Replace openshift client with k8s python client

Author: tedhtchang

Diff for: src/codeflare_sdk/utils/generate_cert.py

@@ -19,7 +19,7 @@
 from cryptography import x509
 from cryptography.x509.oid import NameOID
 import datetime
-import openshift as oc
+from kubernetes import client, config
 
 
 def generate_ca_cert(days: int = 30):
@@ -82,25 +82,12 @@ def generate_tls_cert(cluster_name, namespace, days=30):
     # Similar to:
     # oc get secret ca-secret-<cluster-name> -o template='{{index .data "ca.key"}}'
     # oc get secret ca-secret-<cluster-name> -o template='{{index .data "ca.crt"}}'|base64 -d > ${TLSDIR}/ca.crt
-    with oc.project(namespace):
-        ca_key = oc.invoke(
-            "get",
-            [
-                "secret",
-                f"ca-secret-{cluster_name}",
-                "-o",
-                "template='{{index .data \"ca.key\"}}'",
-            ],
-        ).out()
-        ca_cert = oc.invoke(
-            "get",
-            [
-                "secret",
-                f"ca-secret-{cluster_name}",
-                "-o",
-                "template='{{index .data \"ca.crt\"}}'",
-            ],
-        ).out()
+    config.load_kube_config()
+    v1 = client.CoreV1Api()
+    secret = v1.read_namespaced_secret(f"ca-secret-{cluster_name}", namespace).data
+    ca_cert = secret.get("ca.crt")
+    ca_key = secret.get("ca.key")
+
     with open(os.path.join(tls_dir, "ca.crt"), "w") as f:
         f.write(base64.b64decode(ca_cert).decode("utf-8"))
 

Diff for: tests/unit_test.py

@@ -21,6 +21,7 @@
 parent = Path(__file__).resolve().parents[1]
 sys.path.append(str(parent) + "/src")
 
+from kubernetes import client
 from codeflare_sdk.cluster.awload import AWManager
 from codeflare_sdk.cluster.cluster import (
     Cluster,
@@ -2017,17 +2018,25 @@ def test_generate_ca_cert():
     assert cert_pub_key_bytes == private_pub_key_bytes
 
 
+def secret_ca_retreival(secret_name, namespace):
+    ca_private_key_bytes, ca_cert = generate_ca_cert()
+    data = {"ca.crt": ca_cert, "ca.key": ca_private_key_bytes}
+    assert secret_name == "ca-secret-cluster"
+    assert namespace == "namespace"
+    return client.models.V1Secret(data=data)
+
+
 def test_generate_tls_cert(mocker):
     """
     test the function codeflare_sdk.utils.generate_ca_cert generates the correct outputs
     """
-    ca_private_key_bytes, ca_cert = generate_ca_cert()
-    mocker.patch("openshift.invoke", return_value=openshift.Result("fake"))
-    mocker.patch("openshift.Result.out", return_value=ca_private_key_bytes)
+    mocker.patch("kubernetes.config.load_kube_config", return_value="ignore")
+    mocker.patch(
+        "kubernetes.client.CoreV1Api.read_namespaced_secret",
+        side_effect=secret_ca_retreival,
+    )
+
     generate_tls_cert("cluster", "namespace")
-    with open(os.path.join("tls-cluster-namespace", "ca.crt"), "w") as f:
-        f.write(base64.b64decode(ca_cert).decode("utf-8"))
-    # verify the required files exist
     assert os.path.exists("tls-cluster-namespace")
     assert os.path.exists(os.path.join("tls-cluster-namespace", "ca.crt"))
     assert os.path.exists(os.path.join("tls-cluster-namespace", "tls.crt"))
@@ -2036,16 +2045,28 @@ def test_generate_tls_cert(mocker):
     # verify the that the signed tls.crt is issued by the ca_cert (root cert)
     with open(os.path.join("tls-cluster-namespace", "tls.crt"), "r") as f:
         tls_cert = load_pem_x509_certificate(f.read().encode("utf-8"))
-        root_cert = load_pem_x509_certificate(base64.b64decode(ca_cert))
-        assert tls_cert.verify_directly_issued_by(root_cert) == None
+    with open(os.path.join("tls-cluster-namespace", "ca.crt"), "r") as f:
+        root_cert = load_pem_x509_certificate(f.read().encode("utf-8"))
+    assert tls_cert.verify_directly_issued_by(root_cert) == None
 
 
 def test_export_env():
     """
     test the function codeflare_sdk.utils.export_ev generates the correct outputs
     """
-    export_env("cluster_name", "namespace")
+    tls_dir = "cluster"
+    ns = "namespace"
+    export_env(tls_dir, ns)
     assert os.environ["RAY_USE_TLS"] == "1"
+    assert os.environ["RAY_TLS_SERVER_CERT"] == os.path.join(
+        os.getcwd(), f"tls-{tls_dir}-{ns}", "tls.crt"
+    )
+    assert os.environ["RAY_TLS_SERVER_KEY"] == os.path.join(
+        os.getcwd(), f"tls-{tls_dir}-{ns}", "tls.key"
+    )
+    assert os.environ["RAY_TLS_CA_CERT"] == os.path.join(
+        os.getcwd(), f"tls-{tls_dir}-{ns}", "ca.crt"
+    )
 
 
 # Make sure to keep this function and the following function at the end of the file