[KFP] Obscuring KFP env credentials #6370
Merged
+381
−34
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pipeline specs, instead set them on creation in the server side
…mlrun#6363) * [Nuclio] Raise error on multiple triggers + explicit ack + older nuclio [ML-7763](https://iguazio.atlassian.net/browse/ML-7763) * Update minimal nuclio version * [Nuclio] Raise error on multiple triggers + explicit ack + old nuclio [ML-7763](https://iguazio.atlassian.net/browse/ML-7763) * Remove redundant code
d432378 to
4464604
Compare
liranbg
requested changes
Sep 20, 2024
Member
liranbg
left a comment
There was a problem hiding this comment.
some suggestions and fixes, overall - looking very well!
pipeline-adapters/mlrun-pipelines-kfp-v1-8/src/mlrun_pipelines/patcher.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-v1-8/src/mlrun_pipelines/patcher.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/models.py
Outdated
Show resolved
Hide resolved
theSaarco
requested changes
Sep 22, 2024
Member
theSaarco
left a comment
There was a problem hiding this comment.
Looks good, but there are some changes needed, and I'm also not so sure about some of the changes done and why they're needed.
Also, the original bug shows there are 2 locations that need cleaning - the env vars, and the spec of the function when a deploy_function is done. In this PR I can only see you handling the 1st case, not the 2nd. Are you planning to do that in a separate PR?
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-v1-8/src/mlrun_pipelines/patcher.py
Outdated
Show resolved
Hide resolved
moranbental
requested changes
Sep 22, 2024
Member
moranbental
left a comment
There was a problem hiding this comment.
Looks good! some suggestions
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/models.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
61aa4f1 to
e5aa2b1
Compare
liranbg
reviewed
Sep 23, 2024
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
alonmr
reviewed
Sep 24, 2024
Contributor
alonmr
left a comment
There was a problem hiding this comment.
Very nice! small comments
pipeline-adapters/mlrun-pipelines-kfp-v1-8/src/mlrun_pipelines/patcher.py
Outdated
Show resolved
Hide resolved
alonmr
reviewed
Sep 24, 2024
e5aa2b1 to
662ce51
Compare
alonmr
reviewed
Sep 24, 2024
662ce51 to
0237a5d
Compare
0237a5d to
5824e43
Compare
theSaarco
requested changes
Sep 24, 2024
Member
theSaarco
left a comment
There was a problem hiding this comment.
Looks very good. Have some relatively minor comments.
Also - still can't see any reference to replacing secrets from function spec in the deploy-function case. Will this be treated in a different PR?
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
202301c to
c52e8bd
Compare
liranbg
requested changes
Sep 25, 2024
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
e6545a3 to
1c64c49
Compare
d4de188 to
ad7f44a
Compare
alonmr
reviewed
Sep 30, 2024
Contributor
alonmr
left a comment
There was a problem hiding this comment.
Looks very well! Some comments/questions
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
54f644e to
6c74452
Compare
theSaarco
previously approved these changes
Sep 30, 2024
Member
theSaarco
left a comment
There was a problem hiding this comment.
Looks good - I'm approving as functionality seems complete, but have some suggestions for improvements that would make this cleaner.
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
pipeline-adapters/mlrun-pipelines-kfp-common/src/mlrun_pipelines/common/ops.py
Outdated
Show resolved
Hide resolved
tests/api/api/test_pipelines.py
Outdated
Member
There was a problem hiding this comment.
A thought that could improve this test - since the kfp_client_mock mocks all calls to the KFP Client, you could check the call actually being generated and verify that the contents of the pipeline really has the secrets obfuscated. This is a more direct and complete check than verifying the secrets-mock has this auth secret being created.
It's not a must, but if it's simple enough to do, would try to add that here.
6c74452 to
db2e34b
Compare
liranbg
previously approved these changes
Sep 30, 2024
The base branch was changed.
liranbg
pushed a commit
to liranbg/mlrun
that referenced
this pull request
Sep 30, 2024
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modify the compiled YAML on the server side to include references to kubernetes secrets instead of plain text values
https://iguazio.atlassian.net/browse/ML-7735