#148 - Auth Project Design Documents #165
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ecolternv
reviewed
Dec 18, 2025
projects/PROJ-148-auth-rework/PROJ-148-direct-idp-integration.md
Outdated
Show resolved
Hide resolved
vvnpn-nv
reviewed
Dec 18, 2025
fernandol-nvidia
previously approved these changes
Dec 18, 2025
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
vvnpn-nv
reviewed
Dec 19, 2025
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
|
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
RyaliNvidia
temporarily deployed
to
internal-ci
GitHub Actions
Inactive
xutongNV
approved these changes
Jan 21, 2026
fernandol-nvidia
approved these changes
Jan 22, 2026
RyaliNvidia
added a commit
that referenced
this pull request
Jan 22, 2026
* allow flexible squid proxy replicas (#241) * allow flexible squid proxy replicas * fix * Efficient Workflow Cleanup through Using Async Operations for Log Migration (#167) * Improving Performance for Uploading Workflow Artifacts in Worker Jobs * Cleanup * Add progress writing after upload * Add dependency in Bazel BUILD * Add type to mypy requirements * Update mypy requirements * Add to mypy_cli BUILD * Fix lint * Comment * Use constant to define semaphor and storage client executor count * #244 - Use last login url if url is not specified (#245) * Use last login url if url is not specified * print message * Cannot select any text inside modals or slideouts (#248) * Video html element not changin when selecting different video files in the UI for OSMO dataset (#249) * sync-feature-branches: fix no conflict case, allow single branch to be synced (#252) * Fix sync-feature-branches with no merge conflicts * Allow a single branch to be specified for sync-feature-branches * Perform operations as OSMO CI Bot * Add external label when the PR is created * extract issue number * add test cases (#247) * Allow PR checks to run on release branches (#264) * Database Pooling in Postgres Singleton Across Services (#251) * Initial commit for database pooling * Update set_session * Fix lint * Update PostgresConnector to have semaphor to control connections * Lint fix * Fix number of maxconn for test * Address comments * Add Go Postgres utils (#272) * #148 - Auth Project Design Documents (#165) * fix conflict * fix conflict * fix --------- Co-authored-by: Vivian Pan <[email protected]> Co-authored-by: ethany-nv <[email protected]> Co-authored-by: RyaliNvidia <[email protected]> Co-authored-by: patclarknvidia <[email protected]> Co-authored-by: Ethan Look-Potts <[email protected]> Co-authored-by: xutongNV <[email protected]>
xutongNV
added a commit
that referenced
this pull request
Jan 22, 2026
* Update the wording re: creating feature branches (#204) * Add a link back to OSMO from the brev launchable (#205) * Improve styling for badges in the brev launchable readme (#207) * Fix osmo config pool update payload in backend installation docs (#210) * Fix osmo config pool update payload in practical guide (#213) * #147 - backend operator redesign doc (#149) * backend operator redesign doc * 195 - Bump quick-start version due to updated dependencies (#217) * Perform Client Side Data Auth Check In the Event of Environment Based Auth (#177) * Data/Dataset Auth Check CLIs * Remove auth check from data service * Use auth check CLIs in ctrl * Add exit code to docs * Fix build issues * Fix lint * Ctrl to use user config when validating data auth * Use the correct CLI argument type * Fix lint * Use profile when looking up data credential from config * Update quick start installation to always install latest version (#218) * Add workflow to label external issues and pull requests (#222) * Add workflow to label external issues and pull requests * pin to allowed action version * add reopened event * allow flexible squid proxy replicas (#241) * allow flexible squid proxy replicas * fix * Efficient Workflow Cleanup through Using Async Operations for Log Migration (#167) * Improving Performance for Uploading Workflow Artifacts in Worker Jobs * Cleanup * Add progress writing after upload * Add dependency in Bazel BUILD * Add type to mypy requirements * Update mypy requirements * Add to mypy_cli BUILD * Fix lint * Comment * Use constant to define semaphor and storage client executor count * #244 - Use last login url if url is not specified (#245) * Use last login url if url is not specified * print message * Cannot select any text inside modals or slideouts (#248) * Video html element not changin when selecting different video files in the UI for OSMO dataset (#249) * sync-feature-branches: fix no conflict case, allow single branch to be synced (#252) * Fix sync-feature-branches with no merge conflicts * Allow a single branch to be specified for sync-feature-branches * Perform operations as OSMO CI Bot * Add external label when the PR is created * extract issue number * add test cases (#247) * Allow PR checks to run on release branches (#264) * Database Pooling in Postgres Singleton Across Services (#251) * Initial commit for database pooling * Update set_session * Fix lint * Update PostgresConnector to have semaphor to control connections * Lint fix * Fix number of maxconn for test * Address comments * Add Go Postgres utils (#272) * #148 - Auth Project Design Documents (#165) --------- Co-authored-by: Ethan Look-Potts <[email protected]> Co-authored-by: xutongNV <[email protected]> Co-authored-by: Fernando L <[email protected]> Co-authored-by: Vivian Pan <[email protected]> Co-authored-by: ethany-nv <[email protected]> Co-authored-by: RyaliNvidia <[email protected]> Co-authored-by: patclarknvidia <[email protected]>
ethany-nv
added a commit
that referenced
this pull request
Jan 26, 2026
* Update the wording re: creating feature branches (#204) * Add a link back to OSMO from the brev launchable (#205) * Improve styling for badges in the brev launchable readme (#207) * Fix osmo config pool update payload in backend installation docs (#210) * Fix osmo config pool update payload in practical guide (#213) * #147 - backend operator redesign doc (#149) * backend operator redesign doc * 195 - Bump quick-start version due to updated dependencies (#217) * Perform Client Side Data Auth Check In the Event of Environment Based Auth (#177) * Data/Dataset Auth Check CLIs * Remove auth check from data service * Use auth check CLIs in ctrl * Add exit code to docs * Fix build issues * Fix lint * Ctrl to use user config when validating data auth * Use the correct CLI argument type * Fix lint * Use profile when looking up data credential from config * Update quick start installation to always install latest version (#218) * Add workflow to label external issues and pull requests (#222) * Add workflow to label external issues and pull requests * pin to allowed action version * add reopened event * allow flexible squid proxy replicas (#241) * allow flexible squid proxy replicas * fix * Efficient Workflow Cleanup through Using Async Operations for Log Migration (#167) * Improving Performance for Uploading Workflow Artifacts in Worker Jobs * Cleanup * Add progress writing after upload * Add dependency in Bazel BUILD * Add type to mypy requirements * Update mypy requirements * Add to mypy_cli BUILD * Fix lint * Comment * Use constant to define semaphor and storage client executor count * #244 - Use last login url if url is not specified (#245) * Use last login url if url is not specified * print message * Cannot select any text inside modals or slideouts (#248) * Video html element not changin when selecting different video files in the UI for OSMO dataset (#249) * sync-feature-branches: fix no conflict case, allow single branch to be synced (#252) * Fix sync-feature-branches with no merge conflicts * Allow a single branch to be specified for sync-feature-branches * Perform operations as OSMO CI Bot * Add external label when the PR is created * extract issue number * add test cases (#247) * Allow PR checks to run on release branches (#264) * Database Pooling in Postgres Singleton Across Services (#251) * Initial commit for database pooling * Update set_session * Fix lint * Update PostgresConnector to have semaphor to control connections * Lint fix * Fix number of maxconn for test * Address comments * Add Go Postgres utils (#272) * #148 - Auth Project Design Documents (#165) * add args to postgres (#282) * #267 - cloud deployment scripts (#268) * script to create azure resources and deploy * Remove auto-generated values files from tracking - Added .gitignore to ignore values/, *.env files - Removed values/*.yaml files from git (auto-generated during deployment) * add aws script * add aws script * add copyright * update copyright * conflicts --------- Co-authored-by: Ethan Look-Potts <[email protected]> Co-authored-by: xutongNV <[email protected]> Co-authored-by: Fernando L <[email protected]> Co-authored-by: Vivian Pan <[email protected]> Co-authored-by: ethany-nv <[email protected]> Co-authored-by: RyaliNvidia <[email protected]> Co-authored-by: patclarknvidia <[email protected]>
patclarknvidia
added a commit
that referenced
this pull request
Jan 26, 2026
* allow flexible squid proxy replicas (#241) * allow flexible squid proxy replicas * fix * Efficient Workflow Cleanup through Using Async Operations for Log Migration (#167) * Improving Performance for Uploading Workflow Artifacts in Worker Jobs * Cleanup * Add progress writing after upload * Add dependency in Bazel BUILD * Add type to mypy requirements * Update mypy requirements * Add to mypy_cli BUILD * Fix lint * Comment * Use constant to define semaphor and storage client executor count * #244 - Use last login url if url is not specified (#245) * Use last login url if url is not specified * print message * Cannot select any text inside modals or slideouts (#248) * Video html element not changin when selecting different video files in the UI for OSMO dataset (#249) * sync-feature-branches: fix no conflict case, allow single branch to be synced (#252) * Fix sync-feature-branches with no merge conflicts * Allow a single branch to be specified for sync-feature-branches * Perform operations as OSMO CI Bot * Add external label when the PR is created * extract issue number * add test cases (#247) * Allow PR checks to run on release branches (#264) * Database Pooling in Postgres Singleton Across Services (#251) * Initial commit for database pooling * Update set_session * Fix lint * Update PostgresConnector to have semaphor to control connections * Lint fix * Fix number of maxconn for test * Address comments * Add Go Postgres utils (#272) * #148 - Auth Project Design Documents (#165) * add args to postgres (#282) * #267 - cloud deployment scripts (#268) * script to create azure resources and deploy * Remove auto-generated values files from tracking - Added .gitignore to ignore values/, *.env files - Removed values/*.yaml files from git (auto-generated during deployment) * add aws script * add aws script * add copyright * update copyright --------- Co-authored-by: Vivian Pan <[email protected]> Co-authored-by: ethany-nv <[email protected]> Co-authored-by: RyaliNvidia <[email protected]> Co-authored-by: patclarknvidia <[email protected]> Co-authored-by: Ethan Look-Potts <[email protected]> Co-authored-by: xutongNV <[email protected]>
RyaliNvidia
added a commit
that referenced
this pull request
Jan 27, 2026
* allow flexible squid proxy replicas (#241) * allow flexible squid proxy replicas * fix * Efficient Workflow Cleanup through Using Async Operations for Log Migration (#167) * Improving Performance for Uploading Workflow Artifacts in Worker Jobs * Cleanup * Add progress writing after upload * Add dependency in Bazel BUILD * Add type to mypy requirements * Update mypy requirements * Add to mypy_cli BUILD * Fix lint * Comment * Use constant to define semaphor and storage client executor count * #244 - Use last login url if url is not specified (#245) * Use last login url if url is not specified * print message * Cannot select any text inside modals or slideouts (#248) * Video html element not changin when selecting different video files in the UI for OSMO dataset (#249) * sync-feature-branches: fix no conflict case, allow single branch to be synced (#252) * Fix sync-feature-branches with no merge conflicts * Allow a single branch to be specified for sync-feature-branches * Perform operations as OSMO CI Bot * Add external label when the PR is created * extract issue number * add test cases (#247) * Allow PR checks to run on release branches (#264) * Database Pooling in Postgres Singleton Across Services (#251) * Initial commit for database pooling * Update set_session * Fix lint * Update PostgresConnector to have semaphor to control connections * Lint fix * Fix number of maxconn for test * Address comments * Add Go Postgres utils (#272) * #148 - Auth Project Design Documents (#165) * add args to postgres (#282) * #267 - cloud deployment scripts (#268) * script to create azure resources and deploy * Remove auto-generated values files from tracking - Added .gitignore to ignore values/, *.env files - Removed values/*.yaml files from git (auto-generated during deployment) * add aws script * add aws script * add copyright * update copyright * Support for Azure workload identity in AKS and Arc clusters (#141) * feat(src): add Azure service account and extra pod labels configuration - implement service account creation with customizable name and annotations - enhance service templates to support extra pod labels for various services - update Azure backend to utilize DefaultAzureCredential for authentication - add tests for Azure credential extraction and client creation * feat(src): extract account key from connection string for Azure Blob Storage - add function to extract AccountKey from connection string - update AzureBlobStorageClient to handle different credential types * feat(test): add tests for account key extraction from Azure connection strings * chore: clean up linting issues for tests * refactor(src): update data credential types in PostgresConnector and TaskGroup - change StaticDataCredential to DataCredential in get_all_data_creds method - update fetch_creds function signature to use DataCredential * feat(src): update Azure client creation to include storage account and account URL - remove deprecated storage account extraction function - modify create_client to accept storage_account and account_url parameters - update AzureBlobStorageClientFactory to use new parameters - adjust tests to reflect changes in client creation 🔒 - Generated by Copilot * refactor(src): mark storage_account parameter as unused in create_client function 🔧 - Generated by Copilot * refactor(src): remove unused storage_account parameter from client creation 🔧 - Generated by Copilot * Fix conflicts --------- Co-authored-by: Vivian Pan <[email protected]> Co-authored-by: ethany-nv <[email protected]> Co-authored-by: RyaliNvidia <[email protected]> Co-authored-by: patclarknvidia <[email protected]> Co-authored-by: Ethan Look-Potts <[email protected]> Co-authored-by: xutongNV <[email protected]> Co-authored-by: Allen Greaves <[email protected]>
RyaliNvidia
added a commit
that referenced
this pull request
Jan 28, 2026
* allow flexible squid proxy replicas (#241) * allow flexible squid proxy replicas * fix * Efficient Workflow Cleanup through Using Async Operations for Log Migration (#167) * Improving Performance for Uploading Workflow Artifacts in Worker Jobs * Cleanup * Add progress writing after upload * Add dependency in Bazel BUILD * Add type to mypy requirements * Update mypy requirements * Add to mypy_cli BUILD * Fix lint * Comment * Use constant to define semaphor and storage client executor count * #244 - Use last login url if url is not specified (#245) * Use last login url if url is not specified * print message * Cannot select any text inside modals or slideouts (#248) * Video html element not changin when selecting different video files in the UI for OSMO dataset (#249) * sync-feature-branches: fix no conflict case, allow single branch to be synced (#252) * Fix sync-feature-branches with no merge conflicts * Allow a single branch to be specified for sync-feature-branches * Perform operations as OSMO CI Bot * Add external label when the PR is created * extract issue number * add test cases (#247) * Allow PR checks to run on release branches (#264) * Database Pooling in Postgres Singleton Across Services (#251) * Initial commit for database pooling * Update set_session * Fix lint * Update PostgresConnector to have semaphor to control connections * Lint fix * Fix number of maxconn for test * Address comments * Add Go Postgres utils (#272) * #148 - Auth Project Design Documents (#165) * add args to postgres (#282) * #267 - cloud deployment scripts (#268) * script to create azure resources and deploy * Remove auto-generated values files from tracking - Added .gitignore to ignore values/, *.env files - Removed values/*.yaml files from git (auto-generated during deployment) * add aws script * add aws script * add copyright * update copyright * Support for Azure workload identity in AKS and Arc clusters (#141) * feat(src): add Azure service account and extra pod labels configuration - implement service account creation with customizable name and annotations - enhance service templates to support extra pod labels for various services - update Azure backend to utilize DefaultAzureCredential for authentication - add tests for Azure credential extraction and client creation * feat(src): extract account key from connection string for Azure Blob Storage - add function to extract AccountKey from connection string - update AzureBlobStorageClient to handle different credential types * feat(test): add tests for account key extraction from Azure connection strings * chore: clean up linting issues for tests * refactor(src): update data credential types in PostgresConnector and TaskGroup - change StaticDataCredential to DataCredential in get_all_data_creds method - update fetch_creds function signature to use DataCredential * feat(src): update Azure client creation to include storage account and account URL - remove deprecated storage account extraction function - modify create_client to accept storage_account and account_url parameters - update AzureBlobStorageClientFactory to use new parameters - adjust tests to reflect changes in client creation 🔒 - Generated by Copilot * refactor(src): mark storage_account parameter as unused in create_client function 🔧 - Generated by Copilot * refactor(src): remove unused storage_account parameter from client creation 🔧 - Generated by Copilot * Add new project proposal to describe nvlink + topology aware scheduling (#211) * Add new project proposal to describe nvlink + topology aware scheduling * Split design into two docs * Finish docs and add some updates from feedback * Add some open items * OSMO-6044: Application error when closing Task Details after switching Events view from Task to Workflow (#315) * add redis utlis, update postgres utils (#313) * add redis utlis, update postgres utils * add deps * Fix missing seperator in the test runner roles (#320) * fix * remove * fix --------- Co-authored-by: Vivian Pan <[email protected]> Co-authored-by: ethany-nv <[email protected]> Co-authored-by: RyaliNvidia <[email protected]> Co-authored-by: patclarknvidia <[email protected]> Co-authored-by: Ethan Look-Potts <[email protected]> Co-authored-by: xutongNV <[email protected]> Co-authored-by: Allen Greaves <[email protected]> Co-authored-by: ecolternv <[email protected]> Co-authored-by: tdewanNvidia <[email protected]>
fernandol-nvidia
pushed a commit
that referenced
this pull request
Jan 29, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Design doc for auth sidecar, idp integration, and resource action model
The numbers for the auth sidecar was from #126
Issue #148
Checklist