Use TokenCache in ClientCredentialsTokenSourceProvider #377

andrewwdye · 2023-03-03T06:48:59Z

TL;DR

Modify ClientCredentialsTokenSourceProvider and customTokenSource to use TokenCache so that valid tokens can be reused across TokenSourceProvider instances. This is consistent with other providers.

I considered refactoring FetchTokenFromCacheOrRefreshIt to share the implementation between client credentials and pkce tokens, but there are a few subtle differences between these token types that would have complicated this logic. Instead I kept the refresh logic the separate, as it is today.

Type

Bug Fix
Feature
Plugin

Are all requirements met?

Complete description

Replaced the existing oauth2.Token instance in customerTokenSource with a reference to the TokenCache originally passed to NewTokenSourceProvider. Overall logic stays the same. If we fail to save a new token to the cache we will warn but continue.

Tracking Issue

NA

Follow-up issue

NA

Signed-off-by: Andrew Dye <[email protected]>

codecov · 2023-03-03T08:25:17Z

Codecov Report

Merging #377 (154325b) into master (3674402) will increase coverage by 4.86%.
The diff coverage is 89.47%.

❗ Current head 154325b differs from pull request most recent head 10a894c. Consider uploading reports for the commit 10a894c to get more accurate results

@@            Coverage Diff             @@
##           master     #377      +/-   ##
==========================================
+ Coverage   74.14%   79.00%   +4.86%     
==========================================
  Files          18       18              
  Lines        1400     1224     -176     
==========================================
- Hits         1038      967      -71     
+ Misses        311      205     -106     
- Partials       51       52       +1

Flag	Coverage Δ
unittests	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
clients/go/admin/token_source_provider.go	`60.60% <89.47%> (+24.65%)`	⬆️
clients/go/admin/pkce/auth_flow_orchestrator.go	`63.04% <0.00%> (-1.96%)`	⬇️
clients/go/admin/pkce/handle_app_call_back.go	`93.93% <0.00%> (-0.94%)`	⬇️
clients/go/admin/client.go	`86.91% <0.00%> (-0.31%)`	⬇️
clients/go/admin/config.go	`50.00% <0.00%> (ø)`
clients/go/admin/cert_loader.go	`100.00% <0.00%> (ø)`
clients/go/admin/atomic_credentials.go	`100.00% <0.00%> (ø)`
clients/go/admin/pkce/oauth2_client.go	`61.11% <0.00%> (+0.24%)`	⬆️
clients/go/coreutils/literals.go	`93.64% <0.00%> (+1.48%)`	⬆️
clients/go/admin/client_builder.go	`73.68% <0.00%> (+2.25%)`	⬆️
... and 9 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

Signed-off-by: Andrew Dye <[email protected]>

* added dynamic_job_spec_uri to dynamic workflow metadata and node execution closure (#360) Signed-off-by: Daniel Rammer <[email protected]> * Use TokenCache in ClientCredentialsTokenSourceProvider (#377) * Init customTokenSource.refreshTime (#381) Signed-off-by: Andrew Dye <[email protected]> * added DataLoadingConfig to K8sPod message (#368) Signed-off-by: Daniel Rammer <[email protected]> * Add Reasons field to TaskExecutionClosure to track time-series of reasons (#382) * added a time-series of reasons to the TaskExecution closure Signed-off-by: Daniel Rammer <[email protected]> * added docs Signed-off-by: Daniel Rammer <[email protected]> * actually finishing docs too Signed-off-by: Daniel Rammer <[email protected]> --------- Signed-off-by: Daniel Rammer <[email protected]> * Create service for runtime metrics (#367) * added span messages Signed-off-by: Daniel Rammer <[email protected]> * added endpoints to service Signed-off-by: Daniel Rammer <[email protected]> * generated mocks Signed-off-by: Daniel Rammer <[email protected]> * removed get task execution metrics rpc Signed-off-by: Daniel Rammer <[email protected]> * added EXECUTION_IDLE category Signed-off-by: Daniel Rammer <[email protected]> * updated PLUGIN_EXECUTION to PLUGIN_RUNTIME Signed-off-by: Daniel Rammer <[email protected]> * removed recorded_at on workflow and node level events Signed-off-by: Daniel Rammer <[email protected]> * added docs for task event reported_at field Signed-off-by: Daniel Rammer <[email protected]> * removed GetNodeExecutionMetrics endpoint - will implement later if necessary Signed-off-by: Daniel Rammer <[email protected]> * updated docs Signed-off-by: Daniel Rammer <[email protected]> * added reported_at for node execution events Signed-off-by: Daniel Rammer <[email protected]> * fixed typo Signed-off-by: Daniel Rammer <[email protected]> * fixed typos and removed dead code Signed-off-by: Daniel Rammer <[email protected]> * updated categories Signed-off-by: Daniel Rammer <[email protected]> * added workflow setup and teardown categories Signed-off-by: Daniel Rammer <[email protected]> * simplified span message and moved to flyteidl.core Signed-off-by: Daniel Rammer <[email protected]> --------- Signed-off-by: Daniel Rammer <[email protected]> * Remove misleading token refresh logic from client credentials token source provider (#383) * Out of core plugin (#378) * Add backend plugin system service Signed-off-by: Kevin Su <[email protected]> * Add backend plugin system service Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * update state Signed-off-by: Kevin Su <[email protected]> * update state Signed-off-by: Kevin Su <[email protected]> * dics Signed-off-by: Kevin Su <[email protected]> * Remove output prefix from get request Signed-off-by: Kevin Su <[email protected]> * update Signed-off-by: Kevin Su <[email protected]> * remove prev state Signed-off-by: Kevin Su <[email protected]> * update proto Signed-off-by: Kevin Su <[email protected]> * remove error message Signed-off-by: Kevin Su <[email protected]> * update comment Signed-off-by: Kevin Su <[email protected]> * make generate Signed-off-by: Kevin Su <[email protected]> * Rename the service Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> --------- Signed-off-by: Kevin Su <[email protected]> * Feat: Add `ElasticConfig` message type for torch elastic training (#394) * Add elastic config args to pytorch proto Signed-off-by: Fabio Graetz <[email protected]> * Add elastic config message type for torchrun training Signed-off-by: Fabio Graetz <[email protected]> --------- Signed-off-by: Fabio Graetz <[email protected]> Co-authored-by: Fabio Grätz <[email protected]> Co-authored-by: Ketan Umare <[email protected]> * Retract 1.4.x (#397) Signed-off-by: eduardo apolinario <[email protected]> Co-authored-by: eduardo apolinario <[email protected]> * Data addresses #minor (#391) Signed-off-by: Yee Hing Tong <[email protected]> * Refactor kf-operator plugins configs and support setting different specs for different replica groups (#386) * refactor kubeflow operators proto Signed-off-by: Yubo Wang <[email protected]> * add back the original proto for backward compatible Signed-off-by: Yubo Wang <[email protected]> * clean up comments Signed-off-by: Yubo Wang <[email protected]> * add kubeflow.rs Signed-off-by: Yubo Wang <[email protected]> * add elastic config Signed-off-by: Yubo Wang <[email protected]> * add command to MPI Signed-off-by: Yubo Wang <[email protected]> * add slots and command to mpi spec Signed-off-by: Yubo Wang <[email protected]> --------- Signed-off-by: Yubo Wang <[email protected]> Co-authored-by: Yubo Wang <[email protected]> * add user_identifier (#388) Signed-off-by: byhsu <[email protected]> Signed-off-by: eduardo apolinario <[email protected]> Co-authored-by: byhsu <[email protected]> Co-authored-by: eduardo apolinario <[email protected]> * Add envs to execution spec (#400) Signed-off-by: Kevin Su <[email protected]> * Support union and none type in flyteidl (#401) * add support for Union Scalar Signed-off-by: Yubo Wang <[email protected]> * support union type and literals Signed-off-by: Yubo Wang <[email protected]> * change union type extraction Signed-off-by: Yubo Wang <[email protected]> --------- Signed-off-by: Yubo Wang <[email protected]> Co-authored-by: Yubo Wang <[email protected]> Co-authored-by: Kevin Su <[email protected]> * Rename user_identity to execution_identity (#402) Signed-off-by: byhsu <[email protected]> Co-authored-by: byhsu <[email protected]> * make generate Signed-off-by: eduardo apolinario <[email protected]> * Revert "Support union and none type in flyteidl (#401)" This reverts commit 3284f61. Signed-off-by: Eduardo Apolinario <[email protected]> * We should not update flyteidl version in backend components in the case of this branch Signed-off-by: eduardo apolinario <[email protected]> --------- Signed-off-by: Daniel Rammer <[email protected]> Signed-off-by: Andrew Dye <[email protected]> Signed-off-by: Kevin Su <[email protected]> Signed-off-by: Fabio Graetz <[email protected]> Signed-off-by: eduardo apolinario <[email protected]> Signed-off-by: Yee Hing Tong <[email protected]> Signed-off-by: Yubo Wang <[email protected]> Signed-off-by: byhsu <[email protected]> Signed-off-by: Eduardo Apolinario <[email protected]> Co-authored-by: Dan Rammer <[email protected]> Co-authored-by: Andrew Dye <[email protected]> Co-authored-by: Kevin Su <[email protected]> Co-authored-by: Fabio M. Graetz, Ph.D <[email protected]> Co-authored-by: Fabio Grätz <[email protected]> Co-authored-by: Ketan Umare <[email protected]> Co-authored-by: eduardo apolinario <[email protected]> Co-authored-by: Yee Hing Tong <[email protected]> Co-authored-by: Yubo Wang <[email protected]> Co-authored-by: Yubo Wang <[email protected]> Co-authored-by: ByronHsu <[email protected]> Co-authored-by: byhsu <[email protected]>

* Adding support for structured dataset (#369) Signed-off-by: pmahindrakar-oss <[email protected]> * added dynamic_job_spec_uri to dynamic workflow metadata and node execution closure (#360) Signed-off-by: Daniel Rammer <[email protected]> * Use TokenCache in ClientCredentialsTokenSourceProvider (#377) * Init customTokenSource.refreshTime (#381) Signed-off-by: Andrew Dye <[email protected]> * added DataLoadingConfig to K8sPod message (#368) Signed-off-by: Daniel Rammer <[email protected]> * Add Reasons field to TaskExecutionClosure to track time-series of reasons (#382) * added a time-series of reasons to the TaskExecution closure Signed-off-by: Daniel Rammer <[email protected]> * added docs Signed-off-by: Daniel Rammer <[email protected]> * actually finishing docs too Signed-off-by: Daniel Rammer <[email protected]> --------- Signed-off-by: Daniel Rammer <[email protected]> * Create service for runtime metrics (#367) * added span messages Signed-off-by: Daniel Rammer <[email protected]> * added endpoints to service Signed-off-by: Daniel Rammer <[email protected]> * generated mocks Signed-off-by: Daniel Rammer <[email protected]> * removed get task execution metrics rpc Signed-off-by: Daniel Rammer <[email protected]> * added EXECUTION_IDLE category Signed-off-by: Daniel Rammer <[email protected]> * updated PLUGIN_EXECUTION to PLUGIN_RUNTIME Signed-off-by: Daniel Rammer <[email protected]> * removed recorded_at on workflow and node level events Signed-off-by: Daniel Rammer <[email protected]> * added docs for task event reported_at field Signed-off-by: Daniel Rammer <[email protected]> * removed GetNodeExecutionMetrics endpoint - will implement later if necessary Signed-off-by: Daniel Rammer <[email protected]> * updated docs Signed-off-by: Daniel Rammer <[email protected]> * added reported_at for node execution events Signed-off-by: Daniel Rammer <[email protected]> * fixed typo Signed-off-by: Daniel Rammer <[email protected]> * fixed typos and removed dead code Signed-off-by: Daniel Rammer <[email protected]> * updated categories Signed-off-by: Daniel Rammer <[email protected]> * added workflow setup and teardown categories Signed-off-by: Daniel Rammer <[email protected]> * simplified span message and moved to flyteidl.core Signed-off-by: Daniel Rammer <[email protected]> --------- Signed-off-by: Daniel Rammer <[email protected]> * Remove misleading token refresh logic from client credentials token source provider (#383) * Out of core plugin (#378) * Add backend plugin system service Signed-off-by: Kevin Su <[email protected]> * Add backend plugin system service Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> * update state Signed-off-by: Kevin Su <[email protected]> * update state Signed-off-by: Kevin Su <[email protected]> * dics Signed-off-by: Kevin Su <[email protected]> * Remove output prefix from get request Signed-off-by: Kevin Su <[email protected]> * update Signed-off-by: Kevin Su <[email protected]> * remove prev state Signed-off-by: Kevin Su <[email protected]> * update proto Signed-off-by: Kevin Su <[email protected]> * remove error message Signed-off-by: Kevin Su <[email protected]> * update comment Signed-off-by: Kevin Su <[email protected]> * make generate Signed-off-by: Kevin Su <[email protected]> * Rename the service Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> --------- Signed-off-by: Kevin Su <[email protected]> * Feat: Add `ElasticConfig` message type for torch elastic training (#394) * Add elastic config args to pytorch proto Signed-off-by: Fabio Graetz <[email protected]> * Add elastic config message type for torchrun training Signed-off-by: Fabio Graetz <[email protected]> --------- Signed-off-by: Fabio Graetz <[email protected]> Co-authored-by: Fabio Grätz <[email protected]> Co-authored-by: Ketan Umare <[email protected]> * Retract 1.4.x (#397) Signed-off-by: eduardo apolinario <[email protected]> Co-authored-by: eduardo apolinario <[email protected]> * Data addresses #minor (#391) Signed-off-by: Yee Hing Tong <[email protected]> * Refactor kf-operator plugins configs and support setting different specs for different replica groups (#386) * refactor kubeflow operators proto Signed-off-by: Yubo Wang <[email protected]> * add back the original proto for backward compatible Signed-off-by: Yubo Wang <[email protected]> * clean up comments Signed-off-by: Yubo Wang <[email protected]> * add kubeflow.rs Signed-off-by: Yubo Wang <[email protected]> * add elastic config Signed-off-by: Yubo Wang <[email protected]> * add command to MPI Signed-off-by: Yubo Wang <[email protected]> * add slots and command to mpi spec Signed-off-by: Yubo Wang <[email protected]> --------- Signed-off-by: Yubo Wang <[email protected]> Co-authored-by: Yubo Wang <[email protected]> * add user_identifier (#388) Signed-off-by: byhsu <[email protected]> Signed-off-by: eduardo apolinario <[email protected]> Co-authored-by: byhsu <[email protected]> Co-authored-by: eduardo apolinario <[email protected]> * Add envs to execution spec (#400) Signed-off-by: Kevin Su <[email protected]> * Support union and none type in flyteidl (#401) * add support for Union Scalar Signed-off-by: Yubo Wang <[email protected]> * support union type and literals Signed-off-by: Yubo Wang <[email protected]> * change union type extraction Signed-off-by: Yubo Wang <[email protected]> --------- Signed-off-by: Yubo Wang <[email protected]> Co-authored-by: Yubo Wang <[email protected]> Co-authored-by: Kevin Su <[email protected]> * Rename user_identity to execution_identity (#402) Signed-off-by: byhsu <[email protected]> Co-authored-by: byhsu <[email protected]> * Single literal in GetDataResponse (#404) Signed-off-by: Yee Hing Tong <[email protected]> * Add namespace to execution system metadata (#406) Signed-off-by: Katrina Rogan <[email protected]> * Add oauth2 http proxy client (#405) Signed-off-by: byhsu <[email protected]> * Rename externalPluginService to AgentService (#410) * Rename externalPluginService to AgentService Signed-off-by: Kevin Su <[email protected]> * nit Signed-off-by: Kevin Su <[email protected]> --------- Signed-off-by: Kevin Su <[email protected]> * Add external_plugin_service proto back to the idl (#413) * Add external-plugin-service proto back to the idl Signed-off-by: Kevin Su <[email protected]> * update idl Signed-off-by: Kevin Su <[email protected]> * update idll Signed-off-by: Kevin Su <[email protected]> * update idll Signed-off-by: Kevin Su <[email protected]> * AsyncAgentService Signed-off-by: Kevin Su <[email protected]> --------- Signed-off-by: Kevin Su <[email protected]> * Rerun make generate Signed-off-by: eduardo apolinario <[email protected]> --------- Signed-off-by: pmahindrakar-oss <[email protected]> Signed-off-by: Daniel Rammer <[email protected]> Signed-off-by: Andrew Dye <[email protected]> Signed-off-by: Kevin Su <[email protected]> Signed-off-by: Fabio Graetz <[email protected]> Signed-off-by: eduardo apolinario <[email protected]> Signed-off-by: Yee Hing Tong <[email protected]> Signed-off-by: Yubo Wang <[email protected]> Signed-off-by: byhsu <[email protected]> Signed-off-by: Katrina Rogan <[email protected]> Co-authored-by: pmahindrakar-oss <[email protected]> Co-authored-by: Dan Rammer <[email protected]> Co-authored-by: Andrew Dye <[email protected]> Co-authored-by: Kevin Su <[email protected]> Co-authored-by: Fabio M. Graetz, Ph.D <[email protected]> Co-authored-by: Fabio Grätz <[email protected]> Co-authored-by: Ketan Umare <[email protected]> Co-authored-by: eduardo apolinario <[email protected]> Co-authored-by: Yee Hing Tong <[email protected]> Co-authored-by: Yubo Wang <[email protected]> Co-authored-by: Yubo Wang <[email protected]> Co-authored-by: ByronHsu <[email protected]> Co-authored-by: byhsu <[email protected]> Co-authored-by: Katrina Rogan <[email protected]>

andrewwdye added 4 commits March 2, 2023 22:37

Use TokenCache for ClientCredentialsTokenSourceProvider

a52d299

Signed-off-by: Andrew Dye <[email protected]>

Remove expecter mocks

63a4243

Signed-off-by: Andrew Dye <[email protected]>

Remove duplicate import

7c687bb

Signed-off-by: Andrew Dye <[email protected]>

Create default in-memory token cache

740e3a5

Signed-off-by: Andrew Dye <[email protected]>

andrewwdye requested review from katrogan and EngHabu March 3, 2023 06:55

Lint

aee4a77

Signed-off-by: Andrew Dye <[email protected]>

Fix mocks

10a894c

Signed-off-by: Andrew Dye <[email protected]>

andrewwdye requested a review from eapolinario March 3, 2023 19:03

katrogan approved these changes Mar 6, 2023

View reviewed changes

eapolinario approved these changes Mar 7, 2023

View reviewed changes

katrogan enabled auto-merge (squash) March 7, 2023 19:14

katrogan closed this Mar 7, 2023

auto-merge was automatically disabled March 7, 2023 19:18
Pull request was closed

katrogan reopened this Mar 7, 2023

katrogan merged commit 6ad4072 into flyteorg:master Mar 7, 2023

andrewwdye mentioned this pull request Mar 9, 2023

Init customTokenSource.refreshTime #381

Merged

8 tasks

eapolinario pushed a commit that referenced this pull request May 16, 2023

Use TokenCache in ClientCredentialsTokenSourceProvider (#377)

3f61f45

eapolinario pushed a commit that referenced this pull request Jun 27, 2023

Use TokenCache in ClientCredentialsTokenSourceProvider (#377)

5af6464

eapolinario pushed a commit that referenced this pull request Sep 8, 2023

Use TokenCache in ClientCredentialsTokenSourceProvider (#377)

a13a6f6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use TokenCache in ClientCredentialsTokenSourceProvider #377

Use TokenCache in ClientCredentialsTokenSourceProvider #377

andrewwdye commented Mar 3, 2023 •

edited

Loading

codecov bot commented Mar 3, 2023 •

edited

Loading

Use TokenCache in ClientCredentialsTokenSourceProvider #377

Use TokenCache in ClientCredentialsTokenSourceProvider #377

Conversation

andrewwdye commented Mar 3, 2023 • edited Loading

TL;DR

Type

Are all requirements met?

Complete description

Tracking Issue

Follow-up issue

codecov bot commented Mar 3, 2023 • edited Loading

Codecov Report

andrewwdye commented Mar 3, 2023 •

edited

Loading

codecov bot commented Mar 3, 2023 •

edited

Loading