Merge branch 'feature/open-telemetry' of https://github.com/flyteorg/…

…flyte into feature/open-telemetry

.github/workflows/end2end.yml

@@ -87,9 +87,8 @@ jobs:
                   advanced_composition/advanced_composition/dynamics.py \
                   advanced_composition/advanced_composition/map_task.py \
                   advanced_composition/advanced_composition/subworkflows.py \
-                  data_types_and_io/data_types_and_io/custom_objects.py \
-                  data_types_and_io/data_types_and_io/schema.py \
-                  data_types_and_io/data_types_and_io/typed_schema.py ;
+                  data_types_and_io/data_types_and_io/dataclass.py \
+                  data_types_and_io/data_types_and_io/structured_dataset.py ;
           do
               pyflyte --config ./boilerplate/flyte/end2end/functional-test-config.yaml \
                   register \

flyteadmin/auth/token.go

@@ -131,7 +131,12 @@ func IdentityContextFromIDTokenToken(ctx context.Context, tokenStr, clientID str
 		logger.Infof(ctx, "Failed to unmarshal claims from id token, err: %v", err)
 	}
 
-	// TODO: Document why automatically specify "all" scope
+	// This path is used when a user logs into the UI and when you login through the UI, you should have all the capabilities your identity
+	// allows you to have, which is denoted by the "all" scope.
+	// There was a plan to one day define one of a handful of scopes (all, proj admin, user, viewer) and if you configure your IDP
+	// to issue the right scopes, admin can do very light weight 'AuthZ' on admin based on these scopes, but until that plan is effected,
+	// we just use this single scope that Admin expects for all methods
+	// And because not all IdPs allow us to configure the Identity Token claims, the scope needs to live here.
 	return NewIdentityContext(idToken.Audience[0], idToken.Subject, "", idToken.IssuedAt,
 		sets.NewString(ScopeAll), userInfo, claims)
 }