From ba5f6348fe5251ff0dc2dd468eab3e0e6b23f8a5 Mon Sep 17 00:00:00 2001 From: Pavel Tisnovsky Date: Tue, 13 Jan 2026 11:29:10 +0100 Subject: [PATCH 1/3] New configuration option --- src/models/config.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/models/config.py b/src/models/config.py index f573c0e1..ea1d420f 100644 --- a/src/models/config.py +++ b/src/models/config.py @@ -942,6 +942,13 @@ class AuthenticationConfiguration(ConfigurationBase): module: str = constants.DEFAULT_AUTHENTICATION_MODULE skip_tls_verification: bool = False + + # LCORE-694: Config option to skip authorization for readiness and liveness probe + skip_for_readiness_probe: bool = Field( + False, + title="Skip authentication for probes", + description="Skip authentication for readiness and liveness probes", + ) k8s_cluster_api: Optional[AnyHttpUrl] = None k8s_ca_cert_path: Optional[FilePath] = None jwk_config: Optional[JwkConfiguration] = None From 6cb764fe06acb169dbe80b19b490898349a64559 Mon Sep 17 00:00:00 2001 From: Pavel Tisnovsky Date: Tue, 13 Jan 2026 11:29:29 +0100 Subject: [PATCH 2/3] Updated unit tests --- .../test_authentication_configuration.py | 32 +++++++++++++++++++ .../models/config/test_dump_configuration.py | 5 +++ 2 files changed, 37 insertions(+) diff --git a/tests/unit/models/config/test_authentication_configuration.py b/tests/unit/models/config/test_authentication_configuration.py index b50c88a8..615737bb 100644 --- a/tests/unit/models/config/test_authentication_configuration.py +++ b/tests/unit/models/config/test_authentication_configuration.py @@ -32,12 +32,14 @@ def test_authentication_configuration() -> None: auth_config = AuthenticationConfiguration( module=AUTH_MOD_NOOP, skip_tls_verification=False, + skip_for_readiness_probe=False, k8s_ca_cert_path=None, k8s_cluster_api=None, ) assert auth_config is not None assert auth_config.module == AUTH_MOD_NOOP assert auth_config.skip_tls_verification is False + assert auth_config.skip_for_readiness_probe is False assert auth_config.k8s_ca_cert_path is None assert auth_config.k8s_cluster_api is None assert auth_config.rh_identity_config is None @@ -295,6 +297,36 @@ def test_authentication_configuration_in_config_noop() -> None: assert cfg.authentication.k8s_cluster_api is None +def test_authentication_configuration_skip_readiness_probe() -> None: + """Test the authentication configuration in main config.""" + # pylint: disable=no-member + cfg = Configuration( + name="test_name", + service=ServiceConfiguration(), + llama_stack=LlamaStackConfiguration( + use_as_library_client=True, + library_client_config_path="tests/configuration/run.yaml", + ), + user_data_collection=UserDataCollection( + feedback_enabled=False, feedback_storage=None + ), + mcp_servers=[], + authentication=AuthenticationConfiguration( + module=AUTH_MOD_K8S, + skip_tls_verification=True, + skip_for_readiness_probe=True, + k8s_ca_cert_path="tests/configuration/server.crt", + k8s_cluster_api=None, + ), + ) + assert cfg.authentication is not None + assert cfg.authentication.module == AUTH_MOD_K8S + assert cfg.authentication.skip_tls_verification is True + assert cfg.authentication.skip_for_readiness_probe is True + assert cfg.authentication.k8s_ca_cert_path == Path("tests/configuration/server.crt") + assert cfg.authentication.k8s_cluster_api is None + + def test_authentication_configuration_in_config_k8s() -> None: """Test the authentication configuration in main config.""" # pylint: disable=no-member diff --git a/tests/unit/models/config/test_dump_configuration.py b/tests/unit/models/config/test_dump_configuration.py index 7e2edecd..e4a746bc 100644 --- a/tests/unit/models/config/test_dump_configuration.py +++ b/tests/unit/models/config/test_dump_configuration.py @@ -152,6 +152,7 @@ def test_dump_configuration(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, + "skip_for_readiness_probe": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -461,6 +462,7 @@ def test_dump_configuration_with_quota_limiters(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, + "skip_for_readiness_probe": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -676,6 +678,7 @@ def test_dump_configuration_with_quota_limiters_different_values( "authentication": { "module": "noop", "skip_tls_verification": False, + "skip_for_readiness_probe": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -871,6 +874,7 @@ def test_dump_configuration_byok(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, + "skip_for_readiness_probe": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -1055,6 +1059,7 @@ def test_dump_configuration_pg_namespace(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, + "skip_for_readiness_probe": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, From 718be3dedad2398007bde3a78c17008c4f9b22c4 Mon Sep 17 00:00:00 2001 From: Pavel Tisnovsky Date: Tue, 13 Jan 2026 11:29:52 +0100 Subject: [PATCH 3/3] Updated documentation accordingly --- docs/config.html | 18 ++++++++++++++---- docs/config.md | 1 + docs/openapi.json | 8 +++++++- src/models/config.py | 10 ++++++---- .../test_authentication_configuration.py | 8 ++++---- .../models/config/test_dump_configuration.py | 10 +++++----- 6 files changed, 37 insertions(+), 18 deletions(-) diff --git a/docs/config.html b/docs/config.html index d00af9f9..8a513a3a 100644 --- a/docs/config.html +++ b/docs/config.html @@ -261,6 +261,11 @@

Action

AuthenticationConfiguration

Authentication configuration.

+ + + + + @@ -280,26 +285,31 @@

AuthenticationConfiguration

+ + + + + - + - + - + - +
Field
skip_for_health_probesbooleanSkip authorization for readiness and liveness probes
k8s_cluster_api string
k8s_ca_cert_path string
jwk_config
api_key_config
rh_identity_config diff --git a/docs/config.md b/docs/config.md index 8d05985e..5b6dff7a 100644 --- a/docs/config.md +++ b/docs/config.md @@ -72,6 +72,7 @@ Authentication configuration. |-------|------|-------------| | module | string | | | skip_tls_verification | boolean | | +| skip_for_health_probes | boolean | Skip authorization for readiness and liveness probes | | k8s_cluster_api | string | | | k8s_ca_cert_path | string | | | jwk_config | | | diff --git a/docs/openapi.json b/docs/openapi.json index 554d8a1e..41b5cd0c 100644 --- a/docs/openapi.json +++ b/docs/openapi.json @@ -4891,6 +4891,12 @@ "title": "Skip Tls Verification", "default": false }, + "skip_for_health_probes": { + "type": "boolean", + "title": "Skip authentication for probes", + "description": "Skip authentication for readiness and liveness probes", + "default": false + }, "k8s_cluster_api": { "anyOf": [ { @@ -8858,4 +8864,4 @@ } } } -} \ No newline at end of file +} diff --git a/src/models/config.py b/src/models/config.py index ea1d420f..ce4cf34c 100644 --- a/src/models/config.py +++ b/src/models/config.py @@ -944,10 +944,10 @@ class AuthenticationConfiguration(ConfigurationBase): skip_tls_verification: bool = False # LCORE-694: Config option to skip authorization for readiness and liveness probe - skip_for_readiness_probe: bool = Field( + skip_for_health_probes: bool = Field( False, - title="Skip authentication for probes", - description="Skip authentication for readiness and liveness probes", + title="Skip authorization for probes", + description="Skip authorization for readiness and liveness probes", ) k8s_cluster_api: Optional[AnyHttpUrl] = None k8s_ca_cert_path: Optional[FilePath] = None @@ -1525,7 +1525,9 @@ class Configuration(ConfigurationBase): ) authentication: AuthenticationConfiguration = Field( - default_factory=AuthenticationConfiguration, + default_factory=lambda: AuthenticationConfiguration( + skip_for_health_probes=False + ), title="Authentication configuration", description="Authentication configuration", ) diff --git a/tests/unit/models/config/test_authentication_configuration.py b/tests/unit/models/config/test_authentication_configuration.py index 615737bb..aa9f0633 100644 --- a/tests/unit/models/config/test_authentication_configuration.py +++ b/tests/unit/models/config/test_authentication_configuration.py @@ -32,14 +32,14 @@ def test_authentication_configuration() -> None: auth_config = AuthenticationConfiguration( module=AUTH_MOD_NOOP, skip_tls_verification=False, - skip_for_readiness_probe=False, + skip_for_health_probes=False, k8s_ca_cert_path=None, k8s_cluster_api=None, ) assert auth_config is not None assert auth_config.module == AUTH_MOD_NOOP assert auth_config.skip_tls_verification is False - assert auth_config.skip_for_readiness_probe is False + assert auth_config.skip_for_health_probes is False assert auth_config.k8s_ca_cert_path is None assert auth_config.k8s_cluster_api is None assert auth_config.rh_identity_config is None @@ -314,7 +314,7 @@ def test_authentication_configuration_skip_readiness_probe() -> None: authentication=AuthenticationConfiguration( module=AUTH_MOD_K8S, skip_tls_verification=True, - skip_for_readiness_probe=True, + skip_for_health_probes=True, k8s_ca_cert_path="tests/configuration/server.crt", k8s_cluster_api=None, ), @@ -322,7 +322,7 @@ def test_authentication_configuration_skip_readiness_probe() -> None: assert cfg.authentication is not None assert cfg.authentication.module == AUTH_MOD_K8S assert cfg.authentication.skip_tls_verification is True - assert cfg.authentication.skip_for_readiness_probe is True + assert cfg.authentication.skip_for_health_probes is True assert cfg.authentication.k8s_ca_cert_path == Path("tests/configuration/server.crt") assert cfg.authentication.k8s_cluster_api is None diff --git a/tests/unit/models/config/test_dump_configuration.py b/tests/unit/models/config/test_dump_configuration.py index e4a746bc..7ed81c72 100644 --- a/tests/unit/models/config/test_dump_configuration.py +++ b/tests/unit/models/config/test_dump_configuration.py @@ -152,7 +152,7 @@ def test_dump_configuration(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, - "skip_for_readiness_probe": False, + "skip_for_health_probes": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -462,7 +462,7 @@ def test_dump_configuration_with_quota_limiters(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, - "skip_for_readiness_probe": False, + "skip_for_health_probes": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -678,7 +678,7 @@ def test_dump_configuration_with_quota_limiters_different_values( "authentication": { "module": "noop", "skip_tls_verification": False, - "skip_for_readiness_probe": False, + "skip_for_health_probes": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -874,7 +874,7 @@ def test_dump_configuration_byok(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, - "skip_for_readiness_probe": False, + "skip_for_health_probes": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None, @@ -1059,7 +1059,7 @@ def test_dump_configuration_pg_namespace(tmp_path: Path) -> None: "authentication": { "module": "noop", "skip_tls_verification": False, - "skip_for_readiness_probe": False, + "skip_for_health_probes": False, "k8s_ca_cert_path": None, "k8s_cluster_api": None, "jwk_config": None,