-
Notifications
You must be signed in to change notification settings - Fork 300
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for keyring errors when initializing Flyte for_sandbox config client #2962
base: master
Are you sure you want to change the base?
Conversation
…ent (needs verification) Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Thank you for opening this pull request! 🙌 These tips will help get your PR across the finish line:
|
Signed-off-by: taieeuu <[email protected]>
if e.code() == grpc.StatusCode.UNAUTHENTICATED or e.code() == grpc.StatusCode.UNKNOWN: | ||
self._authenticator.refresh_credentials() | ||
updated_call_details = self._call_details_with_auth_metadata(client_call_details) | ||
return continuation(updated_call_details, request) | ||
return self._handle_unauthenticated_error(fut, client_call_details, request) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add comments about response 401...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this log provided by @Tom-Newton can help.
tomnewton@ben-nevis:~/WayveCode/wayve/ai/nvs/services/workflow$ python /home/tomnewton/Documents/reproduce_key_vault_error.py
/usr/lib/python3/dist-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
╭──────────────────────────────────────────────────────────────────────────────────────────────────────────── Traceback (most recent call last) ─────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ /home/tomnewton/Documents/reproduce_key_vault_error.py:6 in <module> │
│ │
│ ❱ 6 remote.client │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/remote/remote.py:205 in client │
│ │
│ ❱ 205 │ │ │ self._client = SynchronousFlyteClient(self.config.platform, **self._kwargs) │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/raw.py:44 in __init__ │
│ │
│ ❱ 44 │ │ self._channel = wrap_exceptions_channel(cfg, upgrade_channel_to_authenticated(cf │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth_helper.py:111 in upgrade_channel_to_authenticated │
│ │
│ ❱ 111 │ authenticator = get_authenticator(cfg, RemoteClientConfigStore(in_channel)) │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth_helper.py:69 in get_authenticator │
│ │
│ ❱ 69 │ │ return PKCEAuthenticator(cfg.endpoint, cfg_store, verify=verify) │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth/authenticator.py:102 in __init__ │
│ │
│ ❱ 102 │ │ super().__init__(endpoint, header_key, KeyringStore.retrieve(endpoint), verify=v │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/flytekit/clients/auth/keyring.py:49 in retrieve │
│ │
│ ❱ 49 │ │ │ refresh_token = _keyring.get_password(for_endpoint, KeyringStore._refresh_to │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/core.py:55 in get_password │
│ │
│ ❱ 55 │ return get_keyring().get_password(service_name, username) │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/chainer.py:49 in get_password │
│ │
│ ❱ 49 │ │ │ password = keyring.get_password(service, username) │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/SecretService.py:78 in get_password │
│ │
│ ❱ 78 │ │ collection = self.get_preferred_collection() │
│ │
│ /home/tomnewton/.local/lib/python3.8/site-packages/keyring/backends/SecretService.py:67 in get_preferred_collection │
│ │
│ ❱ 67 │ │ │ │ raise KeyringLocked("Failed to unlock the collection!") │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
KeyringLocked: Failed to unlock the collection!
I just tested a couple of scenarios where I previously had problems and it seems to be working now. Thanks for working on this 🙌. |
Signed-off-by: taieeuu <[email protected]>
try: | ||
if isinstance(self._authenticator, Authenticator) and not isinstance( | ||
self._authenticator, PKCEAuthenticator | ||
): | ||
logging.info("Current authenticator is 'None', switching to PKCEAuthenticator") | ||
|
||
from flytekit.clients.auth.authenticator import PKCEAuthenticator | ||
from flytekit.clients.auth_helper import get_session | ||
|
||
session = get_session(self._cfg) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we move import under try: ...
?
why this work for Newton?
this shouldn't work.
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2962 +/- ##
==========================================
- Coverage 81.40% 76.14% -5.26%
==========================================
Files 200 201 +1
Lines 21012 21287 +275
Branches 2707 2736 +29
==========================================
- Hits 17104 16209 -895
- Misses 3151 4277 +1126
- Partials 757 801 +44 ☔ View full report in Codecov by Sentry. |
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Signed-off-by: taieeuu <[email protected]>
Fix for keyring errors when initializing Flyte for_sandbox config client (needs verification)
Tracking issue
flyteorg/flyte#4354
What changes were proposed in this pull request?
First, I started by analyzing the issue reporter's code and modified the Config.for_sandbox() method to add a new value AuthType.No_Auth to auth_mode. Additionally, I updated the AuthUnaryInterceptor class to handle gRPC responses. If a 401 error (i.e., grpc.StatusCode.UNAUTHENTICATED) is encountered, it will trigger the creation of a PKCE authenticator.
How was this patch tested?
I am having difficulty replicating the issue reporter's environment, as it seems to require a public domain setup and GNOME keyring installed. However, I followed the suggestions from the discussion forum and implemented this fix.
Check all the applicable boxes