Skip to content

Commit

Permalink
Pass locally defined scopes to RemoteClientConfigStore (#1553)
Browse files Browse the repository at this point in the history
Signed-off-by: franco-bocci <[email protected]>
  • Loading branch information
franco-bocci authored and eapolinario committed May 16, 2023
1 parent 756148b commit b22e5e3
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 3 deletions.
6 changes: 4 additions & 2 deletions flytekit/clients/auth/authenticator.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,13 +163,15 @@ def __init__(
client_id: str,
client_secret: str,
cfg_store: ClientConfigStore,
header_key: str = None,
header_key: typing.Optional[str] = None,
scopes: typing.Optional[typing.List[str]] = None,
):
if not client_id or not client_secret:
raise ValueError("Client ID and Client SECRET both are required.")
cfg = cfg_store.get_client_config()
self._token_endpoint = cfg.token_endpoint
self._scopes = cfg.scopes
# Use scopes from `flytekit.configuration.PlatformConfig` if passed
self._scopes = scopes or cfg.scopes
self._client_id = client_id
self._client_secret = client_secret
super().__init__(endpoint, cfg.header_key or header_key)
Expand Down
1 change: 1 addition & 0 deletions flytekit/clients/auth_helper.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ def get_authenticator(cfg: PlatformConfig, cfg_store: ClientConfigStore) -> Auth
client_id=cfg.client_id,
client_secret=cfg.client_credentials_secret,
cfg_store=cfg_store,
scopes=cfg.scopes,
)
elif cfg_auth == AuthType.EXTERNAL_PROCESS or cfg_auth == AuthType.EXTERNALCOMMAND:
client_cfg = None
Expand Down
25 changes: 24 additions & 1 deletion tests/flytekit/unit/clients/auth/test_authenticator.py
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ def test_get_token(mock_requests):


@patch("flytekit.clients.auth.authenticator.requests")
def test_client_creds_authenticator(mock_requests):
def test_client_creds_authenticator_without_custom_scopes(mock_requests):
authn = ClientCredentialsAuthenticator(
ENDPOINT, client_id="client", client_secret="secret", cfg_store=static_cfg_store
)
Expand All @@ -92,4 +92,27 @@ def test_client_creds_authenticator(mock_requests):
response.json.return_value = json.loads("""{"access_token": "abc", "expires_in": 60}""")
mock_requests.post.return_value = response
authn.refresh_credentials()
expected_scopes = static_cfg_store.get_client_config().scopes

assert authn._creds
assert authn._scopes == expected_scopes


@patch("flytekit.clients.auth.authenticator.requests")
def test_client_creds_authenticator_with_custom_scopes(mock_requests):
expected_scopes = ["foo", "baz"]
authn = ClientCredentialsAuthenticator(
ENDPOINT,
client_id="client",
client_secret="secret",
cfg_store=static_cfg_store,
scopes=expected_scopes,
)
response = MagicMock()
response.status_code = 200
response.json.return_value = json.loads("""{"access_token": "abc", "expires_in": 60}""")
mock_requests.post.return_value = response
authn.refresh_credentials()

assert authn._creds
assert authn._scopes == expected_scopes

0 comments on commit b22e5e3

Please sign in to comment.