Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure token is refreshed on Unauthenticated #5388

Merged
merged 8 commits into from
May 20, 2024

Conversation

pmahindrakar-oss
Copy link
Contributor

Tracking issue

#5387

Why are the changes needed?

Fix the unsafe threading behavior of multiple parallel client api trying to get tokens

What changes were proposed in this pull request?

Adding condition variables and mutex locks to serialize the calls

How was this patch tested?

Tested this on internal tenant by sending multiple parallel client requests and verified no issue were observed

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

Copy link

codecov bot commented May 17, 2024

Codecov Report

Attention: Patch coverage is 36.00000% with 48 lines in your changes are missing coverage. Please review.

Project coverage is 61.07%. Comparing base (2f1f813) to head (dd47b45).

Files Patch % Lines
flytectl/pkg/pkce/token_cache_keyring.go 6.89% 27 Missing ⚠️
flyteidl/clients/go/admin/auth_interceptor.go 48.27% 10 Missing and 5 partials ⚠️
...admin/tokenorchestrator/base_token_orchestrator.go 55.55% 2 Missing and 2 partials ⚠️
flyteidl/clients/go/admin/token_source_provider.go 33.33% 2 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master    #5388      +/-   ##
==========================================
- Coverage   61.08%   61.07%   -0.02%     
==========================================
  Files         793      793              
  Lines       51156    51210      +54     
==========================================
+ Hits        31251    31275      +24     
- Misses      17033    17059      +26     
- Partials     2872     2876       +4     
Flag Coverage Δ
unittests-datacatalog 69.31% <ø> (ø)
unittests-flyteadmin 58.90% <ø> (+0.04%) ⬆️
unittests-flytecopilot 17.79% <ø> (ø)
unittests-flytectl 67.98% <18.18%> (-0.34%) ⬇️
unittests-flyteidl 79.04% <50.00%> (-0.26%) ⬇️
unittests-flyteplugins 61.94% <ø> (ø)
unittests-flytepropeller 57.32% <ø> (ø)
unittests-flytestdlib 65.75% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pmahindrakar-oss pmahindrakar-oss force-pushed the upstream-auth-token-cache-issue branch 3 times, most recently from 111ee95 to 8d6e360 Compare May 20, 2024 15:09
flytectl/go.mod Outdated Show resolved Hide resolved
eapolinario
eapolinario previously approved these changes May 20, 2024
Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss pmahindrakar-oss force-pushed the upstream-auth-token-cache-issue branch from 513b12b to dd47b45 Compare May 20, 2024 17:31
@pmahindrakar-oss pmahindrakar-oss enabled auto-merge (squash) May 20, 2024 17:52
@pmahindrakar-oss pmahindrakar-oss disabled auto-merge May 20, 2024 17:52
@eapolinario
Copy link
Contributor

The docs failures are unrelated.

@eapolinario eapolinario merged commit 1384b32 into master May 20, 2024
47 of 50 checks passed
@eapolinario eapolinario deleted the upstream-auth-token-cache-issue branch May 20, 2024 18:02
@eapolinario
Copy link
Contributor

eapolinario commented May 21, 2024

@pmahindrakar-oss , can you also revert this one?

edit: I clicked the revert button on github. 😂

eapolinario added a commit that referenced this pull request May 21, 2024
eapolinario added a commit that referenced this pull request May 21, 2024
pmahindrakar-oss added a commit that referenced this pull request May 23, 2024
pmahindrakar-oss added a commit that referenced this pull request May 31, 2024
eapolinario added a commit that referenced this pull request May 31, 2024
* Revert "Revert "Ensure token is refreshed on Unauthenticated (#5388)" (#5404)"

This reverts commit 7d2f0d0.

Signed-off-by: pmahindrakar-oss <[email protected]>

* Using same mutex for condition variable

Signed-off-by: pmahindrakar-oss <[email protected]>

* Lock the locker in the wait to adher to cond.Wait() semantics

Signed-off-by: pmahindrakar-oss <[email protected]>

* comments

Signed-off-by: pmahindrakar-oss <[email protected]>

* using noop locker as waitlist add is atomic operation

Signed-off-by: pmahindrakar-oss <[email protected]>

* Replace Azure AD OIDC URL with correct one (#4075)

Signed-off-by: Erwin de Haan <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* Update the example Dockerfile to run on k8s (#5412)

Signed-off-by: Jason Parraga <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* docs(kubeflow): Fix kubeflow webhook error (#5410)

Signed-off-by: Chi-Sheng Liu <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* update flytekit version to 1.12.1b2 in monodocs requirements (#5411)

Signed-off-by: Samhita Alla <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* Add supported task types to agent service config and rename (#5402)

Signed-off-by: Jason Parraga <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* update lock file (#5416)

Signed-off-by: Samhita Alla <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* [monorepo] Fix flytectl install script (#5405)

Signed-off-by: pmahindrakar-oss <[email protected]>

* bring in changes for flytecl keyring from PR flytectl/pull/488

Signed-off-by: pmahindrakar-oss <[email protected]>

* typo fix

Signed-off-by: pmahindrakar-oss <[email protected]>

---------

Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: Erwin de Haan <[email protected]>
Signed-off-by: Jason Parraga <[email protected]>
Signed-off-by: Chi-Sheng Liu <[email protected]>
Signed-off-by: Samhita Alla <[email protected]>
Co-authored-by: Erwin de Haan <[email protected]>
Co-authored-by: Jason Parraga <[email protected]>
Co-authored-by: Chi-Sheng Liu <[email protected]>
Co-authored-by: Samhita Alla <[email protected]>
Co-authored-by: Eduardo Apolinario <[email protected]>
@Sovietaced
Copy link
Contributor

Why change the interface instead of just making the implementation thread safe?

robert-ulbrich-mercedes-benz pushed a commit to robert-ulbrich-mercedes-benz/flyte that referenced this pull request Jul 2, 2024
* Ensure token is refreshed on Unauthenticated

Signed-off-by: pmahindrakar-oss <[email protected]>

* Using condition broadcast

Signed-off-by: pmahindrakar-oss <[email protected]>

* fix unit tests

Signed-off-by: pmahindrakar-oss <[email protected]>

* nit

Signed-off-by: pmahindrakar-oss <[email protected]>

* nit

Signed-off-by: pmahindrakar-oss <[email protected]>

* nit

Signed-off-by: pmahindrakar-oss <[email protected]>

* fix go mod entries in flytectl

Signed-off-by: pmahindrakar-oss <[email protected]>

* adding a log line when materializing creds

Signed-off-by: pmahindrakar-oss <[email protected]>

---------

Signed-off-by: pmahindrakar-oss <[email protected]>
robert-ulbrich-mercedes-benz pushed a commit to robert-ulbrich-mercedes-benz/flyte that referenced this pull request Jul 2, 2024
robert-ulbrich-mercedes-benz pushed a commit to robert-ulbrich-mercedes-benz/flyte that referenced this pull request Jul 2, 2024
* Revert "Revert "Ensure token is refreshed on Unauthenticated (flyteorg#5388)" (flyteorg#5404)"

This reverts commit 7d2f0d0.

Signed-off-by: pmahindrakar-oss <[email protected]>

* Using same mutex for condition variable

Signed-off-by: pmahindrakar-oss <[email protected]>

* Lock the locker in the wait to adher to cond.Wait() semantics

Signed-off-by: pmahindrakar-oss <[email protected]>

* comments

Signed-off-by: pmahindrakar-oss <[email protected]>

* using noop locker as waitlist add is atomic operation

Signed-off-by: pmahindrakar-oss <[email protected]>

* Replace Azure AD OIDC URL with correct one (flyteorg#4075)

Signed-off-by: Erwin de Haan <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* Update the example Dockerfile to run on k8s (flyteorg#5412)

Signed-off-by: Jason Parraga <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* docs(kubeflow): Fix kubeflow webhook error (flyteorg#5410)

Signed-off-by: Chi-Sheng Liu <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* update flytekit version to 1.12.1b2 in monodocs requirements (flyteorg#5411)

Signed-off-by: Samhita Alla <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* Add supported task types to agent service config and rename (flyteorg#5402)

Signed-off-by: Jason Parraga <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* update lock file (flyteorg#5416)

Signed-off-by: Samhita Alla <[email protected]>
Signed-off-by: pmahindrakar-oss <[email protected]>

* [monorepo] Fix flytectl install script (flyteorg#5405)

Signed-off-by: pmahindrakar-oss <[email protected]>

* bring in changes for flytecl keyring from PR flytectl/pull/488

Signed-off-by: pmahindrakar-oss <[email protected]>

* typo fix

Signed-off-by: pmahindrakar-oss <[email protected]>

---------

Signed-off-by: pmahindrakar-oss <[email protected]>
Signed-off-by: Erwin de Haan <[email protected]>
Signed-off-by: Jason Parraga <[email protected]>
Signed-off-by: Chi-Sheng Liu <[email protected]>
Signed-off-by: Samhita Alla <[email protected]>
Co-authored-by: Erwin de Haan <[email protected]>
Co-authored-by: Jason Parraga <[email protected]>
Co-authored-by: Chi-Sheng Liu <[email protected]>
Co-authored-by: Samhita Alla <[email protected]>
Co-authored-by: Eduardo Apolinario <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants