From dd7a215f3c45ee39e0a4b60883e3d9baf441be23 Mon Sep 17 00:00:00 2001 From: "Thomas J. Fan" Date: Fri, 10 Jan 2025 13:13:19 -0500 Subject: [PATCH 1/3] Generate idl Signed-off-by: Thomas J. Fan --- flyteidl/clients/go/assets/admin.swagger.json | 7 +- .../gen/pb-es/flyteidl/core/security_pb.ts | 9 ++ .../gen/pb-go/flyteidl/core/security.pb.go | 138 ++++++++++-------- .../flyteidl/service/admin.swagger.json | 4 + .../flyteidl/service/agent.swagger.json | 4 + .../external_plugin_service.swagger.json | 4 + flyteidl/gen/pb-js/flyteidl.d.ts | 6 + flyteidl/gen/pb-js/flyteidl.js | 17 +++ .../pb_python/flyteidl/core/security_pb2.py | 28 ++-- .../pb_python/flyteidl/core/security_pb2.pyi | 6 +- flyteidl/gen/pb_rust/flyteidl.core.rs | 4 + flyteidl/protos/flyteidl/core/security.proto | 4 + 12 files changed, 149 insertions(+), 82 deletions(-) diff --git a/flyteidl/clients/go/assets/admin.swagger.json b/flyteidl/clients/go/assets/admin.swagger.json index 7de9f2a697..2d65830285 100644 --- a/flyteidl/clients/go/assets/admin.swagger.json +++ b/flyteidl/clients/go/assets/admin.swagger.json @@ -8009,6 +8009,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." @@ -8693,8 +8697,6 @@ "$ref": "#/definitions/coreTaskLog" }, "title": "log information for the external resource execution" -<<<<<<< HEAD -======= }, "workflow_node_metadata": { "$ref": "#/definitions/flyteidleventWorkflowNodeMetadata" @@ -8702,7 +8704,6 @@ "custom_info": { "type": "object", "title": "Extensible field for custom, plugin-specific info" ->>>>>>> 33bca79f0 (Send actor worker assignment in task events (#394)(#393)) } }, "description": "This message contains metadata about external resources produced or used by a specific task execution." diff --git a/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts b/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts index 7d1ca8bbac..c2b6d931be 100644 --- a/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts +++ b/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts @@ -55,6 +55,14 @@ export class Secret extends Message { */ mountRequirement = Secret_MountType.ANY; + /** + * env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + * then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + * + * @generated from field: string env_name = 5; + */ + envName = ""; + constructor(data?: PartialMessage) { super(); proto3.util.initPartial(data, this); @@ -67,6 +75,7 @@ export class Secret extends Message { { no: 2, name: "group_version", kind: "scalar", T: 9 /* ScalarType.STRING */ }, { no: 3, name: "key", kind: "scalar", T: 9 /* ScalarType.STRING */ }, { no: 4, name: "mount_requirement", kind: "enum", T: proto3.getEnumType(Secret_MountType) }, + { no: 5, name: "env_name", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Secret { diff --git a/flyteidl/gen/pb-go/flyteidl/core/security.pb.go b/flyteidl/gen/pb-go/flyteidl/core/security.pb.go index e3ee1e1b1b..2a8dd4e0db 100644 --- a/flyteidl/gen/pb-go/flyteidl/core/security.pb.go +++ b/flyteidl/gen/pb-go/flyteidl/core/security.pb.go @@ -146,6 +146,9 @@ type Secret struct { // will depend on the key management system. // +optional MountRequirement Secret_MountType `protobuf:"varint,4,opt,name=mount_requirement,json=mountRequirement,proto3,enum=flyteidl.core.Secret_MountType" json:"mount_requirement,omitempty"` + // env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + // then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + EnvName string `protobuf:"bytes,5,opt,name=env_name,json=envName,proto3" json:"env_name,omitempty"` } func (x *Secret) Reset() { @@ -208,6 +211,13 @@ func (x *Secret) GetMountRequirement() Secret_MountType { return Secret_ANY } +func (x *Secret) GetEnvName() string { + if x != nil { + return x.EnvName + } + return "" +} + // OAuth2Client encapsulates OAuth2 Client Credentials to be used when making calls on behalf of that task. type OAuth2Client struct { state protoimpl.MessageState @@ -523,7 +533,7 @@ var File_flyteidl_core_security_proto protoreflect.FileDescriptor var file_flyteidl_core_security_proto_rawDesc = []byte{ 0x0a, 0x1c, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0d, - 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, + 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x22, 0xeb, 0x01, 0x0a, 0x06, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x23, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, @@ -534,69 +544,71 @@ var file_flyteidl_core_security_proto_rawDesc = []byte{ 0x32, 0x1f, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x10, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x22, 0x2b, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x4e, 0x56, - 0x5f, 0x56, 0x41, 0x52, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x02, - 0x22, 0x67, 0x0a, 0x0c, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, - 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x0c, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x08, 0x49, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x61, 0x6d, 0x5f, 0x72, 0x6f, - 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x61, 0x6d, 0x52, 0x6f, 0x6c, - 0x65, 0x12, 0x2e, 0x0a, 0x13, 0x6b, 0x38, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, - 0x6b, 0x38, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x12, 0x40, 0x0a, 0x0d, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x63, 0x6c, 0x69, 0x65, - 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, - 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x11, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x22, 0x96, 0x02, 0x0a, 0x12, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3a, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x66, 0x6c, + 0x65, 0x6e, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x65, 0x6e, 0x76, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x2b, + 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x41, + 0x4e, 0x59, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x4e, 0x56, 0x5f, 0x56, 0x41, 0x52, 0x10, + 0x01, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x02, 0x22, 0x67, 0x0a, 0x0c, 0x4f, + 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x15, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, + 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x61, 0x6d, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x61, 0x6d, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x2e, 0x0a, 0x13, + 0x6b, 0x38, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x6b, 0x38, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x40, 0x0a, 0x0d, + 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x52, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x2d, + 0x0a, 0x12, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x65, 0x78, 0x65, 0x63, + 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x96, 0x02, + 0x0a, 0x12, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, + 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x33, 0x0a, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x52, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x69, 0x64, 0x70, + 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x69, 0x64, 0x70, 0x44, 0x69, + 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, + 0x25, 0x0a, 0x0e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0x1e, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, + 0x0a, 0x12, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x44, 0x45, 0x4e, 0x54, + 0x49, 0x41, 0x4c, 0x53, 0x10, 0x00, 0x22, 0xad, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, + 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x2e, 0x0a, 0x06, 0x72, 0x75, + 0x6e, 0x5f, 0x61, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x66, 0x6c, 0x79, + 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x52, 0x05, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x12, 0x2f, 0x0a, 0x07, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x66, 0x6c, + 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x12, 0x39, 0x0a, 0x06, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, - 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x33, 0x0a, 0x06, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, - 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x34, - 0x0a, 0x16, 0x69, 0x64, 0x70, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, - 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, - 0x69, 0x64, 0x70, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x45, 0x6e, 0x64, 0x70, - 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x6e, - 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0x1e, 0x0a, 0x04, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43, 0x52, - 0x45, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x41, 0x4c, 0x53, 0x10, 0x00, 0x22, 0xad, 0x01, 0x0a, 0x0f, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, - 0x2e, 0x0a, 0x06, 0x72, 0x75, 0x6e, 0x5f, 0x61, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x17, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x05, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x12, - 0x2f, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x15, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, - 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, - 0x12, 0x39, 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x21, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, - 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x42, 0xb3, 0x01, 0x0a, 0x11, - 0x63, 0x6f, 0x6d, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x42, 0x0d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, - 0x6c, 0x79, 0x74, 0x65, 0x6f, 0x72, 0x67, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x2f, 0x66, 0x6c, - 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, - 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0xa2, 0x02, - 0x03, 0x46, 0x43, 0x58, 0xaa, 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, - 0x43, 0x6f, 0x72, 0x65, 0xca, 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, - 0x43, 0x6f, 0x72, 0x65, 0xe2, 0x02, 0x19, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, - 0x43, 0x6f, 0x72, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x0e, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x72, - 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x06, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x42, 0xb3, 0x01, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e, 0x66, + 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x42, 0x0d, 0x53, 0x65, + 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x6f, + 0x72, 0x67, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, + 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x66, 0x6c, 0x79, 0x74, + 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0xa2, 0x02, 0x03, 0x46, 0x43, 0x58, 0xaa, + 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x43, 0x6f, 0x72, 0x65, 0xca, + 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, 0x43, 0x6f, 0x72, 0x65, 0xe2, + 0x02, 0x19, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, 0x43, 0x6f, 0x72, 0x65, 0x5c, + 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0e, 0x46, 0x6c, + 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json index bb7df6af74..2d65830285 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json @@ -8009,6 +8009,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json index 4fbea61e15..26cbe4806e 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json @@ -1638,6 +1638,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json index 1880700dc2..46feb4878d 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json @@ -901,6 +901,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-js/flyteidl.d.ts b/flyteidl/gen/pb-js/flyteidl.d.ts index 1a5b3356c4..85dd975d8d 100644 --- a/flyteidl/gen/pb-js/flyteidl.d.ts +++ b/flyteidl/gen/pb-js/flyteidl.d.ts @@ -7165,6 +7165,9 @@ export namespace flyteidl { /** Secret mountRequirement */ mountRequirement?: (flyteidl.core.Secret.MountType|null); + + /** Secret envName */ + envName?: (string|null); } /** Represents a Secret. */ @@ -7188,6 +7191,9 @@ export namespace flyteidl { /** Secret mountRequirement. */ public mountRequirement: flyteidl.core.Secret.MountType; + /** Secret envName. */ + public envName: string; + /** * Creates a new Secret instance using the specified properties. * @param [properties] Properties to set diff --git a/flyteidl/gen/pb-js/flyteidl.js b/flyteidl/gen/pb-js/flyteidl.js index b23d7f5e01..51bc286e19 100644 --- a/flyteidl/gen/pb-js/flyteidl.js +++ b/flyteidl/gen/pb-js/flyteidl.js @@ -17345,6 +17345,7 @@ * @property {string|null} [groupVersion] Secret groupVersion * @property {string|null} [key] Secret key * @property {flyteidl.core.Secret.MountType|null} [mountRequirement] Secret mountRequirement + * @property {string|null} [envName] Secret envName */ /** @@ -17394,6 +17395,14 @@ */ Secret.prototype.mountRequirement = 0; + /** + * Secret envName. + * @member {string} envName + * @memberof flyteidl.core.Secret + * @instance + */ + Secret.prototype.envName = ""; + /** * Creates a new Secret instance using the specified properties. * @function create @@ -17426,6 +17435,8 @@ writer.uint32(/* id 3, wireType 2 =*/26).string(message.key); if (message.mountRequirement != null && message.hasOwnProperty("mountRequirement")) writer.uint32(/* id 4, wireType 0 =*/32).int32(message.mountRequirement); + if (message.envName != null && message.hasOwnProperty("envName")) + writer.uint32(/* id 5, wireType 2 =*/42).string(message.envName); return writer; }; @@ -17459,6 +17470,9 @@ case 4: message.mountRequirement = reader.int32(); break; + case 5: + message.envName = reader.string(); + break; default: reader.skipType(tag & 7); break; @@ -17496,6 +17510,9 @@ case 2: break; } + if (message.envName != null && message.hasOwnProperty("envName")) + if (!$util.isString(message.envName)) + return "envName: string expected"; return null; }; diff --git a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py index 023c8e4aa3..1ef5fcbcca 100644 --- a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py +++ b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py @@ -13,7 +13,7 @@ -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1c\x66lyteidl/core/security.proto\x12\rflyteidl.core\"\xd0\x01\n\x06Secret\x12\x14\n\x05group\x18\x01 \x01(\tR\x05group\x12#\n\rgroup_version\x18\x02 \x01(\tR\x0cgroupVersion\x12\x10\n\x03key\x18\x03 \x01(\tR\x03key\x12L\n\x11mount_requirement\x18\x04 \x01(\x0e\x32\x1f.flyteidl.core.Secret.MountTypeR\x10mountRequirement\"+\n\tMountType\x12\x07\n\x03\x41NY\x10\x00\x12\x0b\n\x07\x45NV_VAR\x10\x01\x12\x08\n\x04\x46ILE\x10\x02\"g\n\x0cOAuth2Client\x12\x1b\n\tclient_id\x18\x01 \x01(\tR\x08\x63lientId\x12:\n\rclient_secret\x18\x02 \x01(\x0b\x32\x15.flyteidl.core.SecretR\x0c\x63lientSecret\"\xc6\x01\n\x08Identity\x12\x19\n\x08iam_role\x18\x01 \x01(\tR\x07iamRole\x12.\n\x13k8s_service_account\x18\x02 \x01(\tR\x11k8sServiceAccount\x12@\n\roauth2_client\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x0coauth2Client\x12-\n\x12\x65xecution_identity\x18\x04 \x01(\tR\x11\x65xecutionIdentity\"\x96\x02\n\x12OAuth2TokenRequest\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12:\n\x04type\x18\x02 \x01(\x0e\x32&.flyteidl.core.OAuth2TokenRequest.TypeR\x04type\x12\x33\n\x06\x63lient\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x06\x63lient\x12\x34\n\x16idp_discovery_endpoint\x18\x04 \x01(\tR\x14idpDiscoveryEndpoint\x12%\n\x0etoken_endpoint\x18\x05 \x01(\tR\rtokenEndpoint\"\x1e\n\x04Type\x12\x16\n\x12\x43LIENT_CREDENTIALS\x10\x00\"\xad\x01\n\x0fSecurityContext\x12.\n\x06run_as\x18\x01 \x01(\x0b\x32\x17.flyteidl.core.IdentityR\x05runAs\x12/\n\x07secrets\x18\x02 \x03(\x0b\x32\x15.flyteidl.core.SecretR\x07secrets\x12\x39\n\x06tokens\x18\x03 \x03(\x0b\x32!.flyteidl.core.OAuth2TokenRequestR\x06tokensB\xb3\x01\n\x11\x63om.flyteidl.coreB\rSecurityProtoP\x01Z:github.com/flyteorg/flyte/flyteidl/gen/pb-go/flyteidl/core\xa2\x02\x03\x46\x43X\xaa\x02\rFlyteidl.Core\xca\x02\rFlyteidl\\Core\xe2\x02\x19\x46lyteidl\\Core\\GPBMetadata\xea\x02\x0e\x46lyteidl::Coreb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1c\x66lyteidl/core/security.proto\x12\rflyteidl.core\"\xeb\x01\n\x06Secret\x12\x14\n\x05group\x18\x01 \x01(\tR\x05group\x12#\n\rgroup_version\x18\x02 \x01(\tR\x0cgroupVersion\x12\x10\n\x03key\x18\x03 \x01(\tR\x03key\x12L\n\x11mount_requirement\x18\x04 \x01(\x0e\x32\x1f.flyteidl.core.Secret.MountTypeR\x10mountRequirement\x12\x19\n\x08\x65nv_name\x18\x05 \x01(\tR\x07\x65nvName\"+\n\tMountType\x12\x07\n\x03\x41NY\x10\x00\x12\x0b\n\x07\x45NV_VAR\x10\x01\x12\x08\n\x04\x46ILE\x10\x02\"g\n\x0cOAuth2Client\x12\x1b\n\tclient_id\x18\x01 \x01(\tR\x08\x63lientId\x12:\n\rclient_secret\x18\x02 \x01(\x0b\x32\x15.flyteidl.core.SecretR\x0c\x63lientSecret\"\xc6\x01\n\x08Identity\x12\x19\n\x08iam_role\x18\x01 \x01(\tR\x07iamRole\x12.\n\x13k8s_service_account\x18\x02 \x01(\tR\x11k8sServiceAccount\x12@\n\roauth2_client\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x0coauth2Client\x12-\n\x12\x65xecution_identity\x18\x04 \x01(\tR\x11\x65xecutionIdentity\"\x96\x02\n\x12OAuth2TokenRequest\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12:\n\x04type\x18\x02 \x01(\x0e\x32&.flyteidl.core.OAuth2TokenRequest.TypeR\x04type\x12\x33\n\x06\x63lient\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x06\x63lient\x12\x34\n\x16idp_discovery_endpoint\x18\x04 \x01(\tR\x14idpDiscoveryEndpoint\x12%\n\x0etoken_endpoint\x18\x05 \x01(\tR\rtokenEndpoint\"\x1e\n\x04Type\x12\x16\n\x12\x43LIENT_CREDENTIALS\x10\x00\"\xad\x01\n\x0fSecurityContext\x12.\n\x06run_as\x18\x01 \x01(\x0b\x32\x17.flyteidl.core.IdentityR\x05runAs\x12/\n\x07secrets\x18\x02 \x03(\x0b\x32\x15.flyteidl.core.SecretR\x07secrets\x12\x39\n\x06tokens\x18\x03 \x03(\x0b\x32!.flyteidl.core.OAuth2TokenRequestR\x06tokensB\xb3\x01\n\x11\x63om.flyteidl.coreB\rSecurityProtoP\x01Z:github.com/flyteorg/flyte/flyteidl/gen/pb-go/flyteidl/core\xa2\x02\x03\x46\x43X\xaa\x02\rFlyteidl.Core\xca\x02\rFlyteidl\\Core\xe2\x02\x19\x46lyteidl\\Core\\GPBMetadata\xea\x02\x0e\x46lyteidl::Coreb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -23,17 +23,17 @@ DESCRIPTOR._options = None DESCRIPTOR._serialized_options = b'\n\021com.flyteidl.coreB\rSecurityProtoP\001Z:github.com/flyteorg/flyte/flyteidl/gen/pb-go/flyteidl/core\242\002\003FCX\252\002\rFlyteidl.Core\312\002\rFlyteidl\\Core\342\002\031Flyteidl\\Core\\GPBMetadata\352\002\016Flyteidl::Core' _globals['_SECRET']._serialized_start=48 - _globals['_SECRET']._serialized_end=256 - _globals['_SECRET_MOUNTTYPE']._serialized_start=213 - _globals['_SECRET_MOUNTTYPE']._serialized_end=256 - _globals['_OAUTH2CLIENT']._serialized_start=258 - _globals['_OAUTH2CLIENT']._serialized_end=361 - _globals['_IDENTITY']._serialized_start=364 - _globals['_IDENTITY']._serialized_end=562 - _globals['_OAUTH2TOKENREQUEST']._serialized_start=565 - _globals['_OAUTH2TOKENREQUEST']._serialized_end=843 - _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_start=813 - _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_end=843 - _globals['_SECURITYCONTEXT']._serialized_start=846 - _globals['_SECURITYCONTEXT']._serialized_end=1019 + _globals['_SECRET']._serialized_end=283 + _globals['_SECRET_MOUNTTYPE']._serialized_start=240 + _globals['_SECRET_MOUNTTYPE']._serialized_end=283 + _globals['_OAUTH2CLIENT']._serialized_start=285 + _globals['_OAUTH2CLIENT']._serialized_end=388 + _globals['_IDENTITY']._serialized_start=391 + _globals['_IDENTITY']._serialized_end=589 + _globals['_OAUTH2TOKENREQUEST']._serialized_start=592 + _globals['_OAUTH2TOKENREQUEST']._serialized_end=870 + _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_start=840 + _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_end=870 + _globals['_SECURITYCONTEXT']._serialized_start=873 + _globals['_SECURITYCONTEXT']._serialized_end=1046 # @@protoc_insertion_point(module_scope) diff --git a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi index 028f85204a..0cf1c3586e 100644 --- a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi +++ b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi @@ -7,7 +7,7 @@ from typing import ClassVar as _ClassVar, Iterable as _Iterable, Mapping as _Map DESCRIPTOR: _descriptor.FileDescriptor class Secret(_message.Message): - __slots__ = ["group", "group_version", "key", "mount_requirement"] + __slots__ = ["group", "group_version", "key", "mount_requirement", "env_name"] class MountType(int, metaclass=_enum_type_wrapper.EnumTypeWrapper): __slots__ = [] ANY: _ClassVar[Secret.MountType] @@ -20,11 +20,13 @@ class Secret(_message.Message): GROUP_VERSION_FIELD_NUMBER: _ClassVar[int] KEY_FIELD_NUMBER: _ClassVar[int] MOUNT_REQUIREMENT_FIELD_NUMBER: _ClassVar[int] + ENV_NAME_FIELD_NUMBER: _ClassVar[int] group: str group_version: str key: str mount_requirement: Secret.MountType - def __init__(self, group: _Optional[str] = ..., group_version: _Optional[str] = ..., key: _Optional[str] = ..., mount_requirement: _Optional[_Union[Secret.MountType, str]] = ...) -> None: ... + env_name: str + def __init__(self, group: _Optional[str] = ..., group_version: _Optional[str] = ..., key: _Optional[str] = ..., mount_requirement: _Optional[_Union[Secret.MountType, str]] = ..., env_name: _Optional[str] = ...) -> None: ... class OAuth2Client(_message.Message): __slots__ = ["client_id", "client_secret"] diff --git a/flyteidl/gen/pb_rust/flyteidl.core.rs b/flyteidl/gen/pb_rust/flyteidl.core.rs index 62ad0b1602..9f118d2f8d 100644 --- a/flyteidl/gen/pb_rust/flyteidl.core.rs +++ b/flyteidl/gen/pb_rust/flyteidl.core.rs @@ -1050,6 +1050,10 @@ pub struct Secret { /// +optional #[prost(enumeration="secret::MountType", tag="4")] pub mount_requirement: i32, + /// env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + /// then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + #[prost(string, tag="5")] + pub env_name: ::prost::alloc::string::String, } /// Nested message and enum types in `Secret`. pub mod secret { diff --git a/flyteidl/protos/flyteidl/core/security.proto b/flyteidl/protos/flyteidl/core/security.proto index 3aba017476..9e78909522 100644 --- a/flyteidl/protos/flyteidl/core/security.proto +++ b/flyteidl/protos/flyteidl/core/security.proto @@ -43,6 +43,10 @@ message Secret { // will depend on the key management system. // +optional MountType mount_requirement = 4; + + // env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + // then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + string env_name = 5; } // OAuth2Client encapsulates OAuth2 Client Credentials to be used when making calls on behalf of that task. From ef360e831f26471160c2b76a5e9635e77caab2ae Mon Sep 17 00:00:00 2001 From: "Thomas J. Fan" Date: Fri, 10 Jan 2025 14:25:18 -0500 Subject: [PATCH 2/3] Add env_name to Secrets Signed-off-by: Thomas J. Fan --- flytepropeller/pkg/webhook/k8s_secrets.go | 15 +++ .../pkg/webhook/k8s_secrets_test.go | 94 +++++++++++++++++++ flytepropeller/pkg/webhook/utils.go | 7 ++ 3 files changed, 116 insertions(+) diff --git a/flytepropeller/pkg/webhook/k8s_secrets.go b/flytepropeller/pkg/webhook/k8s_secrets.go index 68bb8669d2..28e1582abc 100644 --- a/flytepropeller/pkg/webhook/k8s_secrets.go +++ b/flytepropeller/pkg/webhook/k8s_secrets.go @@ -75,11 +75,26 @@ func (i K8sSecretInjector) Inject(ctx context.Context, secret *core.Secret, p *c p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, prefixEnvVar) p.Spec.Containers = AppendEnvVars(p.Spec.Containers, prefixEnvVar) + + if secret.GetEnvName() != "" { + extraEnvVar := CreateVolumeMountEnvVarForSecretWithEnvName(secret) + p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, extraEnvVar) + p.Spec.Containers = AppendEnvVars(p.Spec.Containers, extraEnvVar) + } + case core.Secret_ENV_VAR: envVar := CreateEnvVarForSecret(secret) p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, envVar) p.Spec.Containers = AppendEnvVars(p.Spec.Containers, envVar) + if secret.GetEnvName() != "" { + extraEnvVar := *envVar.DeepCopy() + extraEnvVar.Name = secret.GetEnvName() + + p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, extraEnvVar) + p.Spec.Containers = AppendEnvVars(p.Spec.Containers, extraEnvVar) + } + prefixEnvVar := corev1.EnvVar{ Name: SecretEnvVarPrefix, Value: K8sDefaultEnvVarPrefix, diff --git a/flytepropeller/pkg/webhook/k8s_secrets_test.go b/flytepropeller/pkg/webhook/k8s_secrets_test.go index ac8cdf0649..b14d3b0a67 100644 --- a/flytepropeller/pkg/webhook/k8s_secrets_test.go +++ b/flytepropeller/pkg/webhook/k8s_secrets_test.go @@ -182,6 +182,95 @@ func TestK8sSecretInjector_Inject(t *testing.T) { }, } + successPodEnvWithEnvName := corev1.Pod{ + Spec: corev1.PodSpec{ + InitContainers: []corev1.Container{}, + Containers: []corev1.Container{ + { + Name: "container1", + Env: []corev1.EnvVar{ + { + Name: "_FSEC_GROUP_HELLO", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "HELLO", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "grOUP", + }, + Optional: &optional, + }, + }, + }, + { + Name: "MY_CUSTOM_ENV", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "HELLO", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "grOUP", + }, + Optional: &optional, + }, + }, + }, + { + Name: "FLYTE_SECRETS_ENV_PREFIX", + Value: "_FSEC_", + }, + }, + }, + }, + }, + } + + successPodFileWithName := corev1.Pod{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + { + Name: "m4ze5vkql3", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "grOUP", + Items: []corev1.KeyToPath{ + { + Key: "HELLO", + Path: "hello", + }, + }, + Optional: &optional, + }, + }, + }, + }, + InitContainers: []corev1.Container{}, + Containers: []corev1.Container{ + { + Name: "container1", + VolumeMounts: []corev1.VolumeMount{ + { + Name: "m4ze5vkql3", + MountPath: "/etc/flyte/secrets/group", + ReadOnly: true, + }, + }, + Env: []corev1.EnvVar{ + { + Name: "FLYTE_SECRETS_DEFAULT_DIR", + Value: "/etc/flyte/secrets", + }, + { + Name: "FLYTE_SECRETS_FILE_PREFIX", + }, + { + Name: "MY_CUSTOM_ENV", + Value: "/etc/flyte/secrets/group/hello", + }, + }, + }, + }, + }, + } + ctx := context.Background() type args struct { secret *coreIdl.Secret @@ -197,9 +286,14 @@ func TestK8sSecretInjector_Inject(t *testing.T) { want: &corev1.Pod{}, wantErr: true}, {name: "simple", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_ENV_VAR}, p: inputPod.DeepCopy()}, want: &successPodEnv, wantErr: false}, + {name: "simple with env_name", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_ENV_VAR, EnvName: "MY_CUSTOM_ENV"}, p: inputPod.DeepCopy()}, + want: &successPodEnvWithEnvName, wantErr: false}, {name: "require file single", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_FILE}, p: inputPod.DeepCopy()}, want: &successPodFile, wantErr: false}, + {name: "require file single with name", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_FILE, EnvName: "MY_CUSTOM_ENV"}, + p: inputPod.DeepCopy()}, + want: &successPodFileWithName, wantErr: false}, {name: "require file multiple from same secret group", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "world", MountRequirement: coreIdl.Secret_FILE}, p: successPodFile.DeepCopy()}, want: &successPodMultiFiles, wantErr: false}, diff --git a/flytepropeller/pkg/webhook/utils.go b/flytepropeller/pkg/webhook/utils.go index 9d40cbbe6f..71c66f1246 100644 --- a/flytepropeller/pkg/webhook/utils.go +++ b/flytepropeller/pkg/webhook/utils.go @@ -67,6 +67,13 @@ func CreateVolumeMountForSecret(volumeName string, secret *core.Secret) corev1.V } } +func CreateVolumeMountEnvVarForSecretWithEnvName(secret *core.Secret) corev1.EnvVar { + return corev1.EnvVar{ + Name: secret.GetEnvName(), + Value: filepath.Join(filepath.Join(K8sSecretPathPrefix...), strings.ToLower(secret.GetGroup()), strings.ToLower(secret.GetKey())), + } +} + func AppendVolumeMounts(containers []corev1.Container, mount corev1.VolumeMount) []corev1.Container { res := make([]corev1.Container, 0, len(containers)) for _, c := range containers { From 05d128f2134dcccfae9ee3a66b2a3a5d443e5aeb Mon Sep 17 00:00:00 2001 From: "Thomas J. Fan" Date: Sat, 11 Jan 2025 09:42:49 -0500 Subject: [PATCH 3/3] Uses +optional Signed-off-by: Thomas J. Fan --- flyteidl/clients/go/assets/admin.swagger.json | 2 +- flyteidl/gen/pb-es/flyteidl/core/security_pb.ts | 1 + flyteidl/gen/pb-go/flyteidl/core/security.pb.go | 1 + flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json | 2 +- flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json | 2 +- .../flyteidl/service/external_plugin_service.swagger.json | 2 +- flyteidl/gen/pb_rust/flyteidl.core.rs | 1 + flyteidl/protos/flyteidl/core/security.proto | 1 + 8 files changed, 8 insertions(+), 4 deletions(-) diff --git a/flyteidl/clients/go/assets/admin.swagger.json b/flyteidl/clients/go/assets/admin.swagger.json index 2d65830285..ed36f4cf20 100644 --- a/flyteidl/clients/go/assets/admin.swagger.json +++ b/flyteidl/clients/go/assets/admin.swagger.json @@ -8012,7 +8012,7 @@ }, "env_name": { "type": "string", - "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts b/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts index c2b6d931be..97e6d161a8 100644 --- a/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts +++ b/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts @@ -58,6 +58,7 @@ export class Secret extends Message { /** * env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, * then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + * +optional * * @generated from field: string env_name = 5; */ diff --git a/flyteidl/gen/pb-go/flyteidl/core/security.pb.go b/flyteidl/gen/pb-go/flyteidl/core/security.pb.go index 2a8dd4e0db..9f241a0bee 100644 --- a/flyteidl/gen/pb-go/flyteidl/core/security.pb.go +++ b/flyteidl/gen/pb-go/flyteidl/core/security.pb.go @@ -148,6 +148,7 @@ type Secret struct { MountRequirement Secret_MountType `protobuf:"varint,4,opt,name=mount_requirement,json=mountRequirement,proto3,enum=flyteidl.core.Secret_MountType" json:"mount_requirement,omitempty"` // env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, // then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + // +optional EnvName string `protobuf:"bytes,5,opt,name=env_name,json=envName,proto3" json:"env_name,omitempty"` } diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json index 2d65830285..ed36f4cf20 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json @@ -8012,7 +8012,7 @@ }, "env_name": { "type": "string", - "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json index 26cbe4806e..881b96b852 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json @@ -1641,7 +1641,7 @@ }, "env_name": { "type": "string", - "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json index 46feb4878d..8206b68f62 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json @@ -904,7 +904,7 @@ }, "env_name": { "type": "string", - "description": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file." + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb_rust/flyteidl.core.rs b/flyteidl/gen/pb_rust/flyteidl.core.rs index 9f118d2f8d..e6f081b1e8 100644 --- a/flyteidl/gen/pb_rust/flyteidl.core.rs +++ b/flyteidl/gen/pb_rust/flyteidl.core.rs @@ -1052,6 +1052,7 @@ pub struct Secret { pub mount_requirement: i32, /// env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, /// then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + /// +optional #[prost(string, tag="5")] pub env_name: ::prost::alloc::string::String, } diff --git a/flyteidl/protos/flyteidl/core/security.proto b/flyteidl/protos/flyteidl/core/security.proto index 9e78909522..02193c28a4 100644 --- a/flyteidl/protos/flyteidl/core/security.proto +++ b/flyteidl/protos/flyteidl/core/security.proto @@ -46,6 +46,7 @@ message Secret { // env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, // then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + // +optional string env_name = 5; }