Skip to content
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.

Inject user identifier to ExecutionSpec #549

Merged
merged 17 commits into from
May 15, 2023
Merged

Inject user identifier to ExecutionSpec #549

merged 17 commits into from
May 15, 2023

Conversation

ByronHsu
Copy link
Contributor

@ByronHsu ByronHsu commented Apr 3, 2023
edited
Loading

TL;DR

This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.

Type

  • Bug Fix
  • Feature
  • Plugin

Are all requirements met?

  • Code completed
  • Smoke tested
  • Unit tests added
  • Code documentation added
  • Any pending items have an associated Issue

Complete description

How did you fix the bug, make the feature etc. Link to any design docs etc

Tracking Issue

flyteorg/flyte#3566

@ByronHsu ByronHsu changed the title Add exec user id injection to security context Add user id to security context Apr 3, 2023
@ByronHsu ByronHsu changed the title Add user id to security context Inject user id to security context Apr 3, 2023
@ByronHsu ByronHsu mentioned this pull request May 2, 2023
Merged
8 tasks
@ByronHsu ByronHsu changed the title Inject user id to security context Inject user identity to security context May 2, 2023
@ByronHsu ByronHsu force-pushed the github/add-userid branch from d04c400 to ea42686 Compare May 2, 2023 05:04
wild-endeavor
wild-endeavor reviewed May 8, 2023
View reviewed changes
auth/identity_context.go Outdated Show resolved Hide resolved
auth/identity_context.go Outdated Show resolved Hide resolved
@ByronHsu ByronHsu changed the title Inject user identity to security context Inject user identifier to security context May 8, 2023
@ByronHsu ByronHsu changed the title Inject user identifier to security context Inject user identifier to ExecutionSpec May 8, 2023
wild-endeavor
wild-endeavor reviewed May 9, 2023
View reviewed changes
auth/identity_context.go Outdated
}

// SetUserIdentifier allows you to explicitly set user identifier
func (c *IdentityContext) SetUserIdentifier(id string) IdentityContext {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to return something? can it just not return anything?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed

pkg/manager/impl/execution_manager.go Outdated
// We skip getUserIdentityFromContext but can still get ExecUserId because flytepropeller passes it in the execution request.
// https://github.com/flyteorg/flytepropeller/blob/03a6672960ed04e7687ba4f790fee9a02a4057fb/pkg/controller/nodes/subworkflow/launchplan/admin.go#L114
if workflowExecConfig.GetSecurityContext().GetRunAs().GetUserIdentifier() == "" {
workflowExecConfig.SecurityContext.RunAs.UserIdentifier = auth.IdentityContextFromContext(ctx).UserIdentifier()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when admin is running without auth, this still won't fail right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah UserIdentifier would just be an empty string

@ByronHsu ByronHsu force-pushed the github/add-userid branch from 7b52783 to b080fac Compare May 9, 2023 04:34
ByronHsu added 8 commits May 8, 2023 21:36
@ByronHsu
inject user identifier
751c6e1 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
wip
13e25ec 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
bump idl
ed723c1 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
improve
14d5123 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
simplify
fa2ce4e 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
simplify
527ffcc 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
update SetUserIdentifier
4a6b0f9 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
update SetUserIdentifier
3e2b93d 
Signed-off-by: byhsu <[email protected]>
@ByronHsu ByronHsu force-pushed the github/add-userid branch from b080fac to 3e2b93d Compare May 9, 2023 04:38
wild-endeavor
wild-endeavor previously approved these changes May 9, 2023
View reviewed changes
@ByronHsu
go mod tidy
19ba977 
Signed-off-by: byhsu <[email protected]>
@codecov
Copy link

codecov bot commented May 9, 2023
edited
Loading

Codecov Report

Merging #549 (fa1a16d) into master (2fdd399) will increase coverage by 1.58%.
The diff coverage is 77.77%.

❗ Current head fa1a16d differs from pull request most recent head 6b4ff04. Consider uploading reports for the commit 6b4ff04 to get more accurate results

@@            Coverage Diff             @@
##           master     #549      +/-   ##
==========================================
+ Coverage   58.37%   59.95%   +1.58%     
==========================================
  Files         168      168              
  Lines       16104    13195    -2909     
==========================================
- Hits         9400     7911    -1489     
+ Misses       5866     4445    -1421     
- Partials      838      839       +1
Flag Coverage Δ
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/manager/impl/util/shared.go 68.18% <0.00%> (+3.35%) ⬆️
pkg/manager/impl/execution_manager.go 72.53% <66.66%> (+2.52%) ⬆️
auth/identity_context.go 79.24% <100.00%> (+9.60%) ⬆️
auth/interceptor.go 100.00% <100.00%> (ø)

... and 151 files with indirect coverage changes

@ByronHsu
lint
8653f4c 
Signed-off-by: byhsu <[email protected]>
wild-endeavor
wild-endeavor previously approved these changes May 9, 2023
View reviewed changes
EngHabu
EngHabu reviewed May 9, 2023
View reviewed changes
auth/identity_context.go Outdated Show resolved Hide resolved
auth/identity_context.go Outdated Show resolved Hide resolved
@ByronHsu
rename
a64a931 
Signed-off-by: byhsu <[email protected]>
ByronHsu added 5 commits May 9, 2023 21:53
@ByronHsu
update
fd26eb1 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
upgrade idl
03af823 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
nit
17a06a1 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
lint
17968a7 
Signed-off-by: byhsu <[email protected]>
@ByronHsu
rename
fdec7d4 
Signed-off-by: byhsu <[email protected]>
wild-endeavor
wild-endeavor previously approved these changes May 12, 2023
View reviewed changes
pingsutw
pingsutw previously approved these changes May 12, 2023
View reviewed changes
@wild-endeavor
merge master
6b4ff04 
Signed-off-by: Yee Hing Tong <[email protected]>
@wild-endeavor wild-endeavor dismissed stale reviews from pingsutw and themself via 6b4ff04 May 12, 2023 18:16
@wild-endeavor wild-endeavor merged commit 610451d into flyteorg:master May 15, 2023
LaPetiteSouris pushed a commit to LaPetiteSouris/flyteadmin that referenced this pull request May 16, 2023
@ByronHsu @LaPetiteSouris
Inject user identifier to ExecutionSpec (flyteorg#549)
e52e07a 
Signed-off-by: byhsu <[email protected]>
This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.
Signed-off-by: TungHoang <[email protected]>
wild-endeavor added a commit to flyteorg/flyte that referenced this pull request May 22, 2023
@wild-endeavor
[Patch] v1.6.1 release base (#3697)
5ab8cb8 
Signed-off-by: Yee Hing Tong <[email protected]>

### Admin - v1.1.100
* Inject user identifier to ExecutionSpec by @ByronHsu in flyteorg/flyteadmin#549
* Fix flaky test by @eapolinario in flyteorg/flyteadmin#563
* Add oauth http proxy for external server & Extract email from azure claim by @ByronHsu in flyteorg/flyteadmin#553
* Remove single task execution default timeout by @hamersaw in flyteorg/flyteadmin#564
* Revert conditional setting of SecurityContext when launching security context by @wild-endeavor in flyteorg/flyteadmin#566

### Console - v1.8.2
* Export Flytedecks support for TLRO by @james-union in flyteorg/flyteconsole#757
* fix: filter executions by version and name by @ursucarina in flyteorg/flyteconsole#758
* fix: task recent runs should filter by version by @ursucarina in flyteorg/flyteconsole#759
* Bug: Execution Page's back button returns Workflows route from Launch Plan route #patch by @FrankFlitton in flyteorg/flyteconsole#760
* chore: add item when mapped task by @jsonporter in flyteorg/flyteconsole#761
* Feature: Fullview Flyte Deck modal by @FrankFlitton in flyteorg/flyteconsole#764

### Propeller - v1.1.90
* Add grpc plugin to loader.go by @pingsutw in flyteorg/flytepropeller#562
eapolinario pushed a commit that referenced this pull request Sep 6, 2023
@ByronHsu
Inject user identifier to ExecutionSpec (#549)
2297e07 
Signed-off-by: byhsu <[email protected]>
This pr provides a middleware to inject user identifier to ExecutionSpec.
By default, the value of the user identifier is userid from access/id token.
Users can customize their own middleware and inject different values.
@fg91 fg91 mentioned this pull request Dec 22, 2023
Merged
3 tasks
@fg91 fg91 mentioned this pull request Mar 8, 2024
Merged
3 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@EngHabu EngHabu EngHabu left review comments

@pingsutw pingsutw pingsutw approved these changes

@wild-endeavor wild-endeavor wild-endeavor approved these changes

@katrogan katrogan Awaiting requested review from katrogan katrogan is a code owner

@kumare3 kumare3 Awaiting requested review from kumare3 kumare3 is a code owner

@pmahindrakar-oss pmahindrakar-oss Awaiting requested review from pmahindrakar-oss pmahindrakar-oss is a code owner

@hamersaw hamersaw Awaiting requested review from hamersaw hamersaw is a code owner

@eapolinario eapolinario Awaiting requested review from eapolinario eapolinario is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ByronHsu @EngHabu @wild-endeavor @pingsutw