flyteorg · katrogan · Mar 25, 2021 · Mar 24, 2021 · Mar 25, 2021 · Mar 25, 2021
@@ -35,7 +35,7 @@ flake8==3.9.0
     #   flake8-isort
 iniconfig==1.1.1
     # via pytest
-isort==5.7.0
+isort==5.8.0
     # via
     #   -r dev-requirements.in
     #   flake8-isort
@@ -65,7 +65,7 @@ py==1.10.0
     #   pytest
 pycodestyle==2.7.0
     # via flake8
-pyflakes==2.3.0
+pyflakes==2.3.1
     # via flake8
 pyparsing==2.4.7
     # via

@@ -41,9 +41,9 @@ black==19.10b0
     #   papermill
 bleach==3.3.0
     # via nbconvert
-boto3==1.17.32
+boto3==1.17.36
     # via sagemaker-training
-botocore==1.20.32
+botocore==1.20.36
     # via
     #   boto3
     #   s3transfer
@@ -62,7 +62,7 @@ click==7.1.2
     #   flytekit
     #   hmsclient
     #   papermill
-croniter==1.0.8
+croniter==1.0.10
     # via flytekit
 cryptography==3.4.6
     # via
@@ -90,10 +90,8 @@ entrypoints==0.3
     # via
     #   nbconvert
     #   papermill
-flyteidl==0.18.24
+flyteidl==0.18.26
     # via flytekit
-future==0.18.2
-    # via croniter
 gevent==21.1.2
     # via sagemaker-training
 greenlet==1.0.0
@@ -146,11 +144,11 @@ jupyterlab-pygments==0.1.2
     # via nbconvert
 k8s-proto==0.0.3
     # via flytekit
-keyring==23.0.0
+keyring==23.0.1
     # via flytekit
-lazy-object-proxy==1.5.2
+lazy-object-proxy==1.6.0
     # via astroid
-lxml==4.6.2
+lxml==4.6.3
     # via sphinx-material
 markupsafe==1.1.1
     # via jinja2
@@ -165,9 +163,7 @@ mistune==0.8.4
 mypy-extensions==0.4.3
     # via typing-inspect
 natsort==7.1.1
-    # via
-    #   croniter
-    #   flytekit
+    # via flytekit
 nbclient==0.5.3
     # via
     #   nbconvert
@@ -210,7 +206,7 @@ pexpect==4.8.0
     # via ipython
 pickleshare==0.7.5
     # via ipython
-prompt-toolkit==3.0.17
+prompt-toolkit==3.0.18
     # via ipython
 protobuf==3.15.6
     # via
@@ -289,7 +285,7 @@ sagemaker-training==3.7.3
     # via flytekit
 scantree==0.0.1
     # via dirhash
-scipy==1.6.1
+scipy==1.6.2
     # via sagemaker-training
 six==1.15.0
     # via
@@ -324,9 +320,9 @@ sphinx-gallery==0.8.2
     # via -r doc-requirements.in
 sphinx-material==0.0.32
     # via -r doc-requirements.in
-sphinx-prompt==1.3.0
+sphinx-prompt==1.4.0
     # via -r doc-requirements.in
-sphinx==3.5.2
+sphinx==3.5.3
     # via
     #   -r doc-requirements.in
     #   sphinx-autoapi
@@ -411,7 +407,7 @@ zipp==3.4.1
     # via importlib-metadata
 zope.event==4.5.0
     # via gevent
-zope.interface==5.2.0
+zope.interface==5.3.0
     # via gevent
 
 # The following packages are considered to be unsafe in a requirements file:

@@ -644,11 +644,13 @@ def get_task(urn, host, insecure):
 @_project_option
 @_domain_option
 @_optional_name_option
+@_assumable_iam_role_option
+@_kubernetes_service_acct_option
 @_host_option
 @_insecure_option
 @_urn_option
 @_click.argument("task_args", nargs=-1, type=_click.UNPROCESSED)
-def launch_task(project, domain, name, host, insecure, urn, task_args):
+def launch_task(project, domain, name, assumable_iam_role, kubernetes_service_account, host, insecure, urn, task_args):
     """
     Kick off a single task execution. Note that the {project, domain, name} specified in the command line
     will be for the execution.  The project/domain for the task are specified in the urn.
@@ -664,6 +666,15 @@ def launch_task(project, domain, name, host, insecure, urn, task_args):
     """
     _welcome_message()
 
+    if assumable_iam_role and kubernetes_service_account:
+        _click.UsageError("Currently you cannot specify both an assumable_iam_role and kubernetes_service_account")
+    if assumable_iam_role:
+        auth_role = _AuthRole(assumable_iam_role=assumable_iam_role)
+    elif kubernetes_service_account:
+        auth_role = _AuthRole(kubernetes_service_account=kubernetes_service_account)
+    else:
+        auth_role = None
+
     with _platform_config.URL.get_patcher(host), _platform_config.INSECURE.get_patcher(_tt(insecure)):
         task_id = _identifier.Identifier.from_python_std(urn)
         task = _tasks_common.SdkTask.fetch(task_id.project, task_id.domain, task_id.name, task_id.version)
@@ -678,7 +689,7 @@ def launch_task(project, domain, name, host, insecure, urn, task_args):
         # TODO: Implement notification overrides
         # TODO: Implement label overrides
         # TODO: Implement annotation overrides
-        execution = task.launch(project, domain, inputs=inputs, name=name)
+        execution = task.launch(project, domain, inputs=inputs, name=name, auth_role=auth_role)
         _click.secho("Launched execution: {}".format(_tt(execution.id)), fg="blue")
         _click.echo("")
 

@@ -287,6 +287,7 @@ def launch_with_literals(
         notification_overrides=None,
         label_overrides=None,
         annotation_overrides=None,
+        auth_role=None,
     ):
         """
         Executes the launch plan and returns the execution identifier.  This version of execution is meant for when
@@ -303,6 +304,7 @@ def launch_with_literals(
         :param flytekit.models.common.Labels label_overrides:
         :param flytekit.models.common.Annotations annotation_overrides:
         :rtype: flytekit.common.workflow_execution.SdkWorkflowExecution
+        :param flytekit.models.common.AuthRole auth_role:
         """
         # Kubernetes requires names starting with an alphabet for some resources.
         name = name or "f" + _uuid.uuid4().hex[:19]
@@ -330,6 +332,7 @@ def launch_with_literals(
                     disable_all=disable_all,
                     labels=label_overrides,
                     annotations=annotation_overrides,
+                    auth_role=auth_role,
                 ),
                 literal_inputs,
             )

@@ -13,6 +13,7 @@ def launch(
         notification_overrides=None,
         label_overrides=None,
         annotation_overrides=None,
+        auth_role=None,
     ):
         """
         Creates a remote execution from the entity and returns the execution identifier.
@@ -29,6 +30,7 @@ def launch(
             notifications.
         :param flytekit.models.common.Labels label_overrides:
         :param flytekit.models.common.Annotations annotation_overrides:
+        :param flytekit.models.common.AuthRole auth_role:
         :rtype: T
 
         """
@@ -40,6 +42,7 @@ def launch(
             notification_overrides=notification_overrides,
             label_overrides=label_overrides,
             annotation_overrides=annotation_overrides,
+            auth_role=auth_role,
         )
 
     @_deprecated(reason="Use launch instead", version="0.9.0")
@@ -80,6 +83,7 @@ def launch_with_literals(
         notification_overrides=None,
         label_overrides=None,
         annotation_overrides=None,
+        auth_role=None,
     ):
         """
         Executes the entity and returns the execution identifier.  This version of execution is meant for when
@@ -95,6 +99,7 @@ def launch_with_literals(
             notifications.
         :param flytekit.models.common.Labels label_overrides:
         :param flytekit.models.common.Annotations annotation_overrides:
+        :param flytekit.models.common.AuthRole auth_role:
         :rtype: flytekit.models.core.identifier.WorkflowExecutionIdentifier:
         """
         pass

@@ -349,6 +349,7 @@ def launch_with_literals(
         notification_overrides=None,
         label_overrides=None,
         annotation_overrides=None,
+        auth_role=None,
     ):
         """
         Launches a single task execution and returns the execution identifier.
@@ -362,6 +363,7 @@ def launch_with_literals(
             notifications.
         :param flytekit.models.common.Labels label_overrides:
         :param flytekit.models.common.Annotations annotation_overrides:
+        :param flytekit.models.common.AuthRole auth_role:
         :rtype: flytekit.common.workflow_execution.SdkWorkflowExecution
         """
         disable_all = notification_overrides == []
@@ -371,17 +373,21 @@ def launch_with_literals(
             notification_overrides = _admin_execution_models.NotificationList(notification_overrides or [])
             disable_all = None
 
-        assumable_iam_role = _auth_config.ASSUMABLE_IAM_ROLE.get()
-        kubernetes_service_account = _auth_config.KUBERNETES_SERVICE_ACCOUNT.get()
+        # Unlike regular workflow executions, single task executions must always specify an auth role, since there isn't
+        # any existing launch plan with a bound auth role to fall back on.
+        if auth_role is None:
+            assumable_iam_role = _auth_config.ASSUMABLE_IAM_ROLE.get()
+            kubernetes_service_account = _auth_config.KUBERNETES_SERVICE_ACCOUNT.get()
 
-        if not (assumable_iam_role or kubernetes_service_account):
-            _logging.warning(
-                "Using deprecated `role` from config. " "Please update your config to use `assumable_iam_role` instead"
+            if not (assumable_iam_role or kubernetes_service_account):
+                _logging.warning(
+                    "Using deprecated `role` from config. "
+                    "Please update your config to use `assumable_iam_role` instead"
+                )
+                assumable_iam_role = _sdk_config.ROLE.get()
+            auth_role = _common_model.AuthRole(
+                assumable_iam_role=assumable_iam_role, kubernetes_service_account=kubernetes_service_account,
             )
-            assumable_iam_role = _sdk_config.ROLE.get()
-        auth_role = _common_model.AuthRole(
-            assumable_iam_role=assumable_iam_role, kubernetes_service_account=kubernetes_service_account,
-        )
 
         client = _flyte_engine.get_client()
         try:

@@ -31,9 +31,9 @@ black==19.10b0
     #   papermill
 bleach==3.3.0
     # via nbconvert
-boto3==1.17.32
+boto3==1.17.36
     # via sagemaker-training
-botocore==1.20.32
+botocore==1.20.36
     # via
     #   boto3
     #   s3transfer
@@ -52,7 +52,7 @@ click==7.1.2
     #   flytekit
     #   hmsclient
     #   papermill
-croniter==1.0.8
+croniter==1.0.10
     # via flytekit
 cryptography==3.4.6
     # via paramiko
@@ -74,10 +74,8 @@ entrypoints==0.3
     # via
     #   nbconvert
     #   papermill
-flyteidl==0.18.24
+flyteidl==0.18.26
     # via flytekit
-future==0.18.2
-    # via croniter
 gevent==21.1.2
     # via sagemaker-training
 greenlet==1.0.0
@@ -123,7 +121,7 @@ jupyterlab-pygments==0.1.2
     # via nbconvert
 k8s-proto==0.0.3
     # via flytekit
-keyring==23.0.0
+keyring==23.0.1
     # via flytekit
 markupsafe==1.1.1
     # via jinja2
@@ -138,9 +136,7 @@ mistune==0.8.4
 mypy-extensions==0.4.3
     # via typing-inspect
 natsort==7.1.1
-    # via
-    #   croniter
-    #   flytekit
+    # via flytekit
 nbclient==0.5.3
     # via
     #   nbconvert
@@ -181,7 +177,7 @@ pexpect==4.8.0
     # via ipython
 pickleshare==0.7.5
     # via ipython
-prompt-toolkit==3.0.17
+prompt-toolkit==3.0.18
     # via ipython
 protobuf==3.15.6
     # via
@@ -252,7 +248,7 @@ sagemaker-training==3.7.3
     # via flytekit
 scantree==0.0.1
     # via dirhash
-scipy==1.6.1
+scipy==1.6.2
     # via sagemaker-training
 six==1.15.0
     # via
@@ -329,7 +325,7 @@ zipp==3.4.1
     # via importlib-metadata
 zope.event==4.5.0
     # via gevent
-zope.interface==5.2.0
+zope.interface==5.3.0
     # via gevent
 
 # The following packages are considered to be unsafe in a requirements file: