[flyte-core] Flyte Connection

[pingsutw]

Tracking issue

#3936

Why are the changes needed?

It will allow users to pass different API_KEY to the chatGPT agent from flytepropeller

What changes were proposed in this pull request?

Agent client will read the secret from env or local file, and pass it to the agent server.

How was this patch tested?

local sandbox

Setup process

1. Install flytekit and flyteidl

pip install "git+https://github.com/flyteorg/flytekit.git@76dfef0c89615bb28dfa1ead932544150d9c2cde"
pip install "git+https://github.com/flyteorg/flyte.git@d96975d0bc590b57e9205d81f4de9595a4bd1708#subdirectory=flyteidl"

2. Update local config

Add below config to flyte-single-binary-local.yamlm and Add your API key to local env

export FLYTE_SECRET_OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>

externalResources:
  connections:
    chatgpt:
      secrets:
        openai_api_key: OPENAI_API_KEY
      configs:
        openai_organization: org-P2rdnZQry4Fw7Ak3vSpXEIrx

4. Run Flyte cluster locally

cd flyte
pyflyte serve agent
make compile
flyte start --config flyte-single-binary-local.yaml

5. Run a ChatGPT task

pyflyte run --remote flyte-example/chatgpt_example.py my_chatgpt_job --message hello

from flytekit import workflow, Secret
from flytekitplugins.chatgpt import ChatGPTTask

chatgpt_small_job = ChatGPTTask(
    name="3.5-turbo",
    openai_organization="org-P2rdnZQry4Fw7Ak3vSpXEIrx",
    connection="chatgpt",
    chatgpt_config={
        "model": "gpt-3.5-turbo",
        "temperature": 0.7,
    },
)


@workflow
def my_chatgpt_job(message: str) -> str:
    message = chatgpt_small_job(message=message)
    return message

Screenshots

Secret not found in propeller

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

Related PRs

flyteorg/flytekit#2297

Docs link

NA

[codecov]

Codecov Report

Attention: Patch coverage is 69.14894% with 29 lines in your changes are missing coverage. Please review.

Project coverage is 60.23%. Comparing base (4dd5f3c) to head (0c0f723).
Report is 3 commits behind head on master.

Files	Patch %	Lines
...admin/pkg/workflowengine/impl/prepare_execution.go	20.00%	7 Missing and 1 partial ⚠️
...yteplugins/go/tasks/plugins/webapi/agent/plugin.go	77.77%	5 Missing and 1 partial ⚠️
...ller/pkg/controller/nodes/task/taskexec_context.go	60.00%	5 Missing and 1 partial ⚠️
flyteadmin/pkg/manager/impl/execution_manager.go	85.71%	3 Missing and 2 partials ⚠️
flyteadmin/pkg/runtime/configuration_provider.go	33.33%	2 Missing ⚠️
...yteadmin/pkg/runtime/external_resource_provider.go	50.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5126      +/-   ##
==========================================
- Coverage   61.10%   60.23%   -0.88%     
==========================================
  Files         794      647     -147     
  Lines       51215    45739    -5476     
==========================================
- Hits        31296    27551    -3745     
+ Misses      17038    15593    -1445     
+ Partials     2881     2595     -286     

Flag	Coverage Δ
unittests-datacatalog	69.31% <ø> (ø)
unittests-flyteadmin	58.90% <67.30%> (-0.01%)	⬇️
unittests-flytecopilot	17.79% <ø> (ø)
unittests-flytectl	?
unittests-flyteidl	79.30% <ø> (ø)
unittests-flyteplugins	61.98% <77.77%> (+0.03%)	⬆️
unittests-flytepropeller	57.31% <60.00%> (-0.01%)	⬇️
unittests-flytestdlib	65.75% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[noahjax]

@pingsutw Would it be possible to merge the work of this PR with that of my PR? It seems like both include secrets in requests made to the agent, but this PR goes a step farther by resolving the value of secrets. On the other hand, my PR includes more details about which user is executing a task, which is also very useful for the agent to have.

[pmahindrakar-oss]

We could extend this to be used by regular tasks too right ?

[pingsutw]

What do you mean by extending here? something like

@task(external_resource=...)
# or
@task(connection=...)

[pmahindrakar-oss]

Could we make a note of the order of overrides as its just not project-domain settings alone. Also can we add details on how this should map to values in external resource attributes

[pmahindrakar-oss]

Can we also add comment on the format of what the key and what the value is and how they map to what the agent expects

[pmahindrakar-oss]

Similalrly for the configs

[pmahindrakar-oss]

Can we use getters for taskTemplate.SecurityContext.Connection and would be cleaner to define this as connectionKey may be as we are not defining the connection in the security context but just a ref/key. May be connectionRef might also be ok