Add verify_tls to ClusterConfiguration

ChristianZaccaria · ChristianZaccaria · commit ad0e30c9e1c0 · 2024-04-03T09:39:19.000+01:00
diff --git a/src/codeflare_sdk/cluster/cluster.py b/src/codeflare_sdk/cluster/cluster.py
@@ -81,6 +81,12 @@ def _client_headers(self):
             )
         }
 
+    @property
+    def _client_verify_tls(self):
+        if not is_openshift_cluster or not self.config.verify_tls:
+            return False
+        return True
+
     @property
     def job_client(self):
         k8client = api_config_handler() or client.ApiClient()
@@ -91,7 +97,7 @@ def job_client(self):
             self._job_submission_client = JobSubmissionClient(
                 self.cluster_dashboard_uri(),
                 headers=self._client_headers,
-                verify=False,
+                verify=self._client_verify_tls,
             )
         else:
             self._job_submission_client = JobSubmissionClient(
@@ -184,6 +190,7 @@ def create_app_wrapper(self):
         ingress_domain = self.config.ingress_domain
         ingress_options = self.config.ingress_options
         write_to_file = self.config.write_to_file
+        verify_tls = self.config.verify_tls
         return generate_appwrapper(
             name=name,
             namespace=namespace,
@@ -209,6 +216,7 @@ def create_app_wrapper(self):
             ingress_domain=ingress_domain,
             ingress_options=ingress_options,
             write_to_file=write_to_file,
+            verify_tls=verify_tls,
         )
 
     # creates a new cluster with the provided or default spec
@@ -346,7 +354,7 @@ def is_dashboard_ready(self) -> bool:
                 self.cluster_dashboard_uri(),
                 headers=self._client_headers,
                 timeout=5,
-                verify=False,
+                verify=self._client_verify_tls,
             )
         except requests.exceptions.SSLError:  # pragma no cover
             # SSL exception occurs when oauth ingress has been created but cluster is not up
@@ -483,7 +491,12 @@ def torchx_config(
         return to_return
 
     def from_k8_cluster_object(
-        rc, mcad=True, ingress_domain=None, ingress_options={}, write_to_file=False
+        rc,
+        mcad=True,
+        ingress_domain=None,
+        ingress_options={},
+        write_to_file=False,
+        verify_tls=True,
     ):
         config_check()
         if (
@@ -543,6 +556,7 @@ def from_k8_cluster_object(
             ingress_domain=ingress_domain,
             ingress_options=ingress_options,
             write_to_file=write_to_file,
+            verify_tls=verify_tls,
         )
         return Cluster(cluster_config)
 
@@ -627,7 +641,10 @@ def get_current_namespace():  # pragma: no cover
 
 
 def get_cluster(
-    cluster_name: str, namespace: str = "default", write_to_file: bool = False
+    cluster_name: str,
+    namespace: str = "default",
+    write_to_file: bool = False,
+    verify_tls: bool = True,
 ):
     try:
         config_check()
@@ -701,6 +718,7 @@ def get_cluster(
                 ingress_domain=ingress_domain,
                 ingress_options=ingress_options,
                 write_to_file=write_to_file,
+                verify_tls=verify_tls,
             )
     raise FileNotFoundError(
         f"Cluster {cluster_name} is not found in {namespace} namespace"
diff --git a/src/codeflare_sdk/cluster/config.py b/src/codeflare_sdk/cluster/config.py
@@ -55,3 +55,10 @@ class ClusterConfiguration:
     ingress_options: dict = field(default_factory=dict)
     ingress_domain: str = None
     write_to_file: bool = False
+    verify_tls: bool = True
+
+    def __post_init__(self):
+        if not self.verify_tls:
+            print(
+                "Warning: TLS verification has been disabled - Endpoint checks will be bypassed"
+            )
diff --git a/src/codeflare_sdk/utils/generate_yaml.py b/src/codeflare_sdk/utils/generate_yaml.py
@@ -710,6 +710,7 @@ def generate_appwrapper(
     ingress_domain: str,
     ingress_options: dict,
     write_to_file: bool,
+    verify_tls: bool,
 ):
     user_yaml = read_template(template)
     appwrapper_name, cluster_name = gen_names(name)
diff --git a/tests/unit_test_support.py b/tests/unit_test_support.py
@@ -60,7 +60,6 @@ def createClusterWithConfig(mocker):
         return_value={"spec": {"domain": "apps.cluster.awsroute.org"}},
     )
     cluster = Cluster(createClusterConfig())
-    cluster.config.image = "quay.io/project-codeflare/ray:latest-py39-cu118"
     return cluster
 
 

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,6 @@ def createClusterWithConfig(mocker):`
`60`	`60`	`return_value={"spec": {"domain": "apps.cluster.awsroute.org"}},`
`61`	`61`	`)`
`62`	`62`	`cluster = Cluster(createClusterConfig())`
`63`		`- cluster.config.image = "quay.io/project-codeflare/ray:latest-py39-cu118"`
`64`	`63`	`return cluster`
`65`	`64`
`66`	`65`