Deprecate oauth_scopes in flyte-cli setup-config in favor of new scop…

…es field (#676) * Use oauth_scopes in the config file generated by flyte-cli Signed-off-by: Eduardo Apolinario <[email protected]> * Fix unit test and comment Signed-off-by: Eduardo Apolinario <[email protected]> * Deprecate oauth_scopes Signed-off-by: Eduardo Apolinario <[email protected]> * Use the deprecated oauth_scopes Signed-off-by: Eduardo Apolinario <[email protected]> * Invert the order we check scopes Signed-off-by: Eduardo Apolinario <[email protected]> Co-authored-by: Eduardo Apolinario <[email protected]>
flyteorg · Sep 29, 2021 · f6ee06f · f6ee06f
1 parent c2473c0
commit f6ee06f
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 9 deletions.
diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py
@@ -18,7 +18,7 @@
 from flytekit.configuration.creds import _DEPRECATED_CLIENT_CREDENTIALS_SCOPE as _DEPRECATED_SCOPE
 from flytekit.configuration.creds import CLIENT_ID as _CLIENT_ID
 from flytekit.configuration.creds import COMMAND as _COMMAND
-from flytekit.configuration.creds import OAUTH_SCOPES
+from flytekit.configuration.creds import DEPRECATED_OAUTH_SCOPES, SCOPES
 from flytekit.configuration.platform import AUTH as _AUTH
 from flytekit.loggers import cli_logger
 
@@ -47,11 +47,11 @@ def _get_basic_flow_scopes() -> List[str]:
     deprecated_single_scope = _DEPRECATED_SCOPE.get()
     if deprecated_single_scope:
         return [deprecated_single_scope]
-    oauth_scopes = OAUTH_SCOPES.get()
-    if "openid" in oauth_scopes:
+    scopes = DEPRECATED_OAUTH_SCOPES.get() or SCOPES.get()
+    if "openid" in scopes:
         cli_logger.warning("Basic flow authentication should never use openid.")
 
-    return oauth_scopes
+    return scopes
 
 
 def _refresh_credentials_basic(flyte_client):

diff --git a/flytekit/clis/auth/credentials.py b/flytekit/clis/auth/credentials.py
@@ -4,8 +4,9 @@
 from flytekit.clis.auth.discovery import DiscoveryClient as _DiscoveryClient
 from flytekit.configuration.creds import CLIENT_CREDENTIALS_SECRET as _CLIENT_SECRET
 from flytekit.configuration.creds import CLIENT_ID as _CLIENT_ID
-from flytekit.configuration.creds import OAUTH_SCOPES as _SCOPES
+from flytekit.configuration.creds import DEPRECATED_OAUTH_SCOPES
 from flytekit.configuration.creds import REDIRECT_URI as _REDIRECT_URI
+from flytekit.configuration.creds import SCOPES
 from flytekit.configuration.platform import HTTP_URL as _HTTP_URL
 from flytekit.configuration.platform import INSECURE as _INSECURE
 from flytekit.configuration.platform import URL as _URL
@@ -46,7 +47,7 @@ def get_client(flyte_client_url):
     _authorization_client = _AuthorizationClient(
         redirect_uri=_REDIRECT_URI.get(),
         client_id=_CLIENT_ID.get(),
-        scopes=_SCOPES.get(),
+        scopes=DEPRECATED_OAUTH_SCOPES.get() or SCOPES.get(),
         auth_endpoint=authorization_endpoints.auth_endpoint,
         token_endpoint=authorization_endpoints.token_endpoint,
         client_secret=_CLIENT_SECRET.get(),

diff --git a/flytekit/clis/flyte_cli/main.py b/flytekit/clis/flyte_cli/main.py
@@ -2411,7 +2411,8 @@ def setup_config(host, insecure):
         if not insecure:
             parser.add_section("credentials")
             for key in credentials_config.keys():
-                parser.set("credentials", key, credentials_config[key])
+                # ConfigParser needs all keys to be strings
+                parser.set("credentials", key, str(credentials_config[key]))
         parser.write(f)
     set_flyte_config_file(config_file_path=config_file)
     _click.secho("Wrote default config file to {}".format(_tt(config_file)), fg="blue")

diff --git a/flytekit/configuration/creds.py b/flytekit/configuration/creds.py
@@ -28,11 +28,17 @@
 More details here: https://www.oauth.com/oauth2-servers/redirect-uris/.
 """
 
-OAUTH_SCOPES = _config_common.FlyteStringListConfigurationEntry("credentials", "oauth_scopes", default=["openid"])
+SCOPES = _config_common.FlyteStringListConfigurationEntry("credentials", "scopes", default=["openid"])
 """
 This controls the list of scopes to request from the authorization server.
 """
 
+DEPRECATED_OAUTH_SCOPES = _config_common.FlyteStringListConfigurationEntry("credentials", "oauth_scopes", default=None)
+"""
+This controls the list of scopes to request from the authorization server.
+Deprecated - please use the SCOPES variable.
+"""
+
 AUTHORIZATION_METADATA_KEY = _config_common.FlyteStringConfigurationEntry(
     "credentials", "authorization_metadata_key", default="authorization"
 )

diff --git a/tests/flytekit/unit/cli/test_flyte_cli.py b/tests/flytekit/unit/cli/test_flyte_cli.py
@@ -114,7 +114,7 @@ def test_setup_config_secure_mode():
     data = {
         "client_id": "123abc123",
         "redirect_uri": "http://localhost:53593/callback",
-        "scopes": "my_scopes",
+        "scopes": ["scope_1", "scope_2"],
         "authorization_metadata_key": "fake_key",
     }
     _responses.add(_responses.GET, "https://flyte.company.com/config/v1/flyte_client", json=data, status=200)