Removed ca generation from SDK

Author: Bobbins228

src/codeflare_sdk/cluster/cluster.py

@@ -665,13 +665,6 @@ def _delete_resources(
                 plural="rayclusters",
                 name=name,
             )
-        elif resource["kind"] == "Secret":
-            name = resource["metadata"]["name"]
-            secret_instance = client.CoreV1Api(api_config_handler())
-            secret_instance.delete_namespaced_secret(
-                namespace=namespace,
-                name=name,
-            )
 
 
 def _create_resources(yamls, namespace: str, api_instance: client.CustomObjectsApi):
@@ -684,12 +677,6 @@ def _create_resources(yamls, namespace: str, api_instance: client.CustomObjectsA
                 plural="rayclusters",
                 body=resource,
             )
-        elif resource["kind"] == "Secret":
-            secret_instance = client.CoreV1Api(api_config_handler())
-            secret_instance.create_namespaced_secret(
-                namespace=namespace,
-                body=resource,
-            )
 
 
 def _check_aw_exists(name: str, namespace: str) -> bool:

src/codeflare_sdk/templates/base-template.yaml

@@ -264,15 +264,3 @@ spec:
                     - key: odh-ca-bundle.crt
                       path: odh-ca-bundle.crt
                     optional: true
-    - replicas: 1
-      generictemplate:
-        apiVersion: v1
-        data:
-          ca.crt: generated_crt
-          ca.key: generated_key
-        kind: Secret
-        metadata:
-          name: ca-secret-deployment-name
-          labels:
-            # allows me to return name of service that Ray operator creates
-            odh-ray-cluster-service: deployment-name-head-svc

src/codeflare_sdk/utils/generate_yaml.py

@@ -266,67 +266,10 @@ def update_nodes(
                 update_resources(spec, min_cpu, max_cpu, min_memory, max_memory, gpu)
 
 
-def update_ca_secret(ca_secret_item, cluster_name, namespace):
-    from . import generate_cert
-
-    metadata = ca_secret_item.get("generictemplate", {}).get("metadata")
-    metadata["name"] = f"ca-secret-{cluster_name}"
-    metadata["namespace"] = namespace
-    metadata["labels"]["odh-ray-cluster-service"] = f"{cluster_name}-head-svc"
-    data = ca_secret_item.get("generictemplate", {}).get("data")
-    data["ca.key"], data["ca.crt"] = generate_cert.generate_ca_cert(365)
-
-
 def del_from_list_by_name(l: list, target: typing.List[str]) -> list:
     return [x for x in l if x["name"] not in target]
 
 
-def disable_raycluster_tls(resources):
-    generic_template_spec = resources["GenericItems"][0]["generictemplate"]["spec"]
-
-    headGroupTemplateSpec = generic_template_spec["headGroupSpec"]["template"]["spec"]
-    headGroupTemplateSpec["volumes"] = del_from_list_by_name(
-        headGroupTemplateSpec.get("volumes", []),
-        ["ca-vol", "server-cert"],
-    )
-
-    c: dict
-    for c in generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"]:
-        c["volumeMounts"] = del_from_list_by_name(
-            c.get("volumeMounts", []), ["ca-vol", "server-cert"]
-        )
-
-    if "initContainers" in generic_template_spec["headGroupSpec"]["template"]["spec"]:
-        del generic_template_spec["headGroupSpec"]["template"]["spec"]["initContainers"]
-
-    for workerGroup in generic_template_spec.get("workerGroupSpecs", []):
-        workerGroupSpec = workerGroup["template"]["spec"]
-        workerGroupSpec["volumes"] = del_from_list_by_name(
-            workerGroupSpec.get("volumes", []),
-            ["ca-vol", "server-cert"],
-        )
-        for c in workerGroup["template"]["spec"].get("containers", []):
-            c["volumeMounts"] = del_from_list_by_name(
-                c.get("volumeMounts", []), ["ca-vol", "server-cert"]
-            )
-
-    del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][
-        "initContainers"
-    ]
-
-    updated_items = []
-    for i in resources["GenericItems"][:]:
-        if "rayclient-deployment-ingress" in i["generictemplate"]["metadata"]["name"]:
-            continue
-        if "rayclient-deployment-route" in i["generictemplate"]["metadata"]["name"]:
-            continue
-        if "ca-secret-deployment-name" in i["generictemplate"]["metadata"]["name"]:
-            continue
-        updated_items.append(i)
-
-    resources["GenericItems"] = updated_items
-
-
 def write_user_appwrapper(user_yaml, output_file_name):
     # Create the directory if it doesn't exist
     directory_path = os.path.dirname(output_file_name)
@@ -496,9 +439,6 @@ def generate_appwrapper(
         head_gpus,
     )
 
-    ca_secret_item = resources["resources"].get("GenericItems")[1]
-    update_ca_secret(ca_secret_item, cluster_name, namespace)
-
     directory_path = os.path.expanduser("~/.codeflare/resources/")
     outfile = os.path.join(directory_path, appwrapper_name + ".yaml")
 

tests/test-case-no-mcad.yamls

@@ -181,14 +181,3 @@ spec:
             name: odh-trusted-ca-bundle
             optional: true
           name: odh-ca-cert
----
-apiVersion: v1
-data:
-  ca.crt: ca-field
-  ca.key: ca-field
-kind: Secret
-metadata:
-  labels:
-    odh-ray-cluster-service: unit-test-cluster-ray-head-svc
-  name: ca-secret-unit-test-cluster-ray
-  namespace: ns

tests/test-case-prio.yaml

@@ -214,16 +214,4 @@ spec:
                     optional: true
                   name: odh-ca-cert
       replicas: 1
-    - generictemplate:
-        apiVersion: v1
-        data:
-          ca.crt: ca-field
-          ca.key: ca-field
-        kind: Secret
-        metadata:
-          labels:
-            odh-ray-cluster-service: prio-test-cluster-head-svc
-          name: ca-secret-prio-test-cluster
-          namespace: ns
-      replicas: 1
     Items: []

tests/test-case.yaml

@@ -211,16 +211,4 @@ spec:
                     optional: true
                   name: odh-ca-cert
       replicas: 1
-    - generictemplate:
-        apiVersion: v1
-        data:
-          ca.crt: ca-field
-          ca.key: ca-field
-        kind: Secret
-        metadata:
-          labels:
-            odh-ray-cluster-service: unit-test-cluster-head-svc
-          name: ca-secret-unit-test-cluster
-          namespace: ns
-      replicas: 1
     Items: []

tests/test-default-appwrapper.yaml

@@ -189,16 +189,4 @@ spec:
                     optional: true
                   name: odh-ca-cert
       replicas: 1
-    - generictemplate:
-        apiVersion: v1
-        data:
-          ca.crt: ca-field
-          ca.key: ca-field
-        kind: Secret
-        metadata:
-          labels:
-            odh-ray-cluster-service: unit-test-default-cluster-head-svc
-          name: ca-secret-unit-test-default-cluster
-          namespace: opendatahub
-      replicas: 1
     Items: []

tests/unit_test.py

@@ -259,65 +259,9 @@ def test_config_creation():
     assert config.mcad == True
 
 
-def ca_secret_support(path, mcad: bool):
-    # Given that the secret is always random we need to set it to a static value for the tests to pass
-    if mcad:
-        with open(path, "r") as file:
-            try:
-                yaml_file = yaml.safe_load(file)
-            except yaml.YAMLError as exc:
-                print(exc)
-        resources = yaml_file.get("spec", "resources")
-        ca_secret_item = resources["resources"].get("GenericItems")[1]
-        data = ca_secret_item.get("generictemplate", {}).get("data")
-        data["ca.key"] = "ca-field"
-        data["ca.crt"] = "ca-field"
-        with open(path, "w") as outfile:
-            yaml.dump(yaml_file, outfile, default_flow_style=False)
-    else:
-        # Load the YAML file
-        with open(path, "r") as f:
-            data = list(yaml.safe_load_all(f))
-
-            # Find the Secret entry and update the fields
-            for item in data:
-                if item.get("kind") == "Secret":
-                    item["data"]["ca.crt"] = "ca-field"
-                    item["data"]["ca.key"] = "ca-field"
-                    break
-        with open(path, "w") as f:
-            for item in data:
-                f.write("---\n")
-                yaml.dump(item, f, default_flow_style=False)
-
-
-def ca_secret_support_no_write(yaml_file, mcad: bool):
-    if mcad:
-        file = yaml.safe_load(yaml_file)
-        resources = file.get("spec", "resources")
-
-        ca_secret_item = resources["resources"].get("GenericItems")[1]
-        data = ca_secret_item.get("generictemplate", {}).get("data")
-        data["ca.key"] = "ca-field"
-        data["ca.crt"] = "ca-field"
-        return file
-
-    else:
-        data = list(yaml.safe_load_all(yaml_file))
-        for item in data:
-            if item.get("kind") == "Secret":
-                item["data"]["ca.crt"] = "ca-field"
-                item["data"]["ca.key"] = "ca-field"
-                break
-
-        resources = "---\n" + "---\n".join([yaml.dump(item) for item in data])
-        return resources
-
-
 def test_cluster_creation(mocker):
     mocker.patch("kubernetes.client.ApisApi.get_api_versions")
     cluster = createClusterWithConfig(mocker)
-    ca_secret_support(f"{aw_dir}unit-test-cluster.yaml", True)
     assert cluster.app_wrapper_yaml == f"{aw_dir}unit-test-cluster.yaml"
     assert cluster.app_wrapper_name == "unit-test-cluster"
     assert filecmp.cmp(
@@ -384,7 +328,6 @@ def test_cluster_creation_no_mcad(mocker):
 
     assert cluster.app_wrapper_yaml == f"{aw_dir}unit-test-cluster-ray.yaml"
     assert cluster.app_wrapper_name == "unit-test-cluster-ray"
-    ca_secret_support(cluster.app_wrapper_yaml, False)
     assert filecmp.cmp(
         f"{aw_dir}unit-test-cluster-ray.yaml",
         f"{parent}/tests/test-case-no-mcad.yamls",
@@ -406,7 +349,6 @@ def test_cluster_creation_no_mcad_local_queue(mocker):
     config.write_to_file = True
     config.local_queue = "local-queue-default"
     cluster = Cluster(config)
-    ca_secret_support(cluster.app_wrapper_yaml, False)
     assert cluster.app_wrapper_yaml == f"{aw_dir}unit-test-cluster-ray.yaml"
     assert cluster.app_wrapper_name == "unit-test-cluster-ray"
     assert filecmp.cmp(
@@ -428,27 +370,18 @@ def test_cluster_creation_no_mcad_local_queue(mocker):
         machine_types=["cpu.small", "gpu.large"],
         image_pull_secrets=["unit-test-pull-secret"],
         image="quay.io/project-codeflare/ray:latest-py39-cu118",
-        write_to_file=False,
+        write_to_file=True,
         mcad=False,
         local_queue="local-queue-default",
     )
     cluster = Cluster(config)
-    test_resources = []
-    expected_resources = []
-
-    test_aw = yaml.load_all(
-        ca_secret_support_no_write(cluster.app_wrapper_yaml, False),
-        Loader=yaml.FullLoader,
-    )
-    for resource in test_aw:
-        test_resources.append(resource)
-    with open(
+    assert cluster.app_wrapper_yaml == f"{aw_dir}unit-test-cluster-ray.yaml"
+    assert cluster.app_wrapper_name == "unit-test-cluster-ray"
+    assert filecmp.cmp(
+        f"{aw_dir}unit-test-cluster-ray.yaml",
         f"{parent}/tests/test-case-no-mcad.yamls",
-    ) as f:
-        default_aw = yaml.load_all(f, Loader=yaml.FullLoader)
-        for resource in default_aw:
-            expected_resources.append(resource)
-    assert test_resources == expected_resources
+        shallow=True,
+    )
 
 
 def test_cluster_creation_priority(mocker):
@@ -466,7 +399,6 @@ def test_cluster_creation_priority(mocker):
         return_value={"spec": {"domain": "apps.cluster.awsroute.org"}},
     )
     cluster = Cluster(config)
-    ca_secret_support(cluster.app_wrapper_yaml, True)
     assert cluster.app_wrapper_yaml == f"{aw_dir}prio-test-cluster.yaml"
     assert cluster.app_wrapper_name == "prio-test-cluster"
     assert filecmp.cmp(
@@ -488,7 +420,7 @@ def test_default_cluster_creation(mocker):
         mcad=True,
     )
     cluster = Cluster(default_config)
-    test_aw = ca_secret_support_no_write(cluster.app_wrapper_yaml, True)
+    test_aw = yaml.load(cluster.app_wrapper_yaml, Loader=yaml.FullLoader)
 
     with open(
         f"{parent}/tests/test-default-appwrapper.yaml",