Add verify_tls to ClusterConfiguration

ChristianZaccaria · ChristianZaccaria · commit 4dbf74182827 · 2024-04-02T21:58:08.000+01:00
diff --git a/src/codeflare_sdk/cluster/cluster.py b/src/codeflare_sdk/cluster/cluster.py
@@ -81,6 +81,12 @@ def _client_headers(self):
             )
         }
 
+    @property
+    def _client_verify_tls(self):
+        if not is_openshift_cluster or not self.config.verify_tls:
+            return False
+        return True
+
     @property
     def job_client(self):
         k8client = api_config_handler() or client.ApiClient()
@@ -91,7 +97,7 @@ def job_client(self):
             self._job_submission_client = JobSubmissionClient(
                 self.cluster_dashboard_uri(),
                 headers=self._client_headers,
-                verify=False,
+                verify=self._client_verify_tls,
             )
         else:
             self._job_submission_client = JobSubmissionClient(
@@ -184,6 +190,7 @@ def create_app_wrapper(self):
         ingress_domain = self.config.ingress_domain
         ingress_options = self.config.ingress_options
         write_to_file = self.config.write_to_file
+        verify_tls = self.config.verify_tls
         return generate_appwrapper(
             name=name,
             namespace=namespace,
@@ -209,6 +216,7 @@ def create_app_wrapper(self):
             ingress_domain=ingress_domain,
             ingress_options=ingress_options,
             write_to_file=write_to_file,
+            verify_tls=verify_tls,
         )
 
     # creates a new cluster with the provided or default spec
@@ -346,7 +354,7 @@ def is_dashboard_ready(self) -> bool:
                 self.cluster_dashboard_uri(),
                 headers=self._client_headers,
                 timeout=5,
-                verify=False,
+                verify=self._client_verify_tls,
             )
         except requests.exceptions.SSLError:  # pragma no cover
             # SSL exception occurs when oauth ingress has been created but cluster is not up
@@ -483,7 +491,7 @@ def torchx_config(
         return to_return
 
     def from_k8_cluster_object(
-        rc, mcad=True, ingress_domain=None, ingress_options={}, write_to_file=False
+        rc, mcad=True, ingress_domain=None, ingress_options={}, write_to_file=False, verify_tls=True
     ):
         config_check()
         if (
@@ -543,6 +551,7 @@ def from_k8_cluster_object(
             ingress_domain=ingress_domain,
             ingress_options=ingress_options,
             write_to_file=write_to_file,
+            verify_tls=verify_tls,
         )
         return Cluster(cluster_config)
 
@@ -627,7 +636,7 @@ def get_current_namespace():  # pragma: no cover
 
 
 def get_cluster(
-    cluster_name: str, namespace: str = "default", write_to_file: bool = False
+    cluster_name: str, namespace: str = "default", write_to_file: bool = False, verify_tls: bool = True
 ):
     try:
         config_check()
@@ -701,6 +710,7 @@ def get_cluster(
                 ingress_domain=ingress_domain,
                 ingress_options=ingress_options,
                 write_to_file=write_to_file,
+                verify_tls=verify_tls,
             )
     raise FileNotFoundError(
         f"Cluster {cluster_name} is not found in {namespace} namespace"
diff --git a/src/codeflare_sdk/cluster/config.py b/src/codeflare_sdk/cluster/config.py
@@ -55,3 +55,4 @@ class ClusterConfiguration:
     ingress_options: dict = field(default_factory=dict)
     ingress_domain: str = None
     write_to_file: bool = False
+    verify_tls: bool = True
diff --git a/src/codeflare_sdk/utils/generate_yaml.py b/src/codeflare_sdk/utils/generate_yaml.py
@@ -710,6 +710,7 @@ def generate_appwrapper(
     ingress_domain: str,
     ingress_options: dict,
     write_to_file: bool,
+    verify_tls: bool,
 ):
     user_yaml = read_template(template)
     appwrapper_name, cluster_name = gen_names(name)
@@ -770,6 +771,9 @@ def generate_appwrapper(
     if is_openshift_cluster():
         enable_openshift_oauth(user_yaml, cluster_name, namespace)
 
+    if not verify_tls:
+        print("Warning: TLS verification has been disabled - Endpoint checks will be bypassed")        
+
     directory_path = os.path.expanduser("~/.codeflare/appwrapper/")
     outfile = os.path.join(directory_path, appwrapper_name + ".yaml")
 
diff --git a/tests/unit_test_support.py b/tests/unit_test_support.py
@@ -60,7 +60,6 @@ def createClusterWithConfig(mocker):
         return_value={"spec": {"domain": "apps.cluster.awsroute.org"}},
     )
     cluster = Cluster(createClusterConfig())
-    cluster.config.image = "quay.io/project-codeflare/ray:latest-py39-cu118"
     return cluster
 
 

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,6 @@ def createClusterWithConfig(mocker):`
`60`	`60`	`return_value={"spec": {"domain": "apps.cluster.awsroute.org"}},`
`61`	`61`	`)`
`62`	`62`	`cluster = Cluster(createClusterConfig())`
`63`		`- cluster.config.image = "quay.io/project-codeflare/ray:latest-py39-cu118"`
`64`	`63`	`return cluster`
`65`	`64`
`66`	`65`