Add a warning message to inform users about the unencrypted connections between cluster and external Slurm dbd

hanwen-cluster · hanwen-pcluste · commit cfaaf7068728 · 2024-04-17T07:33:46.000-07:00
Signed-off-by: Hanwen &lt;hanwenli@amazon.com&gt;
diff --git a/cli/src/pcluster/config/cluster_config.py b/cli/src/pcluster/config/cluster_config.py
@@ -197,6 +197,7 @@
     CustomSlurmSettingLevel,
     CustomSlurmSettingsIncludeFileOnlyValidator,
     CustomSlurmSettingsValidator,
+    ExternalSlurmdbdTrafficNotEncrypted,
     ExternalSlurmdbdVsDatabaseIncompatibility,
     SlurmNodePrioritiesWarningValidator,
 )
@@ -2786,6 +2787,10 @@ def _register_validators(self, context: ValidatorContext = None):
             database=self.database,
             external_slurmdbd=self.external_slurmdbd,
         )
+        self._register_validator(
+            ExternalSlurmdbdTrafficNotEncrypted,
+            external_slurmdbd=self.external_slurmdbd,
+        )
 
 
 class QueueUpdateStrategy(Enum):
diff --git a/cli/src/pcluster/validators/slurm_settings_validator.py b/cli/src/pcluster/validators/slurm_settings_validator.py
@@ -197,3 +197,15 @@ def _validate(self, database, external_slurmdbd):
                 "Database and ExternalSlurmdbd cannot be defined at the same time within SlurmSettings.",
                 FailureLevel.ERROR,
             )
+
+
+class ExternalSlurmdbdTrafficNotEncrypted(Validator):
+    """Inform users about unencrypted connections."""
+
+    def _validate(self, external_slurmdbd):
+        if external_slurmdbd is not None:
+            self._add_failure(
+                "Traffic between ParallelCluster and the external Slurmdbd is not encrypted. "
+                "It is recommended to run the cluster and the external Slurmdbd in a trusted network.",
+                FailureLevel.WARNING,
+            )
diff --git a/cli/tests/pcluster/validators/test_cluster_validators.py b/cli/tests/pcluster/validators/test_cluster_validators.py
@@ -89,6 +89,7 @@
     CustomSlurmSettingLevel,
     CustomSlurmSettingsIncludeFileOnlyValidator,
     CustomSlurmSettingsValidator,
+    ExternalSlurmdbdTrafficNotEncrypted,
     ExternalSlurmdbdVsDatabaseIncompatibility,
     SlurmNodePrioritiesWarningValidator,
 )
@@ -380,6 +381,24 @@ def test_external_slurmdbd_vs_database_incompatibility_validator(database, exter
     assert_failure_messages(actual_failures, expected_message)
 
 
+@pytest.mark.parametrize(
+    "external_slurmdbd, expected_message",
+    [
+        pytest.param(None, None),
+        pytest.param(
+            ExternalSlurmdbd(
+                host="test.slurmdbd.host",
+                port=6819,
+            ),
+            "Traffic between ParallelCluster and the external Slurmdbd is not encrypted",
+        ),
+    ],
+)
+def test_external_slurmdbd_traffic_not_encrypted_validator(external_slurmdbd, expected_message):
+    actual_failures = ExternalSlurmdbdTrafficNotEncrypted().execute(external_slurmdbd)
+    assert_failure_messages(actual_failures, expected_message)
+
+
 @pytest.mark.parametrize(
     "queue_name, compute_resources, expected_message",
     [
