Skip to content

Commit 8a1cbfa

Browse files
tchughesivdharmisha
authored andcommitted
fix: Remove verifyClient TLS offlineStore option from the Operator (feast-dev#4847)
remove verifyClient TLS option Signed-off-by: Tommy Hughes <tohughes@redhat.com>
1 parent 654c0af commit 8a1cbfa

9 files changed

Lines changed: 104 additions & 20 deletions

File tree

infra/feast-operator/api/v1alpha1/featurestore_types.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,14 +96,19 @@ type OfflineStore struct {
9696
=======
9797
StoreServiceConfigs `json:",inline"`
9898
Persistence *OfflineStorePersistence `json:"persistence,omitempty"`
99+
<<<<<<< HEAD
99100
TLS *OfflineTlsConfigs `json:"tls,omitempty"`
100101
>>>>>>> 47204bcaf (feat: Add online/offline replica support (#4812))
102+
=======
103+
TLS *TlsConfigs `json:"tls,omitempty"`
104+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
101105
// LogLevel sets the logging level for the offline store service
102106
// Allowed values: "debug", "info", "warning", "error", "critical".
103107
// +kubebuilder:validation:Enum=debug;info;warning;error;critical
104108
LogLevel string `json:"logLevel,omitempty"`
105109
}
106110

111+
<<<<<<< HEAD
107112
// OfflineTlsConfigs configures server TLS for the offline feast service. in an openshift cluster, this is configured by default using service serving certificates.
108113
type OfflineTlsConfigs struct {
109114
TlsConfigs `json:",inline"`
@@ -112,6 +117,8 @@ type OfflineTlsConfigs struct {
112117
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
113118
}
114119

120+
=======
121+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
115122
// OfflineStorePersistence configures the persistence settings for the offline store service
116123
// +kubebuilder:validation:XValidation:rule="[has(self.file), has(self.store)].exists_one(c, c)",message="One selection required between file or store."
117124
type OfflineStorePersistence struct {

infra/feast-operator/api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

infra/feast-operator/config/crd/bases/feast.dev_featurestores.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -530,6 +530,7 @@ spec:
530530
type: object
531531
type: object
532532
tls:
533+
<<<<<<< HEAD
533534
<<<<<<< HEAD
534535
description: TlsConfigs configures server TLS for a feast
535536
service. in an openshift cluster, this is configured by
@@ -539,6 +540,11 @@ spec:
539540
offline feast service. in an openshift cluster, this is
540541
configured by default using service serving certificates.
541542
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
543+
=======
544+
description: TlsConfigs configures server TLS for a feast
545+
service. in an openshift cluster, this is configured by
546+
default using service serving certificates.
547+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
542548
properties:
543549
disable:
544550
description: will disable TLS for the feast service. useful
@@ -569,11 +575,14 @@ spec:
569575
type: object
570576
x-kubernetes-map-type: atomic
571577
<<<<<<< HEAD
578+
<<<<<<< HEAD
572579
=======
573580
verifyClient:
574581
description: verify the client TLS certificate.
575582
type: boolean
576583
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
584+
=======
585+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
577586
type: object
578587
x-kubernetes-validations:
579588
- message: '`secretRef` required if `disable` is false.'
@@ -2123,6 +2132,7 @@ spec:
21232132
type: object
21242133
type: object
21252134
tls:
2135+
<<<<<<< HEAD
21262136
<<<<<<< HEAD
21272137
description: TlsConfigs configures server TLS for a feast
21282138
service. in an openshift cluster, this is configured
@@ -2133,6 +2143,11 @@ spec:
21332143
this is configured by default using service serving
21342144
certificates.
21352145
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
2146+
=======
2147+
description: TlsConfigs configures server TLS for a feast
2148+
service. in an openshift cluster, this is configured
2149+
by default using service serving certificates.
2150+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
21362151
properties:
21372152
disable:
21382153
description: will disable TLS for the feast service.
@@ -2163,11 +2178,14 @@ spec:
21632178
type: object
21642179
x-kubernetes-map-type: atomic
21652180
<<<<<<< HEAD
2181+
<<<<<<< HEAD
21662182
=======
21672183
verifyClient:
21682184
description: verify the client TLS certificate.
21692185
type: boolean
21702186
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
2187+
=======
2188+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
21712189
type: object
21722190
x-kubernetes-validations:
21732191
- message: '`secretRef` required if `disable` is false.'

infra/feast-operator/dist/install.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -538,6 +538,7 @@ spec:
538538
type: object
539539
type: object
540540
tls:
541+
<<<<<<< HEAD
541542
<<<<<<< HEAD
542543
description: TlsConfigs configures server TLS for a feast
543544
service. in an openshift cluster, this is configured by
@@ -547,6 +548,11 @@ spec:
547548
offline feast service. in an openshift cluster, this is
548549
configured by default using service serving certificates.
549550
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
551+
=======
552+
description: TlsConfigs configures server TLS for a feast
553+
service. in an openshift cluster, this is configured by
554+
default using service serving certificates.
555+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
550556
properties:
551557
disable:
552558
description: will disable TLS for the feast service. useful
@@ -577,11 +583,14 @@ spec:
577583
type: object
578584
x-kubernetes-map-type: atomic
579585
<<<<<<< HEAD
586+
<<<<<<< HEAD
580587
=======
581588
verifyClient:
582589
description: verify the client TLS certificate.
583590
type: boolean
584591
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
592+
=======
593+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
585594
type: object
586595
x-kubernetes-validations:
587596
- message: '`secretRef` required if `disable` is false.'
@@ -2131,6 +2140,7 @@ spec:
21312140
type: object
21322141
type: object
21332142
tls:
2143+
<<<<<<< HEAD
21342144
<<<<<<< HEAD
21352145
description: TlsConfigs configures server TLS for a feast
21362146
service. in an openshift cluster, this is configured
@@ -2141,6 +2151,11 @@ spec:
21412151
this is configured by default using service serving
21422152
certificates.
21432153
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
2154+
=======
2155+
description: TlsConfigs configures server TLS for a feast
2156+
service. in an openshift cluster, this is configured
2157+
by default using service serving certificates.
2158+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
21442159
properties:
21452160
disable:
21462161
description: will disable TLS for the feast service.
@@ -2171,11 +2186,14 @@ spec:
21712186
type: object
21722187
x-kubernetes-map-type: atomic
21732188
<<<<<<< HEAD
2189+
<<<<<<< HEAD
21742190
=======
21752191
verifyClient:
21762192
description: verify the client TLS certificate.
21772193
type: boolean
21782194
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
2195+
=======
2196+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
21792197
type: object
21802198
x-kubernetes-validations:
21812199
- message: '`secretRef` required if `disable` is false.'

infra/feast-operator/internal/controller/featurestore_controller_tls_test.go

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,15 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
5959
}
6060
featurestore := &feastdevv1alpha1.FeatureStore{}
6161
localRef := corev1.LocalObjectReference{Name: "test"}
62+
<<<<<<< HEAD
6263
<<<<<<< HEAD
6364
tlsConfigs := &feastdevv1alpha1.TlsConfigs{
6465
=======
6566
tlsConfigs := feastdevv1alpha1.TlsConfigs{
6667
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
68+
=======
69+
tlsConfigs := &feastdevv1alpha1.TlsConfigs{
70+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
6771
SecretRef: &localRef,
6872
}
6973
BeforeEach(func() {
@@ -79,6 +83,7 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
7983
FeastProject: feastProject,
8084
Services: &feastdevv1alpha1.FeatureStoreServices{
8185
OnlineStore: &feastdevv1alpha1.OnlineStore{
86+
<<<<<<< HEAD
8287
<<<<<<< HEAD
8388
TLS: tlsConfigs,
8489
},
@@ -90,16 +95,21 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
9095
TLS: tlsConfigs,
9196
=======
9297
TLS: &tlsConfigs,
98+
=======
99+
TLS: tlsConfigs,
100+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
93101
},
94102
OfflineStore: &feastdevv1alpha1.OfflineStore{
95-
TLS: &feastdevv1alpha1.OfflineTlsConfigs{
96-
TlsConfigs: tlsConfigs,
97-
},
103+
TLS: tlsConfigs,
98104
},
99105
Registry: &feastdevv1alpha1.Registry{
100106
Local: &feastdevv1alpha1.LocalRegistryConfig{
107+
<<<<<<< HEAD
101108
TLS: &tlsConfigs,
102109
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
110+
=======
111+
TLS: tlsConfigs,
112+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
103113
},
104114
},
105115
},
@@ -497,13 +507,17 @@ var _ = Describe("FeatureStore Controller - Feast service TLS", func() {
497507
},
498508
},
499509
OfflineStore: &feastdevv1alpha1.OfflineStore{
510+
<<<<<<< HEAD
500511
<<<<<<< HEAD
501512
TLS: tlsConfigs,
502513
=======
503514
TLS: &feastdevv1alpha1.OfflineTlsConfigs{
504515
TlsConfigs: tlsConfigs,
505516
},
506517
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
518+
=======
519+
TLS: tlsConfigs,
520+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
507521
},
508522
Registry: &feastdevv1alpha1.Registry{
509523
Remote: &feastdevv1alpha1.RemoteRegistryConfig{

infra/feast-operator/internal/controller/services/repo_config.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -469,6 +469,7 @@ func getClientRepoConfig(
469469
Host: strings.Split(status.ServiceHostnames.OfflineStore, ":")[0],
470470
Port: HttpPort,
471471
}
472+
<<<<<<< HEAD
472473
<<<<<<< HEAD
473474
if appliedServices.OfflineStore != nil && appliedServices.OfflineStore.TLS.IsTLS() {
474475
clientRepoConfig.OfflineStore.Cert = GetTlsPath(OfflineFeastType) + appliedServices.OfflineStore.TLS.SecretKeyNames.TlsCrt
@@ -477,6 +478,10 @@ func getClientRepoConfig(
477478
(&appliedServices.OfflineStore.TLS.TlsConfigs).IsTLS() {
478479
clientRepoConfig.OfflineStore.Cert = GetTlsPath(OfflineFeastType) + appliedServices.OfflineStore.TLS.TlsConfigs.SecretKeyNames.TlsCrt
479480
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
481+
=======
482+
if appliedServices.OfflineStore != nil && appliedServices.OfflineStore.TLS.IsTLS() {
483+
clientRepoConfig.OfflineStore.Cert = GetTlsPath(OfflineFeastType) + appliedServices.OfflineStore.TLS.SecretKeyNames.TlsCrt
484+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
480485
clientRepoConfig.OfflineStore.Port = HttpsPort
481486
clientRepoConfig.OfflineStore.Scheme = HttpsScheme
482487
}

infra/feast-operator/internal/controller/services/services.go

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -742,13 +742,6 @@ func (feast *FeastServices) getContainerCommand(feastType FeastServiceType) []st
742742
}
743743
deploySettings.Args = append(deploySettings.Args, []string{"-p", strconv.Itoa(int(targetPort))}...)
744744

745-
if feastType == OfflineFeastType {
746-
if tls.IsTLS() && feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS.VerifyClient != nil {
747-
deploySettings.Args = append(deploySettings.Args,
748-
[]string{"--verify_client", strconv.FormatBool(*feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS.VerifyClient)}...)
749-
}
750-
}
751-
752745
// Combine base command, options, and arguments
753746
feastCommand := append([]string{baseCommand}, options...)
754747
feastCommand = append(feastCommand, deploySettings.Args...)
@@ -1039,11 +1032,8 @@ func (feast *FeastServices) setServiceHostnames() error {
10391032
domain := svcDomain + ":"
10401033
if feast.isOfflinStore() {
10411034
objMeta := feast.GetObjectMeta(OfflineFeastType)
1042-
port := strconv.Itoa(HttpPort)
1043-
if feast.offlineTls() {
1044-
port = strconv.Itoa(HttpsPort)
1045-
}
1046-
feast.Handler.FeatureStore.Status.ServiceHostnames.OfflineStore = objMeta.Name + "." + objMeta.Namespace + domain + port
1035+
feast.Handler.FeatureStore.Status.ServiceHostnames.OfflineStore = objMeta.Name + "." + objMeta.Namespace + domain +
1036+
getPortStr(feast.Handler.FeatureStore.Status.Applied.Services.OfflineStore.TLS)
10471037
}
10481038
if feast.isOnlinStore() {
10491039
objMeta := feast.GetObjectMeta(OnlineFeastType)

infra/feast-operator/internal/controller/services/tls.go

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,15 @@ func (feast *FeastServices) setTlsDefaults() error {
2929
}
3030
appliedServices := feast.Handler.FeatureStore.Status.Applied.Services
3131
if feast.isOfflinStore() && appliedServices.OfflineStore.TLS != nil {
32+
<<<<<<< HEAD
3233
<<<<<<< HEAD
3334
tlsDefaults(appliedServices.OfflineStore.TLS)
3435
=======
3536
tlsDefaults(&appliedServices.OfflineStore.TLS.TlsConfigs)
3637
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
38+
=======
39+
tlsDefaults(appliedServices.OfflineStore.TLS)
40+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
3741
}
3842
if feast.isOnlinStore() {
3943
tlsDefaults(appliedServices.OnlineStore.TLS)
@@ -75,11 +79,9 @@ func (feast *FeastServices) setOpenshiftTls() error {
7579
=======
7680
>>>>>>> 33db9cabb (fix: Operator envVar positioning & tls.SecretRef.Name (#4806))
7781
if feast.offlineOpenshiftTls() {
78-
appliedServices.OfflineStore.TLS = &feastdevv1alpha1.OfflineTlsConfigs{
79-
TlsConfigs: feastdevv1alpha1.TlsConfigs{
80-
SecretRef: &corev1.LocalObjectReference{
81-
Name: feast.initFeastSvc(OfflineFeastType).Name + tlsNameSuffix,
82-
},
82+
appliedServices.OfflineStore.TLS = &feastdevv1alpha1.TlsConfigs{
83+
SecretRef: &corev1.LocalObjectReference{
84+
Name: feast.initFeastSvc(OfflineFeastType).Name + tlsNameSuffix,
8385
},
8486
}
8587
}
@@ -141,13 +143,18 @@ func (feast *FeastServices) getTlsConfigs(feastType FeastServiceType) (tls *feas
141143
appliedServices := feast.Handler.FeatureStore.Status.Applied.Services
142144
switch feastType {
143145
case OfflineFeastType:
146+
<<<<<<< HEAD
144147
<<<<<<< HEAD
145148
if feast.isOfflinStore() {
146149
tls = appliedServices.OfflineStore.TLS
147150
=======
148151
if feast.isOfflinStore() && appliedServices.OfflineStore.TLS != nil {
149152
tls = &appliedServices.OfflineStore.TLS.TlsConfigs
150153
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
154+
=======
155+
if feast.isOfflinStore() {
156+
tls = appliedServices.OfflineStore.TLS
157+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
151158
}
152159
case OnlineFeastType:
153160
if feast.isOnlinStore() {
@@ -197,6 +204,7 @@ func (feast *FeastServices) remoteRegistryOpenshiftTls() (bool, error) {
197204
return false, nil
198205
}
199206

207+
<<<<<<< HEAD
200208
<<<<<<< HEAD
201209
=======
202210
func (feast *FeastServices) offlineTls() bool {
@@ -206,6 +214,8 @@ func (feast *FeastServices) offlineTls() bool {
206214
}
207215

208216
>>>>>>> 668d47b8e (feat: Add TLS support to the Operator (#4796))
217+
=======
218+
>>>>>>> f36959cb2 (fix: Remove verifyClient TLS offlineStore option from the Operator (#4847))
209219
func (feast *FeastServices) localRegistryTls() bool {
210220
return localRegistryTls(feast.Handler.FeatureStore)
211221
}

0 commit comments

Comments
 (0)