Auth/prevent lookup per call #5686
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #5686 +/- ##
=======================================
Coverage 36.17% 36.18%
=======================================
Files 1302 1302
Lines 109556 109613 +57
=======================================
+ Hits 39630 39659 +29
- Misses 65786 65809 +23
- Partials 4140 4145 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
wild-endeavor
changed the title
eapolinario
previously approved these changes
Aug 23, 2024
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
eapolinario
reviewed
Aug 23, 2024
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com>
eapolinario
approved these changes
Aug 23, 2024
2 tasks
|
Ideally it would be nice if the metadata was not cached permanently considering it contains trusted public key material. If there is interest I can follow up with a strategy that periodically refreshes the metadata so it will handle key rotations gracefully. |
pmahindrakar-oss
pushed a commit
that referenced
this pull request
Sep 9, 2024
* save values Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * move things up Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * tests Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * unit test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * imports for client test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * more test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * don't test admin connection Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * disable client for config Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * make generate Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * hide behind a once Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * typo Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * reset client builder test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * reset client test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * revert propeller Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * delay invocation even further Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> --------- Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
bgedik
pushed a commit
to bgedik/flyte
that referenced
this pull request
Sep 12, 2024
* save values Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * move things up Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * tests Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * unit test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * imports for client test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * more test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * don't test admin connection Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * disable client for config Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * make generate Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * hide behind a once Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * typo Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * reset client builder test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * reset client test Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * revert propeller Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> * delay invocation even further Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> --------- Signed-off-by: Yee Hing Tong <wild-endeavor@users.noreply.github.com> Signed-off-by: Bugra Gedik <bgedik@gmail.com>
pmahindrakar-oss
added a commit
that referenced
this pull request
Nov 13, 2024
Cherry-pick the following change to populate oauth metadata once on initialization using Sync.Do ca04314 Tested locally using uctl-admin and fetched projects calling into admin which exercises the auth flow https://buildkite.com/unionai/org-staging-sync/builds/3541 Rollout to all canary and then prod tenants - [x] To be upstreamed to OSS *TODO: Link Linear issue(s) using [magic words](https://linear.app/docs/github#magic-words). `fixes` will move to merged status, while `ref` will only link the PR.* * [ ] Added tests * [ ] Ran a deploy dry run and shared the terraform plan * [ ] Added logging and metrics * [ ] Updated [dashboards](https://unionai.grafana.net/dashboards) and [alerts](https://unionai.grafana.net/alerting/list) * [ ] Updated documentation
pmahindrakar-oss
added a commit
that referenced
this pull request
Nov 13, 2024
Cherry-pick the following change to populate oauth metadata once on initialization using Sync.Do ca04314 Tested locally using uctl-admin and fetched projects calling into admin which exercises the auth flow https://buildkite.com/unionai/org-staging-sync/builds/3541 Rollout to all canary and then prod tenants - [x] To be upstreamed to OSS *TODO: Link Linear issue(s) using [magic words](https://linear.app/docs/github#magic-words). `fixes` will move to merged status, while `ref` will only link the PR.* * [ ] Added tests * [ ] Ran a deploy dry run and shared the terraform plan * [ ] Added logging and metrics * [ ] Updated [dashboards](https://unionai.grafana.net/dashboards) and [alerts](https://unionai.grafana.net/alerting/list) * [ ] Updated documentation Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
pmahindrakar-oss
added a commit
that referenced
this pull request
Nov 14, 2024
…ource (#6001) * Auth/prevent lookup per call (#5686) (#555) Cherry-pick the following change to populate oauth metadata once on initialization using Sync.Do ca04314 Tested locally using uctl-admin and fetched projects calling into admin which exercises the auth flow https://buildkite.com/unionai/org-staging-sync/builds/3541 Rollout to all canary and then prod tenants - [x] To be upstreamed to OSS *TODO: Link Linear issue(s) using [magic words](https://linear.app/docs/github#magic-words). `fixes` will move to merged status, while `ref` will only link the PR.* * [ ] Added tests * [ ] Ran a deploy dry run and shared the terraform plan * [ ] Added logging and metrics * [ ] Updated [dashboards](https://unionai.grafana.net/dashboards) and [alerts](https://unionai.grafana.net/alerting/list) * [ ] Updated documentation Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com> * [COR-1114] Fix token validity check logic to use exp field in access token (#330) * Add logs for token * add logs * Fixing the validity check logic for token * nit * nit * Adding in memory token source provider * nit * changed Valid method to log and ignore parseDateClaim error * nit * Fix unit tests * lint * fix unit tests Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com> * remove debug logs Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com> --------- Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
This was referenced Feb 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tracking issue
#5606
Why are the changes needed?
Clients configured with client credentials secret were calling Admin's auth metadata endpoints for every call. This moves the initialization of all that above the interceptor.
What changes were proposed in this pull request?
configcommand disable the flyte client.How was this patch tested?
Tested by running locally and hitting our development deployment with client secret.
Setup process
Screenshots
Check all the applicable boxes
Related PRs
Docs link