diff --git a/frontend/src/__tests__/cypress/cypress/pages/modelServing.ts b/frontend/src/__tests__/cypress/cypress/pages/modelServing.ts
index d7693f51aa..50912cf1cf 100644
--- a/frontend/src/__tests__/cypress/cypress/pages/modelServing.ts
+++ b/frontend/src/__tests__/cypress/cypress/pages/modelServing.ts
@@ -193,6 +193,14 @@ class ServingRuntimeModal extends Modal {
super(`${edit ? 'Edit' : 'Add'} model server`);
}
+ findAuthorinoNotEnabledAlert() {
+ return this.find().findByTestId('no-authorino-installed-alert');
+ }
+
+ findTokenAuthAlert() {
+ return this.find().findByTestId('token-authentication-prerequisite-alert');
+ }
+
findSubmitButton() {
return this.findFooter().findByTestId('modal-submit-button');
}
diff --git a/frontend/src/__tests__/cypress/cypress/tests/mocked/modelServing/servingRuntimeList.cy.ts b/frontend/src/__tests__/cypress/cypress/tests/mocked/modelServing/servingRuntimeList.cy.ts
index 729c8054c7..29ef31f40b 100644
--- a/frontend/src/__tests__/cypress/cypress/tests/mocked/modelServing/servingRuntimeList.cy.ts
+++ b/frontend/src/__tests__/cypress/cypress/tests/mocked/modelServing/servingRuntimeList.cy.ts
@@ -912,6 +912,28 @@ describe('Serving Runtime List', () => {
kserveModal.findAuthenticationCheckbox().should('not.exist');
});
+ it('show warning alert on modal, when authorino operator is not installed/enabled', () => {
+ initIntercepts({
+ disableModelMeshConfig: false,
+ disableKServeConfig: false,
+ disableKServeAuthConfig: false,
+ servingRuntimes: [],
+ projectEnableModelMesh: false,
+ });
+
+ projectDetails.visitSection('test-project', 'model-server');
+
+ modelServingSection.findDeployModelButton().click();
+
+ kserveModal.shouldBeOpen();
+ kserveModal.findAuthorinoNotEnabledAlert().should('exist');
+ kserveModal.findModelRouteCheckbox().should('not.be.checked');
+ kserveModal.findModelRouteCheckbox().check();
+ kserveModal.findTokenAuthAlert().should('exist');
+ kserveModal.findModelRouteCheckbox().uncheck();
+ kserveModal.findTokenAuthAlert().should('not.exist');
+ });
+
it('Kserve auth should be hidden when no required capabilities', () => {
initIntercepts({
disableModelMeshConfig: false,
diff --git a/frontend/src/pages/modelServing/screens/projects/ServingRuntimeModal/AuthServingRuntimeSection.tsx b/frontend/src/pages/modelServing/screens/projects/ServingRuntimeModal/AuthServingRuntimeSection.tsx
index 1c09124365..b7ef6dfcf6 100644
--- a/frontend/src/pages/modelServing/screens/projects/ServingRuntimeModal/AuthServingRuntimeSection.tsx
+++ b/frontend/src/pages/modelServing/screens/projects/ServingRuntimeModal/AuthServingRuntimeSection.tsx
@@ -20,6 +20,7 @@ type AuthServingRuntimeSectionProps<D extends CreatingModelServingObjectCommon>
setData: UpdateObjectAtPropAndValue<D>;
allowCreate: boolean;
publicRoute?: boolean;
+ showModelRoute?: boolean;
};
const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
@@ -27,6 +28,7 @@ const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
setData,
allowCreate,
publicRoute,
+ showModelRoute = true,
}: AuthServingRuntimeSectionProps<D>): React.ReactNode => {
const createNewToken = React.useCallback(() => {
const name = 'default-name';
@@ -85,14 +87,16 @@ const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
</FormGroup>
</StackItem>
)}
- <StackItem>
- <ServingRuntimeTokenSection
- data={data}
- setData={setData}
- allowCreate={allowCreate}
- createNewToken={createNewToken}
- />
- </StackItem>
+ {showModelRoute && (
+ <StackItem>
+ <ServingRuntimeTokenSection
+ data={data}
+ setData={setData}
+ allowCreate={allowCreate}
+ createNewToken={createNewToken}
+ />
+ </StackItem>
+ )}
{((publicRoute && data.externalRoute && !data.tokenAuth) ||
(!publicRoute && !data.tokenAuth)) && (
<StackItem>
@@ -105,6 +109,21 @@ const AuthServingRuntimeSection = <D extends CreatingModelServingObjectCommon>({
/>
</StackItem>
)}
+ {publicRoute && data.externalRoute && !showModelRoute && (
+ <Alert
+ isInline
+ variant="warning"
+ title="Token authentication prerequisite not installed"
+ data-testid="token-authentication-prerequisite-alert"
+ >
+ <p>
+ Making models available through external routes without requiring token authentication
+ can lead to unauthorized access of your model. To enable token authentication, you must
+ first request that your cluster administrator install the Authorino operator on your
+ cluster.
+ </p>
+ </Alert>
+ )}
</Stack>
);
};
diff --git a/frontend/src/pages/modelServing/screens/projects/kServeModal/ManageKServeModal.tsx b/frontend/src/pages/modelServing/screens/projects/kServeModal/ManageKServeModal.tsx
index 997751a03c..41c9505764 100644
--- a/frontend/src/pages/modelServing/screens/projects/kServeModal/ManageKServeModal.tsx
+++ b/frontend/src/pages/modelServing/screens/projects/kServeModal/ManageKServeModal.tsx
@@ -430,14 +430,13 @@ const ManageKServeModal: React.FC<ManageKServeModalProps> = ({
setSelectedAcceleratorProfile={setSelectedAcceleratorProfile}
infoContent="Select a server size that will accommodate your largest model. See the product documentation for more information."
/>
- {isAuthorinoEnabled && (
- <AuthServingRuntimeSection
- data={createDataInferenceService}
- setData={setCreateDataInferenceService}
- allowCreate={allowCreate}
- publicRoute
- />
- )}
+ <AuthServingRuntimeSection
+ data={createDataInferenceService}
+ setData={setCreateDataInferenceService}
+ allowCreate={allowCreate}
+ publicRoute
+ showModelRoute={isAuthorinoEnabled}
+ />
</>
)}
</FormSection>