Only check for secret groups during registration context (#2381)

* Only check for secret groups during registration context Signed-off-by: Thomas J. Fan <thomasjpfan@gmail.com> * Only check for secrets during registration Signed-off-by: Thomas J. Fan <thomasjpfan@gmail.com> * Adds test to check behavior Signed-off-by: Thomas J. Fan <thomasjpfan@gmail.com> * Lint Signed-off-by: Thomas J. Fan <thomasjpfan@gmail.com> --------- Signed-off-by: Thomas J. Fan <thomasjpfan@gmail.com>
flyteorg · Apr 26, 2024 · e4ba876 · e4ba876
1 parent afa1fc7
commit e4ba876
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/flytekit/models/security.py b/flytekit/models/security.py
@@ -42,8 +42,12 @@ class MountType(Enum):
 
     def __post_init__(self):
         from flytekit.configuration.plugin import get_plugin
+        from flytekit.core.context_manager import FlyteContextManager
 
-        if get_plugin().secret_requires_group() and self.group is None:
+        # Only check for the groups during registration.
+        execution = FlyteContextManager.current_context().execution_state
+        in_registration_context = execution.mode is None
+        if in_registration_context and get_plugin().secret_requires_group() and self.group is None:
             raise ValueError("Group is a required parameter")
 
     def to_flyte_idl(self) -> _sec.Secret:

diff --git a/tests/flytekit/unit/models/core/test_security.py b/tests/flytekit/unit/models/core/test_security.py
@@ -3,6 +3,7 @@
 import pytest
 
 import flytekit.configuration.plugin
+from flytekit.core.context_manager import ExecutionState
 from flytekit.models.security import Secret
 
 
@@ -37,3 +38,16 @@ def test_secret_no_group(monkeypatch):
 
     s = Secret(key="key")
     assert s.group is None
+
+
+@pytest.mark.parametrize("execution_mode", list(ExecutionState.Mode))
+def test_security_execution_context(monkeypatch, execution_mode, tmpdir):
+    # Check that groups in Secrets during any execution state
+    context_manager = Mock()
+    context = Mock()
+    context_manager.current_context.return_value = context
+    context.execution_state = ExecutionState(working_dir=tmpdir, mode=execution_mode)
+
+    monkeypatch.setattr(flytekit.core.context_manager, "FlyteContextManager", context_manager)
+    s = Secret(key="key")
+    assert s.group is None