diff --git a/flyteidl/clients/go/assets/admin.swagger.json b/flyteidl/clients/go/assets/admin.swagger.json index 45f471248b..526dd13744 100644 --- a/flyteidl/clients/go/assets/admin.swagger.json +++ b/flyteidl/clients/go/assets/admin.swagger.json @@ -8013,6 +8013,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts b/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts index 7d1ca8bbac..97e6d161a8 100644 --- a/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts +++ b/flyteidl/gen/pb-es/flyteidl/core/security_pb.ts @@ -55,6 +55,15 @@ export class Secret extends Message { */ mountRequirement = Secret_MountType.ANY; + /** + * env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + * then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + * +optional + * + * @generated from field: string env_name = 5; + */ + envName = ""; + constructor(data?: PartialMessage) { super(); proto3.util.initPartial(data, this); @@ -67,6 +76,7 @@ export class Secret extends Message { { no: 2, name: "group_version", kind: "scalar", T: 9 /* ScalarType.STRING */ }, { no: 3, name: "key", kind: "scalar", T: 9 /* ScalarType.STRING */ }, { no: 4, name: "mount_requirement", kind: "enum", T: proto3.getEnumType(Secret_MountType) }, + { no: 5, name: "env_name", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Secret { diff --git a/flyteidl/gen/pb-go/flyteidl/core/security.pb.go b/flyteidl/gen/pb-go/flyteidl/core/security.pb.go index e3ee1e1b1b..9f241a0bee 100644 --- a/flyteidl/gen/pb-go/flyteidl/core/security.pb.go +++ b/flyteidl/gen/pb-go/flyteidl/core/security.pb.go @@ -146,6 +146,10 @@ type Secret struct { // will depend on the key management system. // +optional MountRequirement Secret_MountType `protobuf:"varint,4,opt,name=mount_requirement,json=mountRequirement,proto3,enum=flyteidl.core.Secret_MountType" json:"mount_requirement,omitempty"` + // env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + // then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + // +optional + EnvName string `protobuf:"bytes,5,opt,name=env_name,json=envName,proto3" json:"env_name,omitempty"` } func (x *Secret) Reset() { @@ -208,6 +212,13 @@ func (x *Secret) GetMountRequirement() Secret_MountType { return Secret_ANY } +func (x *Secret) GetEnvName() string { + if x != nil { + return x.EnvName + } + return "" +} + // OAuth2Client encapsulates OAuth2 Client Credentials to be used when making calls on behalf of that task. type OAuth2Client struct { state protoimpl.MessageState @@ -523,7 +534,7 @@ var File_flyteidl_core_security_proto protoreflect.FileDescriptor var file_flyteidl_core_security_proto_rawDesc = []byte{ 0x0a, 0x1c, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0d, - 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, + 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x22, 0xeb, 0x01, 0x0a, 0x06, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x23, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, @@ -534,69 +545,71 @@ var file_flyteidl_core_security_proto_rawDesc = []byte{ 0x32, 0x1f, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x10, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x22, 0x2b, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x4e, 0x56, - 0x5f, 0x56, 0x41, 0x52, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x02, - 0x22, 0x67, 0x0a, 0x0c, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, - 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x0c, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x08, 0x49, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x61, 0x6d, 0x5f, 0x72, 0x6f, - 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x61, 0x6d, 0x52, 0x6f, 0x6c, - 0x65, 0x12, 0x2e, 0x0a, 0x13, 0x6b, 0x38, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, - 0x6b, 0x38, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x12, 0x40, 0x0a, 0x0d, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x63, 0x6c, 0x69, 0x65, - 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, - 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x11, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x22, 0x96, 0x02, 0x0a, 0x12, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3a, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x66, 0x6c, + 0x65, 0x6e, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x65, 0x6e, 0x76, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x2b, + 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x41, + 0x4e, 0x59, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x4e, 0x56, 0x5f, 0x56, 0x41, 0x52, 0x10, + 0x01, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x02, 0x22, 0x67, 0x0a, 0x0c, 0x4f, + 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x15, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, + 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x61, 0x6d, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x61, 0x6d, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x2e, 0x0a, 0x13, + 0x6b, 0x38, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x6b, 0x38, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x40, 0x0a, 0x0d, + 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x52, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x2d, + 0x0a, 0x12, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x65, 0x78, 0x65, 0x63, + 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x96, 0x02, + 0x0a, 0x12, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, + 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x33, 0x0a, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x52, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x69, 0x64, 0x70, + 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x69, 0x64, 0x70, 0x44, 0x69, + 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, + 0x25, 0x0a, 0x0e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0x1e, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, + 0x0a, 0x12, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x44, 0x45, 0x4e, 0x54, + 0x49, 0x41, 0x4c, 0x53, 0x10, 0x00, 0x22, 0xad, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, + 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x2e, 0x0a, 0x06, 0x72, 0x75, + 0x6e, 0x5f, 0x61, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x66, 0x6c, 0x79, + 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x52, 0x05, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x12, 0x2f, 0x0a, 0x07, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x66, 0x6c, + 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x12, 0x39, 0x0a, 0x06, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, - 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x33, 0x0a, 0x06, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x66, 0x6c, 0x79, 0x74, - 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x34, - 0x0a, 0x16, 0x69, 0x64, 0x70, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, - 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, - 0x69, 0x64, 0x70, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x45, 0x6e, 0x64, 0x70, - 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x6e, - 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0x1e, 0x0a, 0x04, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43, 0x52, - 0x45, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x41, 0x4c, 0x53, 0x10, 0x00, 0x22, 0xad, 0x01, 0x0a, 0x0f, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, - 0x2e, 0x0a, 0x06, 0x72, 0x75, 0x6e, 0x5f, 0x61, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x17, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x05, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x12, - 0x2f, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x15, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, - 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, - 0x12, 0x39, 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x21, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, - 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x42, 0xb3, 0x01, 0x0a, 0x11, - 0x63, 0x6f, 0x6d, 0x2e, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x42, 0x0d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, - 0x6c, 0x79, 0x74, 0x65, 0x6f, 0x72, 0x67, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x2f, 0x66, 0x6c, - 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, - 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0xa2, 0x02, - 0x03, 0x46, 0x43, 0x58, 0xaa, 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, - 0x43, 0x6f, 0x72, 0x65, 0xca, 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, - 0x43, 0x6f, 0x72, 0x65, 0xe2, 0x02, 0x19, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, - 0x43, 0x6f, 0x72, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x0e, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x72, - 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x68, 0x32, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x06, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x42, 0xb3, 0x01, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e, 0x66, + 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x42, 0x0d, 0x53, 0x65, + 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x6f, + 0x72, 0x67, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x2f, 0x66, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, + 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x66, 0x6c, 0x79, 0x74, + 0x65, 0x69, 0x64, 0x6c, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0xa2, 0x02, 0x03, 0x46, 0x43, 0x58, 0xaa, + 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x2e, 0x43, 0x6f, 0x72, 0x65, 0xca, + 0x02, 0x0d, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, 0x43, 0x6f, 0x72, 0x65, 0xe2, + 0x02, 0x19, 0x46, 0x6c, 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x5c, 0x43, 0x6f, 0x72, 0x65, 0x5c, + 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0e, 0x46, 0x6c, + 0x79, 0x74, 0x65, 0x69, 0x64, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json index 45f471248b..526dd13744 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/admin.swagger.json @@ -8013,6 +8013,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json index 40fab85799..f90b6c6ad3 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/agent.swagger.json @@ -1642,6 +1642,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json b/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json index b2cc41f0f6..b80678547d 100644 --- a/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json +++ b/flyteidl/gen/pb-go/gateway/flyteidl/service/external_plugin_service.swagger.json @@ -905,6 +905,10 @@ "mount_requirement": { "$ref": "#/definitions/SecretMountType", "title": "mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail\nif the underlying key management system cannot satisfy that requirement. If not provided, the default location\nwill depend on the key management system.\n+optional" + }, + "env_name": { + "type": "string", + "title": "env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR,\nthen the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.\n+optional" } }, "description": "Secret encapsulates information about the secret a task needs to proceed. An environment variable\nFLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if\nsecrets are passed through environment variables.\nFLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets\nare passed through file mounts." diff --git a/flyteidl/gen/pb-js/flyteidl.d.ts b/flyteidl/gen/pb-js/flyteidl.d.ts index b51cfad923..8b3a26593d 100644 --- a/flyteidl/gen/pb-js/flyteidl.d.ts +++ b/flyteidl/gen/pb-js/flyteidl.d.ts @@ -7171,6 +7171,9 @@ export namespace flyteidl { /** Secret mountRequirement */ mountRequirement?: (flyteidl.core.Secret.MountType|null); + + /** Secret envName */ + envName?: (string|null); } /** Represents a Secret. */ @@ -7194,6 +7197,9 @@ export namespace flyteidl { /** Secret mountRequirement. */ public mountRequirement: flyteidl.core.Secret.MountType; + /** Secret envName. */ + public envName: string; + /** * Creates a new Secret instance using the specified properties. * @param [properties] Properties to set diff --git a/flyteidl/gen/pb-js/flyteidl.js b/flyteidl/gen/pb-js/flyteidl.js index 9ff0d83c82..e14c5bf5ad 100644 --- a/flyteidl/gen/pb-js/flyteidl.js +++ b/flyteidl/gen/pb-js/flyteidl.js @@ -17362,6 +17362,7 @@ * @property {string|null} [groupVersion] Secret groupVersion * @property {string|null} [key] Secret key * @property {flyteidl.core.Secret.MountType|null} [mountRequirement] Secret mountRequirement + * @property {string|null} [envName] Secret envName */ /** @@ -17411,6 +17412,14 @@ */ Secret.prototype.mountRequirement = 0; + /** + * Secret envName. + * @member {string} envName + * @memberof flyteidl.core.Secret + * @instance + */ + Secret.prototype.envName = ""; + /** * Creates a new Secret instance using the specified properties. * @function create @@ -17443,6 +17452,8 @@ writer.uint32(/* id 3, wireType 2 =*/26).string(message.key); if (message.mountRequirement != null && message.hasOwnProperty("mountRequirement")) writer.uint32(/* id 4, wireType 0 =*/32).int32(message.mountRequirement); + if (message.envName != null && message.hasOwnProperty("envName")) + writer.uint32(/* id 5, wireType 2 =*/42).string(message.envName); return writer; }; @@ -17476,6 +17487,9 @@ case 4: message.mountRequirement = reader.int32(); break; + case 5: + message.envName = reader.string(); + break; default: reader.skipType(tag & 7); break; @@ -17513,6 +17527,9 @@ case 2: break; } + if (message.envName != null && message.hasOwnProperty("envName")) + if (!$util.isString(message.envName)) + return "envName: string expected"; return null; }; diff --git a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py index 023c8e4aa3..1ef5fcbcca 100644 --- a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py +++ b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.py @@ -13,7 +13,7 @@ -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1c\x66lyteidl/core/security.proto\x12\rflyteidl.core\"\xd0\x01\n\x06Secret\x12\x14\n\x05group\x18\x01 \x01(\tR\x05group\x12#\n\rgroup_version\x18\x02 \x01(\tR\x0cgroupVersion\x12\x10\n\x03key\x18\x03 \x01(\tR\x03key\x12L\n\x11mount_requirement\x18\x04 \x01(\x0e\x32\x1f.flyteidl.core.Secret.MountTypeR\x10mountRequirement\"+\n\tMountType\x12\x07\n\x03\x41NY\x10\x00\x12\x0b\n\x07\x45NV_VAR\x10\x01\x12\x08\n\x04\x46ILE\x10\x02\"g\n\x0cOAuth2Client\x12\x1b\n\tclient_id\x18\x01 \x01(\tR\x08\x63lientId\x12:\n\rclient_secret\x18\x02 \x01(\x0b\x32\x15.flyteidl.core.SecretR\x0c\x63lientSecret\"\xc6\x01\n\x08Identity\x12\x19\n\x08iam_role\x18\x01 \x01(\tR\x07iamRole\x12.\n\x13k8s_service_account\x18\x02 \x01(\tR\x11k8sServiceAccount\x12@\n\roauth2_client\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x0coauth2Client\x12-\n\x12\x65xecution_identity\x18\x04 \x01(\tR\x11\x65xecutionIdentity\"\x96\x02\n\x12OAuth2TokenRequest\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12:\n\x04type\x18\x02 \x01(\x0e\x32&.flyteidl.core.OAuth2TokenRequest.TypeR\x04type\x12\x33\n\x06\x63lient\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x06\x63lient\x12\x34\n\x16idp_discovery_endpoint\x18\x04 \x01(\tR\x14idpDiscoveryEndpoint\x12%\n\x0etoken_endpoint\x18\x05 \x01(\tR\rtokenEndpoint\"\x1e\n\x04Type\x12\x16\n\x12\x43LIENT_CREDENTIALS\x10\x00\"\xad\x01\n\x0fSecurityContext\x12.\n\x06run_as\x18\x01 \x01(\x0b\x32\x17.flyteidl.core.IdentityR\x05runAs\x12/\n\x07secrets\x18\x02 \x03(\x0b\x32\x15.flyteidl.core.SecretR\x07secrets\x12\x39\n\x06tokens\x18\x03 \x03(\x0b\x32!.flyteidl.core.OAuth2TokenRequestR\x06tokensB\xb3\x01\n\x11\x63om.flyteidl.coreB\rSecurityProtoP\x01Z:github.com/flyteorg/flyte/flyteidl/gen/pb-go/flyteidl/core\xa2\x02\x03\x46\x43X\xaa\x02\rFlyteidl.Core\xca\x02\rFlyteidl\\Core\xe2\x02\x19\x46lyteidl\\Core\\GPBMetadata\xea\x02\x0e\x46lyteidl::Coreb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1c\x66lyteidl/core/security.proto\x12\rflyteidl.core\"\xeb\x01\n\x06Secret\x12\x14\n\x05group\x18\x01 \x01(\tR\x05group\x12#\n\rgroup_version\x18\x02 \x01(\tR\x0cgroupVersion\x12\x10\n\x03key\x18\x03 \x01(\tR\x03key\x12L\n\x11mount_requirement\x18\x04 \x01(\x0e\x32\x1f.flyteidl.core.Secret.MountTypeR\x10mountRequirement\x12\x19\n\x08\x65nv_name\x18\x05 \x01(\tR\x07\x65nvName\"+\n\tMountType\x12\x07\n\x03\x41NY\x10\x00\x12\x0b\n\x07\x45NV_VAR\x10\x01\x12\x08\n\x04\x46ILE\x10\x02\"g\n\x0cOAuth2Client\x12\x1b\n\tclient_id\x18\x01 \x01(\tR\x08\x63lientId\x12:\n\rclient_secret\x18\x02 \x01(\x0b\x32\x15.flyteidl.core.SecretR\x0c\x63lientSecret\"\xc6\x01\n\x08Identity\x12\x19\n\x08iam_role\x18\x01 \x01(\tR\x07iamRole\x12.\n\x13k8s_service_account\x18\x02 \x01(\tR\x11k8sServiceAccount\x12@\n\roauth2_client\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x0coauth2Client\x12-\n\x12\x65xecution_identity\x18\x04 \x01(\tR\x11\x65xecutionIdentity\"\x96\x02\n\x12OAuth2TokenRequest\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12:\n\x04type\x18\x02 \x01(\x0e\x32&.flyteidl.core.OAuth2TokenRequest.TypeR\x04type\x12\x33\n\x06\x63lient\x18\x03 \x01(\x0b\x32\x1b.flyteidl.core.OAuth2ClientR\x06\x63lient\x12\x34\n\x16idp_discovery_endpoint\x18\x04 \x01(\tR\x14idpDiscoveryEndpoint\x12%\n\x0etoken_endpoint\x18\x05 \x01(\tR\rtokenEndpoint\"\x1e\n\x04Type\x12\x16\n\x12\x43LIENT_CREDENTIALS\x10\x00\"\xad\x01\n\x0fSecurityContext\x12.\n\x06run_as\x18\x01 \x01(\x0b\x32\x17.flyteidl.core.IdentityR\x05runAs\x12/\n\x07secrets\x18\x02 \x03(\x0b\x32\x15.flyteidl.core.SecretR\x07secrets\x12\x39\n\x06tokens\x18\x03 \x03(\x0b\x32!.flyteidl.core.OAuth2TokenRequestR\x06tokensB\xb3\x01\n\x11\x63om.flyteidl.coreB\rSecurityProtoP\x01Z:github.com/flyteorg/flyte/flyteidl/gen/pb-go/flyteidl/core\xa2\x02\x03\x46\x43X\xaa\x02\rFlyteidl.Core\xca\x02\rFlyteidl\\Core\xe2\x02\x19\x46lyteidl\\Core\\GPBMetadata\xea\x02\x0e\x46lyteidl::Coreb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -23,17 +23,17 @@ DESCRIPTOR._options = None DESCRIPTOR._serialized_options = b'\n\021com.flyteidl.coreB\rSecurityProtoP\001Z:github.com/flyteorg/flyte/flyteidl/gen/pb-go/flyteidl/core\242\002\003FCX\252\002\rFlyteidl.Core\312\002\rFlyteidl\\Core\342\002\031Flyteidl\\Core\\GPBMetadata\352\002\016Flyteidl::Core' _globals['_SECRET']._serialized_start=48 - _globals['_SECRET']._serialized_end=256 - _globals['_SECRET_MOUNTTYPE']._serialized_start=213 - _globals['_SECRET_MOUNTTYPE']._serialized_end=256 - _globals['_OAUTH2CLIENT']._serialized_start=258 - _globals['_OAUTH2CLIENT']._serialized_end=361 - _globals['_IDENTITY']._serialized_start=364 - _globals['_IDENTITY']._serialized_end=562 - _globals['_OAUTH2TOKENREQUEST']._serialized_start=565 - _globals['_OAUTH2TOKENREQUEST']._serialized_end=843 - _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_start=813 - _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_end=843 - _globals['_SECURITYCONTEXT']._serialized_start=846 - _globals['_SECURITYCONTEXT']._serialized_end=1019 + _globals['_SECRET']._serialized_end=283 + _globals['_SECRET_MOUNTTYPE']._serialized_start=240 + _globals['_SECRET_MOUNTTYPE']._serialized_end=283 + _globals['_OAUTH2CLIENT']._serialized_start=285 + _globals['_OAUTH2CLIENT']._serialized_end=388 + _globals['_IDENTITY']._serialized_start=391 + _globals['_IDENTITY']._serialized_end=589 + _globals['_OAUTH2TOKENREQUEST']._serialized_start=592 + _globals['_OAUTH2TOKENREQUEST']._serialized_end=870 + _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_start=840 + _globals['_OAUTH2TOKENREQUEST_TYPE']._serialized_end=870 + _globals['_SECURITYCONTEXT']._serialized_start=873 + _globals['_SECURITYCONTEXT']._serialized_end=1046 # @@protoc_insertion_point(module_scope) diff --git a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi index 028f85204a..0cf1c3586e 100644 --- a/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi +++ b/flyteidl/gen/pb_python/flyteidl/core/security_pb2.pyi @@ -7,7 +7,7 @@ from typing import ClassVar as _ClassVar, Iterable as _Iterable, Mapping as _Map DESCRIPTOR: _descriptor.FileDescriptor class Secret(_message.Message): - __slots__ = ["group", "group_version", "key", "mount_requirement"] + __slots__ = ["group", "group_version", "key", "mount_requirement", "env_name"] class MountType(int, metaclass=_enum_type_wrapper.EnumTypeWrapper): __slots__ = [] ANY: _ClassVar[Secret.MountType] @@ -20,11 +20,13 @@ class Secret(_message.Message): GROUP_VERSION_FIELD_NUMBER: _ClassVar[int] KEY_FIELD_NUMBER: _ClassVar[int] MOUNT_REQUIREMENT_FIELD_NUMBER: _ClassVar[int] + ENV_NAME_FIELD_NUMBER: _ClassVar[int] group: str group_version: str key: str mount_requirement: Secret.MountType - def __init__(self, group: _Optional[str] = ..., group_version: _Optional[str] = ..., key: _Optional[str] = ..., mount_requirement: _Optional[_Union[Secret.MountType, str]] = ...) -> None: ... + env_name: str + def __init__(self, group: _Optional[str] = ..., group_version: _Optional[str] = ..., key: _Optional[str] = ..., mount_requirement: _Optional[_Union[Secret.MountType, str]] = ..., env_name: _Optional[str] = ...) -> None: ... class OAuth2Client(_message.Message): __slots__ = ["client_id", "client_secret"] diff --git a/flyteidl/gen/pb_rust/flyteidl.core.rs b/flyteidl/gen/pb_rust/flyteidl.core.rs index 135c5d1f65..39136be47a 100644 --- a/flyteidl/gen/pb_rust/flyteidl.core.rs +++ b/flyteidl/gen/pb_rust/flyteidl.core.rs @@ -1050,6 +1050,11 @@ pub struct Secret { /// +optional #[prost(enumeration="secret::MountType", tag="4")] pub mount_requirement: i32, + /// env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + /// then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + /// +optional + #[prost(string, tag="5")] + pub env_name: ::prost::alloc::string::String, } /// Nested message and enum types in `Secret`. pub mod secret { diff --git a/flyteidl/protos/flyteidl/core/security.proto b/flyteidl/protos/flyteidl/core/security.proto index 3aba017476..02193c28a4 100644 --- a/flyteidl/protos/flyteidl/core/security.proto +++ b/flyteidl/protos/flyteidl/core/security.proto @@ -43,6 +43,11 @@ message Secret { // will depend on the key management system. // +optional MountType mount_requirement = 4; + + // env_name is optional. Custom environment name to set the value of the secret. If mount_requirement is ENV_VAR, + // then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file. + // +optional + string env_name = 5; } // OAuth2Client encapsulates OAuth2 Client Credentials to be used when making calls on behalf of that task. diff --git a/flytepropeller/pkg/webhook/k8s_secrets.go b/flytepropeller/pkg/webhook/k8s_secrets.go index 68bb8669d2..28e1582abc 100644 --- a/flytepropeller/pkg/webhook/k8s_secrets.go +++ b/flytepropeller/pkg/webhook/k8s_secrets.go @@ -75,11 +75,26 @@ func (i K8sSecretInjector) Inject(ctx context.Context, secret *core.Secret, p *c p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, prefixEnvVar) p.Spec.Containers = AppendEnvVars(p.Spec.Containers, prefixEnvVar) + + if secret.GetEnvName() != "" { + extraEnvVar := CreateVolumeMountEnvVarForSecretWithEnvName(secret) + p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, extraEnvVar) + p.Spec.Containers = AppendEnvVars(p.Spec.Containers, extraEnvVar) + } + case core.Secret_ENV_VAR: envVar := CreateEnvVarForSecret(secret) p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, envVar) p.Spec.Containers = AppendEnvVars(p.Spec.Containers, envVar) + if secret.GetEnvName() != "" { + extraEnvVar := *envVar.DeepCopy() + extraEnvVar.Name = secret.GetEnvName() + + p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, extraEnvVar) + p.Spec.Containers = AppendEnvVars(p.Spec.Containers, extraEnvVar) + } + prefixEnvVar := corev1.EnvVar{ Name: SecretEnvVarPrefix, Value: K8sDefaultEnvVarPrefix, diff --git a/flytepropeller/pkg/webhook/k8s_secrets_test.go b/flytepropeller/pkg/webhook/k8s_secrets_test.go index ac8cdf0649..b14d3b0a67 100644 --- a/flytepropeller/pkg/webhook/k8s_secrets_test.go +++ b/flytepropeller/pkg/webhook/k8s_secrets_test.go @@ -182,6 +182,95 @@ func TestK8sSecretInjector_Inject(t *testing.T) { }, } + successPodEnvWithEnvName := corev1.Pod{ + Spec: corev1.PodSpec{ + InitContainers: []corev1.Container{}, + Containers: []corev1.Container{ + { + Name: "container1", + Env: []corev1.EnvVar{ + { + Name: "_FSEC_GROUP_HELLO", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "HELLO", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "grOUP", + }, + Optional: &optional, + }, + }, + }, + { + Name: "MY_CUSTOM_ENV", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "HELLO", + LocalObjectReference: corev1.LocalObjectReference{ + Name: "grOUP", + }, + Optional: &optional, + }, + }, + }, + { + Name: "FLYTE_SECRETS_ENV_PREFIX", + Value: "_FSEC_", + }, + }, + }, + }, + }, + } + + successPodFileWithName := corev1.Pod{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + { + Name: "m4ze5vkql3", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "grOUP", + Items: []corev1.KeyToPath{ + { + Key: "HELLO", + Path: "hello", + }, + }, + Optional: &optional, + }, + }, + }, + }, + InitContainers: []corev1.Container{}, + Containers: []corev1.Container{ + { + Name: "container1", + VolumeMounts: []corev1.VolumeMount{ + { + Name: "m4ze5vkql3", + MountPath: "/etc/flyte/secrets/group", + ReadOnly: true, + }, + }, + Env: []corev1.EnvVar{ + { + Name: "FLYTE_SECRETS_DEFAULT_DIR", + Value: "/etc/flyte/secrets", + }, + { + Name: "FLYTE_SECRETS_FILE_PREFIX", + }, + { + Name: "MY_CUSTOM_ENV", + Value: "/etc/flyte/secrets/group/hello", + }, + }, + }, + }, + }, + } + ctx := context.Background() type args struct { secret *coreIdl.Secret @@ -197,9 +286,14 @@ func TestK8sSecretInjector_Inject(t *testing.T) { want: &corev1.Pod{}, wantErr: true}, {name: "simple", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_ENV_VAR}, p: inputPod.DeepCopy()}, want: &successPodEnv, wantErr: false}, + {name: "simple with env_name", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_ENV_VAR, EnvName: "MY_CUSTOM_ENV"}, p: inputPod.DeepCopy()}, + want: &successPodEnvWithEnvName, wantErr: false}, {name: "require file single", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_FILE}, p: inputPod.DeepCopy()}, want: &successPodFile, wantErr: false}, + {name: "require file single with name", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_FILE, EnvName: "MY_CUSTOM_ENV"}, + p: inputPod.DeepCopy()}, + want: &successPodFileWithName, wantErr: false}, {name: "require file multiple from same secret group", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "world", MountRequirement: coreIdl.Secret_FILE}, p: successPodFile.DeepCopy()}, want: &successPodMultiFiles, wantErr: false}, diff --git a/flytepropeller/pkg/webhook/utils.go b/flytepropeller/pkg/webhook/utils.go index 9d40cbbe6f..71c66f1246 100644 --- a/flytepropeller/pkg/webhook/utils.go +++ b/flytepropeller/pkg/webhook/utils.go @@ -67,6 +67,13 @@ func CreateVolumeMountForSecret(volumeName string, secret *core.Secret) corev1.V } } +func CreateVolumeMountEnvVarForSecretWithEnvName(secret *core.Secret) corev1.EnvVar { + return corev1.EnvVar{ + Name: secret.GetEnvName(), + Value: filepath.Join(filepath.Join(K8sSecretPathPrefix...), strings.ToLower(secret.GetGroup()), strings.ToLower(secret.GetKey())), + } +} + func AppendVolumeMounts(containers []corev1.Container, mount corev1.VolumeMount) []corev1.Container { res := make([]corev1.Container, 0, len(containers)) for _, c := range containers {