[wip] signed GCS URL #81
Conversation
honnix
requested review from
anandswaminathan,
EngHabu,
katrogan,
kumare3,
matthewphsmith and
wild-endeavor
as code owners
|
@kumare3 Yeah that makes sense. I'm still working on this, so in progress. It would be great if I can get a pointer where to put this in stdlib. Also as I put in the description, I don't quite like the fact that |
|
Sorry @honnix I don't think we ever made any progress on this (or at least I can't remember 😅) Not sure if https://github.com/lyft/flytestdlib/tree/master/storage is the right place for this in stdlib - @EngHabu and other owners would probably know better |
|
@katrogan why do you think flytestdlib/storage is not the right place? I think it is because then we can configure the storage uniformly. |
|
I agree, getting a signed URL should be an API here. There is an open issue that isn't getting enough traction there... I think it makes sense to add the API support in Stow. or a fork of stow for faster development (or in stdlib... less ideal) stdlib storage layer should ideally not have "logic" and should remain as thin as possible... |
|
I will take a look at stow then. I can leave this PR open for a couple of days to get more comments. Thank you all folks! |
|
@honnix maybe we can get this moving and then work on the alternate. |
|
Sure. I will continue this after I'm back to work. |
|
@honnix do you think this is good? |
|
I should be able to check this out on Monday or Tuesday. |
|
Thank you @honnix |
honnix
force-pushed
the
gcs-remote-data
branch
from
7140f9f
to
c08ced5
Compare
Codecov Report
@@ Coverage Diff @@
## master #81 +/- ##
==========================================
- Coverage 62.39% 61.94% -0.46%
==========================================
Files 104 105 +1
Lines 7752 7809 +57
==========================================
Hits 4837 4837
- Misses 2345 2402 +57
Partials 570 570
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
Although this doesn't seem to be required, it is better to do things according to API doc.
|
Not quite sure of those docker tagging failures. Maybe I should start a new branch in this repo instead of my fork? |
|
Continuing in #121 |
TL;DR
Add support of signed GCS URL.
Type
Are all requirements met?
Complete description
Right now only AWS/S3 presigned URL is support. This PR adds support for GCS URL.
The signing part looks a bit funky, mainly due to GCP lib does not support signing URL without
materialised service account key. So this PR uses https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob directly.
SigningPrincipalin most cases refers to the service account that signs the URL. Service account associated with flyteadmin instance needs to have the role on the principal.Some extra effort could be done default the principal to the same service account running flyteadmin instance, but would require talking to GCE metadata server (or I just haven't figured out more handy API in client lib to use).
Tracking Issue
Follow-up issue
NA