From 406a1b3eebe07fb21114afb69870a97505e47299 Mon Sep 17 00:00:00 2001 From: franco-bocci Date: Tue, 21 Mar 2023 10:50:39 +0100 Subject: [PATCH 1/4] Pass locally defined scopes to ClientCredentialsAuthenticator Signed-off-by: franco-bocci --- flytekit/clients/auth/authenticator.py | 4 +++- flytekit/clients/auth_helper.py | 1 + .../unit/clients/auth/test_authenticator.py | 21 ++++++++++++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/flytekit/clients/auth/authenticator.py b/flytekit/clients/auth/authenticator.py index 183c1787cd..aa19f2d1d1 100644 --- a/flytekit/clients/auth/authenticator.py +++ b/flytekit/clients/auth/authenticator.py @@ -164,12 +164,14 @@ def __init__( client_secret: str, cfg_store: ClientConfigStore, header_key: str = None, + scopes: typing.List[str] = None, ): if not client_id or not client_secret: raise ValueError("Client ID and Client SECRET both are required.") cfg = cfg_store.get_client_config() self._token_endpoint = cfg.token_endpoint - self._scopes = cfg.scopes + # Use scopes from `flytekit.configuration.PlatformConfig` if passed + self._scopes = scopes or cfg.scopes self._client_id = client_id self._client_secret = client_secret super().__init__(endpoint, cfg.header_key or header_key) diff --git a/flytekit/clients/auth_helper.py b/flytekit/clients/auth_helper.py index 41fc5c025f..3a5464fd6e 100644 --- a/flytekit/clients/auth_helper.py +++ b/flytekit/clients/auth_helper.py @@ -69,6 +69,7 @@ def get_authenticator(cfg: PlatformConfig, cfg_store: ClientConfigStore) -> Auth client_id=cfg.client_id, client_secret=cfg.client_credentials_secret, cfg_store=cfg_store, + scopes=cfg.scopes, ) elif cfg_auth == AuthType.EXTERNAL_PROCESS or cfg_auth == AuthType.EXTERNALCOMMAND: client_cfg = None diff --git a/tests/flytekit/unit/clients/auth/test_authenticator.py b/tests/flytekit/unit/clients/auth/test_authenticator.py index 4c968cf0bd..52aadf4ccc 100644 --- a/tests/flytekit/unit/clients/auth/test_authenticator.py +++ b/tests/flytekit/unit/clients/auth/test_authenticator.py @@ -82,7 +82,7 @@ def test_get_token(mock_requests): @patch("flytekit.clients.auth.authenticator.requests") -def test_client_creds_authenticator(mock_requests): +def test_client_creds_authenticator_without_custom_scopes(mock_requests): authn = ClientCredentialsAuthenticator( ENDPOINT, client_id="client", client_secret="secret", cfg_store=static_cfg_store ) @@ -92,4 +92,23 @@ def test_client_creds_authenticator(mock_requests): response.json.return_value = json.loads("""{"access_token": "abc", "expires_in": 60}""") mock_requests.post.return_value = response authn.refresh_credentials() + expected_scopes = static_cfg_store.get_client_config().scopes + + assert authn._creds + assert authn._scopes == expected_scopes + + +@patch("flytekit.clients.auth.authenticator.requests") +def test_client_creds_authenticator_with_custom_scopes(mock_requests): + expected_scopes = ["foo", "baz"] + authn = ClientCredentialsAuthenticator( + ENDPOINT, client_id="client", client_secret="secret", cfg_store=static_cfg_store, scopes=expected_scopes, + ) + response = MagicMock() + response.status_code = 200 + response.json.return_value = json.loads("""{"access_token": "abc", "expires_in": 60}""") + mock_requests.post.return_value = response + authn.refresh_credentials() + assert authn._creds + assert authn._scopes == expected_scopes From 6460bdb5ff381b4ad608191dc5c390f5f24f45da Mon Sep 17 00:00:00 2001 From: franco-bocci Date: Wed, 22 Mar 2023 09:39:20 +0100 Subject: [PATCH 2/4] Fix linting error Signed-off-by: franco-bocci --- tests/flytekit/unit/clients/auth/test_authenticator.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/flytekit/unit/clients/auth/test_authenticator.py b/tests/flytekit/unit/clients/auth/test_authenticator.py index 52aadf4ccc..5c1586970a 100644 --- a/tests/flytekit/unit/clients/auth/test_authenticator.py +++ b/tests/flytekit/unit/clients/auth/test_authenticator.py @@ -102,7 +102,11 @@ def test_client_creds_authenticator_without_custom_scopes(mock_requests): def test_client_creds_authenticator_with_custom_scopes(mock_requests): expected_scopes = ["foo", "baz"] authn = ClientCredentialsAuthenticator( - ENDPOINT, client_id="client", client_secret="secret", cfg_store=static_cfg_store, scopes=expected_scopes, + ENDPOINT, + client_id="client", + client_secret="secret", + cfg_store=static_cfg_store, + scopes=expected_scopes, ) response = MagicMock() response.status_code = 200 From ca74396b8346c922c3ae8268b95a3775dd0dad71 Mon Sep 17 00:00:00 2001 From: Franco Bocci <121866694+franco-bocci@users.noreply.github.com> Date: Thu, 23 Mar 2023 08:58:37 +0100 Subject: [PATCH 3/4] Update flytekit/clients/auth/authenticator.py Co-authored-by: Ketan Umare <16888709+kumare3@users.noreply.github.com> Signed-off-by: franco-bocci --- flytekit/clients/auth/authenticator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flytekit/clients/auth/authenticator.py b/flytekit/clients/auth/authenticator.py index aa19f2d1d1..6ee29306f4 100644 --- a/flytekit/clients/auth/authenticator.py +++ b/flytekit/clients/auth/authenticator.py @@ -164,7 +164,7 @@ def __init__( client_secret: str, cfg_store: ClientConfigStore, header_key: str = None, - scopes: typing.List[str] = None, + scopes: typing.Optional[typing.List[str]] = None, ): if not client_id or not client_secret: raise ValueError("Client ID and Client SECRET both are required.") From ba5c4ff2223f2e43cbafdf43b629e238b74c921a Mon Sep 17 00:00:00 2001 From: franco-bocci Date: Thu, 23 Mar 2023 08:59:44 +0100 Subject: [PATCH 4/4] Fix type hint for optional string argument Signed-off-by: franco-bocci --- flytekit/clients/auth/authenticator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flytekit/clients/auth/authenticator.py b/flytekit/clients/auth/authenticator.py index 6ee29306f4..1fe0d9711c 100644 --- a/flytekit/clients/auth/authenticator.py +++ b/flytekit/clients/auth/authenticator.py @@ -163,7 +163,7 @@ def __init__( client_id: str, client_secret: str, cfg_store: ClientConfigStore, - header_key: str = None, + header_key: typing.Optional[str] = None, scopes: typing.Optional[typing.List[str]] = None, ): if not client_id or not client_secret: