fix(backend): resolve use_secret_as_env pipeline params in ParallelFor#13128
fix(backend): resolve use_secret_as_env pipeline params in ParallelFor#13128mprahl merged 6 commits intokubeflow:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Fixes KFP v2 compilation/runtime gaps where Kubernetes platform-config inputs (e.g., use_secret_as_env(secret_name=<pipeline param>)) failed to resolve across sub-DAG boundaries such as dsl.ParallelFor, by (1) surfacing and propagating platform-config-only channels and (2) rewriting platform-config input references to the surfaced pipelinechannel--* inputs. Also hardens the SDK API for channel registration and adjusts driver behavior for DAG condition files.
Changes:
- Compiler: rewrite platform-config references (
componentInputParameter,taskOutputParameter) to surfacedpipelinechannel--*names when compiling sub-DAGs (including exit-handler path). - Kubernetes extension: ensure platform-config-only channels are registered so they propagate across sub-DAG boundaries; add a public SDK helper
PipelineTask.register_pipeline_channels(...)and unit coverage. - Backend driver: write
"nil"condition for DAG driver type and add regression test; add/update goldens and regression pipelines.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| test_data/sdk_compiled_pipelines/valid/pipeline_with_parallelfor_pipeline_param.yaml | New compiled-pipeline golden covering pipeline param + outer output inside ParallelFor. |
| test_data/sdk_compiled_pipelines/valid/pipeline_with_parallelfor_pipeline_param.py | New source pipeline to generate/validate the above golden. |
| test_data/sdk_compiled_pipelines/valid/critical/parallel_for_secret.yaml | New compiled-pipeline golden for the reported secret-in-ParallelFor regression. |
| test_data/sdk_compiled_pipelines/valid/critical/parallel_for_secret.py | New critical regression pipeline reproducing the secret-name pipeline param scenario. |
| test_data/sdk_compiled_pipelines/valid/critical/nested_parallel_for_secret.yaml | New golden for cross-DAG task output used as secret name in ParallelFor. |
| test_data/sdk_compiled_pipelines/valid/critical/nested_parallel_for_secret.py | New critical regression pipeline for cross-DAG taskOutputParameter rewriting. |
| test_data/compiled-workflows/pipeline_with_parallelfor_pipeline_param.yaml | New Argo workflow golden for parallel-for pipeline param propagation. |
| test_data/compiled-workflows/parallel_for_secret.yaml | New Argo workflow golden for secret-name pipeline param in ParallelFor. |
| test_data/compiled-workflows/nested_parallel_for_secret.yaml | New Argo workflow golden for cross-DAG output secret-name case. |
| sdk/python/test/local_execution/local_execution_test.py | Adds local execution coverage for the new ParallelFor pipeline-param scenario. |
| sdk/python/kfp/dsl/pipeline_task_test.py | Adds unit test for deduplicating channel registration via the new public helper. |
| sdk/python/kfp/dsl/pipeline_task.py | Introduces register_pipeline_channels(...) and reuses it to dedupe channels in existing paths. |
| sdk/python/kfp/compiler/pipeline_spec_builder_test.py | Adds end-to-end + unit tests for platform-config rewrite behavior across sub-DAG boundaries. |
| sdk/python/kfp/compiler/pipeline_spec_builder.py | Implements platform-config reference rewriting and wires it into DAG + exit-handler compilation. |
| kubernetes_platform/python/test/unit/test_secret.py | Adds unit tests asserting platform-config-only channels get registered for propagation. |
| kubernetes_platform/python/kfp/kubernetes/volume.py | Ensures PVC mount channel inputs propagate across sub-DAG boundaries. |
| kubernetes_platform/python/kfp/kubernetes/common.py | Registers pipeline channels referenced via Kubernetes platform config inputs. |
| backend/src/v2/cmd/driver/main_test.go | Adds regression test validating DAG driver writes a "nil" condition file. |
| backend/src/v2/cmd/driver/main.go | Writes "nil" condition for DAG driver type (in addition to ROOT_DAG/CONTAINER). |
13a7f65 to
b9b36a0
Compare
b9b36a0 to
22bfa6d
Compare
22bfa6d to
3d1c0b6
Compare
|
/retest |
1 similar comment
|
/retest |
3d1c0b6 to
4ecbec2
Compare
4ecbec2 to
4994530
Compare
|
@nsingla could you fix the CI failure? |
4994530 to
224ffcf
Compare
|
@nsingla could you fix the CI failure? |
ad183dc to
f8abf9b
Compare
de30159 to
06692de
Compare
jeffspahr
left a comment
There was a problem hiding this comment.
Two deterministic regressions remain after the parallel_and_nested/ fixture split.
I left the exact follow-up edits inline on the nearest changed hunks. GitHub does not expose the stale SDK golden paths or the stale Sanity fixture entry as diff lines in this PR, so those two spots cannot be attached as one-click suggestions even though the replacements are fully mechanical.
1a0b44d to
cfcb447
Compare
incresing the pipeline run wait time to 12min splitting parallel and nested pipelines fixing argo versions in api tests Signed-off-by: Nelesh Singla <117123879+nsingla@users.noreply.github.com>
cfcb447 to
cde4d91
Compare
|
/lgtm |
|
/retest |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mprahl The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Summary
Fix use_secret_as_env() (and related platform-config inputs) failing to resolve across sub-DAG boundaries (e.g., dsl.ParallelFor) by combining the broader fix from #13118 with API hardening from #13122.
What Changed
Compiler/platform-config rewrite
Kubernetes config channel propagation
Ensure platform-config-only channels are tracked so they propagate through sub-DAG boundaries.
Update:
Add PipelineTask.register_pipeline_channels(...) in sdk/python/kfp/dsl/pipeline_task.py.
Backend driver fix
Regression tests and goldens
Diff Size
19 files changed
+3161 / -19
Test Plan
Checklist: