Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[flyte-core] Flyte Connection #5126

Draft
wants to merge 43 commits into
base: master
Choose a base branch
from
Draft

[flyte-core] Flyte Connection #5126

wants to merge 43 commits into from
+2,684 −808

Conversation

pingsutw
Copy link
Member

@pingsutw pingsutw commented Mar 27, 2024
edited
Loading

Tracking issue

#3936

Why are the changes needed?

It will allow users to pass different API_KEY to the chatGPT agent from flytepropeller

What changes were proposed in this pull request?

Agent client will read the secret from env or local file, and pass it to the agent server.

How was this patch tested?

local sandbox

Setup process

  1. Install flytekit and flyteidl
pip install "git+https://github.com/flyteorg/flytekit.git@76dfef0c89615bb28dfa1ead932544150d9c2cde"
pip install "git+https://github.com/flyteorg/flyte.git@d96975d0bc590b57e9205d81f4de9595a4bd1708#subdirectory=flyteidl"
  1. Update local config

Add below config to flyte-single-binary-local.yamlm and Add your API key to local env

export FLYTE_SECRET_OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
externalResources:
  connections:
    chatgpt:
      secrets:
        openai_api_key: OPENAI_API_KEY
      configs:
        openai_organization: org-P2rdnZQry4Fw7Ak3vSpXEIrx
  1. Run Flyte cluster locally
cd flyte
pyflyte serve agent
make compile
flyte start --config flyte-single-binary-local.yaml
  1. Run a ChatGPT task
pyflyte run --remote flyte-example/chatgpt_example.py my_chatgpt_job --message hello
from flytekit import workflow, Secret
from flytekitplugins.chatgpt import ChatGPTTask

chatgpt_small_job = ChatGPTTask(
    name="3.5-turbo",
    openai_organization="org-P2rdnZQry4Fw7Ak3vSpXEIrx",
    connection="chatgpt",
    chatgpt_config={
        "model": "gpt-3.5-turbo",
        "temperature": 0.7,
    },
)


@workflow
def my_chatgpt_job(message: str) -> str:
    message = chatgpt_small_job(message=message)
    return message

Screenshots

Secret not found in propeller
image

image
  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

flyteorg/flytekit#2297

Docs link

NA

@pingsutw
Add secret
dfffe71 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
Create mock class
fa7573c 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
update mock
0e235e1 
Signed-off-by: Kevin Su <[email protected]>
@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. documentation Improvements or additions to documentation enhancement New feature or request security Issues related to Security improvements labels Mar 27, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.98%. Comparing base (ce5eb03) to head (ad0a88f).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5126      +/-   ##
==========================================
+ Coverage   60.99%   66.98%   +5.98%     
==========================================
  Files         794      278     -516     
  Lines       51475    12638   -38837     
==========================================
- Hits        31397     8465   -22932     
+ Misses      17186     3549   -13637     
+ Partials     2892      624    -2268
Flag Coverage Δ
unittests-datacatalog 69.31% <ø> (ø)
unittests-flyteadmin ?
unittests-flytecopilot 17.79% <ø> (ø)
unittests-flytectl 68.03% <ø> (ø)
unittests-flyteidl 79.04% <ø> (ø)
unittests-flyteplugins ?
unittests-flytepropeller ?
unittests-flytestdlib 65.59% <ø> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@noahjax
Copy link
Contributor

noahjax commented Mar 28, 2024

@pingsutw Would it be possible to merge the work of this PR with that of my PR? It seems like both include secrets in requests made to the agent, but this PR goes a step farther by resolving the value of secrets. On the other hand, my PR includes more details about which user is executing a task, which is also very useful for the agent to have.

@pingsutw
wip
1e82896 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
merged master
18e91a2 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
secretPtr
42bbe73 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw pingsutw changed the title [WIP] Pass secret to the agent server Pass secret to the agent server Apr 4, 2024
pingsutw and others added 7 commits April 5, 2024 11:46
@pingsutw
wip
a61fa8c 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
Add connection
d895c71 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
update proto
61263ad 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
merged master
0e69505 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
lint
e928f35 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
cleanup
0b80b41 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
wip
249fbe9 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
wip
d525cf9 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
go generate
79302e5 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
fix tests
df830ea 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
test
9574f59 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
more tests
7dedb8f 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
fix test
23357c5 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
lint
307c06c 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
Merge branch 'master' of github.com:flyteorg/flyte into agent-secret
9429ac2
@pingsutw
lint
aecfaa5 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
merged master
7afda69 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
Add interface
0e25e5b 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw pingsutw changed the title Pass secret to the agent server [flyte-core] Flyte Connection May 7, 2024
@pingsutw
wip
1f01450 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
Merge branch 'master' of github.com:flyteorg/flyte into agent-secret
0808ec0
@pingsutw
Add ExternalResourceAttributes
b4f264c 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
nit
466c61c 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
update test
b19daea 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
update test
090a10b 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
fix test
d96975d 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
fix test
22966d0 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
fix test
54e5cc8 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
fix test
a8b7d06 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
Add more tests
78b7dfc 
Signed-off-by: Kevin Su <[email protected]>
@pingsutw
install tabulate
bf9b39f 
Signed-off-by: Kevin Su <[email protected]>
pmahindrakar-oss
pmahindrakar-oss reviewed May 14, 2024
View reviewed changes
flyteidl/protos/flyteidl/admin/matchable_resource.proto
@@ -36,6 +36,9 @@ enum MatchableResource {

// Controls how to select an available cluster on which this execution should run.
CLUSTER_ASSIGNMENT = 7;

// Configures the task connection to be used by the agent to connect to external systems.
EXTERNAL_RESOURCE = 8;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could extend this to be used by regular tasks too right ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by extending here? something like

@task(external_resource=...)
# or
@task(connection=...)

flyteidl/protos/flyteidl/core/security.proto Outdated
// Flyte will use the default connection in the project-domain settings, but users
// still be able to override it by specifying the connection in the task decorator.
// +optional
string connection = 4;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we make a note of the order of overrides as its just not project-domain settings alone. Also can we add details on how this should map to values in external resource attributes

flyteidl/protos/flyteidl/core/security.proto Outdated
@@ -45,6 +45,14 @@ message Secret {
MountType mount_requirement = 4;
}

message Connection {
// The credentials to use for the connection, such as API keys, OAuth2 tokens, etc.
map<string, string> secrets = 1;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we also add comment on the format of what the key and what the value is and how they map to what the agent expects

flyteidl/protos/flyteidl/core/security.proto Outdated
map<string, string> secrets = 1;

// The configuration to use for the connection, such as the endpoint, account name, etc.
map<string, string> configs = 2;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similalrly for the configs

flyteplugins/go/tasks/plugins/webapi/agent/plugin.go Outdated
@@ -97,6 +99,24 @@ func (p Plugin) Create(ctx context.Context, taskCtx webapi.TaskExecutionContextR
taskCategory := admin.TaskCategory{Name: taskTemplate.Type, Version: taskTemplate.TaskTypeVersion}
agent, isSync := getFinalAgent(&taskCategory, p.cfg, p.agentRegistry)

connection := flyteIdl.Connection{}
if taskTemplate.SecurityContext != nil && taskTemplate.SecurityContext.Connection != "" {
conn, ok := taskCtx.TaskExecutionMetadata().GetExternalResourceAttributes().GetConnections()[taskTemplate.SecurityContext.Connection]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use getters for taskTemplate.SecurityContext.Connection and would be cleaner to define this as connectionKey may be as we are not defining the connection in the security context but just a ref/key. May be connectionRef might also be ok

@pingsutw pingsutw marked this pull request as draft August 16, 2024 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmahindrakar-oss pmahindrakar-oss pmahindrakar-oss left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request security Issues related to Security improvements size:XXL This PR changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pingsutw @noahjax @pmahindrakar-oss