From 50b9ad1dfcbb936d86d8c55d2a37769b80f7f302 Mon Sep 17 00:00:00 2001 From: Luca Giorgi Date: Wed, 17 Apr 2024 16:18:05 +0200 Subject: [PATCH] Add self-signed CA bundle support for kserve grpc/http requests Signed-off-by: Luca Giorgi --- ods_ci/tests/Resources/CLI/ModelServing/llm.resource | 8 +++++--- .../ODHDataScienceProject/ModelServer.resource | 7 ++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ods_ci/tests/Resources/CLI/ModelServing/llm.resource b/ods_ci/tests/Resources/CLI/ModelServing/llm.resource index dd8d62a05..7628fe894 100644 --- a/ods_ci/tests/Resources/CLI/ModelServing/llm.resource +++ b/ods_ci/tests/Resources/CLI/ModelServing/llm.resource @@ -299,10 +299,12 @@ Query Model Multiple Times ... ${inference_type} arguments accepts these 2 values for now: ... - all-tokens: it returns the entire generated response text ... - streaming: it returns the streamed generated response (i.e., one word per time) + ... In order to use a self-signed certificate when performing the request, pass the CA bundle file + ... path as the ${cert} argument - defaults to ${False}, i.e. insecure request. [Arguments] ${model_name} ${namespace} ${runtime}=caikit-tgis-runtime ${isvc_name}=${model_name} ... ${inference_type}=all-tokens ${n_times}=10 ${query_idx}=0 ${validate_response}=${TRUE} ... ${string_check_only}=${FALSE} ${protocol}=grpc ${port_forwarding}=${FALSE} ${port}=443 - ... ${body_params}=&{EMPTY} &{args} + ... ${body_params}=&{EMPTY} ${cert}=${False} &{args} IF "${inference_type}" == "streaming" ${streamed_response}= Set Variable ${TRUE} ELSE @@ -336,12 +338,12 @@ Query Model Multiple Times ... endpoint=${endpoint} ... json_body=${body} json_header=${header} ... insecure=${insecure} plaintext=${plaintext} skip_res_json=${skip_json_load_response} - ... &{args} + ... cabundle_file=${cert} &{args} ELSE IF "${protocol}" == "http" ${payload}= ODHDashboardAPI.Prepare Payload body=${body} str_to_json=${TRUE} Log Dictionary ${args} Set To Dictionary ${args} url=https://${host}:${port}/${endpoint} expected_status=any - ... headers=${header} json=${payload} verify=${False} + ... headers=${header} json=${payload} verify=${cert} ${is_timeout}= Run Keyword And Return Status Dictionary Should Contain Key ${args} timeout IF ${is_timeout} == ${FALSE} Set To Dictionary ${args} timeout=10 diff --git a/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/ModelServer.resource b/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/ModelServer.resource index 88f6efed3..af32a8de2 100644 --- a/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/ModelServer.resource +++ b/ods_ci/tests/Resources/Page/ODH/ODHDashboard/ODHDataScienceProject/ModelServer.resource @@ -212,13 +212,18 @@ Click Minus Button Query Model With GRPCURL [Arguments] ${host} ${port} ${endpoint} ${json_body} ... ${json_header}=${NONE} ${insecure}=${FALSE} ${plaintext}=${FALSE} - ... ${background}=${NONE} ${skip_res_json}=${FALSE} &{args} + ... ${background}=${NONE} ${skip_res_json}=${FALSE} ${cabundle_file}=${False} &{args} ${cmd}= Set Variable grpcurl -d ${json_body} IF $json_header != None ${cmd}= Catenate ${cmd} -H ${json_header} END IF ${insecure} == ${TRUE} ${cmd}= Catenate ${cmd} -insecure + ELSE #-insecure and -cacert are incompatible with each other. Assuming we want either option always on. + IF ${cabundle_file}==${False} + Log The call will fail because you have not provided a valid CA bundle file + END + ${cmd}= Catenate ${cmd} -cacert ${cabundle_file} END IF ${plaintext} == ${TRUE} ${cmd}= Catenate ${cmd} -plaintext