Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deduce proxy type from the presence of client_id #3003

Merged
merged 4 commits into from
Feb 10, 2020
Merged

Deduce proxy type from the presence of client_id #3003

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
964d13c
Deduce proxy type from presence of client_id
chensun Feb 6, 2020
e3a48f5
handle error in get_gcp_access_token()
chensun Feb 8, 2020
b16e0be
Merge branch 'master' into proxy
chensun Feb 8, 2020
2f51b28
restore the logic to detect inverse proxy host
chensun Feb 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions sdk/python/kfp/_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,14 @@ def get_gcp_access_token():
Credentials. If not set, returns None. For more information, see
https://cloud.google.com/sdk/gcloud/reference/auth/application-default/print-access-token
"""
token = None
args = ['gcloud', 'auth', 'print-access-token']
# Casting to string to accommodate API server request schema.
return subprocess.check_output(args).rstrip().decode("utf-8")
try:
# Casting to string to accommodate API server request schema.
token = subprocess.check_output(args).rstrip().decode("utf-8")
except subprocess.CalledProcessError as e:
logging.warning('Failed to get GCP access token: %s', e)
return token

def get_auth_token(client_id, other_client_id, other_client_secret):
"""Gets auth token from default service account or user account."""
Expand Down
16 changes: 5 additions & 11 deletions sdk/python/kfp/_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,11 +116,12 @@ def _load_config(self, host, client_id, namespace, other_client_id, other_client

token = None

# Obtain the tokens if it is inverse proxy or IAP.
if self._is_inverse_proxy_host(host):
token = get_gcp_access_token()
if self._is_iap_host(host,client_id):
# Obtain the tokens if it is IAP or inverse proxy.
# client_id is only used for IAP, so when the value is provided, we assume it's IAP.
if client_id:
token = get_auth_token(client_id, other_client_id, other_client_secret)
elif self._is_inverse_proxy_host(host):
token = get_gcp_access_token()

if token:
config.api_key['authorization'] = token
Expand Down Expand Up @@ -153,13 +154,6 @@ def _load_config(self, host, client_id, namespace, other_client_id, other_client
config.host = config.host + '/' + Client.KUBE_PROXY_PATH.format(namespace)
return config

def _is_iap_host(self, host, client_id):
if host and client_id:
if re.match(r'\S+.endpoints.\S+.cloud.goog/{0,1}$', host):
warnings.warn('Suffix /pipeline is not ignorable for IAP host.')
return re.match(r'\S+.endpoints.\S+.cloud.goog/pipeline', host)
return False

def _is_inverse_proxy_host(self, host):
if host:
return re.match(r'\S+.googleusercontent.com/{0,1}$', host)
Expand Down