio-health-checking==1.67.0 \ No newline at end of file From 25424353917183cf469902d5bb6f491f5d2b0867 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 00:37:49 +0800 Subject: [PATCH 11/39] no_msg Signed-off-by: taieeuu --- dev-requirements.in | 2 +- dev-requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-requirements.in b/dev-requirements.in index 28e4eb417e..95facbc839 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -61,4 +61,4 @@ ipykernel orjson kubernetes>=12.0.1 -grpcio-health-checking==1.67.0 \ No newline at end of file +grpcio-health-checking==1.68.1 diff --git a/dev-requirements.txt b/dev-requirements.txt index a5aa4852e3..67b78eb98d 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -565,4 +565,4 @@ zipp==3.19.1 # The following packages are considered to be unsafe in a requirements file: # setuptools -grpcio-health-checking==1.67.0 \ No newline at end of file +grpcio-health-checking==1.68.1 From 3e270291312f83a60d89cee20020fc1833bea69c Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 00:46:21 +0800 Subject: [PATCH 12/39] no_msg Signed-off-by: taieeuu --- dev-requirements.in | 2 +- dev-requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-requirements.in b/dev-requirements.in index 95facbc839..087ef67d9a 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -61,4 +61,4 @@ ipykernel orjson kubernetes>=12.0.1 -grpcio-health-checking==1.68.1 +grpcio-health-checking==1.66.0 diff --git a/dev-requirements.txt b/dev-requirements.txt index 67b78eb98d..8ef809d919 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -565,4 +565,4 @@ zipp==3.19.1 # The following packages are considered to be unsafe in a requirements file: # setuptools -grpcio-health-checking==1.68.1 +grpcio-health-checking==1.66.0 From 61b35fdb06f36baa7d5a4a0619bcd821c71ee949 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 22:16:21 +0800 Subject: [PATCH 13/39] fix: package dependency Signed-off-by: taieeuu --- dev-requirements.in | 2 +- dev-requirements.txt | 2 +- flytekit/clients/auth_helper.py | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/dev-requirements.in b/dev-requirements.in index 087ef67d9a..683b98d0b9 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -61,4 +61,4 @@ ipykernel orjson kubernetes>=12.0.1 -grpcio-health-checking==1.66.0 +grpcio-health-checking==1.49.0 diff --git a/dev-requirements.txt b/dev-requirements.txt index 8ef809d919..c8911ee6f7 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -565,4 +565,4 @@ zipp==3.19.1 # The following packages are considered to be unsafe in a requirements file: # setuptools -grpcio-health-checking==1.66.0 +grpcio-health-checking==1.49.0 diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index c1b33720a8..b4a6b7a438 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -233,7 +233,6 @@ def wrap_exceptions_channel(cfg: PlatformConfig, in_channel: grpc.Channel) -> gr :param in_channel: grpc.Channel :return: grpc.Channel """ - print("wrap_exceptions_channel") return grpc.intercept_channel(in_channel, RetryExceptionWrapperInterceptor(max_retries=cfg.rpc_retries)) From 42509fb3ab4aa3dfd490867841603e14f9a5a13f Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 23:15:26 +0800 Subject: [PATCH 14/39] fix: ci dependencies Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 7dda4f5588..54ebaf06c7 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -294,6 +294,9 @@ jobs: tags: localhost:30000/flytekit:dev cache-from: type=gha cache-to: type=gha,mode=max + - name: Install dependencies + run: | + pip install grpcio-health-checking==1.49.0 - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From 0a5afe00c6a9f574fdd63e388381eacd82c0042c Mon Sep 17 00:00:00 2001 From: taieeuu Date: Mon, 23 Dec 2024 23:34:54 +0800 Subject: [PATCH 15/39] fix: dependencies Signed-off-by: taieeuu --- .github/workflows/monodocs_build.yml | 1 + .github/workflows/pythonbuild.yml | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/monodocs_build.yml b/.github/workflows/monodocs_build.yml index 6ecaa2cf87..46da3c14a5 100644 --- a/.github/workflows/monodocs_build.yml +++ b/.github/workflows/monodocs_build.yml @@ -57,4 +57,5 @@ jobs: DOCSEARCH_API_KEY: fake_docsearch_api_key # must be set to get doc build to succeed run: | conda activate monodocs-env + pip install grpcio-health-checking==1.49.0 make -C docs clean html SPHINXOPTS="-W -vvv" diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 54ebaf06c7..ba1bc8b5bd 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -294,15 +294,13 @@ jobs: tags: localhost:30000/flytekit:dev cache-from: type=gha cache-to: type=gha,mode=max - - name: Install dependencies - run: | - pip install grpcio-health-checking==1.49.0 - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev FLYTEKIT_CI: 1 PYTEST_OPTS: -n2 run: | + pip install grpcio-health-checking==1.49.0 make ${{ matrix.makefile-cmd }} - name: Codecov uses: codecov/codecov-action@v3.1.0 From a50078e0cedf5dbb6e63a1cdc96844ebc47da323 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 24 Dec 2024 22:20:47 +0800 Subject: [PATCH 16/39] no_msg Signed-off-by: taieeuu --- flytekit/clients/raw.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index 50c6119a33..19b055590c 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -26,7 +26,7 @@ FlyteInvalidInputException, ) from flytekit.loggers import logger - +import logging class RawSynchronousFlyteClient(object): """ @@ -87,7 +87,7 @@ def check_grpc_health_with_authentication(in_channel): try: response = health_stub.Check(request) if response.status == health_pb2.HealthCheckResponse.SERVING: - print("Service is healthy and ready to serve.") + logging.info("Service is healthy and ready to serve.") return True except grpc.RpcError as e: if e.code() == grpc.StatusCode.UNAUTHENTICATED: From 456cd5dcb4da504d3d49915557fd36fce057d4fe Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 24 Dec 2024 22:22:31 +0800 Subject: [PATCH 17/39] fix: lint Signed-off-by: taieeuu --- flytekit/clients/raw.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index 19b055590c..72236062f0 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -1,5 +1,6 @@ from __future__ import annotations +import logging import typing import grpc @@ -26,7 +27,7 @@ FlyteInvalidInputException, ) from flytekit.loggers import logger -import logging + class RawSynchronousFlyteClient(object): """ From 9253dc064e85e10bedb6892c5252aaccf84df37f Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 24 Dec 2024 22:49:42 +0800 Subject: [PATCH 18/39] fix: add dependencies Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index ba1bc8b5bd..dbcaa93076 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -294,13 +294,16 @@ jobs: tags: localhost:30000/flytekit:dev cache-from: type=gha cache-to: type=gha,mode=max + - name: Install dependencies + run: | + pip install grpcio-health-checking==1.49.0 + pip install grpcio==1.49.0 - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev FLYTEKIT_CI: 1 PYTEST_OPTS: -n2 run: | - pip install grpcio-health-checking==1.49.0 make ${{ matrix.makefile-cmd }} - name: Codecov uses: codecov/codecov-action@v3.1.0 From c5d94267f7885ee190070703aca03a7c7832f5fa Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 24 Dec 2024 23:47:15 +0800 Subject: [PATCH 19/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index dbcaa93076..2c766f7205 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -296,8 +296,7 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - pip install grpcio-health-checking==1.49.0 - pip install grpcio==1.49.0 + pip install grpcio grpcio-tools grpc-health-checking==1.49.0 - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From 7bb5ef3677c6da5b9bc88cbb8d66640538c81eae Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 24 Dec 2024 23:53:50 +0800 Subject: [PATCH 20/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 2c766f7205..9be2e5b8ee 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -296,7 +296,7 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - pip install grpcio grpcio-tools grpc-health-checking==1.49.0 + pip install grpcio grpcio-tools grpc-health-checking - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From b7e5146fe63f43ff74918ec3fc116e9f24860882 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 24 Dec 2024 23:59:46 +0800 Subject: [PATCH 21/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 9be2e5b8ee..ae208967f3 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -296,7 +296,7 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - pip install grpcio grpcio-tools grpc-health-checking + pip install grpcio grpcio-tools grpcio-health-checking - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From b97107b8d003d3a2b7831008c5544e6c4c83d0a6 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Wed, 25 Dec 2024 00:16:36 +0800 Subject: [PATCH 22/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index ae208967f3..f89257ed43 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -296,7 +296,9 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - pip install grpcio grpcio-tools grpcio-health-checking + pip install grpcio + pip install grpcio-tools + pip install grpcio-health-checking - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From 89cf6f645d0bfe394be24c5a5a2e31543528ca9b Mon Sep 17 00:00:00 2001 From: taieeuu Date: Fri, 27 Dec 2024 21:11:38 +0800 Subject: [PATCH 23/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index f89257ed43..6d5442c8d9 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -296,9 +296,7 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - pip install grpcio - pip install grpcio-tools - pip install grpcio-health-checking + pip install -r dev-requirements.txt - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From 17c840f3f58ec0acb359f1973a1748c3d002c601 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Fri, 27 Dec 2024 21:18:58 +0800 Subject: [PATCH 24/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 6d5442c8d9..fa9bfd67e5 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -296,7 +296,9 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - pip install -r dev-requirements.txt + pip install grpcio + pip install grpcio-tools + pip install grpcio-health-checking==1.49.0 - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From 857db92fb9fbb8ae9562e5a8f396b371ab26bf1f Mon Sep 17 00:00:00 2001 From: taieeuu Date: Fri, 27 Dec 2024 22:02:16 +0800 Subject: [PATCH 25/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 8efe2277c3..9623267abd 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -258,9 +258,12 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | + python -m pip install --upgrade pip pip install grpcio pip install grpcio-tools pip install grpcio-health-checking==1.49.0 + pip show rpcio-health-checking + pip show protobuf - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev From 1e56ac7e5f8c4c4500e66cf850041b6737aa3c7a Mon Sep 17 00:00:00 2001 From: taieeuu Date: Fri, 27 Dec 2024 22:08:34 +0800 Subject: [PATCH 26/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 9623267abd..7156a94858 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -262,7 +262,7 @@ jobs: pip install grpcio pip install grpcio-tools pip install grpcio-health-checking==1.49.0 - pip show rpcio-health-checking + pip show grpcio-health-checking pip show protobuf - name: Integration Test with coverage env: From 34f4abaeb8d5a4e5f473fcef56e651e7a33380c0 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Fri, 27 Dec 2024 22:25:26 +0800 Subject: [PATCH 27/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 7156a94858..387d0eea2b 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -262,6 +262,7 @@ jobs: pip install grpcio pip install grpcio-tools pip install grpcio-health-checking==1.49.0 + pip install protobuf==4.25.3 pip show grpcio-health-checking pip show protobuf - name: Integration Test with coverage From 3bbbf413b5da8e556acf8ad3acf9150f2ad96f7d Mon Sep 17 00:00:00 2001 From: taieeuu Date: Fri, 27 Dec 2024 22:49:06 +0800 Subject: [PATCH 28/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 387d0eea2b..a27fb77bf1 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -259,10 +259,9 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install grpcio - pip install grpcio-tools + pip install grpcio==1.67.0 + pip install grpcio-tools==1.67.0 pip install grpcio-health-checking==1.49.0 - pip install protobuf==4.25.3 pip show grpcio-health-checking pip show protobuf - name: Integration Test with coverage From 9b3916cb8a9d71e029a5146dc8857678ba0c2415 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 00:26:10 +0800 Subject: [PATCH 29/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 6 ++---- dev-requirements.in | 2 ++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index a27fb77bf1..2639e72d7a 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -258,12 +258,10 @@ jobs: cache-to: type=gha,mode=max - name: Install dependencies run: | - python -m pip install --upgrade pip - pip install grpcio==1.67.0 - pip install grpcio-tools==1.67.0 - pip install grpcio-health-checking==1.49.0 pip show grpcio-health-checking pip show protobuf + pip show grpcio-tools + pip show grpcio - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev diff --git a/dev-requirements.in b/dev-requirements.in index 683b98d0b9..dbf2b9a2f5 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -62,3 +62,5 @@ orjson kubernetes>=12.0.1 grpcio-health-checking==1.49.0 +grpcio-tools==1.67.0 +grpcio==1.67.0 \ No newline at end of file From 002843618c0f17c6c1d1041de9098eeff5ced5f9 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 00:28:25 +0800 Subject: [PATCH 30/39] no_msg Signed-off-by: taieeuu --- dev-requirements.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-requirements.in b/dev-requirements.in index dbf2b9a2f5..75ecb9a538 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -62,5 +62,5 @@ orjson kubernetes>=12.0.1 grpcio-health-checking==1.49.0 -grpcio-tools==1.67.0 -grpcio==1.67.0 \ No newline at end of file +grpcio-tools==1.49.0 +grpcio==1.49.0 \ No newline at end of file From d3ea8e40afcc17b73b95ef981effaecffaa62791 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 14:40:09 +0800 Subject: [PATCH 31/39] no_msg Signed-off-by: taieeuu --- dev-requirements.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dev-requirements.in b/dev-requirements.in index 75ecb9a538..d1ecbcd30c 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -61,6 +61,6 @@ ipykernel orjson kubernetes>=12.0.1 -grpcio-health-checking==1.49.0 -grpcio-tools==1.49.0 -grpcio==1.49.0 \ No newline at end of file +grpcio-health-checking +grpcio-tools +grpcio \ No newline at end of file From 5c19192eb6637ff5decfcc5c865c698cf6191ce2 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 14:43:45 +0800 Subject: [PATCH 32/39] no_msg Signed-off-by: taieeuu --- dev-requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.in b/dev-requirements.in index d1ecbcd30c..44bd44261e 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -63,4 +63,4 @@ kubernetes>=12.0.1 grpcio-health-checking grpcio-tools -grpcio \ No newline at end of file +grpcio From cf442e6969b4ed9b9a318279646c566f6b81f752 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 15:20:33 +0800 Subject: [PATCH 33/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 2639e72d7a..42f191b0a5 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -271,6 +271,9 @@ jobs: AWS_ACCESS_KEY_ID: minio AWS_SECRET_ACCESS_KEY: miniostorage run: | + uv pip install grpcio-health-checking + uv pip install grpcio-tools + uv pip install grpcio make ${{ matrix.makefile-cmd }} - name: Codecov uses: codecov/codecov-action@v3.1.0 From 569558eb107bb717e6d38bd30d566b53ab1b545d Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 15:33:44 +0800 Subject: [PATCH 34/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index 42f191b0a5..b209f64a43 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -271,9 +271,9 @@ jobs: AWS_ACCESS_KEY_ID: minio AWS_SECRET_ACCESS_KEY: miniostorage run: | - uv pip install grpcio-health-checking - uv pip install grpcio-tools - uv pip install grpcio + pip show grpcio-health-checking + pip show grpcio-tools + pip show grpcio make ${{ matrix.makefile-cmd }} - name: Codecov uses: codecov/codecov-action@v3.1.0 From c4817ccaf89327f9dd7a7bc1c4b8e88ee897130a Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 16:25:52 +0800 Subject: [PATCH 35/39] no_msg Signed-off-by: taieeuu --- flytekit/clients/raw.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index 72236062f0..27d11dfb1e 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -11,7 +11,6 @@ from flyteidl.service import dataproxy_pb2_grpc as dataproxy_service from flyteidl.service import signal_pb2_grpc as signal_service from flyteidl.service.dataproxy_pb2_grpc import DataProxyServiceStub -from grpc_health.v1 import health_pb2, health_pb2_grpc from flytekit.clients.auth_helper import ( get_channel, @@ -83,6 +82,8 @@ def __init__(self, cfg: PlatformConfig, **kwargs): @staticmethod def check_grpc_health_with_authentication(in_channel): + from grpc_health.v1 import health_pb2, health_pb2_grpc + health_stub = health_pb2_grpc.HealthStub(in_channel) request = health_pb2.HealthCheckRequest() try: From 3d142c36d9b4590ac46a86a87586ff2996166005 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 28 Dec 2024 17:03:33 +0800 Subject: [PATCH 36/39] no_msg Signed-off-by: taieeuu --- .github/workflows/pythonbuild.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/pythonbuild.yml b/.github/workflows/pythonbuild.yml index b209f64a43..d0405aa0d8 100644 --- a/.github/workflows/pythonbuild.yml +++ b/.github/workflows/pythonbuild.yml @@ -256,12 +256,6 @@ jobs: tags: localhost:30000/flytekit:dev cache-from: type=gha cache-to: type=gha,mode=max - - name: Install dependencies - run: | - pip show grpcio-health-checking - pip show protobuf - pip show grpcio-tools - pip show grpcio - name: Integration Test with coverage env: FLYTEKIT_IMAGE: localhost:30000/flytekit:dev @@ -271,9 +265,6 @@ jobs: AWS_ACCESS_KEY_ID: minio AWS_SECRET_ACCESS_KEY: miniostorage run: | - pip show grpcio-health-checking - pip show grpcio-tools - pip show grpcio make ${{ matrix.makefile-cmd }} - name: Codecov uses: codecov/codecov-action@v3.1.0 From e207a64edbfaca31be63a123d14d189aa8e2d154 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 25 Jan 2025 14:11:39 +0800 Subject: [PATCH 37/39] Add lazy loading to AuthUnaryInterceptor. Signed-off-by: taieeuu --- flytekit/clients/auth_helper.py | 14 ++++++++++---- .../clients/grpc_utils/auth_interceptor.py | 15 ++++++++++++--- flytekit/clients/raw.py | 18 +++++++----------- .../flytekit/unit/clients/test_auth_helper.py | 2 +- 4 files changed, 30 insertions(+), 19 deletions(-) diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index b4a6b7a438..317a16c5f4 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -122,9 +122,12 @@ def upgrade_channel_to_proxy_authenticated(cfg: PlatformConfig, in_channel: grpc :param in_channel: grpc.Channel Precreated channel :return: grpc.Channel. New composite channel """ + + def authenticator_factory(): + return get_proxy_authenticator(cfg) + if cfg.proxy_command: - proxy_authenticator = get_proxy_authenticator(cfg) - return grpc.intercept_channel(in_channel, AuthUnaryInterceptor(proxy_authenticator)) + return grpc.intercept_channel(in_channel, AuthUnaryInterceptor(authenticator_factory)) else: return in_channel @@ -137,8 +140,11 @@ def upgrade_channel_to_authenticated(cfg: PlatformConfig, in_channel: grpc.Chann :param in_channel: grpc.Channel Precreated channel :return: grpc.Channel. New composite channel """ - authenticator = get_authenticator(cfg, RemoteClientConfigStore(in_channel)) - return grpc.intercept_channel(in_channel, AuthUnaryInterceptor(authenticator)) + + def authenticator_factory(): + return get_authenticator(cfg, RemoteClientConfigStore(in_channel)) + + return grpc.intercept_channel(in_channel, AuthUnaryInterceptor(authenticator_factory)) def get_authenticated_channel(cfg: PlatformConfig) -> grpc.Channel: diff --git a/flytekit/clients/grpc_utils/auth_interceptor.py b/flytekit/clients/grpc_utils/auth_interceptor.py index 6a73e0764e..05a5cb53fa 100644 --- a/flytekit/clients/grpc_utils/auth_interceptor.py +++ b/flytekit/clients/grpc_utils/auth_interceptor.py @@ -25,15 +25,22 @@ class AuthUnaryInterceptor(grpc.UnaryUnaryClientInterceptor, grpc.UnaryStreamCli is needed. """ - def __init__(self, authenticator: Authenticator): - self._authenticator = authenticator + def __init__(self, get_authenticator: typing.Callable[[], Authenticator]): + self._get_authenticator = get_authenticator + self._authenticator = None + + @property + def authenticator(self) -> Authenticator: + if self._authenticator is None: + self._authenticator = self._get_authenticator() + return self._authenticator def _call_details_with_auth_metadata(self, client_call_details: grpc.ClientCallDetails) -> grpc.ClientCallDetails: """ Returns new ClientCallDetails with metadata added. """ metadata = client_call_details.metadata - auth_metadata = self._authenticator.fetch_grpc_call_auth_metadata() + auth_metadata = self.authenticator.fetch_grpc_call_auth_metadata() if auth_metadata: metadata = [] if client_call_details.metadata: @@ -65,6 +72,7 @@ def intercept_unary_unary( raise e if e.code() == grpc.StatusCode.UNAUTHENTICATED or e.code() == grpc.StatusCode.UNKNOWN: self._authenticator.refresh_credentials() + self.authenticator.refresh_credentials() updated_call_details = self._call_details_with_auth_metadata(client_call_details) return continuation(updated_call_details, request) return fut @@ -77,6 +85,7 @@ def intercept_unary_stream(self, continuation, client_call_details, request): c: grpc.Call = continuation(updated_call_details, request) if c.code() == grpc.StatusCode.UNAUTHENTICATED: self._authenticator.refresh_credentials() + self.authenticator.refresh_credentials() updated_call_details = self._call_details_with_auth_metadata(client_call_details) return continuation(updated_call_details, request) return c diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index 27d11dfb1e..b9b1798208 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -58,17 +58,13 @@ def __init__(self, cfg: PlatformConfig, **kwargs): # 32KB for error messages, 20MB for actual messages. options = (("grpc.max_metadata_size", 32 * 1024), ("grpc.max_receive_message_length", 20 * 1024 * 1024)) self._cfg = cfg - base_channel = get_channel(cfg, options=options) - - if self.check_grpc_health_with_authentication(base_channel): - self._channel = wrap_exceptions_channel(cfg, base_channel) - else: - self._channel = wrap_exceptions_channel( - cfg, - upgrade_channel_to_authenticated( - cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=options)) - ), - ) + + self._channel = wrap_exceptions_channel( + cfg, + upgrade_channel_to_authenticated( + cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=options)) + ), + ) self._stub = _admin_service.AdminServiceStub(self._channel) self._signal = signal_service.SignalServiceStub(self._channel) diff --git a/tests/flytekit/unit/clients/test_auth_helper.py b/tests/flytekit/unit/clients/test_auth_helper.py index 4baac2ebc5..d1a1851e7e 100644 --- a/tests/flytekit/unit/clients/test_auth_helper.py +++ b/tests/flytekit/unit/clients/test_auth_helper.py @@ -172,7 +172,7 @@ def test_upgrade_channel_to_proxy_auth(): ch, ) assert isinstance(out_ch._interceptor, AuthUnaryInterceptor) - assert isinstance(out_ch._interceptor._authenticator, CommandAuthenticator) + assert isinstance(out_ch._interceptor.authenticator, CommandAuthenticator) def test_get_proxy_authenticated_session(): From 1f62483b09bef00917ab8ad8813d1105f51995e2 Mon Sep 17 00:00:00 2001 From: taieeuu Date: Sat, 25 Jan 2025 17:12:04 +0800 Subject: [PATCH 38/39] remove not use Signed-off-by: taieeuu --- .github/workflows/monodocs_build.yml | 1 - dev-requirements.in | 4 --- dev-requirements.txt | 2 -- flytekit/clients/raw.py | 32 -------------------- tests/flytekit/unit/clients/test_friendly.py | 10 ++---- tests/flytekit/unit/clients/test_raw.py | 9 ++---- 6 files changed, 5 insertions(+), 53 deletions(-) diff --git a/.github/workflows/monodocs_build.yml b/.github/workflows/monodocs_build.yml index 46da3c14a5..6ecaa2cf87 100644 --- a/.github/workflows/monodocs_build.yml +++ b/.github/workflows/monodocs_build.yml @@ -57,5 +57,4 @@ jobs: DOCSEARCH_API_KEY: fake_docsearch_api_key # must be set to get doc build to succeed run: | conda activate monodocs-env - pip install grpcio-health-checking==1.49.0 make -C docs clean html SPHINXOPTS="-W -vvv" diff --git a/dev-requirements.in b/dev-requirements.in index 44bd44261e..5241f02605 100644 --- a/dev-requirements.in +++ b/dev-requirements.in @@ -60,7 +60,3 @@ ipykernel orjson kubernetes>=12.0.1 - -grpcio-health-checking -grpcio-tools -grpcio diff --git a/dev-requirements.txt b/dev-requirements.txt index 92e1fa2ed3..26af8ad1bb 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -568,5 +568,3 @@ zipp==3.19.1 # The following packages are considered to be unsafe in a requirements file: # setuptools - -grpcio-health-checking==1.49.0 diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index b9b1798208..df643d554d 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -1,6 +1,5 @@ from __future__ import annotations -import logging import typing import grpc @@ -19,12 +18,6 @@ wrap_exceptions_channel, ) from flytekit.configuration import PlatformConfig -from flytekit.exceptions.system import FlyteSystemUnavailableException -from flytekit.exceptions.user import ( - FlyteEntityAlreadyExistsException, - FlyteEntityNotExistException, - FlyteInvalidInputException, -) from flytekit.loggers import logger @@ -58,14 +51,12 @@ def __init__(self, cfg: PlatformConfig, **kwargs): # 32KB for error messages, 20MB for actual messages. options = (("grpc.max_metadata_size", 32 * 1024), ("grpc.max_receive_message_length", 20 * 1024 * 1024)) self._cfg = cfg - self._channel = wrap_exceptions_channel( cfg, upgrade_channel_to_authenticated( cfg, upgrade_channel_to_proxy_authenticated(cfg, get_channel(cfg, options=options)) ), ) - self._stub = _admin_service.AdminServiceStub(self._channel) self._signal = signal_service.SignalServiceStub(self._channel) self._dataproxy_stub = dataproxy_service.DataProxyServiceStub(self._channel) @@ -76,29 +67,6 @@ def __init__(self, cfg: PlatformConfig, **kwargs): # metadata will hold the value of the token to send to the various endpoints. self._metadata = None - @staticmethod - def check_grpc_health_with_authentication(in_channel): - from grpc_health.v1 import health_pb2, health_pb2_grpc - - health_stub = health_pb2_grpc.HealthStub(in_channel) - request = health_pb2.HealthCheckRequest() - try: - response = health_stub.Check(request) - if response.status == health_pb2.HealthCheckResponse.SERVING: - logging.info("Service is healthy and ready to serve.") - return True - except grpc.RpcError as e: - if e.code() == grpc.StatusCode.UNAUTHENTICATED: - return False - elif e.code() == grpc.StatusCode.ALREADY_EXISTS: - raise FlyteEntityAlreadyExistsException() from e - elif e.code() == grpc.StatusCode.NOT_FOUND: - raise FlyteEntityNotExistException() from e - elif e.code() == grpc.StatusCode.INVALID_ARGUMENT: - raise FlyteInvalidInputException(request) from e - elif e.code() == grpc.StatusCode.UNAVAILABLE: - raise FlyteSystemUnavailableException() from e - @classmethod def with_root_certificate(cls, cfg: PlatformConfig, root_cert_file: str) -> RawSynchronousFlyteClient: b = None diff --git a/tests/flytekit/unit/clients/test_friendly.py b/tests/flytekit/unit/clients/test_friendly.py index 6dbf0f6ac4..59211c3cd2 100644 --- a/tests/flytekit/unit/clients/test_friendly.py +++ b/tests/flytekit/unit/clients/test_friendly.py @@ -8,11 +8,9 @@ from flytekit.clients.friendly import SynchronousFlyteClient as _SynchronousFlyteClient from flytekit.configuration import PlatformConfig from flytekit.models.project import Project as _Project -from grpc_health.v1 import health_pb2 @mock.patch("flytekit.clients.friendly._RawSynchronousFlyteClient.update_project") -@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) -def test_update_project(mock_check_health, mock_raw_update_project): +def test_update_project(mock_raw_update_project): client = _SynchronousFlyteClient(PlatformConfig.for_endpoint("a.b.com", True)) project = _Project("foo", "name", "description", state=_Project.ProjectState.ACTIVE) client.update_project(project) @@ -20,8 +18,7 @@ def test_update_project(mock_check_health, mock_raw_update_project): @mock.patch("flytekit.clients.friendly._RawSynchronousFlyteClient.list_projects") -@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) -def test_list_projects_paginated(mock_check_health, mock_raw_list_projects): +def test_list_projects_paginated(mock_raw_list_projects): client = _SynchronousFlyteClient(PlatformConfig.for_endpoint("a.b.com", True)) client.list_projects_paginated(limit=100, token="") project_list_request = _project_pb2.ProjectListRequest(limit=100, token="", filters=None, sort_by=None) @@ -29,8 +26,7 @@ def test_list_projects_paginated(mock_check_health, mock_raw_list_projects): @mock.patch("flytekit.clients.friendly._RawSynchronousFlyteClient.create_upload_location") -@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) -def test_create_upload_location(mock_check_health, mock_raw_create_upload_location): +def test_create_upload_location(mock_raw_create_upload_location): client = _SynchronousFlyteClient(PlatformConfig.for_endpoint("a.b.com", True)) client.get_upload_signed_url("foo", "bar", bytes(), "baz.qux", timedelta(minutes=42), add_content_md5_metadata=True) duration_pb = Duration() diff --git a/tests/flytekit/unit/clients/test_raw.py b/tests/flytekit/unit/clients/test_raw.py index 6f9b46e6f0..00ca38b807 100644 --- a/tests/flytekit/unit/clients/test_raw.py +++ b/tests/flytekit/unit/clients/test_raw.py @@ -4,23 +4,18 @@ from flytekit.clients.raw import RawSynchronousFlyteClient from flytekit.configuration import PlatformConfig -from grpc_health.v1 import health_pb2 @mock.patch("flytekit.clients.raw._admin_service") @mock.patch("flytekit.clients.raw.grpc.insecure_channel") -@mock.patch.object(RawSynchronousFlyteClient, "check_grpc_health_with_authentication", return_value=True) -def test_update_project(mock_check_health, mock_channel, mock_admin): - mock_health_stub = mock.Mock() +def test_update_project(mock_channel, mock_admin): client = RawSynchronousFlyteClient(PlatformConfig(endpoint="a.b.com", insecure=True)) project = _project_pb2.Project(id="foo", name="name", description="description", state=_project_pb2.Project.ACTIVE) client.update_project(project) mock_admin.AdminServiceStub().UpdateProject.assert_called_with(project, metadata=None) - @mock.patch("flytekit.clients.raw._admin_service") @mock.patch("flytekit.clients.raw.grpc.insecure_channel") -@mock.patch("flytekit.clients.raw.RawSynchronousFlyteClient.check_grpc_health_with_authentication", return_value=health_pb2.HealthCheckResponse.SERVING) -def test_list_projects_paginated(mock_check_health, mock_channel, mock_admin): +def test_list_projects_paginated(mock_channel, mock_admin): client = RawSynchronousFlyteClient(PlatformConfig(endpoint="a.b.com", insecure=True)) project_list_request = _project_pb2.ProjectListRequest(limit=100, token="", filters=None, sort_by=None) client.list_projects(project_list_request) From eb43e3a88f32c2114b8c46f44016b61f0fee52aa Mon Sep 17 00:00:00 2001 From: taieeuu Date: Tue, 4 Feb 2025 23:33:24 +0800 Subject: [PATCH 39/39] feat: implements test for keyring_exception Signed-off-by: taieeuu --- .../unit/clients/auth/test_keyring_store.py | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/flytekit/unit/clients/auth/test_keyring_store.py b/tests/flytekit/unit/clients/auth/test_keyring_store.py index d068a1f451..fc6a3b98df 100644 --- a/tests/flytekit/unit/clients/auth/test_keyring_store.py +++ b/tests/flytekit/unit/clients/auth/test_keyring_store.py @@ -4,6 +4,15 @@ from flytekit.clients.auth.keyring import Credentials, KeyringStore +from flytekit.clients.auth_helper import upgrade_channel_to_authenticated, upgrade_channel_to_proxy_authenticated + +from flytekit.configuration import PlatformConfig + +import pytest + +from flytekit.clients.auth.authenticator import CommandAuthenticator + +from flytekit.clients.grpc_utils.auth_interceptor import AuthUnaryInterceptor @patch("keyring.get_password") def test_keyring_store_get(kr_get_password: MagicMock): @@ -30,3 +39,34 @@ def test_keyring_store_set(kr_set_password: MagicMock): kr_set_password.side_effect = NoKeyringError() assert KeyringStore.retrieve("example2.com") is None + +@patch("flytekit.clients.auth.authenticator.KeyringStore") +def test_upgrade_channel_to_authenticated_with_keyring_exception(mock_keyring_store): + mock_keyring_store.retrieve.side_effect = Exception("mock exception") + + mock_channel = MagicMock() + + platform_config = PlatformConfig() + + try: + out_ch = upgrade_channel_to_authenticated(platform_config, mock_channel) + except Exception as e: + pytest.fail(f"upgrade_channel_to_authenticated Exception: {e}") + + assert isinstance(out_ch._interceptor, AuthUnaryInterceptor) + +@patch("flytekit.clients.auth.authenticator.KeyringStore") +def test_upgrade_channel_to_proxy_authenticated_with_keyring_exception(mock_keyring_store): + mock_keyring_store.retrieve.side_effect = Exception("mock exception") + + mock_channel = MagicMock() + + platform_config = PlatformConfig(auth_mode="Pkce", proxy_command=["echo", "foo-bar"]) + + try: + out_ch = upgrade_channel_to_proxy_authenticated(platform_config, mock_channel) + except Exception as e: + pytest.fail(f"upgrade_channel_to_proxy_authenticated Exception: {e}") + + assert isinstance(out_ch._interceptor, AuthUnaryInterceptor) + assert isinstance(out_ch._interceptor.authenticator, CommandAuthenticator)