Final clean up and adding documentation.

Signed-off-by: lrangine <[email protected]>
feast-dev · Dec 18, 2024 · f9aea9a · f9aea9a
1 parent 4970151
commit f9aea9a
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 35 deletions.
diff --git a/docs/how-to-guides/starting-feast-servers-tls-mode.md b/docs/how-to-guides/starting-feast-servers-tls-mode.md
@@ -189,3 +189,8 @@ INFO:     Waiting for application startup.
 INFO:     Application startup complete.
 INFO:     Uvicorn running on https://0.0.0.0:8888 (Press CTRL+C to quit)
 ```
+
+
+## Adding public key to CA trust store and configuring the feast to use the trust store.
+You can pass the public key for SSL verification using `cert` parameter, however, it is sometimes a hassle to maintain individual certificate and pass the public certificate individually. 
+The alternate recommendation is to add the public certificate to CA trust store and set the path as environment variable `FEAST_CA_CERT_FILE_PATH`. Feast will refer the trust store path set as environment variable as `FEAST_CA_CERT_FILE_PATH`
diff --git a/sdk/python/feast/cli.py b/sdk/python/feast/cli.py
@@ -865,6 +865,7 @@ def materialize_incremental_command(ctx: click.Context, end_ts: str, views: List
             "cassandra",
             "hazelcast",
             "ikv",
+            "couchbase",
         ],
         case_sensitive=False,
     ),

diff --git a/sdk/python/feast/infra/registry/remote.py b/sdk/python/feast/infra/registry/remote.py
@@ -61,8 +61,9 @@ class RemoteRegistryConfig(RegistryConfig):
     If registry_type is 'remote', then this configuration is needed to connect to remote registry server in TLS mode. If the remote registry started in non-tls mode then this configuration is not needed."""
 
     is_tls: bool = False
-    """ str: Path to the public certificate when the registry server starts in TLS(SSL) mode. This may be needed if the registry server started with a self-signed certificate, typically this file ends with `*.crt`, `*.cer`, or `*.pem`.
-    If registry_type is 'remote', then this configuration is needed to connect to remote registry server in TLS mode. If the remote registry started in non-tls mode then this configuration is not needed."""
+    """ bool: if you are planning to connect the registry server which started in TLS(SSL) mode then this should be true.
+    If you are planning to add the public certificate as part of the trust store instead of passing it as a `cert` parameters then setting this field to `true` is a mandatory.
+    """
 
 
 class RemoteRegistry(BaseRegistry):
@@ -75,8 +76,6 @@ def __init__(
     ):
         self.auth_config = auth_config
         assert isinstance(registry_config, RemoteRegistryConfig)
-        # self.channel = create_tls_channel(registry_config)
-
         self.channel = self._create_grpc_channel(registry_config)
 
         auth_header_interceptor = GrpcClientAuthHeaderInterceptor(auth_config)

diff --git a/sdk/python/tests/conftest.py b/sdk/python/tests/conftest.py
@@ -521,8 +521,6 @@ def auth_config(request, is_integration_test):
 @pytest.fixture(scope="module")
 def tls_mode(request):
     is_tls_mode = request.param[0]
-    # remove any existing environment variables if there are any
-    # clear_previous_cert_env_vars()
     output_combined_truststore_path = ""
 
     if is_tls_mode:

diff --git a/sdk/python/tests/unit/permissions/auth/server/test_auth_registry_server.py b/sdk/python/tests/unit/permissions/auth/server/test_auth_registry_server.py
@@ -46,8 +46,6 @@ def start_registry_server(
 
     is_tls_mode, tls_key_path, tls_cert_path, tls_ca_file_path = tls_mode
     if is_tls_mode:
-        # configure_ssl_ca(ca_file_path=tls_ca_file_path)
-        # Setting the ca_trust_store_path environment variables.
         print(f"Starting Registry in TLS mode at {server_port}")
         server = start_server(
             store=feature_store,

diff --git a/sdk/python/tests/utils/ssl_certifcates_util.py b/sdk/python/tests/utils/ssl_certifcates_util.py
@@ -83,30 +83,6 @@ def generate_self_signed_cert(
     )
 
 
-def clear_previous_cert_env_vars():
-    """
-    Clear SSL_CERT_FILE and REQUESTS_CA_BUNDLE environment variables if they match FEAST_CA_CERT_FILE_PATH.
-    """
-    # Fetch FEAST_CA_CERT_FILE_PATH value
-    feast_ca_cert_file_path = os.environ.get("FEAST_CA_CERT_FILE_PATH")
-
-    if not feast_ca_cert_file_path:
-        print("FEAST_CA_CERT_FILE_PATH is not set. Skipping cleanup.")
-        return
-
-    print(f"FEAST_CA_CERT_FILE_PATH: {feast_ca_cert_file_path}")
-    env_vars_to_check = ["SSL_CERT_FILE", "REQUESTS_CA_BUNDLE"]
-
-    # Compare and clear the environment variables
-    for var in env_vars_to_check:
-        env_value = os.environ.get(var)
-        if env_value and env_value == feast_ca_cert_file_path:
-            del os.environ[var]
-            print(f"Cleared environment variable: {var}")
-        else:
-            print(f"Skipped clearing {var}. Current value: {env_value}")
-
-
 def create_ca_trust_store(
     public_key_path: str, private_key_path: str, output_trust_store_path: str
 ):
@@ -124,7 +100,6 @@ def create_ca_trust_store(
             "REQUESTS_CA_BUNDLE"
         )
 
-        # Step 2: Copy the existing trust store to the new location (if it exists)
         # Step 2: Copy the existing trust store to the new location (if it exists)
         if existing_trust_store and os.path.exists(existing_trust_store):
             shutil.copy(existing_trust_store, output_trust_store_path)
@@ -192,7 +167,8 @@ def combine_trust_stores(custom_cert_path: str, output_combined_path: str):
             with open(custom_cert_path, "rb") as custom_file:
                 combined_file.write(custom_file.read())
 
-        print(f"Combined trust store created at: {output_combined_path}")
+        logger.info(f"Combined trust store created at: {output_combined_path}")
 
     except Exception as e:
-        print(f"Error combining trust stores: {e}")
+        logger.error(f"Error combining trust stores: {e}")
+        raise e