-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(backend): enforce SA Token based auth b/w Persistence Agent and Pipeline API Server #9957
feat(backend): enforce SA Token based auth b/w Persistence Agent and Pipeline API Server #9957
Conversation
…l reqs Signed-off-by: Diana Atanasova <dianaa@vmware.com>
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
/retest |
Can someone help me with the failing test - |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To simplify the review process, the changes in pipelines_client.go ReadArtifact
and ReportRunMetrics
are the most meaningful ones. Here, the PA is forced to use SA Token, instead of authenticating as a user.
Seems like it could be some transient issue?
|
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
Thanks!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chensun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…Pipeline API Server (kubeflow#9957) * Enforece SA-Toben auth b/n Persistence agent & Pipeline server for all reqs Signed-off-by: Diana Atanasova <dianaa@vmware.com> * Fix persistence agent license file Signed-off-by: Diana Atanasova <dianaa@vmware.com> --------- Signed-off-by: Diana Atanasova <dianaa@vmware.com>
Fixes: #9937
Enforce Service Account(SA) Token-based auth between the Persistence Agent and the Pipeline API Server for all the requests.
SA Token auth has already been introduced and applied for
ReportWorkflow
andReportScheduledWorkflow
by this PR.Current PR enforces the SA token authentication for
readArtifacts
andReportMetrics
calls as well, which currently authenticates as a user.Description of your changes:
This PR :
Checklist: