Merge branch 'main' into cp_maria

dbasunag · web-flow · commit 6275b9cf5422 · 2025-07-11T07:39:48.000-04:00
diff --git a/tests/model_registry/rest_api/conftest.py b/tests/model_registry/rest_api/conftest.py
@@ -93,11 +93,12 @@ def patch_invalid_ca(
     request: pytest.FixtureRequest,
 ) -> Generator[str, Any, Any]:
     """
-    Patches the odh-trusted-ca-bundle ConfigMap with an invalid CA certificate.
+    Patches the ConfigMap with an invalid CA certificate.
     """
     ca_configmap_name = request.param.get("ca_configmap_name", "odh-trusted-ca-bundle")
     ca_file_name = request.param.get("ca_file_name", "invalid-ca.crt")
     ca_file_path = f"{CA_MOUNT_PATH}/{ca_file_name}"
+    LOGGER.info(f"Patching the {ca_configmap_name} ConfigMap with an invalid CA certificate: {ca_file_path}")
     ca_data = {ca_file_name: "-----BEGIN CERTIFICATE-----\nINVALIDCERTIFICATE\n-----END CERTIFICATE-----"}
     ca_configmap = ConfigMap(
         client=admin_client,
@@ -113,6 +114,7 @@ def patch_invalid_ca(
         "data": ca_data,
     }
     with ResourceEditor(patches={ca_configmap: patch}):
+        LOGGER.info(f"Patched the {ca_configmap_name} ConfigMap with an invalid CA certificate: {ca_file_path}")
         yield ca_file_path
 
 
@@ -159,6 +161,7 @@ def deploy_secure_mysql_and_mr(
         model_registry_db_deployment: The deployment for the model registry's MySQL database
         model_registry_mysql_config: The MySQL config dictionary
         mysql_template_with_ca: The MySQL template with the CA file path and volume mount
+        patch_mysql_deployment_with_ssl_ca: The MySQL deployment with the CA file path and volume mount
     """
     with ModelRegistry(
         name=SECURE_MR_NAME,
@@ -240,14 +243,18 @@ def patch_mysql_deployment_with_ssl_ca(
     model_registry_namespace: str,
     model_registry_db_deployment: Deployment,
     mysql_ssl_secrets: dict[str, Any],
-    ca_configmap_for_test: ConfigMap,
 ) -> Generator[Deployment, Any, Any]:
     """
     Patch the MySQL deployment to use the test CA bundle (mysql-ca-configmap),
     and mount the server cert/key for SSL.
     """
+
+    if request.param.get("ca_configmap_for_test"):
+        LOGGER.info("Invoking ca_configmap_for_test fixture")
+        request.getfixturevalue("ca_configmap_for_test")  # noqa: FCN001
     CA_CONFIGMAP_NAME = request.param.get("ca_configmap_name", "mysql-ca-configmap")
     CA_MOUNT_PATH = request.param.get("ca_mount_path", "/etc/mysql/ssl")
+
     deployment = model_registry_db_deployment.instance.to_dict()
     spec = deployment["spec"]["template"]["spec"]
     my_sql_container = next(container for container in spec["containers"] if container["name"] == "mysql")
diff --git a/tests/model_registry/rest_api/test_model_registry_secure_db.py b/tests/model_registry/rest_api/test_model_registry_secure_db.py
@@ -3,7 +3,6 @@
 from typing import Self, Any
 from pytest_testconfig import config as py_config
 from tests.model_registry.rest_api.utils import register_model_rest_api, validate_resource_attributes
-from tests.model_registry.constants import CA_MOUNT_PATH
 from tests.model_registry.utils import get_mr_service_by_label, get_endpoint_from_mr_service
 from kubernetes.dynamic import DynamicClient
 from utilities.constants import DscComponents, Protocols
@@ -40,12 +39,15 @@ class TestModelRegistryWithSecureDB:
 
     # Implements RHOAIENG-26150
     @pytest.mark.parametrize(
-        "patch_mysql_deployment_with_ssl_ca,patch_invalid_ca,model_registry_mysql_config,local_ca_bundle",
+        "patch_mysql_deployment_with_ssl_ca,patch_invalid_ca,local_ca_bundle",
         [
             (
-                {"ca_configmap_name": "mysql-ca-configmap", "ca_mount_path": "/etc/mysql/ssl"},
+                {
+                    "ca_configmap_name": "odh-trusted-ca-bundle",
+                    "ca_mount_path": "/etc/mysql/ssl",
+                    "ca_configmap_for_test": False,
+                },
                 {"ca_configmap_name": "odh-trusted-ca-bundle", "ca_file_name": "invalid-ca.crt"},
-                {"ssl_ca": f"{CA_MOUNT_PATH}/invalid-ca.crt"},
                 {"cert_name": "invalid-ca.crt"},
             ),
         ],
@@ -85,7 +87,11 @@ def test_register_model_with_invalid_ca(
         "patch_mysql_deployment_with_ssl_ca,model_registry_mysql_config,local_ca_bundle",
         [
             (
-                {"ca_configmap_name": "mysql-ca-configmap", "ca_mount_path": "/etc/mysql/ssl"},
+                {
+                    "ca_configmap_name": "mysql-ca-configmap",
+                    "ca_mount_path": "/etc/mysql/ssl",
+                    "ca_configmap_for_test": True,
+                },
                 {"sslRootCertificateConfigMap": {"name": "mysql-ca-configmap", "key": "ca-bundle.crt"}},
                 {"cert_name": "ca-bundle.crt"},
             ),
