Fix for keyring errors when initializing Flyte for_sandbox config client

flytekit/clients/auth_helper.py

@@ -69,6 +69,10 @@ def get_authenticator(cfg: PlatformConfig, cfg_store: ClientConfigStore) -> Auth
 
     session = get_session(cfg)
 
+    if cfg_auth == AuthType.NO_AUTH:
+        logging.warning("No authentication required for this configuration.")
+        return Authenticator(cfg.endpoint, header_key="", verify=verify)
+
     if cfg_auth == AuthType.STANDARD or cfg_auth == AuthType.PKCE:
         return PKCEAuthenticator(cfg.endpoint, cfg_store, scopes=cfg.scopes, verify=verify, session=session)
     elif cfg_auth == AuthType.BASIC or cfg_auth == AuthType.CLIENT_CREDENTIALS or cfg_auth == AuthType.CLIENTSECRET:

flytekit/clients/grpc_utils/auth_interceptor.py

@@ -1,9 +1,11 @@
+import logging
 import typing
 from collections import namedtuple
 
 import grpc
 
-from flytekit.clients.auth.authenticator import Authenticator
+from flytekit.clients.auth.authenticator import Authenticator, ClientConfigStore
+from flytekit.configuration import PlatformConfig
 
 
 class _ClientCallDetails(
@@ -25,8 +27,10 @@ class AuthUnaryInterceptor(grpc.UnaryUnaryClientInterceptor, grpc.UnaryStreamCli
     is needed.
     """
 
-    def __init__(self, authenticator: Authenticator):
+    def __init__(self, authenticator: Authenticator, cfg: PlatformConfig = None, cfg_store: ClientConfigStore = None):
         self._authenticator = authenticator
+        self._cfg = cfg
+        self._cfg_store = cfg_store
 
     def _call_details_with_auth_metadata(self, client_call_details: grpc.ClientCallDetails) -> grpc.ClientCallDetails:
         """
@@ -64,9 +68,10 @@ def intercept_unary_unary(
             if not hasattr(e, "code"):
                 raise e
             if e.code() == grpc.StatusCode.UNAUTHENTICATED or e.code() == grpc.StatusCode.UNKNOWN:
-                self._authenticator.refresh_credentials()
-                updated_call_details = self._call_details_with_auth_metadata(client_call_details)
-                return continuation(updated_call_details, request)
+                return self._handle_unauthenticated_error(fut, client_call_details, request)
+                # self._authenticator.refresh_credentials()
+                # updated_call_details = self._call_details_with_auth_metadata(client_call_details)
+                # return continuation(updated_call_details, request)
         return fut
 
     def intercept_unary_stream(self, continuation, client_call_details, request):
@@ -76,7 +81,44 @@ def intercept_unary_stream(self, continuation, client_call_details, request):
         updated_call_details = self._call_details_with_auth_metadata(client_call_details)
         c: grpc.Call = continuation(updated_call_details, request)
         if c.code() == grpc.StatusCode.UNAUTHENTICATED:
-            self._authenticator.refresh_credentials()
-            updated_call_details = self._call_details_with_auth_metadata(client_call_details)
-            return continuation(updated_call_details, request)
+            return self._handle_unauthenticated_error(c, client_call_details, request)
+            # self._authenticator.refresh_credentials()
+            # updated_call_details = self._call_details_with_auth_metadata(client_call_details)
+            # return continuation(updated_call_details, request)
         return c
+
+    def _handle_unauthenticated_error(self, continuation, client_call_details, request):
+        """Handling Unauthenticated Errors and Triggering the PKCE Flow"""
+
+        logging.info("Received authentication error, starting PKCE authentication flow")
+
+        try:
+            if isinstance(self._authenticator, Authenticator) and not isinstance(
+                self._authenticator, PKCEAuthenticator
+            ):
+                logging.info("Current authenticator is 'None', switching to PKCEAuthenticator")
+
+                from flytekit.clients.auth.authenticator import PKCEAuthenticator
+                from flytekit.clients.auth_helper import get_session
+
+                session = get_session(self._cfg)
+
+                verify = None
+                if self._cfg.insecure_skip_verify:
+                    verify = False
+                elif self._cfg.ca_cert_file_path:
+                    verify = self._cfg.ca_cert_file_path
+
+                self._authenticator = PKCEAuthenticator(
+                    self._cfg.endpoint, self._cfg_store, scopes=self._cfg.scopes, verify=verify, session=session
+                )
+
+            self._authenticator.refresh_credentials()
+            logging.info("Authentication flow completed successfully")
+
+        except Exception as e:
+            logging.error(f"Authentication failed: {str(e)}")
+            raise
+
+        updated_call_details = self._call_details_with_auth_metadata(client_call_details)
+        return continuation(updated_call_details, request)

flytekit/configuration/__init__.py

@@ -393,6 +393,7 @@ class AuthType(enum.Enum):
     PKCE = "Pkce"
     EXTERNALCOMMAND = "ExternalCommand"
     DEVICEFLOW = "DeviceFlow"
+    NO_AUTH = "no_auth"
 
 
 @dataclass(init=True, repr=True, eq=True, frozen=True)
@@ -749,7 +750,7 @@ def for_sandbox(cls) -> Config:
         :return: Config
         """
         return Config(
-            platform=PlatformConfig(endpoint="localhost:30080", auth_mode="Pkce", insecure=True),
+            platform=PlatformConfig(endpoint="localhost:30080", auth_mode="no_auth", insecure=True),
             data_config=DataConfig(
                 s3=S3Config(endpoint="http://localhost:30002", access_key_id="minio", secret_access_key="miniostorage")
             ),