Made ODH cert default cert for Token Auth

src/codeflare_sdk/cluster/auth.py

@@ -81,7 +81,7 @@ def __init__(
         token: str,
         server: str,
         skip_tls: bool = False,
-        ca_cert_path: str = None,
+        ca_cert_path: str = "/etc/pki/tls/custom-certs/ca-bundle.crt",
     ):
         """
         Initialize a TokenAuthentication object that requires a value for `token`, the API Token
@@ -106,10 +106,24 @@ def login(self) -> str:
             configuration.api_key_prefix["authorization"] = "Bearer"
             configuration.host = self.server
             configuration.api_key["authorization"] = self.token
-            if self.skip_tls == False and self.ca_cert_path == None:
+            ca_path_env = os.environ.get("CA_CERT_PATH")
+
+            if self.skip_tls == False:
+                if ca_path_env != None:
+                    self.ca_cert_path = ca_path_env
+
+                if self.ca_cert_path == None:
+                    configuration.ssl_ca_cert = None
+                elif os.path.isfile(self.ca_cert_path):
+                    print(
+                        f"Authenticated with certificate located at {self.ca_cert_path}"
+                    )
+                    configuration.ssl_ca_cert = self.ca_cert_path
+                else:
+                    raise FileNotFoundError(
+                        f"Certificate file not found at {self.ca_cert_path}"
+                    )
                 configuration.verify_ssl = True
-            elif self.skip_tls == False:
-                configuration.ssl_ca_cert = self.ca_cert_path
             else:
                 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
                 print("Insecure request warnings have been disabled")

tests/auth-test.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAiGgAwIBAgIUENjaZDrvhc5uV3j7GI8deZJwc+YwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA1MTMxMTE1NDZaFw0yNTA1
+MTMxMTE1NDZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDEYYk81jvPijZXXeI9cByf5EIbOVaBTH7I51J9EKG5
+Y/KRXI43WgvVEiZ3jP8LJnSD79WhBiL6TgadQZje5ndroRYDM9vyqz1OUZapnOO+
+yzl01y/qSsH8Kn88eLAzkE9HSu4QN9PuJtySyksjDFQJ6kjyE8ZHUSorur0FlLLf
+IToFgTuaIPDYjvFRchOCfZ7sV/MF7LxqFfFnaWOYvH41ZdvqJiRcVsMi+mYs9/I/
+I72IMXwVnQDVnK8H84ntEmHNN6NoVuMKla0So4/wKcHJSCgS3axLI2Ka2aaaJo9K
+l2cn21NOyodF+DaSFy7qaGRXxoTQ2k9tUrSvxkBJvRmBAgMBAAGjITAfMB0GA1Ud
+DgQWBBRTK8mO5XMcmR+Xg/PVNFnvz4eubDANBgkqhkiG9w0BAQsFAAOCAQEAlZva
+6ws3zRff7u0tWT2JJaE1uPqsuAdHtVvEyAMp2QvYfyrgADTroUTaSU4p6ppX/t7v
+ynHhuzR6UOVkuY0/CH1P3UUGrEPNOXT8i2BDwL+j4y2K2aRN8zU0Nu/IVePBhu+4
+Jdt+3P7/MuwiCON5JukgxUYlQKhVhzFj7GOd2+Ca+fh8Siq3tkWDSN54+90fgylQ
++74Yfya1NVabpzLqP3Isqu2XQhEVaBFvj8Yu0h83e3D8LeQToC3mVMF4yy5BZ9Ty
+K66YGlGQgszWEUFPEdsB8Dj/iJMhkWXuyc3u/w0s3t7rXeMYYgr+xrEeK+g0oyB5
+xeZuMjd567Znmu5oMw==
+-----END CERTIFICATE-----

tests/unit_test.py

@@ -123,27 +123,30 @@ def test_token_auth_creation():
         assert token_auth.token == "token"
         assert token_auth.server == "server"
         assert token_auth.skip_tls == False
-        assert token_auth.ca_cert_path == None
+        assert token_auth.ca_cert_path == "/etc/pki/tls/custom-certs/ca-bundle.crt"
 
         token_auth = TokenAuthentication(token="token", server="server", skip_tls=True)
         assert token_auth.token == "token"
         assert token_auth.server == "server"
         assert token_auth.skip_tls == True
-        assert token_auth.ca_cert_path == None
+        assert token_auth.ca_cert_path == "/etc/pki/tls/custom-certs/ca-bundle.crt"
 
         token_auth = TokenAuthentication(token="token", server="server", skip_tls=False)
         assert token_auth.token == "token"
         assert token_auth.server == "server"
         assert token_auth.skip_tls == False
-        assert token_auth.ca_cert_path == None
+        assert token_auth.ca_cert_path == "/etc/pki/tls/custom-certs/ca-bundle.crt"
 
         token_auth = TokenAuthentication(
-            token="token", server="server", skip_tls=False, ca_cert_path="path/to/cert"
+            token="token",
+            server="server",
+            skip_tls=False,
+            ca_cert_path=f"{parent}/tests/auth-test.crt",
         )
         assert token_auth.token == "token"
         assert token_auth.server == "server"
         assert token_auth.skip_tls == False
-        assert token_auth.ca_cert_path == "path/to/cert"
+        assert token_auth.ca_cert_path == f"{parent}/tests/auth-test.crt"
 
     except Exception:
         assert 0 == 1
@@ -174,7 +177,15 @@ def test_token_auth_login_tls(mocker):
         token="testtoken",
         server="testserver:6443",
         skip_tls=False,
-        ca_cert_path="path/to/cert",
+        ca_cert_path=f"{parent}/tests/auth-test.crt",
+    )
+    assert token_auth.login() == ("Logged into testserver:6443")
+
+    os.environ["CA_CERT_PATH"] = f"{parent}/tests/auth-test.crt"
+    token_auth = TokenAuthentication(
+        token="testtoken",
+        server="testserver:6443",
+        skip_tls=False,
     )
     assert token_auth.login() == ("Logged into testserver:6443")