Skip to content

Commit

Permalink
fix: Remove verifyClient TLS offlineStore option from the Operator (f…
Browse files Browse the repository at this point in the history 
…east-dev#4847)

remove verifyClient TLS option

Signed-off-by: Tommy Hughes <[email protected]>
  • Loading branch information
@tchughesiv
tchughesiv authored Dec 16, 2024
1 parent 8320e23 commit 79fa247
Show file tree
Hide file tree
Showing 9 changed files with 29 additions and 99 deletions.
9 changes: 1 addition & 8 deletions infra/feast-operator/api/v1alpha1/featurestore_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,20 +76,13 @@ type FeatureStoreServices struct {
type OfflineStore struct {
StoreServiceConfigs `json:",inline"`
Persistence *OfflineStorePersistence `json:"persistence,omitempty"`
TLS *OfflineTlsConfigs `json:"tls,omitempty"`
TLS *TlsConfigs `json:"tls,omitempty"`
// LogLevel sets the logging level for the offline store service
// Allowed values: "debug", "info", "warning", "error", "critical".
// +kubebuilder:validation:Enum=debug;info;warning;error;critical
LogLevel string `json:"logLevel,omitempty"`
}

// OfflineTlsConfigs configures server TLS for the offline feast service. in an openshift cluster, this is configured by default using service serving certificates.
type OfflineTlsConfigs struct {
TlsConfigs `json:",inline"`
// verify the client TLS certificate.
VerifyClient *bool `json:"verifyClient,omitempty"`
}

// OfflineStorePersistence configures the persistence settings for the offline store service
// +kubebuilder:validation:XValidation:rule="[has(self.file), has(self.store)].exists_one(c, c)",message="One selection required between file or store."
type OfflineStorePersistence struct {
Expand Down
23 changes: 1 addition & 22 deletions infra/feast-operator/api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 6 additions & 13 deletions infra/feast-operator/config/crd/bases/feast.dev_featurestores.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,9 +432,9 @@ spec:
type: object
type: object
tls:
description: OfflineTlsConfigs configures server TLS for the
offline feast service. in an openshift cluster, this is
configured by default using service serving certificates.
description: TlsConfigs configures server TLS for a feast
service. in an openshift cluster, this is configured by
default using service serving certificates.
properties:
disable:
description: will disable TLS for the feast service. useful
Expand Down Expand Up @@ -464,9 +464,6 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
verifyClient:
description: verify the client TLS certificate.
type: boolean
type: object
x-kubernetes-validations:
- message: '`secretRef` required if `disable` is false.'
Expand Down Expand Up @@ -1690,10 +1687,9 @@ spec:
type: object
type: object
tls:
description: OfflineTlsConfigs configures server TLS for
the offline feast service. in an openshift cluster,
this is configured by default using service serving
certificates.
description: TlsConfigs configures server TLS for a feast
service. in an openshift cluster, this is configured
by default using service serving certificates.
properties:
disable:
description: will disable TLS for the feast service.
Expand Down Expand Up @@ -1723,9 +1719,6 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
verifyClient:
description: verify the client TLS certificate.
type: boolean
type: object
x-kubernetes-validations:
- message: '`secretRef` required if `disable` is false.'
Expand Down
19 changes: 6 additions & 13 deletions infra/feast-operator/dist/install.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -440,9 +440,9 @@ spec:
type: object
type: object
tls:
description: OfflineTlsConfigs configures server TLS for the
offline feast service. in an openshift cluster, this is
configured by default using service serving certificates.
description: TlsConfigs configures server TLS for a feast
service. in an openshift cluster, this is configured by
default using service serving certificates.
properties:
disable:
description: will disable TLS for the feast service. useful
Expand Down Expand Up @@ -472,9 +472,6 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
verifyClient:
description: verify the client TLS certificate.
type: boolean
type: object
x-kubernetes-validations:
- message: '`secretRef` required if `disable` is false.'
Expand Down Expand Up @@ -1698,10 +1695,9 @@ spec:
type: object
type: object
tls:
description: OfflineTlsConfigs configures server TLS for
the offline feast service. in an openshift cluster,
this is configured by default using service serving
certificates.
description: TlsConfigs configures server TLS for a feast
service. in an openshift cluster, this is configured
by default using service serving certificates.
properties:
disable:
description: will disable TLS for the feast service.
Expand Down Expand Up @@ -1731,9 +1727,6 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
verifyClient:
description: verify the client TLS certificate.
type: boolean
type: object
x-kubernetes-validations:
- message: '`secretRef` required if `disable` is false.'
Expand Down
14 changes: 5 additions & 9 deletions infra/feast-operator/internal/controller/featurestore_controller_tls_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
}
featurestore := &feastdevv1alpha1.FeatureStore{}
localRef := corev1.LocalObjectReference{Name: "test"}
tlsConfigs := feastdevv1alpha1.TlsConfigs{
tlsConfigs := &feastdevv1alpha1.TlsConfigs{
SecretRef: &localRef,
}
BeforeEach(func() {
Expand All @@ -72,16 +72,14 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
FeastProject: feastProject,
Services: &feastdevv1alpha1.FeatureStoreServices{
OnlineStore: &feastdevv1alpha1.OnlineStore{
TLS: &tlsConfigs,
TLS: tlsConfigs,
},
OfflineStore: &feastdevv1alpha1.OfflineStore{
TLS: &feastdevv1alpha1.OfflineTlsConfigs{
TlsConfigs: tlsConfigs,
},
TLS: tlsConfigs,
},
Registry: &feastdevv1alpha1.Registry{
Local: &feastdevv1alpha1.LocalRegistryConfig{
TLS: &tlsConfigs,
TLS: tlsConfigs,
},
},
},
Expand Down Expand Up @@ -396,9 +394,7 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
},
},
OfflineStore: &feastdevv1alpha1.OfflineStore{
TLS: &feastdevv1alpha1.OfflineTlsConfigs{
TlsConfigs: tlsConfigs,
},
TLS: tlsConfigs,
},
Registry: &feastdevv1alpha1.Registry{
Remote: &feastdevv1alpha1.RemoteRegistryConfig{
Expand Down
5 changes: 2 additions & 3 deletions infra/feast-operator/internal/controller/services/repo_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,9 +248,8 @@ func getClientRepoConfig(
Host: strings.Split(status.ServiceHostnames.OfflineStore, ":")[0],
Port: HttpPort,
}
if appliedServices.OfflineStore != nil && appliedServices.OfflineStore.TLS != nil &&
(&appliedServices.OfflineStore.TLS.TlsConfigs).IsTLS() {
clientRepoConfig.OfflineStore.Cert = GetTlsPath(OfflineFeastType) + appliedServices.OfflineStore.TLS.TlsConfigs.SecretKeyNames.TlsCrt
if appliedServices.OfflineStore != nil && appliedServices.OfflineStore.TLS.IsTLS() {
clientRepoConfig.OfflineStore.Cert = GetTlsPath(OfflineFeastType) + appliedServices.OfflineStore.TLS.SecretKeyNames.TlsCrt
clientRepoConfig.OfflineStore.Port = HttpsPort
clientRepoConfig.OfflineStore.Scheme = HttpsScheme
}
Expand Down
14 changes: 2 additions & 12 deletions infra/feast-operator/internal/controller/services/services.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -373,13 +373,6 @@ func (feast *FeastServices) getContainerCommand(feastType FeastServiceType) []st
}
deploySettings.Args = append(deploySettings.Args, []string{"-p", strconv.Itoa(int(targetPort))}...)

if feastType == OfflineFeastType {
if tls.IsTLS() && feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS.VerifyClient != nil {
deploySettings.Args = append(deploySettings.Args,
[]string{"--verify_client", strconv.FormatBool(*feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS.VerifyClient)}...)
}
}

// Combine base command, options, and arguments
feastCommand := append([]string{baseCommand}, options...)
feastCommand = append(feastCommand, deploySettings.Args...)
Expand Down Expand Up @@ -549,11 +542,8 @@ func (feast *FeastServices) setServiceHostnames() error {
domain := svcDomain + ":"
if feast.isOfflinStore() {
objMeta := feast.GetObjectMeta(OfflineFeastType)
port := strconv.Itoa(HttpPort)
if feast.offlineTls() {
port = strconv.Itoa(HttpsPort)
}
feast.Handler.FeatureStore.Status.ServiceHostnames.OfflineStore = objMeta.Name + "." + objMeta.Namespace + domain + port
feast.Handler.FeatureStore.Status.ServiceHostnames.OfflineStore = objMeta.Name + "." + objMeta.Namespace + domain +
getPortStr(feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS)
}
if feast.isOnlinStore() {
objMeta := feast.GetObjectMeta(OnlineFeastType)
Expand Down
20 changes: 6 additions & 14 deletions infra/feast-operator/internal/controller/services/tls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ func (feast *FeastServices) setTlsDefaults() error {
}
appliedServices := feast.Handler.FeatureStore.Status.Applied.Services
if feast.isOfflinStore() && appliedServices.OfflineStore.TLS != nil {
tlsDefaults(&appliedServices.OfflineStore.TLS.TlsConfigs)
tlsDefaults(appliedServices.OfflineStore.TLS)
}
if feast.isOnlinStore() {
tlsDefaults(appliedServices.OnlineStore.TLS)
Expand All @@ -43,11 +43,9 @@ func (feast *FeastServices) setTlsDefaults() error {
func (feast *FeastServices) setOpenshiftTls() error {
appliedServices := feast.Handler.FeatureStore.Status.Applied.Services
if feast.offlineOpenshiftTls() {
appliedServices.OfflineStore.TLS = &feastdevv1alpha1.OfflineTlsConfigs{
TlsConfigs: feastdevv1alpha1.TlsConfigs{
SecretRef: &corev1.LocalObjectReference{
Name: feast.initFeastSvc(OfflineFeastType).Name + tlsNameSuffix,
},
appliedServices.OfflineStore.TLS = &feastdevv1alpha1.TlsConfigs{
SecretRef: &corev1.LocalObjectReference{
Name: feast.initFeastSvc(OfflineFeastType).Name + tlsNameSuffix,
},
}
}
Expand Down Expand Up @@ -103,8 +101,8 @@ func (feast *FeastServices) getTlsConfigs(feastType FeastServiceType) (tls *feas
appliedServices := feast.Handler.FeatureStore.Status.Applied.Services
switch feastType {
case OfflineFeastType:
if feast.isOfflinStore() && appliedServices.OfflineStore.TLS != nil {
tls = &appliedServices.OfflineStore.TLS.TlsConfigs
if feast.isOfflinStore() {
tls = appliedServices.OfflineStore.TLS
}
case OnlineFeastType:
if feast.isOnlinStore() {
Expand Down Expand Up @@ -154,12 +152,6 @@ func (feast *FeastServices) remoteRegistryOpenshiftTls() (bool, error) {
return false, nil
}

func (feast *FeastServices) offlineTls() bool {
return feast.isOfflinStore() &&
feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS != nil &&
(&feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS.TlsConfigs).IsTLS()
}

func (feast *FeastServices) localRegistryTls() bool {
return localRegistryTls(feast.Handler.FeatureStore)
}
Expand Down
5 changes: 0 additions & 5 deletions infra/feast-operator/internal/controller/services/tls_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ var _ = Describe("TLS Config", func() {
Expect(tls.IsTLS()).To(BeFalse())
Expect(getPortStr(tls)).To(Equal("80"))

Expect(feast.offlineTls()).To(BeFalse())
Expect(feast.remoteRegistryTls()).To(BeFalse())
Expect(feast.localRegistryTls()).To(BeFalse())
Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
Expand Down Expand Up @@ -87,7 +86,6 @@ var _ = Describe("TLS Config", func() {
Expect(getPortStr(tls)).To(Equal("443"))
Expect(GetTlsPath(RegistryFeastType)).To(Equal("/tls/registry/"))

Expect(feast.offlineTls()).To(BeFalse())
Expect(feast.remoteRegistryTls()).To(BeFalse())
Expect(feast.localRegistryTls()).To(BeTrue())
Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
Expand Down Expand Up @@ -127,7 +125,6 @@ var _ = Describe("TLS Config", func() {
Expect(tls.SecretKeyNames).To(Equal(secretKeyNames))
Expect(tls.IsTLS()).To(BeTrue())

Expect(feast.offlineTls()).To(BeTrue())
Expect(feast.remoteRegistryTls()).To(BeFalse())
Expect(feast.localRegistryTls()).To(BeTrue())
Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeTrue())
Expand Down Expand Up @@ -189,7 +186,6 @@ var _ = Describe("TLS Config", func() {
Expect(getPortStr(tls)).To(Equal("443"))
Expect(GetTlsPath(RegistryFeastType)).To(Equal("/tls/registry/"))

Expect(feast.offlineTls()).To(BeFalse())
Expect(feast.remoteRegistryTls()).To(BeFalse())
Expect(feast.localRegistryTls()).To(BeTrue())
Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
Expand Down Expand Up @@ -238,7 +234,6 @@ var _ = Describe("TLS Config", func() {
Expect(getPortStr(tls)).To(Equal("80"))
Expect(GetTlsPath(RegistryFeastType)).To(Equal("/tls/registry/"))

Expect(feast.offlineTls()).To(BeTrue())
Expect(feast.remoteRegistryTls()).To(BeFalse())
Expect(feast.localRegistryTls()).To(BeFalse())
Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeTrue())
Expand Down

0 comments on commit 79fa247

Please sign in to comment.