I'm hoping to experiment with triggering pipelines using the raw Kubeflow Pipeline API, but there is very little information about how to authenticate. All the information I can find in https://www.kubeflow.org/docs/pipelines/reference/api/kubeflow-pipeline-api-spec/ is:
Security
Bearer
Type: apiKey
--
Name: authorization
In: header
And when sending a request with an invalid bearer token, I know it expect a JWT, but I have no idea how to generate one.
Invalid IAP credentials: Expected JWT to have 3 parts separated by a '.' but there are 1 parts
Is it possible to do this without using kfp?
without 'kfp' is pretty messy and hard to automate.
anyway, here is one way
0) curl -v http://$SERVICE:$PORT
Response:
>> <a href="/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&state=STATE_VALUE">Found</a>.
STATE=STATE_VALUE
1) curl -v "http://$SERVICE:$PORT/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE_VALUE"
Response:
>> <a href="/dex/auth/local?req=REQ_VALUE">Found</a>
REQ=REQ_VALUE
2) curl -v 'http://$SERVICE:$PORT/dex/auth/local?req=REQ_VALUE' -H 'Content-Type: application/x-www-form-urlencoded' --data 'login=admin%40kubeflow.org&password=12341234'
3) curl -v 'http://$SERVICE:$PORT/dex/approval?req=$REQ_VALUE'
Response:
>> <a href="/login/oidc?code=CODE_VALUE&state=STATE_VALUE">See Other</a>.
CODE=CODE_VALUE
4) curl -v 'http://$SERVICE:$PORT/login/oidc?code=$CODE_VALUE&state=$STATE_VALUE'
Response:
>> set cookie authservice_session=SESSION
5) curl -v 'http://$SERVICE:$PORT/pipeline/apis/v1beta1/pipelines' -H 'Cookie: authservice_session=SESSION'
Response:
>> 200 OK { ... }