From 951b06a45523dcec97aec5b74d0100e3047319fc Mon Sep 17 00:00:00 2001 From: Luca Giorgi Date: Wed, 21 Jun 2023 16:56:14 +0200 Subject: [PATCH] fix SSL validation for model serving tests in self-managed clusters (#836) fix SSL validation for model serving tests in self-managed clusters --- ods_ci/libs/Helpers.py | 18 +++++++++++++++--- ods_ci/tests/Resources/OCP.resource | 17 +++++++++++++++++ .../ODH/ODHDashboard/ODHModelServing.resource | 11 ++++++++--- .../420__model_serving.robot | 5 +++++ 4 files changed, 45 insertions(+), 6 deletions(-) diff --git a/ods_ci/libs/Helpers.py b/ods_ci/libs/Helpers.py index 806536da1..ac8f9d0b8 100644 --- a/ods_ci/libs/Helpers.py +++ b/ods_ci/libs/Helpers.py @@ -246,9 +246,9 @@ def send_random_inference_request( import os import random import requests + from pathlib import Path for _ in range(no_requests): - data_img = [ random.randrange(value_range[0], value_range[1]) for _ in range(shape["C"] * shape["H"] * shape["W"]) @@ -259,12 +259,24 @@ def send_random_inference_request( } data = ( - '{ "model_name": "vehicle-detection-0202", "inputs": [{ "name": "'+str(name)+'", "shape": ' + '{ "model_name": "vehicle-detection-0202", "inputs": [{ "name": "' + + str(name) + + '", "shape": ' + str(list(shape.values())) + ', "datatype": "FP32", "data": ' + str(data_img) + " }]}" ) - response = requests.post(endpoint, headers=headers, data=data) + # This file only exists when running on self-managed clusters + ca_bundle = Path("openshift_ca.crt") + if ca_bundle.is_file(): + response = requests.post( + endpoint, + headers=headers, + data=data, + verify="openshift_ca.crt", + ) + else: + response = requests.post(endpoint, headers=headers, data=data) return response.status_code, response.text diff --git a/ods_ci/tests/Resources/OCP.resource b/ods_ci/tests/Resources/OCP.resource index 3c643ffa7..737240655 100644 --- a/ods_ci/tests/Resources/OCP.resource +++ b/ods_ci/tests/Resources/OCP.resource @@ -1,5 +1,6 @@ *** Settings *** Documentation Set of Keywords for OCP checks +Library OperatingSystem Library OpenShiftLibrary @@ -80,3 +81,19 @@ Get MachineSets ${tmp} = Remove From List ${machinesets} 0 Should Be Equal As Strings ${tmp} NAME RETURN @{machinesets} + +Fetch Openshift CA Bundle + [Documentation] Gets the CA bundle defined in the secret `router-certs-defaults` in namespace `openshift-ingress` + ... Useful when working with self-managed clusters to verify connections + ${rc} = Run And Return Rc + ... oc get secret -n openshift-ingress router-certs-default -o json | jq '.data."tls.crt"' | sed 's/"//g' | base64 -d > openshift_ca.crt # robocop: disable + Should Be Equal As Strings ${rc} 0 + +Fetch CA Certificate If RHODS Is Self-Managed + [Documentation] Fetches the OpenShift CA certificate if the keyword is run in a self-managed environment + ... It saves it to a file called `openshift_ca.crt` in the root folder and can be used by other keywords + ... e.g. curl commands or Requests calls against unsecured https endpoints. + ${self_managed} = Is RHODS Self-Managed + IF ${self_managed}==${TRUE} + Fetch Openshift CA Bundle + END diff --git a/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHModelServing.resource b/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHModelServing.resource index c6bd18cfc..be6dbe834 100644 --- a/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHModelServing.resource +++ b/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHModelServing.resource @@ -209,14 +209,19 @@ Get Model Inference ... model endpoint. If token authentication is needed for the model, ${token_auth} should be ... set to ${TRUE}. [Arguments] ${model_name} ${inference_input} ${token_auth}=${FALSE} + ${self_managed} = Is RHODS Self-Managed ${url}= Get Model Route via UI ${model_name} + ${curl_cmd}= Set Variable curl -s ${url} -d ${inference_input} IF ${token_auth} ${project_title}= Get Model Project ${model_name} ${token}= Get Access Token via UI ${project_title} - ${inference_output} = Run curl -ks ${url} -d ${INFERENCE_INPUT} -H "Authorization: Bearer ${token}" - ELSE - ${inference_output} = Run curl -ks ${url} -d ${INFERENCE_INPUT} + ${curl_cmd}= Catenate ${curl_cmd} -H "Authorization: Bearer ${token}" + END + IF ${self_managed}==${TRUE} + Fetch Openshift CA Bundle + ${curl_cmd}= Catenate ${curl_cmd} --cacert openshift_ca.crt END + ${inference_output} = Run ${curl_cmd} RETURN ${inference_output} Verify Model Inference diff --git a/ods_ci/tests/Tests/400__ods_dashboard/420__model_serving/420__model_serving.robot b/ods_ci/tests/Tests/400__ods_dashboard/420__model_serving/420__model_serving.robot index 82d6b8f15..1aab46e8d 100644 --- a/ods_ci/tests/Tests/400__ods_dashboard/420__model_serving/420__model_serving.robot +++ b/ods_ci/tests/Tests/400__ods_dashboard/420__model_serving/420__model_serving.robot @@ -6,6 +6,7 @@ Resource ../../../Resources/Page/ODH/ODHDashboard/ODHModelServing.resou Resource ../../../Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/Projects.resource Resource ../../../Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/DataConnections.resource Resource ../../../Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/ModelServer.resource +Resource ../../../Resources/OCP.resource Suite Setup Model Serving Suite Setup Suite Teardown Model Serving Suite Teardown @@ -133,6 +134,7 @@ Model Serving Suite Setup RHOSi Setup Launch Dashboard ${TEST_USER.USERNAME} ${TEST_USER.PASSWORD} ${TEST_USER.AUTH_TYPE} ... ${ODH_DASHBOARD_URL} ${BROWSER.NAME} ${BROWSER.OPTIONS} + Fetch CA Certificate If RHODS Is Self-Managed Verify Etcd Pod [Documentation] Verifies the correct deployment of the etcd pod in the rhods namespace @@ -179,6 +181,9 @@ Model Serving Suite Teardown ELSE Log Model not deployed, skipping deletion step during teardown console=true END + # Will only be present on SM cluster runs, but keyword passes + # if file does not exist + Remove File openshift_ca.crt SeleniumLibrary.Close All Browsers RHOSi Teardown