Skip to content

Commit

Permalink
Allow private/public route selection in KServe, when authorino is not…
Browse files Browse the repository at this point in the history
… enabled
  • Loading branch information
ppadti committed Dec 17, 2024
1 parent 1896f34 commit aa3dac9
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 16 deletions.
8 changes: 8 additions & 0 deletions frontend/src/__tests__/cypress/cypress/pages/modelServing.ts
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,14 @@ class ServingRuntimeModal extends Modal {
super(`${edit ? 'Edit' : 'Add'} model server`);
}

findAuthorinoNotEnabledAlert() {
return this.find().findByTestId('no-authorino-installed-alert');
}

findTokenAuthAlert() {
return this.find().findByTestId('token-authentication-prerequisite-alert');
}

findSubmitButton() {
return this.findFooter().findByTestId('modal-submit-button');
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -909,6 +909,28 @@ describe('Serving Runtime List', () => {
kserveModal.findAuthenticationCheckbox().should('not.exist');
});

it('show warning alert on modal, when authorino operator is not installed/enabled', () => {
initIntercepts({
disableModelMeshConfig: false,
disableKServeConfig: false,
disableKServeAuthConfig: false,
servingRuntimes: [],
projectEnableModelMesh: false,
});

projectDetails.visitSection('test-project', 'model-server');

modelServingSection.findDeployModelButton().click();

kserveModal.shouldBeOpen();
kserveModal.findAuthorinoNotEnabledAlert().should('exist');
kserveModal.findModelRouteCheckbox().should('not.be.checked');
kserveModal.findModelRouteCheckbox().check();
kserveModal.findTokenAuthAlert().should('exist');
kserveModal.findModelRouteCheckbox().uncheck();
kserveModal.findTokenAuthAlert().should('not.exist');
});

it('Kserve auth should be hidden when no required capabilities', () => {
initIntercepts({
disableModelMeshConfig: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,15 @@ type AuthServingRuntimeSectionProps<D extends CreatingModelServingObjectCommon>
setData: UpdateObjectAtPropAndValue<D>;
allowCreate: boolean;
publicRoute?: boolean;
showModelRoute?: boolean;
};

const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
data,
setData,
allowCreate,
publicRoute,
showModelRoute = true,
}: AuthServingRuntimeSectionProps<D>): React.ReactNode => {
const createNewToken = React.useCallback(() => {
const name = 'default-name';
Expand Down Expand Up @@ -85,14 +87,16 @@ const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
</FormGroup>
</StackItem>
)}
<StackItem>
<ServingRuntimeTokenSection
data={data}
setData={setData}
allowCreate={allowCreate}
createNewToken={createNewToken}
/>
</StackItem>
{showModelRoute && (
<StackItem>
<ServingRuntimeTokenSection
data={data}
setData={setData}
allowCreate={allowCreate}
createNewToken={createNewToken}
/>
</StackItem>
)}
{((publicRoute && data.externalRoute && !data.tokenAuth) ||
(!publicRoute && !data.tokenAuth)) && (
<StackItem>
Expand All @@ -105,6 +109,21 @@ const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
/>
</StackItem>
)}
{publicRoute && data.externalRoute && !showModelRoute && (
<Alert
isInline
variant="warning"
title="Token authentication prerequisite not installed"
data-testid="token-authentication-prerequisite-alert"
>
<p>
Making models available through external routes without requiring token authentication
can lead to unauthorized access of your model. To enable token authentication, you must
first request that your cluster administrator install the Authorino operator on your
cluster.
</p>
</Alert>
)}
</Stack>
);
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -418,14 +418,13 @@ const ManageKServeModal: React.FC<ManageKServeModalProps> = ({
setSelectedAcceleratorProfile={setSelectedAcceleratorProfile}
infoContent="Select a server size that will accommodate your largest model. See the product documentation for more information."
/>
{isAuthorinoEnabled && (
<AuthServingRuntimeSection
data={createDataInferenceService}
setData={setCreateDataInferenceService}
allowCreate={allowCreate}
publicRoute
/>
)}
<AuthServingRuntimeSection
data={createDataInferenceService}
setData={setCreateDataInferenceService}
allowCreate={allowCreate}
publicRoute
showModelRoute={isAuthorinoEnabled}
/>
</>
)}
</FormSection>
Expand Down

0 comments on commit aa3dac9

Please sign in to comment.