Unblock flyteplugins being pulled due to Security override (flyteorg#235

) * Pull in FlytePlugins for Security Context fix Signed-off-by: Anand Swaminathan <[email protected]>
eapolinario · Mar 18, 2021 · d226f59 · d226f59
1 parent 3947a7e
commit d226f59
Show file tree

Hide file tree

Showing 13 changed files with 224 additions and 7 deletions.
diff --git a/flytepropeller/go.mod b/flytepropeller/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/benlaurie/objecthash v0.0.0-20180202135721-d1e3d6079fc1
 	github.com/fatih/color v1.10.0
 	github.com/flyteorg/flyteidl v0.18.20
-	github.com/flyteorg/flyteplugins v0.5.32
+	github.com/flyteorg/flyteplugins v0.5.35
 	github.com/flyteorg/flytestdlib v0.3.13
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-redis/redis v6.15.7+incompatible

diff --git a/flytepropeller/go.sum b/flytepropeller/go.sum
@@ -230,11 +230,11 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
-github.com/flyteorg/flyteidl v0.18.15/go.mod h1:b5Fq4Z8a5b0mF6pEwTd48ufvikUGVkWSjZiMT0ZtqKI=
+github.com/flyteorg/flyteidl v0.18.17/go.mod h1:b5Fq4Z8a5b0mF6pEwTd48ufvikUGVkWSjZiMT0ZtqKI=
 github.com/flyteorg/flyteidl v0.18.20 h1:OGOb2FOHWL363Qp8uzbJeFbQBKYPT30+afv+8BnBlGs=
 github.com/flyteorg/flyteidl v0.18.20/go.mod h1:b5Fq4Z8a5b0mF6pEwTd48ufvikUGVkWSjZiMT0ZtqKI=
-github.com/flyteorg/flyteplugins v0.5.32 h1:fXyHUZFtNt1yQIQehilSnpzKlOAkXkqqnwh9M696Dvw=
-github.com/flyteorg/flyteplugins v0.5.32/go.mod h1:+qu3cAdUdyNXer+R9NcvEKsEWwhvKAqRObmuFBGOJ0s=
+github.com/flyteorg/flyteplugins v0.5.35 h1:KEMOiA4B+lIxQ+l7FRHzVcPA234Td9+ursuJDm6I8dg=
+github.com/flyteorg/flyteplugins v0.5.35/go.mod h1:CxerBGWWEmNYmPxSMHnwQEr9cc1Fbo/g5fcABazU6Jo=
 github.com/flyteorg/flytestdlib v0.3.13 h1:5ioA/q3ixlyqkFh5kDaHgmPyTP/AHtqq1K/TIbVLUzM=
 github.com/flyteorg/flytestdlib v0.3.13/go.mod h1:Tz8JCECAbX6VWGwFT6cmEQ+RJpZ/6L9pswu3fzWs220=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=

diff --git a/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/iface.go b/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/iface.go
@@ -434,6 +434,7 @@ type Meta interface {
 	GetLabels() map[string]string
 	GetName() string
 	GetServiceAccountName() string
+	GetSecurityContext() core.SecurityContext
 	IsInterruptible() bool
 	GetEventVersion() EventVersion
 	GetRawOutputDataConfig() RawOutputDataConfig

diff --git a/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/mocks/ExecutableWorkflow.go b/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/mocks/ExecutableWorkflow.go
diff --git a/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/mocks/Meta.go b/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/mocks/Meta.go
diff --git a/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/mocks/MetaExtended.go b/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/mocks/MetaExtended.go
diff --git a/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/workflow.go b/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/workflow.go
@@ -39,10 +39,13 @@ type FlyteWorkflow struct {
 	NodeDefaults NodeDefaults `json:"node-defaults,omitempty"`
 	// Specifies the time when the workflow has been accepted into the system.
 	AcceptedAt *metav1.Time `json:"acceptedAt,omitempty"`
-	// ServiceAccountName is the name of the ServiceAccount to use to run this pod.
-	// More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
-	// +optional
+	// [DEPRECATED] ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+	// [DEPRECATED] More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+	// [DEPRECATED] +optional
 	ServiceAccountName string `json:"serviceAccountName,omitempty" protobuf:"bytes,8,opt,name=serviceAccountName"`
+	// Security context fields to define privilege and access control settings
+	// +optional
+	SecurityContext core.SecurityContext `json:"securityContext,omitempty" protobuf:"bytes,12,rep,name=securityContext"`
 	// Status is the only mutable section in the workflow. It holds all the execution information
 	Status WorkflowStatus `json:"status,omitempty"`
 	// RawOutputDataConfig defines the configurations to use for generating raw outputs (e.g. blobs, schemas).
@@ -58,6 +61,10 @@ type FlyteWorkflow struct {
 	DataReferenceConstructor storage.ReferenceConstructor `json:"-"`
 }
 
+func (in *FlyteWorkflow) GetSecurityContext() core.SecurityContext {
+	return in.SecurityContext
+}
+
 func (in *FlyteWorkflow) GetEventVersion() EventVersion {
 	if in.WorkflowMeta != nil {
 		return in.WorkflowMeta.EventVersion

diff --git a/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/zz_generated.deepcopy.go b/flytepropeller/pkg/apis/flyteworkflow/v1alpha1/zz_generated.deepcopy.go
diff --git a/flytepropeller/pkg/controller/executors/mocks/execution_context.go b/flytepropeller/pkg/controller/executors/mocks/execution_context.go
diff --git a/flytepropeller/pkg/controller/executors/mocks/immutable_execution_context.go b/flytepropeller/pkg/controller/executors/mocks/immutable_execution_context.go
diff --git a/flytepropeller/pkg/controller/nodes/handler/mocks/node_execution_metadata.go b/flytepropeller/pkg/controller/nodes/handler/mocks/node_execution_metadata.go
diff --git a/flytepropeller/pkg/controller/nodes/handler/node_exec_context.go b/flytepropeller/pkg/controller/nodes/handler/node_exec_context.go
@@ -37,6 +37,7 @@ type NodeExecutionMetadata interface {
 	GetLabels() map[string]string
 	GetAnnotations() map[string]string
 	GetK8sServiceAccount() string
+	GetSecurityContext() core.SecurityContext
 	IsInterruptible() bool
 }
 

diff --git a/flytepropeller/pkg/controller/nodes/resolve_test.go b/flytepropeller/pkg/controller/nodes/resolve_test.go
@@ -119,6 +119,10 @@ func (d *dummyBaseWorkflow) GetServiceAccountName() string {
 	return ""
 }
 
+func (d *dummyBaseWorkflow) GetSecurityContext() core.SecurityContext {
+	return core.SecurityContext{}
+}
+
 func (d *dummyBaseWorkflow) GetTask(id v1alpha1.TaskID) (v1alpha1.ExecutableTask, error) {
 	return nil, nil
 }