-
Notifications
You must be signed in to change notification settings - Fork 63
Inject user identifier to ExecutionSpec #549
Conversation
d04c400
to
ea42686
Compare
auth/identity_context.go
Outdated
} | ||
|
||
// SetUserIdentifier allows you to explicitly set user identifier | ||
func (c *IdentityContext) SetUserIdentifier(id string) IdentityContext { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this need to return something? can it just not return anything?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
// We skip getUserIdentityFromContext but can still get ExecUserId because flytepropeller passes it in the execution request. | ||
// https://github.com/flyteorg/flytepropeller/blob/03a6672960ed04e7687ba4f790fee9a02a4057fb/pkg/controller/nodes/subworkflow/launchplan/admin.go#L114 | ||
if workflowExecConfig.GetSecurityContext().GetRunAs().GetUserIdentifier() == "" { | ||
workflowExecConfig.SecurityContext.RunAs.UserIdentifier = auth.IdentityContextFromContext(ctx).UserIdentifier() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when admin is running without auth, this still won't fail right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah UserIdentifier would just be an empty string
7b52783
to
b080fac
Compare
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
b080fac
to
3e2b93d
Compare
Signed-off-by: byhsu <[email protected]>
Codecov Report
@@ Coverage Diff @@
## master #549 +/- ##
==========================================
+ Coverage 58.37% 59.95% +1.58%
==========================================
Files 168 168
Lines 16104 13195 -2909
==========================================
- Hits 9400 7911 -1489
+ Misses 5866 4445 -1421
- Partials 838 839 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: Yee Hing Tong <[email protected]>
Signed-off-by: byhsu <[email protected]> This pr provides a middleware to inject user identifier to ExecutionSpec. By default, the value of the user identifier is userid from access/id token. Users can customize their own middleware and inject different values. Signed-off-by: TungHoang <[email protected]>
Signed-off-by: Yee Hing Tong <[email protected]> ### Admin - v1.1.100 * Inject user identifier to ExecutionSpec by @ByronHsu in flyteorg/flyteadmin#549 * Fix flaky test by @eapolinario in flyteorg/flyteadmin#563 * Add oauth http proxy for external server & Extract email from azure claim by @ByronHsu in flyteorg/flyteadmin#553 * Remove single task execution default timeout by @hamersaw in flyteorg/flyteadmin#564 * Revert conditional setting of SecurityContext when launching security context by @wild-endeavor in flyteorg/flyteadmin#566 ### Console - v1.8.2 * Export Flytedecks support for TLRO by @james-union in flyteorg/flyteconsole#757 * fix: filter executions by version and name by @ursucarina in flyteorg/flyteconsole#758 * fix: task recent runs should filter by version by @ursucarina in flyteorg/flyteconsole#759 * Bug: Execution Page's back button returns Workflows route from Launch Plan route #patch by @FrankFlitton in flyteorg/flyteconsole#760 * chore: add item when mapped task by @jsonporter in flyteorg/flyteconsole#761 * Feature: Fullview Flyte Deck modal by @FrankFlitton in flyteorg/flyteconsole#764 ### Propeller - v1.1.90 * Add grpc plugin to loader.go by @pingsutw in flyteorg/flytepropeller#562
Signed-off-by: byhsu <[email protected]> This pr provides a middleware to inject user identifier to ExecutionSpec. By default, the value of the user identifier is userid from access/id token. Users can customize their own middleware and inject different values.
TL;DR
This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.
Type
Are all requirements met?
Complete description
How did you fix the bug, make the feature etc. Link to any design docs etc
Tracking Issue
flyteorg/flyte#3566