Skip to content

Commit 8ff48f5

Browse files
committed
Add support for specifying a cluster CA certificate to the sdk
1 parent 3b41a22 commit 8ff48f5

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

src/codeflare_sdk/cluster/auth.py

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,13 @@ class TokenAuthentication(Authentication):
4949
cluster when the user has an API token and the API server address.
5050
"""
5151

52-
def __init__(self, token: str = None, server: str = None, skip_tls: bool = False):
52+
def __init__(
53+
self,
54+
token: str = None,
55+
server: str = None,
56+
ca_cert_path: str = None,
57+
skip_tls: bool = False,
58+
):
5359
"""
5460
Initialize a TokenAuthentication object that requires a value for `token`, the API Token
5561
and `server`, the API server address for authenticating to an OpenShift cluster.
@@ -58,6 +64,7 @@ def __init__(self, token: str = None, server: str = None, skip_tls: bool = False
5864
self.token = token
5965
self.server = server
6066
self.skip_tls = skip_tls
67+
self.ca_cert_path = ca_cert_path
6168

6269
def login(self) -> str:
6370
"""
@@ -68,12 +75,14 @@ def login(self) -> str:
6875
args = [f"--token={self.token}", f"--server={self.server}"]
6976
if self.skip_tls:
7077
args.append("--insecure-skip-tls-verify")
78+
elif self.skip_tls == False:
79+
args.append(f"--certificate-authority={self.ca_cert_path}")
7180
try:
7281
response = oc.invoke("login", args)
7382
except OpenShiftPythonException as osp: # pragma: no cover
7483
error_msg = osp.result.err()
7584
if "The server uses a certificate signed by unknown authority" in error_msg:
76-
return "Error: certificate auth failure, please set `skip_tls=True` in TokenAuthentication"
85+
return "Error: certificate auth failure, please set `skip_tls=True` in TokenAuthentication or provide a trusted certificate using `ca_cert_path`"
7786
elif "invalid" in error_msg:
7887
raise PermissionError(error_msg)
7988
else:

0 commit comments

Comments
 (0)