Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure token is refreshed on Unauthenticated #5388

Merged
merged 8 commits into from
May 20, 2024
Merged

Ensure token is refreshed on Unauthenticated #5388

merged 8 commits into from
May 20, 2024

Conversation

pmahindrakar-oss
Copy link
Contributor

Tracking issue

#5387

Why are the changes needed?

Fix the unsafe threading behavior of multiple parallel client api trying to get tokens

What changes were proposed in this pull request?

Adding condition variables and mutex locks to serialize the calls

How was this patch tested?

Tested this on internal tenant by sending multiple parallel client requests and verified no issue were observed

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

@codecov Codecov
Copy link

codecov bot commented May 17, 2024
edited

Codecov Report

Attention: Patch coverage is 36.00000% with 48 lines in your changes are missing coverage. Please review.

Project coverage is 61.07%. Comparing base (2f1f813) to head (dd47b45).

Files Patch % Lines
flytectl/pkg/pkce/token_cache_keyring.go 6.89% 27 Missing ⚠️
flyteidl/clients/go/admin/auth_interceptor.go 48.27% 10 Missing and 5 partials ⚠️
...admin/tokenorchestrator/base_token_orchestrator.go 55.55% 2 Missing and 2 partials ⚠️
flyteidl/clients/go/admin/token_source_provider.go 33.33% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5388      +/-   ##
==========================================
- Coverage   61.08%   61.07%   -0.02%     
==========================================
  Files         793      793              
  Lines       51156    51210      +54     
==========================================
+ Hits        31251    31275      +24     
- Misses      17033    17059      +26     
- Partials     2872     2876       +4
Flag Coverage Δ
unittests-datacatalog 69.31% <ø> (ø)
unittests-flyteadmin 58.90% <ø> (+0.04%) ⬆️
unittests-flytecopilot 17.79% <ø> (ø)
unittests-flytectl 67.98% <18.18%> (-0.34%) ⬇️
unittests-flyteidl 79.04% <50.00%> (-0.26%) ⬇️
unittests-flyteplugins 61.94% <ø> (ø)
unittests-flytepropeller 57.32% <ø> (ø)
unittests-flytestdlib 65.75% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pmahindrakar-oss pmahindrakar-oss force-pushed the upstream-auth-token-cache-issue branch 3 times, most recently from 111ee95 to 8d6e360 Compare May 20, 2024 15:09
eapolinario
eapolinario reviewed May 20, 2024
View reviewed changes
flytectl/go.mod Outdated Show resolved Hide resolved
eapolinario
eapolinario previously approved these changes May 20, 2024
View reviewed changes
@pmahindrakar-oss
Ensure token is refreshed on Unauthenticated
8fafb40 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
Using condition broadcast
e95cc21 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
fix unit tests
4bc1bcb 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
nit
4248274 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
nit
7bbca78 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
nit
2579d20 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
fix go mod entries in flytectl
efcbdc1 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss
adding a log line when materializing creds
dd47b45 
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
@pmahindrakar-oss pmahindrakar-oss force-pushed the upstream-auth-token-cache-issue branch from 513b12b to dd47b45 Compare May 20, 2024 17:31
@pmahindrakar-oss pmahindrakar-oss enabled auto-merge (squash) May 20, 2024 17:52
@eapolinario
Copy link
Contributor

The docs failures are unrelated.

@eapolinario eapolinario merged commit 1384b32 into master May 20, 2024
47 of 50 checks passed
@eapolinario eapolinario deleted the upstream-auth-token-cache-issue branch May 20, 2024 18:02
@eapolinario
Copy link
Contributor

eapolinario commented May 21, 2024
edited

@pmahindrakar-oss , can you also revert this one?

edit: I clicked the revert button on github. 😂

eapolinario added a commit that referenced this pull request May 21, 2024
@eapolinario
Revert "Ensure token is refreshed on Unauthenticated (#5388)"
796cfee 
This reverts commit 1384b32.
@eapolinario eapolinario mentioned this pull request May 21, 2024
Merged
eapolinario added a commit that referenced this pull request May 21, 2024
@eapolinario
Revert "Ensure token is refreshed on Unauthenticated (#5388)" (#5404)
7d2f0d0 
This reverts commit 1384b32.
pmahindrakar-oss added a commit that referenced this pull request May 22, 2024
@pmahindrakar-oss
Revert "Revert "Ensure token is refreshed on Unauthenticated (#5388)" (
45c3db5 
…#5404)"

This reverts commit 7d2f0d0.
pmahindrakar-oss added a commit that referenced this pull request May 23, 2024
@pmahindrakar-oss
Revert "Revert "Ensure token is refreshed on Unauthenticated (#5388)" (
e7714c7 
…#5404)"

This reverts commit 7d2f0d0.

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
pmahindrakar-oss added a commit that referenced this pull request May 31, 2024
@pmahindrakar-oss
Revert "Revert "Ensure token is refreshed on Unauthenticated (#5388)" (
a13f698 
…#5404)"

This reverts commit 7d2f0d0.

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
eapolinario added a commit that referenced this pull request May 31, 2024
@pmahindrakar-oss @EraYaN
@Sovietaced @MortalHappiness @samhita-alla @eapolinario
Upstream revert revert auth token fix (#5407)
f08eb47 
* Revert "Revert "Ensure token is refreshed on Unauthenticated (#5388)" (#5404)"

This reverts commit 7d2f0d0.

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* Using same mutex for condition variable

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* Lock the locker in the wait to adher to cond.Wait() semantics

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* comments

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* using noop locker as waitlist add is atomic operation

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* Replace Azure AD OIDC URL with correct one (#4075)

Signed-off-by: Erwin de Haan <erwin.de.haan@calcasa.nl>
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* Update the example Dockerfile to run on k8s (#5412)

Signed-off-by: Jason Parraga <sovietaced@gmail.com>
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* docs(kubeflow): Fix kubeflow webhook error (#5410)

Signed-off-by: Chi-Sheng Liu <chishengliu@chishengliu.com>
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* update flytekit version to 1.12.1b2 in monodocs requirements (#5411)

Signed-off-by: Samhita Alla <aallasamhita@gmail.com>
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* Add supported task types to agent service config and rename (#5402)

Signed-off-by: Jason Parraga <sovietaced@gmail.com>
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* update lock file (#5416)

Signed-off-by: Samhita Alla <aallasamhita@gmail.com>
Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* [monorepo] Fix flytectl install script (#5405)

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* bring in changes for flytecl keyring from PR flytectl/pull/488

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* typo fix

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

---------

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
Signed-off-by: Erwin de Haan <erwin.de.haan@calcasa.nl>
Signed-off-by: Jason Parraga <sovietaced@gmail.com>
Signed-off-by: Chi-Sheng Liu <chishengliu@chishengliu.com>
Signed-off-by: Samhita Alla <aallasamhita@gmail.com>
Co-authored-by: Erwin de Haan <1627021+EraYaN@users.noreply.github.com>
Co-authored-by: Jason Parraga <Sovietaced@gmail.com>
Co-authored-by: Chi-Sheng Liu <chishengliu@chishengliu.com>
Co-authored-by: Samhita Alla <aallasamhita@gmail.com>
Co-authored-by: Eduardo Apolinario <653394+eapolinario@users.noreply.github.com>
@Sovietaced
Copy link
Contributor

Why change the interface instead of just making the implementation thread safe?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eapolinario eapolinario eapolinario approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pmahindrakar-oss @eapolinario @Sovietaced