Adding configurable audience property for flyte clients

[pmahindrakar-oss]

Signed-off-by: pmahindrakar-oss [email protected]

TL;DR

Most Authorization server provide a way to use default audience which can be used to request auth tokens which is what flyte relied on before this PR.

The current PR allows to send a configurable audience field when requesting auth token from the authorization server.

Follow up PR to return audience also from PublicClientConfig endpoint of flyteadmin

flyteorg/flyteadmin#485

If client config contains the audience field then that would be used
Though if the override to useAudienceFromAdmin is set then whatever audience is set in admin would be used

Type

• Bug Fix
• Feature
• Plugin

Are all requirements met?

• Code completed
• Smoke tested
• Unit tests added
• Code documentation added
• Any pending items have an associated Issue

Complete description

How did you fix the bug, make the feature etc. Link to any design docs etc

Tracking Issue

flyteorg/flyte#2959

Follow-up issue

NA

[codecov]

Codecov Report

Merging #329 (a022caf) into master (9fbac98) will increase coverage by 2.82%.
The diff coverage is 100.00%.

❗ Current head a022caf differs from pull request most recent head 968544d. Consider uploading reports for the commit 968544d to get more accurate results

@@            Coverage Diff             @@
##           master     #329      +/-   ##
==========================================
+ Coverage   73.12%   75.94%   +2.82%     
==========================================
  Files          18       18              
  Lines        1362     1185     -177     
==========================================
- Hits          996      900      -96     
+ Misses        315      234      -81     
  Partials       51       51              

Flag	Coverage Δ
unittests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
clients/go/admin/config.go	50.00% <ø> (+33.33%)	⬆️
clients/go/admin/config_flags.go	60.41% <100.00%> (+4.16%)	⬆️
clients/go/admin/token_source_provider.go	37.16% <100.00%> (+6.25%)	⬆️
clients/go/admin/pkce/auth_flow_orchestrator.go	63.04% <0.00%> (-1.96%)	⬇️
clients/go/admin/pkce/handle_app_call_back.go	93.93% <0.00%> (-0.94%)	⬇️
clients/go/admin/client.go	86.91% <0.00%> (-0.31%)	⬇️
clients/go/admin/cert_loader.go	100.00% <0.00%> (ø)
clients/go/admin/atomic_credentials.go	100.00% <0.00%> (ø)
clients/go/admin/pkce/oauth2_client.go	61.11% <0.00%> (+0.24%)	⬆️
clients/go/coreutils/literals.go	93.34% <0.00%> (+1.54%)	⬆️
... and 11 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[katrogan]

should we only fetch this if the cfg.Audience is empty?

[pmahindrakar-oss]

Done., if either scopes or Audience is empty then we call this api

[katrogan]

If I'm understanding correctly with this change now we'll always make the call to get the public client config even in the case where the audience property is not actually required? (It isn't always required, right - this is just custom for some deployments?)

Is there anyway to indicate we want to explicitly fetch the audience property so that end users don't have to now update their deployments with a dummy config value for the audience property to avoid this lookup even when scopes are set?

[pmahindrakar-oss]

Done Added added new config flag useAudienceFromAdmin which will force pull config from Admin only if its set otherwise it wont call the publicEndpoint config
Also added tests for the number of invocattions to the public admin endpoint