From 17d2e24389e1a5e48a2a7f10f80ae6caceccf428 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Tue, 10 Jan 2023 15:05:18 -0800 Subject: [PATCH 1/8] add stuffs for secrets Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 44 ++++++++++++++++++++++++++++++++++++++ latch_cli/config/latch.py | 3 ++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 latch/functions/secrets.py diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py new file mode 100644 index 00000000..f88d81e0 --- /dev/null +++ b/latch/functions/secrets.py @@ -0,0 +1,44 @@ +import os +import webbrowser + +from latch_cli.config.latch import _LatchConfig +from latch_cli.tinyrequests import post +from latch_cli.utils import current_workspace, retrieve_or_login + +config = _LatchConfig() +endpoints = config.sdk_endpoints + + +def get_secret(secret_name: str): + internal_execution_id = os.environ.get("FLYTE_INTERNAL_EXECUTION_ID") + if internal_execution_id is None: + return _get_secret_local(secret_name) + + resp = post( + url=endpoints["get-secret"], + json={ + "internal_execution_id": internal_execution_id, + "secret_name": secret_name, + }, + ) + + if resp.status_code != 200: + raise ValueError(resp.json()["error"]["data"]["error"]) + + return resp["secret"] + + +def _get_secret_local(secret_name: str): + resp = post( + url=endpoints["get-secret-local"], + json={ + "ws_account_id": current_workspace(), + "secret_name": secret_name, + }, + headers={"Authorization": f"Bearer {retrieve_or_login()}"}, + ) + + if resp.status_code != 200: + raise ValueError(resp.json()["error"]["data"]["error"]) + + return resp["secret"] diff --git a/latch_cli/config/latch.py b/latch_cli/config/latch.py index 9baab6c7..91a64319 100644 --- a/latch_cli/config/latch.py +++ b/latch_cli/config/latch.py @@ -42,11 +42,12 @@ "local-development": "/sdk/initiate-local-development-session", "close-local-development": "/sdk/close-local-development-session", "get-latest-version": "/sdk/get-latest-version", + "get-secret": "/secrets/get", + "get-secret-local": "/secrets/get-local", } class _LatchConfig: - dkr_repo = "812206152185.dkr.ecr.us-west-2.amazonaws.com" def __init__(self): From 466e3e801ee3cea67cfde45e539237030718d535 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Wed, 11 Jan 2023 10:53:27 -0800 Subject: [PATCH 2/8] bug fixes Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index f88d81e0..31682979 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -10,6 +10,7 @@ def get_secret(secret_name: str): + """ """ internal_execution_id = os.environ.get("FLYTE_INTERNAL_EXECUTION_ID") if internal_execution_id is None: return _get_secret_local(secret_name) @@ -18,14 +19,14 @@ def get_secret(secret_name: str): url=endpoints["get-secret"], json={ "internal_execution_id": internal_execution_id, - "secret_name": secret_name, + "name": secret_name, }, ) if resp.status_code != 200: raise ValueError(resp.json()["error"]["data"]["error"]) - return resp["secret"] + return resp.json()["secret"] def _get_secret_local(secret_name: str): @@ -33,7 +34,7 @@ def _get_secret_local(secret_name: str): url=endpoints["get-secret-local"], json={ "ws_account_id": current_workspace(), - "secret_name": secret_name, + "name": secret_name, }, headers={"Authorization": f"Bearer {retrieve_or_login()}"}, ) @@ -41,4 +42,4 @@ def _get_secret_local(secret_name: str): if resp.status_code != 200: raise ValueError(resp.json()["error"]["data"]["error"]) - return resp["secret"] + return resp.json()["secret"] From 30d55d3233e23e6d0ea5e313da0770a431bedfd1 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Wed, 11 Jan 2023 10:54:11 -0800 Subject: [PATCH 3/8] del extra docstring Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 1 - 1 file changed, 1 deletion(-) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index 31682979..5be5cf45 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -10,7 +10,6 @@ def get_secret(secret_name: str): - """ """ internal_execution_id = os.environ.get("FLYTE_INTERNAL_EXECUTION_ID") if internal_execution_id is None: return _get_secret_local(secret_name) From 2da38179bf94194f654a766a082a0072f90ac213 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Wed, 11 Jan 2023 10:54:28 -0800 Subject: [PATCH 4/8] del extra import Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 1 - 1 file changed, 1 deletion(-) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index 5be5cf45..be05e3ba 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -1,5 +1,4 @@ import os -import webbrowser from latch_cli.config.latch import _LatchConfig from latch_cli.tinyrequests import post From abeff10afba2d90d85b029e1993ec4bb757cb806 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Wed, 11 Jan 2023 11:57:34 -0800 Subject: [PATCH 5/8] add small docstring Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index be05e3ba..8e43689c 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -9,6 +9,14 @@ def get_secret(secret_name: str): + """ + A utility to allow users to reference secrets stored in their workspace on + Latch. + + Examples: + >>> get_secret("test-secret") + "test-value-123" + """ internal_execution_id = os.environ.get("FLYTE_INTERNAL_EXECUTION_ID") if internal_execution_id is None: return _get_secret_local(secret_name) From 2ca601f289d569197f5dffb5f711e7492018b260 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Wed, 11 Jan 2023 14:11:13 -0800 Subject: [PATCH 6/8] change error prints Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index 8e43689c..4cbb9b50 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -30,7 +30,7 @@ def get_secret(secret_name: str): ) if resp.status_code != 200: - raise ValueError(resp.json()["error"]["data"]["error"]) + raise ValueError(resp.json()["error"]) return resp.json()["secret"] @@ -46,6 +46,6 @@ def _get_secret_local(secret_name: str): ) if resp.status_code != 200: - raise ValueError(resp.json()["error"]["data"]["error"]) + raise ValueError(resp.json()["error"]) return resp.json()["secret"] From 8c5f5f6dd8c3b7997bb3a8cb63fc738ed9d708b9 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Sat, 14 Jan 2023 08:20:15 -0800 Subject: [PATCH 7/8] make changes based on nucleus changes Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index b81fd172..54e2aa97 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -14,14 +14,14 @@ def get_secret(secret_name: str): >>> get_secret("test-secret") "test-value-123" """ - internal_execution_id = os.environ.get("FLYTE_INTERNAL_EXECUTION_ID") - if internal_execution_id is None: + execution_token = os.environ.get("FLYTE_INTERNAL_EXECUTION_ID") + if execution_token is None: return _get_secret_local(secret_name) resp = post( - url=endpoints["get-secret"], + url=config.api.user.get_secret, json={ - "internal_execution_id": internal_execution_id, + "execution_token": execution_token, "name": secret_name, }, ) @@ -34,7 +34,7 @@ def get_secret(secret_name: str): def _get_secret_local(secret_name: str): resp = post( - url=endpoints["get-secret-local"], + url=config.api.user.get_secret_local, json={ "ws_account_id": current_workspace(), "name": secret_name, From 8927f4db25b3c7fd4fd3ffb62532b33ea9ffaaa1 Mon Sep 17 00:00:00 2001 From: Ayush Kamat Date: Sat, 14 Jan 2023 08:23:15 -0800 Subject: [PATCH 8/8] add perms disclaimer Signed-off-by: Ayush Kamat --- latch/functions/secrets.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/latch/functions/secrets.py b/latch/functions/secrets.py index 54e2aa97..c48c149c 100644 --- a/latch/functions/secrets.py +++ b/latch/functions/secrets.py @@ -10,6 +10,11 @@ def get_secret(secret_name: str): A utility to allow users to reference secrets stored in their workspace on Latch. + Important: When running an execution locally, whether on your own computer + or using `latch develop`, the only secrets you will be able to access are + the ones in your personal workspace. To use secrets from a shared workspace, + register your workflow and run it on Latch. + Examples: >>> get_secret("test-secret") "test-value-123"