Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flyte Authentication within Task Containers [Newbie] #4570

Closed
wants to merge 2 commits into from
Closed

Flyte Authentication within Task Containers [Newbie] #4570

wants to merge 2 commits into from

Conversation

zeryx
Copy link

@zeryx zeryx commented Dec 11, 2023
edited
Loading

Describe your changes

RFC Proposal continuing off of #4527

Checklist:

  • Copy template
  • Draft RFC (think of it as a wireframe)
  • Share as WIP with folks you trust to gut-check
  • Send pull request when comfortable
  • Label accordingly
  • Assign reviewers
  • Merge PR

@zeryx zeryx added the rfc A label for RFC issues label Dec 11, 2023
@zeryx zeryx self-assigned this Dec 11, 2023
@welcome Welcome
Copy link

welcome bot commented Dec 11, 2023

Thank you for opening this pull request! 🙌

These tips will help get your PR across the finish line:

  • Most of the repos have a PR template; if not, fill it out to the best of your knowledge.
  • Sign off your commits (Reference: DCO Guide).

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Dec 11, 2023
@zeryx zeryx changed the title [RFC] Flyte Authentication within Task Containers [RFC] Flyte Authentication within Task Containers [WIP] Dec 11, 2023
@zeryx zeryx changed the title [RFC] Flyte Authentication within Task Containers [WIP] Flyte Authentication within Task Containers [WIP] Dec 11, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 11, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.99%. Comparing base (91d24a9) to head (3321240).
Report is 1164 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4570   +/-   ##
=======================================
  Coverage   58.98%   58.99%           
=======================================
  Files         621      621           
  Lines       52483    52483           
=======================================
+ Hits        30957    30962    +5     
+ Misses      19059    19056    -3     
+ Partials     2467     2465    -2
Flag Coverage Δ
unittests 58.99% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zeryx zeryx changed the title Flyte Authentication within Task Containers [WIP] Flyte Authentication within Task Containers [Newbie] Dec 12, 2023
@zeryx zeryx changed the title Flyte Authentication within Task Containers [Newbie] Flyte Authentication within Task Containers [RR] Dec 12, 2023
@zeryx zeryx changed the title Flyte Authentication within Task Containers [RR] Flyte Authentication within Task Containers [Newbie] Dec 12, 2023
@pryce-turner pryce-turner mentioned this pull request Jan 4, 2024
Open
2 tasks
bstadlbauer
bstadlbauer reviewed Jan 14, 2024
View reviewed changes
Copy link
Member

@bstadlbauer bstadlbauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey James, thank you for your contribution here! I think this generally sounds like a good idea. However, given auth is definitely not my strongsuite (both on the theoretical as well as on the k8s implementation side) I don't have any valuable feedback on the implementation of potential feedback.

Maybe @EngHabu would know more here?

rfc/system/RFC-4570-flyte-auth-in-task.md

This RFC proposes a method to flow Flyte authentication information into task containers.
It aims to simplify access to execution-specific information and enable secure, streamlined usage of Flyte features within tasks.
The proposal introduces a Flyte Auth Agent system to bind the authentication context of the task/workflow executor to all executed tasks.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would be the task/workflow executor here? I'm thinking the user who triggered the workflow?

rfc/system/RFC-4570-flyte-auth-in-task.md
## 2 Motivation

- In many workflows, accessing execution-specific information (e.g., used images, versions) is crucial.
- Tasks often need to interact with Flyte for remote registration or to use Flyte features (e.g., pyflyte register, build, project creation).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would slightly challenge this that "often" might be an overstatement here. However, I do see a fair usecase with @eager mode

@ddl-ebrown
Copy link
Contributor

This might be out of scope for this RFC, but has any similar consideration been given to Flyte agents?

cc @noahjax

@davidmirror-ops
Copy link
Contributor

Contributors meetup notes: move to "Needs owner" stage

@eapolinario
Copy link
Contributor

Cleaning stale PRs. Please reopen if you wan to discuss this further.

@eapolinario eapolinario closed this Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bstadlbauer bstadlbauer bstadlbauer left review comments

Assignees

@zeryx zeryx

Labels
rfc A label for RFC issues size:L This PR changes 100-499 lines, ignoring generated files.
Projects
Flyte RFCs
Status: In Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zeryx @ddl-ebrown @davidmirror-ops @eapolinario @bstadlbauer