Skip to content
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.

Inject user identifier to ExecutionSpec #549

Merged
merged 17 commits into from
May 15, 2023

Conversation

ByronHsu
Copy link
Contributor

@ByronHsu ByronHsu commented Apr 3, 2023

TL;DR

This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.

Type

  • Bug Fix
  • Feature
  • Plugin

Are all requirements met?

  • Code completed
  • Smoke tested
  • Unit tests added
  • Code documentation added
  • Any pending items have an associated Issue

Complete description

How did you fix the bug, make the feature etc. Link to any design docs etc

Tracking Issue

flyteorg/flyte#3566

@ByronHsu ByronHsu changed the title Add exec user id injection to security context Add user id to security context Apr 3, 2023
@ByronHsu ByronHsu changed the title Add user id to security context Inject user id to security context Apr 3, 2023
@ByronHsu ByronHsu changed the title Inject user id to security context Inject user identity to security context May 2, 2023
@ByronHsu ByronHsu force-pushed the github/add-userid branch from d04c400 to ea42686 Compare May 2, 2023 05:04
auth/identity_context.go Outdated Show resolved Hide resolved
auth/identity_context.go Outdated Show resolved Hide resolved
@ByronHsu ByronHsu changed the title Inject user identity to security context Inject user identifier to security context May 8, 2023
@ByronHsu ByronHsu changed the title Inject user identifier to security context Inject user identifier to ExecutionSpec May 8, 2023
}

// SetUserIdentifier allows you to explicitly set user identifier
func (c *IdentityContext) SetUserIdentifier(id string) IdentityContext {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to return something? can it just not return anything?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed

// We skip getUserIdentityFromContext but can still get ExecUserId because flytepropeller passes it in the execution request.
// https://github.com/flyteorg/flytepropeller/blob/03a6672960ed04e7687ba4f790fee9a02a4057fb/pkg/controller/nodes/subworkflow/launchplan/admin.go#L114
if workflowExecConfig.GetSecurityContext().GetRunAs().GetUserIdentifier() == "" {
workflowExecConfig.SecurityContext.RunAs.UserIdentifier = auth.IdentityContextFromContext(ctx).UserIdentifier()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when admin is running without auth, this still won't fail right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah UserIdentifier would just be an empty string

@ByronHsu ByronHsu force-pushed the github/add-userid branch from 7b52783 to b080fac Compare May 9, 2023 04:34
ByronHsu added 8 commits May 8, 2023 21:36
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
@ByronHsu ByronHsu force-pushed the github/add-userid branch from b080fac to 3e2b93d Compare May 9, 2023 04:38
wild-endeavor
wild-endeavor previously approved these changes May 9, 2023
Signed-off-by: byhsu <[email protected]>
@codecov
Copy link

codecov bot commented May 9, 2023

Codecov Report

Merging #549 (fa1a16d) into master (2fdd399) will increase coverage by 1.58%.
The diff coverage is 77.77%.

❗ Current head fa1a16d differs from pull request most recent head 6b4ff04. Consider uploading reports for the commit 6b4ff04 to get more accurate results

@@            Coverage Diff             @@
##           master     #549      +/-   ##
==========================================
+ Coverage   58.37%   59.95%   +1.58%     
==========================================
  Files         168      168              
  Lines       16104    13195    -2909     
==========================================
- Hits         9400     7911    -1489     
+ Misses       5866     4445    -1421     
- Partials      838      839       +1     
Flag Coverage Δ
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/manager/impl/util/shared.go 68.18% <0.00%> (+3.35%) ⬆️
pkg/manager/impl/execution_manager.go 72.53% <66.66%> (+2.52%) ⬆️
auth/identity_context.go 79.24% <100.00%> (+9.60%) ⬆️
auth/interceptor.go 100.00% <100.00%> (ø)

... and 151 files with indirect coverage changes

Signed-off-by: byhsu <[email protected]>
wild-endeavor
wild-endeavor previously approved these changes May 9, 2023
auth/identity_context.go Outdated Show resolved Hide resolved
auth/identity_context.go Outdated Show resolved Hide resolved
Signed-off-by: byhsu <[email protected]>
ByronHsu added 5 commits May 9, 2023 21:53
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
Signed-off-by: byhsu <[email protected]>
wild-endeavor
wild-endeavor previously approved these changes May 12, 2023
pingsutw
pingsutw previously approved these changes May 12, 2023
Signed-off-by: Yee Hing Tong <[email protected]>
@wild-endeavor wild-endeavor dismissed stale reviews from pingsutw and themself via 6b4ff04 May 12, 2023 18:16
@wild-endeavor wild-endeavor merged commit 610451d into flyteorg:master May 15, 2023
LaPetiteSouris pushed a commit to LaPetiteSouris/flyteadmin that referenced this pull request May 16, 2023
Signed-off-by: byhsu <[email protected]>
This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.
Signed-off-by: TungHoang <[email protected]>
wild-endeavor added a commit to flyteorg/flyte that referenced this pull request May 22, 2023
Signed-off-by: Yee Hing Tong <[email protected]>

### Admin - v1.1.100
* Inject user identifier to ExecutionSpec by @ByronHsu in flyteorg/flyteadmin#549
* Fix flaky test by @eapolinario in flyteorg/flyteadmin#563
* Add oauth http proxy for external server & Extract email from azure claim by @ByronHsu in flyteorg/flyteadmin#553
* Remove single task execution default timeout by @hamersaw in flyteorg/flyteadmin#564
* Revert conditional setting of SecurityContext when launching security context by @wild-endeavor in flyteorg/flyteadmin#566

### Console - v1.8.2
* Export Flytedecks support for TLRO by @james-union in flyteorg/flyteconsole#757
* fix: filter executions by version and name by @ursucarina in flyteorg/flyteconsole#758
* fix: task recent runs should filter by version by @ursucarina in flyteorg/flyteconsole#759
* Bug: Execution Page's back button returns Workflows route from Launch Plan route #patch by @FrankFlitton in flyteorg/flyteconsole#760
* chore: add item when mapped task by @jsonporter in flyteorg/flyteconsole#761
* Feature: Fullview Flyte Deck modal by @FrankFlitton in flyteorg/flyteconsole#764

### Propeller - v1.1.90
* Add grpc plugin to loader.go by @pingsutw in flyteorg/flytepropeller#562
eapolinario pushed a commit that referenced this pull request Sep 6, 2023
Signed-off-by: byhsu <[email protected]>
This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants