Use TLS to clone Taxonomy Tree if CACert provided

Signed-off-by: Giulio Frasca <[email protected]>
opendatahub-io · Jan 28, 2025 · 7a1abfb · 7a1abfb
1 parent 95b1745
commit 7a1abfb
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/pipeline.py b/pipeline.py
@@ -148,6 +148,7 @@ def ilab_pipeline(
         repo_branch=sdg_repo_branch,
         repo_pr=sdg_repo_pr if sdg_repo_pr and sdg_repo_pr > 0 else None,
         repo_url=sdg_repo_url,
+        ca_cert_path="",  # TODO(gfrasca)
     )
     mount_pvc(
         task=git_clone_task,

diff --git a/pipeline.yaml b/pipeline.yaml
@@ -270,6 +270,9 @@ components:
     executorLabel: exec-git-clone-op
     inputDefinitions:
       parameters:
+        ca_cert_path:
+          isOptional: true
+          parameterType: STRING
         repo_branch:
           parameterType: STRING
         repo_pr:
@@ -693,7 +696,7 @@ deploymentSpec:
     exec-git-clone-op:
       container:
         args:
-        - 'git clone {{$.inputs.parameters[''repo_url'']}} {{$.inputs.parameters[''taxonomy_path'']}}
+        - 'git clone  {{$.inputs.parameters[''repo_url'']}} {{$.inputs.parameters[''taxonomy_path'']}}
           && cd {{$.inputs.parameters[''taxonomy_path'']}} && if [ -n "{{$.inputs.parameters[''repo_branch'']}}"
           ]; then git fetch origin {{$.inputs.parameters[''repo_branch'']}} && git
           checkout {{$.inputs.parameters[''repo_branch'']}}; elif [ -n "{{$.inputs.parameters[''repo_pr'']}}"
@@ -1666,6 +1669,9 @@ root:
         - createpvc
         inputs:
           parameters:
+            ca_cert_path:
+              runtimeValue:
+                constant: ''
             repo_branch:
               componentInputParameter: sdg_repo_branch
             repo_pr:

diff --git a/sdg/components.py b/sdg/components.py
@@ -13,12 +13,23 @@ def git_clone_op(
     repo_pr: Optional[int],
     repo_url: Optional[str],
     taxonomy_path: str = "/data/taxonomy",
+    ca_cert_path: Optional[str] = None,
 ):
+    import os
+
+    additional_clone_params = ""
+    additional_config_cmds = ""
+
+    if ca_cert_path and os.path.exists(f"{ca_cert_path}") and (os.path.getsize(f"{ca_cert_path}") > 0):
+        full_ca_path = os.path.abspath(f"{ca_cert_path}")
+        additional_clone_params = f"-c http.sslVerify=true -c http.sslCAInfo={full_ca_path}"
+        additional_config_cmds = f"git config http.sslVerify true && git config http.sslCAInfo {full_ca_path} &&"
+
     return dsl.ContainerSpec(
         TOOLBOX_IMAGE,
         ["/bin/sh", "-c"],
         [
-            f"git clone {repo_url} {taxonomy_path} && cd {taxonomy_path} && "
+            f"git clone {additional_clone_params} {repo_url} {taxonomy_path} && cd {taxonomy_path} && {additional_config_cmds}"
             + f'if [ -n "{repo_branch}" ]; then '
             + f"git fetch origin {repo_branch} && git checkout {repo_branch}; "
             + f'elif [ -n "{repo_pr}" ] && [ {repo_pr} -gt 0 ]; then '