search

argoproj / argo-workflows

Workflow Engine for Kubernetes
https://argo-workflows.readthedocs.io/
Apache License 2.0
14.61k stars 3.13k forks source link

Python SDK auth token #10196

Open alejoGT1202 opened 1 year ago

alejoGT1202 commented 1 year ago

Pre-requisites

What happened/what you expected to happen?

I am trying to use the to use BearerToken as the authentication method with the Python SDK but I'm getting the following error: 

argo_workflows.exceptions.UnauthorizedException: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json', 'Trailer': 'Grpc-Trailer-Content-Type', 'Date': 'Fri, 09 Dec 2022 11:56:47 GMT', 'Transfer-Encoding': 'chunked'})
HTTP response body: {"code":16,"message":"token not valid for running mode"}

However if I used my token with curl --insecure --request GET --url https://localhost:2746/api/v1/workflows/argo-v2 -H "Authorization: $ARGO_TOKEN" I can access to the argo-server and get information from it.

Version

v.3.3.8

Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.

import yaml
import requests
import os
import argo_workflows
from argo_workflows.api import workflow_service_api
from argo_workflows.model.io_argoproj_workflow_v1alpha1_workflow_create_request import (IoArgoprojWorkflowV1alpha1WorkflowCreateRequest,)
from pprint import pprint

os.environ["ARGO_TOKEN"] = "My token info..."
api_key = {"BearerToken": os.environ["ARGO_TOKEN"]}
api_key_prefix = {"BearerToken": "Bearer"}

host = "https://localhost:2746" # url of argo server
namespace = "argo-v2"
configuration = argo_workflows.Configuration(
    host=host,
    api_key=api_key,
    api_key_prefix=api_key_prefix,
)
configuration.verify_ssl = False
configuration.discard_unknown_keys = True
print(configuration.to_debug_report())
api_client = argo_workflows.ApiClient(configuration)
api_instance = workflow_service_api.WorkflowServiceApi(api_client)
resp = api_instance.list_workflows(namespace, async_req=False)
pprint(resp)

Logs from the ~workflow controller~ SDK

Python SDK Debug Report:
OS: linux
Python Version: 3.8.10 (default, Nov 14 2022, 12:59:47) 
[GCC 9.4.0]
Version of the API: VERSION
SDK Package Version: 6.3.0-rc2
/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host 'localhost'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
Traceback (most recent call last):
  File "main.py", line 44, in <module>
    resp = api_instance.list_workflows(namespace, async_req=False)
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api_client.py", line 771, in __call__
    return self.callable(self, *args, **kwargs)
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api/workflow_service_api.py", line 682, in __list_workflows
    return self.call_with_http_info(**kwargs)
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api_client.py", line 833, in call_with_http_info
    return self.api_client.call_api(
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api_client.py", line 408, in call_api
    return self.__call_api(resource_path, method,
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api_client.py", line 202, in __call_api
    raise e
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api_client.py", line 195, in __call_api
    response_data = self.request(
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/api_client.py", line 434, in request
    return self.rest_client.GET(url,
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/rest.py", line 231, in GET
    return self.request("GET", url,
  File "/home/alejo/Documents/Nodes/Nodes/lib/python3.8/site-packages/argo_workflows/rest.py", line 214, in request
    raise UnauthorizedException(http_resp=r)
argo_workflows.exceptions.UnauthorizedException: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json', 'Trailer': 'Grpc-Trailer-Content-Type', 'Date': 'Fri, 09 Dec 2022 11:56:47 GMT', 'Transfer-Encoding': 'chunked'})
HTTP response body: {"code":16,"message":"token not valid for running mode"}

Logs from in your workflow's wait container

n/a

alejoGT1202 commented 1 year ago

I was able to overcome this issue by changing the host from "https://localhost:2746" to http://localhost:2746. However, now I'm getting the following error:

urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=2746): Max retries exceeded with url: /api/v1/workflows/argo-v2 (Caused by ProtocolError('Connection aborted.', RemoteDisconnected('Remote end closed connection without response')))

If I run the curl command I get the response I'm expecting. I have tried to increase the retries param in the configuration but still not getting the response. I can see from the terminal that I'm port-forwarding that it's my request it's trying to do something because the value I set on retries parameter is the number of times the terminal prints:

Handling connection for 2746 message.

Do I have a bad configuration that it's not allowing me to access to argo-server using the SDK?

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions.

karantandon91 commented 1 year ago

This can be resolved by using

access_token = f"Bearer {token_value}"
api_client.set_default_header("Authorization", access_token)
stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions.

stale[bot] commented 10 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.