Merge branch 'main' into nb-sync-RHOAIENG-11541

KPostOffice · web-flow · commit 6a3e84329f2d · 2024-09-06T16:40:44.000-04:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -86,23 +86,6 @@ jobs:
             - name: Publish package distributions to PyPI
               uses: pypa/gh-action-pypi-publish@release/v1
 
-            - name: Notebook Image Build and Push
-              run: |
-                gh workflow run image-build-and-push.yaml --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-sdk --ref ${{ github.ref }} --field is-stable=${{ github.event.inputs.is-stable }} --field release-version=${{ github.event.inputs.release-version }} --field quay-organization=${{ github.event.inputs.quay-organization }}
-              env:
-                GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }}
-              shell: bash
-
-            - name: Wait for Notebook image build and push to finish
-              run: |
-                # wait for a while for Run to be started
-                sleep 5
-                run_id=$(gh run list --workflow image-build-and-push.yaml --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-sdk --limit 1 --json databaseId --jq .[].databaseId)
-                gh run watch ${run_id} --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-sdk --interval 10 --exit-status
-              env:
-                GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }}
-              shell: bash
-
             - name: Sync ODH Notebooks
               run: |
                 gh workflow run odh-notebooks-sync.yml \
diff --git a/coverage.svg b/coverage.svg
@@ -15,7 +15,7 @@
     <g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11">
         <text x="31.5" y="15" fill="#010101" fill-opacity=".3">coverage</text>
         <text x="31.5" y="14">coverage</text>
-        <text x="80" y="15" fill="#010101" fill-opacity=".3">91%</text>
-        <text x="80" y="14">91%</text>
+        <text x="80" y="15" fill="#010101" fill-opacity=".3">90%</text>
+        <text x="80" y="14">90%</text>
     </g>
 </svg>
diff --git a/docs/detailed-documentation/utils/generate_cert.html b/docs/detailed-documentation/utils/generate_cert.html
@@ -49,6 +49,7 @@ <h1 class="title">Module <code>codeflare_sdk.utils.generate_cert</code></h1>
 import datetime
 from ..cluster.auth import config_check, api_config_handler
 from kubernetes import client, config
+from .kube_api_helpers import _kube_api_error_handling
 
 
 def generate_ca_cert(days: int = 30):
@@ -102,6 +103,24 @@ <h1 class="title">Module <code>codeflare_sdk.utils.generate_cert</code></h1>
     return key, certificate
 
 
+def get_secret_name(cluster_name, namespace, api_instance):
+    label_selector = f&#34;ray.openshift.ai/cluster-name={cluster_name}&#34;
+    try:
+        secrets = api_instance.list_namespaced_secret(
+            namespace, label_selector=label_selector
+        )
+        for secret in secrets.items:
+            if (
+                f&#34;{cluster_name}-ca-secret-&#34; in secret.metadata.name
+            ):  # Oauth secret share the same label this conditional is to make things more specific
+                return secret.metadata.name
+            else:
+                continue
+        raise KeyError(f&#34;Unable to gather secret name for {cluster_name}&#34;)
+    except Exception as e:  # pragma: no cover
+        return _kube_api_error_handling(e)
+
+
 def generate_tls_cert(cluster_name, namespace, days=30):
     # Create a folder tls-&lt;cluster&gt;-&lt;namespace&gt; and store three files: ca.crt, tls.crt, and tls.key
     tls_dir = os.path.join(os.getcwd(), f&#34;tls-{cluster_name}-{namespace}&#34;)
@@ -113,7 +132,11 @@ <h1 class="title">Module <code>codeflare_sdk.utils.generate_cert</code></h1>
     # oc get secret ca-secret-&lt;cluster-name&gt; -o template=&#39;{{index .data &#34;ca.crt&#34;}}&#39;|base64 -d &gt; ${TLSDIR}/ca.crt
     config_check()
     v1 = client.CoreV1Api(api_config_handler())
-    secret = v1.read_namespaced_secret(f&#34;ca-secret-{cluster_name}&#34;, namespace).data
+
+    # Secrets have a suffix appended to the end so we must list them and gather the secret that includes cluster_name-ca-secret-
+    secret_name = get_secret_name(cluster_name, namespace, v1)
+    secret = v1.read_namespaced_secret(secret_name, namespace).data
+
     ca_cert = secret.get(&#34;ca.crt&#34;)
     ca_key = secret.get(&#34;ca.key&#34;)
 
@@ -294,7 +317,11 @@ <h2 class="section-title" id="header-functions">Functions</h2>
     # oc get secret ca-secret-&lt;cluster-name&gt; -o template=&#39;{{index .data &#34;ca.crt&#34;}}&#39;|base64 -d &gt; ${TLSDIR}/ca.crt
     config_check()
     v1 = client.CoreV1Api(api_config_handler())
-    secret = v1.read_namespaced_secret(f&#34;ca-secret-{cluster_name}&#34;, namespace).data
+
+    # Secrets have a suffix appended to the end so we must list them and gather the secret that includes cluster_name-ca-secret-
+    secret_name = get_secret_name(cluster_name, namespace, v1)
+    secret = v1.read_namespaced_secret(secret_name, namespace).data
+
     ca_cert = secret.get(&#34;ca.crt&#34;)
     ca_key = secret.get(&#34;ca.key&#34;)
 
@@ -363,6 +390,33 @@ <h2 class="section-title" id="header-functions">Functions</h2>
         f.write(tls_cert.public_bytes(serialization.Encoding.PEM).decode(&#34;utf-8&#34;))</code></pre>
 </details>
 </dd>
+<dt id="codeflare_sdk.utils.generate_cert.get_secret_name"><code class="name flex">
+<span>def <span class="ident">get_secret_name</span></span>(<span>cluster_name, namespace, api_instance)</span>
+</code></dt>
+<dd>
+<div class="desc"></div>
+<details class="source">
+<summary>
+<span>Expand source code</span>
+</summary>
+<pre><code class="python">def get_secret_name(cluster_name, namespace, api_instance):
+    label_selector = f&#34;ray.openshift.ai/cluster-name={cluster_name}&#34;
+    try:
+        secrets = api_instance.list_namespaced_secret(
+            namespace, label_selector=label_selector
+        )
+        for secret in secrets.items:
+            if (
+                f&#34;{cluster_name}-ca-secret-&#34; in secret.metadata.name
+            ):  # Oauth secret share the same label this conditional is to make things more specific
+                return secret.metadata.name
+            else:
+                continue
+        raise KeyError(f&#34;Unable to gather secret name for {cluster_name}&#34;)
+    except Exception as e:  # pragma: no cover
+        return _kube_api_error_handling(e)</code></pre>
+</details>
+</dd>
 </dl>
 </section>
 <section>
@@ -384,6 +438,7 @@ <h1>Index</h1>
 <li><code><a title="codeflare_sdk.utils.generate_cert.export_env" href="#codeflare_sdk.utils.generate_cert.export_env">export_env</a></code></li>
 <li><code><a title="codeflare_sdk.utils.generate_cert.generate_ca_cert" href="#codeflare_sdk.utils.generate_cert.generate_ca_cert">generate_ca_cert</a></code></li>
 <li><code><a title="codeflare_sdk.utils.generate_cert.generate_tls_cert" href="#codeflare_sdk.utils.generate_cert.generate_tls_cert">generate_tls_cert</a></code></li>
+<li><code><a title="codeflare_sdk.utils.generate_cert.get_secret_name" href="#codeflare_sdk.utils.generate_cert.get_secret_name">get_secret_name</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/src/codeflare_sdk/utils/generate_cert.py b/src/codeflare_sdk/utils/generate_cert.py
@@ -21,6 +21,7 @@
 import datetime
 from ..cluster.auth import config_check, api_config_handler
 from kubernetes import client, config
+from .kube_api_helpers import _kube_api_error_handling
 
 
 def generate_ca_cert(days: int = 30):
@@ -74,6 +75,24 @@ def generate_ca_cert(days: int = 30):
     return key, certificate
 
 
+def get_secret_name(cluster_name, namespace, api_instance):
+    label_selector = f"ray.openshift.ai/cluster-name={cluster_name}"
+    try:
+        secrets = api_instance.list_namespaced_secret(
+            namespace, label_selector=label_selector
+        )
+        for secret in secrets.items:
+            if (
+                f"{cluster_name}-ca-secret-" in secret.metadata.name
+            ):  # Oauth secret share the same label this conditional is to make things more specific
+                return secret.metadata.name
+            else:
+                continue
+        raise KeyError(f"Unable to gather secret name for {cluster_name}")
+    except Exception as e:  # pragma: no cover
+        return _kube_api_error_handling(e)
+
+
 def generate_tls_cert(cluster_name, namespace, days=30):
     # Create a folder tls-<cluster>-<namespace> and store three files: ca.crt, tls.crt, and tls.key
     tls_dir = os.path.join(os.getcwd(), f"tls-{cluster_name}-{namespace}")
@@ -85,7 +104,11 @@ def generate_tls_cert(cluster_name, namespace, days=30):
     # oc get secret ca-secret-<cluster-name> -o template='{{index .data "ca.crt"}}'|base64 -d > ${TLSDIR}/ca.crt
     config_check()
     v1 = client.CoreV1Api(api_config_handler())
-    secret = v1.read_namespaced_secret(f"ca-secret-{cluster_name}", namespace).data
+
+    # Secrets have a suffix appended to the end so we must list them and gather the secret that includes cluster_name-ca-secret-
+    secret_name = get_secret_name(cluster_name, namespace, v1)
+    secret = v1.read_namespaced_secret(secret_name, namespace).data
+
     ca_cert = secret.get("ca.crt")
     ca_key = secret.get("ca.key")
 
diff --git a/tests/unit_test.py b/tests/unit_test.py
@@ -2619,6 +2619,10 @@ def test_generate_tls_cert(mocker):
     test the function codeflare_sdk.utils.generate_ca_cert generates the correct outputs
     """
     mocker.patch("kubernetes.config.load_kube_config", return_value="ignore")
+    mocker.patch(
+        "codeflare_sdk.utils.generate_cert.get_secret_name",
+        return_value="ca-secret-cluster",
+    )
     mocker.patch(
         "kubernetes.client.CoreV1Api.read_namespaced_secret",
         side_effect=secret_ca_retreival,
