From 24629cc08cdd72cf3a4b9a4ef7276a19cbddf758 Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Fri, 6 Sep 2024 13:19:33 +0100 Subject: [PATCH 1/2] fix(generate_cert.py): add get_secret_name function to solve issues with autogenerated secret names Signed-off-by: Bobbins228 --- src/codeflare_sdk/utils/generate_cert.py | 25 +++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/codeflare_sdk/utils/generate_cert.py b/src/codeflare_sdk/utils/generate_cert.py index 04b04d3e0..5de56882b 100644 --- a/src/codeflare_sdk/utils/generate_cert.py +++ b/src/codeflare_sdk/utils/generate_cert.py @@ -21,6 +21,7 @@ import datetime from ..cluster.auth import config_check, api_config_handler from kubernetes import client, config +from .kube_api_helpers import _kube_api_error_handling def generate_ca_cert(days: int = 30): @@ -74,6 +75,24 @@ def generate_ca_cert(days: int = 30): return key, certificate +def get_secret_name(cluster_name, namespace, api_instance): + label_selector = f"ray.openshift.ai/cluster-name={cluster_name}" + try: + secrets = api_instance.list_namespaced_secret( + namespace, label_selector=label_selector + ) + for secret in secrets.items: + if ( + f"{cluster_name}-ca-secret-" in secret.metadata.name + ): # Oauth secret share the same label this conditional is to make things more specific + return secret.metadata.name + else: + continue + raise KeyError(f"Unable to gather secret name for {cluster_name}") + except Exception as e: # pragma: no cover + return _kube_api_error_handling(e) + + def generate_tls_cert(cluster_name, namespace, days=30): # Create a folder tls-- and store three files: ca.crt, tls.crt, and tls.key tls_dir = os.path.join(os.getcwd(), f"tls-{cluster_name}-{namespace}") @@ -85,7 +104,11 @@ def generate_tls_cert(cluster_name, namespace, days=30): # oc get secret ca-secret- -o template='{{index .data "ca.crt"}}'|base64 -d > ${TLSDIR}/ca.crt config_check() v1 = client.CoreV1Api(api_config_handler()) - secret = v1.read_namespaced_secret(f"ca-secret-{cluster_name}", namespace).data + + # Secrets have a suffix appended to the end so we must list them and gather the secret that includes cluster_name-ca-secret- + secret_name = get_secret_name(cluster_name, namespace, v1) + secret = v1.read_namespaced_secret(secret_name, namespace).data + ca_cert = secret.get("ca.crt") ca_key = secret.get("ca.key") From e433926bcc2b155c8a38f314e302870642b92f0e Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Fri, 6 Sep 2024 13:38:33 +0100 Subject: [PATCH 2/2] test(unit_test.py): update unit test for test_generate_tls_cert Signed-off-by: Bobbins228 --- tests/unit_test.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/unit_test.py b/tests/unit_test.py index ba937d873..fd0be3dfd 100644 --- a/tests/unit_test.py +++ b/tests/unit_test.py @@ -2619,6 +2619,10 @@ def test_generate_tls_cert(mocker): test the function codeflare_sdk.utils.generate_ca_cert generates the correct outputs """ mocker.patch("kubernetes.config.load_kube_config", return_value="ignore") + mocker.patch( + "codeflare_sdk.utils.generate_cert.get_secret_name", + return_value="ca-secret-cluster", + ) mocker.patch( "kubernetes.client.CoreV1Api.read_namespaced_secret", side_effect=secret_ca_retreival,