Add support for specifying a cluster CA certificate to the sdk

[Bobbins228]

Linked to issue #161
By setting skip_tls=False the login command will use the arg --certificate-authority with the specified path to a cert a user sets with ca_cert_path

Example:

# Create authentication object for oc user permissions
auth = TokenAuthentication(
    token = "XXXXX",
    server = "XXXXX",
    ca_cert_path = "<path-to-cert.crt>"
)
auth.login()

[tedhtchang]

@Bobbins228 Thanks. Looks good. Could you provide an example how to test/verify this PR ?

[Bobbins228]

@Bobbins228 Thanks. Looks good. Could you provide an example how to test/verify this PR ?

Hi Ted,

To begin clone this repo and checkout the add-ca-support branch.
Use poetry build to create a new whl file located in the dist folder.
On a Jupytr notebook drag the whl file to your working directory and install it with !pip install <whl-file>.whl.

import the library with

from codeflare_sdk.cluster.cluster import Cluster, ClusterConfiguration
from codeflare_sdk.cluster.auth import TokenAuthentication

In another cell log in using...

auth = TokenAuthentication(
    token = "XXXXX",
    server = "XXXXX",
    skip_tls=False,
    ca_cert_path="<path>"
)
auth.login()

While testing this out I found that the the Jupytr Notebook pod has a trusted cert bundle located at /etc/pki/tls/certs/ca-bundle.crt.
I could set this as the default path value instead of the None I have already.

Another thing I noticed while testing is that with my work in place you can no longer log in with just token and server unless skip_tls=True. Is this okay?

When you try to log in without specifying a path with skip_tls=False you get this 'error: open None: no such file or directory\n'. We could set the default path to the default cert path mentioned above to mitigate this.

[Bobbins228]

Closing this as we have moved towards using the Kubernetes api. See #186