Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pass token outside of SDK for server-to-server case #3363

Merged
merged 6 commits into from
Mar 30, 2020
Merged

pass token outside of SDK for server-to-server case #3363

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
045f126
pass token outside of SDK for server-to-server case
Mar 25, 2020
6cb6571
Merge branch 'master' into sdk_cf_gsa
rmgogogo Mar 25, 2020
aea37a0
add more docs
Mar 26, 2020
e3f490c
syncmerge
Mar 26, 2020
492f540
fix merge issue
Mar 27, 2020
8eb2517
fix merge issue
Mar 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions sdk/python/kfp/_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ class Client(object):
KUBE_PROXY_PATH = 'api/v1/namespaces/{}/services/ml-pipeline:http/proxy/'

# TODO: Wrap the configurations for different authentication methods.
def __init__(self, host=None, client_id=None, namespace='kubeflow', other_client_id=None, other_client_secret=None):
def __init__(self, host=None, client_id=None, namespace='kubeflow', other_client_id=None, other_client_secret=None, other_token=None):
"""Create a new instance of kfp client.

Args:
Expand All @@ -99,10 +99,11 @@ def __init__(self, host=None, client_id=None, namespace='kubeflow', other_client
other_client_id: The client ID used to obtain the auth codes and refresh tokens.
Reference: https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app.
other_client_secret: The client secret used to obtain the auth codes and refresh tokens.
other_token: pass in token directly, it's used for cases better get token outside of SDK, e.x. GCP Cloud Functions.
"""
host = host or os.environ.get(KF_PIPELINES_ENDPOINT_ENV)
self._uihost = os.environ.get(KF_PIPELINES_UI_ENDPOINT_ENV, host)
config = self._load_config(host, client_id, namespace, other_client_id, other_client_secret)
config = self._load_config(host, client_id, namespace, other_client_id, other_client_secret, other_token)
api_client = kfp_server_api.api_client.ApiClient(config)
_add_generated_apis(self, kfp_server_api, api_client)
self._job_api = kfp_server_api.api.job_service_api.JobServiceApi(api_client)
Expand All @@ -111,7 +112,7 @@ def __init__(self, host=None, client_id=None, namespace='kubeflow', other_client
self._pipelines_api = kfp_server_api.api.pipeline_service_api.PipelineServiceApi(api_client)
self._upload_api = kfp_server_api.api.PipelineUploadServiceApi(api_client)

def _load_config(self, host, client_id, namespace, other_client_id, other_client_secret):
def _load_config(self, host, client_id, namespace, other_client_id, other_client_secret, other_token):
config = kfp_server_api.configuration.Configuration()

host = host or ''
Expand All @@ -125,7 +126,9 @@ def _load_config(self, host, client_id, namespace, other_client_id, other_client

# Obtain the tokens if it is IAP or inverse proxy.
# client_id is only used for IAP, so when the value is provided, we assume it's IAP.
if client_id:
if other_token:
token = other_token
elif client_id:
token = get_auth_token(client_id, other_client_id, other_client_secret)
elif self._is_inverse_proxy_host(host):
token = get_gcp_access_token()
Expand Down