feature: add validation for what flow the run_id belongs to #1452
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
savingoyal
reviewed
Jun 15, 2023
savingoyal
reviewed
Jun 15, 2023
savingoyal
reviewed
Jun 15, 2023
| # Project and branch are stored in the workflow template name so this is the easiest comparison to perform. | ||
| if workflow_name != deployed_workflow_template_name: | ||
| raise MetaflowException( | ||
| "The run_id *%s* belongs to the workflow *%s*, not to the workflow *%s*\n" |
There was a problem hiding this comment.
We don't communicate to the user how deployed_workflow_template_name is imputed. Can we check for project_name and branch_name and compare them with that?
There was a problem hiding this comment.
Added some more robust checks that separately verify that the user is targeting the correct branch and project, and notifying which one is not matching the deployed workflow. Do the changes seem adequate?
…and branch_name, accounting for --name. refactor Argo resource name sanitization
saikonen
added a commit
that referenced
this pull request
Jun 26, 2023
* first draft of suspend/unsuspend for argo * rename run_id arg to name * move exception for workflow not found * move argo workflow name validation to cli * decouple pause method * add production token validation * feature: add validation for what flow the run_id belongs to (#1452) * add validation for what flow the run_id belongs to * test using workflow production token for authorization directly. * rework run_id validation to perform separate checks for project_name and branch_name, accounting for --name. refactor Argo resource name sanitization
wangchy27
pushed a commit
that referenced
this pull request
Jul 13, 2023
* first draft of suspend/unsuspend for argo * rename run_id arg to name * move exception for workflow not found * move argo workflow name validation to cli * decouple pause method * add production token validation * feature: add validation for what flow the run_id belongs to (#1452) * add validation for what flow the run_id belongs to * test using workflow production token for authorization directly. * rework run_id validation to perform separate checks for project_name and branch_name, accounting for --name. refactor Argo resource name sanitization
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The new CLI commands for argo-workflows that accept a
run_idhave had a pending issue regarding production token authorization, and lacking any guard against passing an arbitrary run_id to a flow file that the user has a valid production token for.This PR introduces checks for