codeflare-sdk icon indicating copy to clipboard operation
codeflare-sdk copied to clipboard

Published 20 hours ago verified publisher icon project-codeflare

Made ODH cert default cert for Token Auth

Open Bobbins228 opened this issue 1 year ago • 3 comments

Issue link

RHOAIENG-52, RHOAIENG-4375

What changes have been made

For TokenAuthentication the SDK will use the cert injected into a ODH/RHOAI Notebook by default in the /etc/pki/tls/custom-certs/ca-bundle.crt location

Verification steps

Setup

Required steps for ODH/RHOAI

  • ODH > 2.9
  • Create a Data Science Workbench
  • Ensure that the path /etc/pki/tls/custom-certs/ca-bundle.crt exists in the notebook.

Notebook server ODH

  • Clone this repository with git clone https://github.com/project-codeflare/codeflare-sdk.git
  • Checkout this PR's branch
  • Run poetry build - install if needed (pip install poetry)
  • Run pip install --force-reinstall dist/codeflare_sdk-0.0.0.dev0-py3-none-any.whl
  • Restart your notebook kernel

Testing

Authenticate with TokenAuthentication. Set the environment variable CA_CERT_PATH to the path to your cert before authenticating

auth = TokenAuthentication(
    token = "XXXXX",
    server = "XXXXX",
    skip_tls=False
)
auth.login()

You should receive the message Authenticated with certificate located at /etc/pki/tls/custom-certs/ca-bundle.crt You should be able to run through any demo notebook.

Checks

  • [x] I've made sure the tests are passing.
  • Testing Strategy
    • [x] Unit tests
    • [x] Manual tests
    • [ ] Testing is not required for this change

Bobbins228 avatar Mar 22 '24 16:03 Bobbins228

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from bobbins228. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Mar 22 '24 16:03 openshift-ci[bot]

Whats the status of this PR? it looks like the PR with which it depends (kubeflow) on has been merged. we need this for disconnected correct?

dimakis avatar Apr 04 '24 18:04 dimakis

Whats the status of this PR? it looks like the PR with which it depends (kubeflow) on has been merged. we need this for disconnected correct?

Kubeflow PR is in this is good to merge after a review and yeah pretty sure it's needed for disconnected

Bobbins228 avatar Apr 04 '24 18:04 Bobbins228

see #544

KPostOffice avatar May 28 '24 19:05 KPostOffice