Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client-secret isn't used. #27

Open
cjohnston1158 opened this issue Jun 6, 2022 · 4 comments
Open

client-secret isn't used. #27

cjohnston1158 opened this issue Jun 6, 2022 · 4 comments
Labels
bug Something isn't working good first issue Good for newcomers Kubeflow 1.7 This issue affects the Charmed Kubeflow 1.7 release

Comments

@cjohnston1158
Copy link

It looks like setting the client-secret config option doesn't get used. I think it's from this commit:

1909ace
@agathanatasha
Copy link
Contributor

Is there a reason you are looking at that commit particularly? The client secret is set in the pod

@cjohnston1158
Copy link
Author

Prior to that commit, secret_key was:

        secret_key = self.model.config["client-secret"] or self._stored.secret_key

So, if the client-secret config was set it would use the client-secret, else it would use a "generated" secret.. The new code:

            secret_key = self._check_secret()
...
    def _check_secret(self, event=None):
        for rel in self.model.relations["client-secret"]:
            if "client-secret" not in rel.data[self.model.app]:
                rel.data[self.model.app]["client-secret"] = _gen_pass()
            return rel.data[self.model.app]["client-secret"]
        else:
            raise CheckFailed("Waiting for Client Secret", WaitingStatus)

Looks for the secret in the relation, otherwise it generates one. At no point does it look at the config option.

@agathanatasha
Copy link
Contributor

I see. There are two ways moving forward, remove the configuration or account for it in _check_secret. Do you run into situation where you need to set the client-secret configuration? What are the use cases?

@cjohnston1158
Copy link
Author

I don't personally have a preference, I just noticed that I would set the client-secret and it wasn't honored.

@ca-scribner ca-scribner added the bug Something isn't working label Jun 23, 2022
@NohaIhab NohaIhab added the good first issue Good for newcomers label Oct 18, 2022
@DnPlas DnPlas added the Kubeflow 1.7 This issue affects the Charmed Kubeflow 1.7 release label Mar 13, 2023
@DnPlas DnPlas closed this as completed Mar 13, 2023
@DnPlas DnPlas reopened this Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers Kubeflow 1.7 This issue affects the Charmed Kubeflow 1.7 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@agathanatasha @DnPlas @cjohnston1158 @ca-scribner @NohaIhab