-
Notifications
You must be signed in to change notification settings - Fork 665
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[flyte-core] Flyte Connection #5126
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5126 +/- ##
==========================================
+ Coverage 60.99% 66.98% +5.98%
==========================================
Files 794 278 -516
Lines 51475 12638 -38837
==========================================
- Hits 31397 8465 -22932
+ Misses 17186 3549 -13637
+ Partials 2892 624 -2268
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
@pingsutw Would it be possible to merge the work of this PR with that of my PR? It seems like both include secrets in requests made to the agent, but this PR goes a step farther by resolving the value of secrets. On the other hand, my PR includes more details about which user is executing a task, which is also very useful for the agent to have. |
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
flytepropeller/pkg/controller/nodes/task/connectionmanager/config.go
Outdated
Show resolved
Hide resolved
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
@@ -36,6 +36,9 @@ enum MatchableResource { | |||
|
|||
// Controls how to select an available cluster on which this execution should run. | |||
CLUSTER_ASSIGNMENT = 7; | |||
|
|||
// Configures the task connection to be used by the agent to connect to external systems. | |||
EXTERNAL_RESOURCE = 8; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could extend this to be used by regular tasks too right ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by extending here? something like
@task(external_resource=...)
# or
@task(connection=...)
// Flyte will use the default connection in the project-domain settings, but users | ||
// still be able to override it by specifying the connection in the task decorator. | ||
// +optional | ||
string connection = 4; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we make a note of the order of overrides as its just not project-domain settings alone. Also can we add details on how this should map to values in external resource attributes
@@ -45,6 +45,14 @@ message Secret { | |||
MountType mount_requirement = 4; | |||
} | |||
|
|||
message Connection { | |||
// The credentials to use for the connection, such as API keys, OAuth2 tokens, etc. | |||
map<string, string> secrets = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also add comment on the format of what the key and what the value is and how they map to what the agent expects
map<string, string> secrets = 1; | ||
|
||
// The configuration to use for the connection, such as the endpoint, account name, etc. | ||
map<string, string> configs = 2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similalrly for the configs
@@ -97,6 +99,24 @@ func (p Plugin) Create(ctx context.Context, taskCtx webapi.TaskExecutionContextR | |||
taskCategory := admin.TaskCategory{Name: taskTemplate.Type, Version: taskTemplate.TaskTypeVersion} | |||
agent, isSync := getFinalAgent(&taskCategory, p.cfg, p.agentRegistry) | |||
|
|||
connection := flyteIdl.Connection{} | |||
if taskTemplate.SecurityContext != nil && taskTemplate.SecurityContext.Connection != "" { | |||
conn, ok := taskCtx.TaskExecutionMetadata().GetExternalResourceAttributes().GetConnections()[taskTemplate.SecurityContext.Connection] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use getters for taskTemplate.SecurityContext.Connection and would be cleaner to define this as connectionKey may be as we are not defining the connection in the security context but just a ref/key. May be connectionRef might also be ok
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Signed-off-by: Kevin Su <[email protected]>
Tracking issue
#3936
Why are the changes needed?
It will allow users to pass different API_KEY to the chatGPT agent from flytepropeller
What changes were proposed in this pull request?
Agent client will read the secret from env or local file, and pass it to the agent server.
How was this patch tested?
local sandbox
Setup process
Add below config to
flyte-single-binary-local.yaml
m and Add your API key to local envcd flyte pyflyte serve agent make compile flyte start --config flyte-single-binary-local.yaml
Screenshots
Secret not found in propeller
Related PRs
flyteorg/flytekit#2297
Docs link
NA