Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inject keyrings.google-artifactregistry-auth for private GCP PyPi registry #1772

Merged
merged 2 commits into from
Mar 27, 2024
Merged

inject keyrings.google-artifactregistry-auth for private GCP PyPi registry #1772

merged 2 commits into from
Mar 27, 2024

Conversation

madhur-ob
Copy link
Collaborator

@madhur-ob madhur-ob changed the title inject keyrings.google-artifactregistry-auth for private GCP PyPi registry [WIP]: inject keyrings.google-artifactregistry-auth for private GCP PyPi registry Mar 25, 2024
@madhur-ob
Copy link
Collaborator Author

Tried with the following: GOOGLE_APPLICATION_CREDENTIALS=~/Desktop/outerbounds/mf-af-gcp-exploration-f72606b8ba0c.json python ../pypi_flow.py --environment=pypi run

where pypi_flow.py contains:

from metaflow import FlowSpec, step, pypi

class PetFlow(FlowSpec):

    @pypi(python='3.10.13',
          packages={'swagger-petstore-open-api-3-0-client': '1.0.11'})
    @step
    def start(self):
        from swagger_petstore_open_api_3_0_client.api import pet
        self.next(self.end)

    @step
    def end(self):
        pass

if __name__ == '__main__':
    PetFlow()

with output of pip config list being global.extra-index-url='https://us-python.pkg.dev/mf-af-gcp-exploration/demo/simple/'

The generated conda.manifest has mention of keyrings.google-artifactregistry-auth too

But we still get the following issue:

Pip ran into an error while setting up environment:
    command '/Users/madhur/.metaflowconfig/micromamba/bin/micromamba run --prefix /Users/madhur/micromamba/envs/metaflow/osx-arm64/143d2ae86eb9a80 pip3 --disable-pip-version-check --no-input --no-color --isolated install --dry-run --only-binary=:all: --upgrade-strategy=only-if-needed --target=/var/folders/f6/bbbh6_0j2hs4rk56x39f3vlh0000gn/T/tmpupbw8ra8 --report=/var/folders/f6/bbbh6_0j2hs4rk56x39f3vlh0000gn/T/tmpupbw8ra8/report.json --progress-bar=off --quiet --extra-index-url https://us-python.pkg.dev/mf-af-gcp-exploration/demo/simple/ --abi none --abi abi3 --abi cp310 --platform macosx_10_8_universal2 --platform macosx_13_0_arm64 --platform macosx_11_0_universal2 --platform macosx_14_0_arm64 --platform macosx_10_6_universal2 --platform any --platform macosx_10_7_universal2 --platform macosx_10_13_universal2 --platform macosx_10_14_universal2 --platform macosx_12_0_arm64 --platform macosx_11_0_arm64 --platform macosx_10_10_universal2 --platform macosx_14_0_universal2 --platform macosx_10_15_universal2 --platform macosx_10_12_universal2 --platform macosx_10_4_universal2 --platform macosx_10_16_universal2 --platform macosx_13_0_universal2 --platform macosx_10_11_universal2 --platform macosx_12_0_universal2 --platform macosx_10_9_universal2 --platform macosx_10_5_universal2 requests>=2.21.0 keyrings.google-artifactregistry-auth>=1.1.1 swagger-petstore-open-api-3-0-client==1.0.11' returned error (1) 
    ERROR: Could not find a version that satisfies the requirement swagger-petstore-open-api-3-0-client==1.0.11 (from versions: none)
    ERROR: No matching distribution found for swagger-petstore-open-api-3-0-client==1.0.11

@madhur-ob madhur-ob changed the title [WIP]: inject keyrings.google-artifactregistry-auth for private GCP PyPi registry inject keyrings.google-artifactregistry-auth for private GCP PyPi registry Mar 26, 2024
@madhur-ob
Copy link
Collaborator Author

@savingoyal @saikonen this fixes and I can confirm the PR works now...
python ../pypi_flow.py --environment=pypi run fails with

Metaflow 2.11.6.post2+git7416d63 executing PetFlow for user:madhur
Validating your flow...
    The graph looks good!
Running pylint...
    Pylint is happy!
Bootstrapping virtual environment(s) ...
    Pip ran into an error while setting up environment:
    command '/Users/madhur/.metaflowconfig/micromamba/bin/micromamba run --prefix /Users/madhur/micromamba/envs/metaflow/osx-arm64/79625b536ad4c9f pip3 --disable-pip-version-check --no-color --no-input --isolated install --dry-run --only-binary=:all: --upgrade-strategy=only-if-needed --target=/var/folders/f6/bbbh6_0j2hs4rk56x39f3vlh0000gn/T/tmpojxmrkfy --report=/var/folders/f6/bbbh6_0j2hs4rk56x39f3vlh0000gn/T/tmpojxmrkfy/report.json --progress-bar=off --quiet --extra-index-url https://us-python.pkg.dev/mf-af-gcp-exploration/demo/simple/ --abi none --abi cp310 --abi abi3 --platform macosx_10_11_universal2 --platform macosx_10_16_universal2 --platform macosx_10_10_universal2 --platform macosx_11_0_universal2 --platform macosx_13_0_arm64 --platform macosx_10_5_universal2 --platform macosx_12_0_universal2 --platform macosx_10_6_universal2 --platform macosx_10_14_universal2 --platform macosx_10_13_universal2 --platform macosx_10_12_universal2 --platform macosx_11_0_arm64 --platform macosx_10_7_universal2 --platform macosx_13_0_universal2 --platform macosx_10_4_universal2 --platform macosx_10_15_universal2 --platform macosx_10_9_universal2 --platform macosx_14_0_universal2 --platform macosx_10_8_universal2 --platform any --platform macosx_12_0_arm64 --platform macosx_14_0_arm64 swagger-petstore-open-api-3-0-client==1.0.11' returned error (1) 
    ERROR: Could not find a version that satisfies the requirement swagger-petstore-open-api-3-0-client==1.0.11 (from versions: none)
    ERROR: No matching distribution found for swagger-petstore-open-api-3-0-client==1.0.11

while GOOGLE_APPLICATION_CREDENTIALS=~/Desktop/outerbounds/mf-af-gcp-exploration-f72606b8ba0c.json python ../pypi_flow.py --environment=pypi run passes with

Metaflow 2.11.6.post2+git7416d63 executing PetFlow for user:madhur
Validating your flow...
    The graph looks good!
Running pylint...
    Pylint is happy!
Bootstrapping virtual environment(s) ...
Virtual environment(s) bootstrapped!
2024-03-27 03:57:08.941 Workflow starting (run-id 1711492028939890):
2024-03-27 03:57:08.992 [1711492028939890/start/1 (pid 40529)] Task is starting.
2024-03-27 03:57:09.251 [1711492028939890/start/1 (pid 40529)] Task finished successfully.
2024-03-27 03:57:09.291 [1711492028939890/end/2 (pid 40539)] Task is starting.
2024-03-27 03:57:09.493 [1711492028939890/end/2 (pid 40539)] Task finished successfully.
2024-03-27 03:57:09.494 Done!

output of pip config list is
global.extra-index-url='https://us-python.pkg.dev/mf-af-gcp-exploration/demo/simple/'

saikonen
saikonen reviewed Mar 27, 2024
View reviewed changes
metaflow/plugins/pypi/pip.py
@@ -258,6 +258,15 @@ def indices(self, prefix):
return index, extras

def _call(self, prefix, args, env=None, isolated=True):
# `--no-input` flag should not be passed when credentials
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you go into a bit more detail why removing the --no-input was necessary? we don't want to require/enable any user interaction with the pip3 calls.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I am not sure. What I observed was that perhaps keyring tries to inject the creds dynamically using the json file passed to the env variable. And that apparently doesn't work when we use --no-input

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will likely break the pypi solver. can we roll back this PR and discuss this issue?

@saikonen saikonen merged commit 208897c into Netflix:master Mar 27, 2024
34 checks passed
savingoyal
savingoyal reviewed Mar 27, 2024
View reviewed changes
metaflow/plugins/pypi/conda_environment.py
@@ -254,6 +245,14 @@ def get_environment(self, step):
msg += "step is not yet supported. Use one of @pypi or @conda only."
raise CondaEnvironmentException(msg)

# Certain packages are required for metaflow runtime to function correctly.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does line 241:246 work as expected with this change?

@madhur-ob madhur-ob deleted the gcp-keyring branch March 27, 2024 20:52
@madhur-ob madhur-ob mentioned this pull request Mar 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@savingoyal savingoyal savingoyal left review comments

@saikonen saikonen saikonen left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support GCP-auth for private PyPi repositories
3 participants
@madhur-ob @savingoyal @saikonen