Merge pull request #53 from ruivieira/RHOAIENG-24896-tls

feat(RHOAIENG-24896): Add TLS cert support

Author: ruivieira

.github/workflows/build-and-push.yaml

@@ -132,11 +132,11 @@ jobs:
           edit-mode: replace
           body: |
             PR image build and manifest generation completed successfully!
-            
+
             📦 [PR image](https://quay.io/trustyai/trustyai-service-python-ci:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/trustyai-service-python-ci:${{ github.event.pull_request.head.sha }}`
-            
+
             🗂️ [CI manifests](https://github.com/trustyai-explainability/trustyai-service-operator-ci/tree/service-python-${{ env.TAG }})
-            
+
             ```
             devFlags:
               manifests:

Dockerfile

@@ -15,17 +15,15 @@ USER root
 # install mariadb connector from MariaDB Community Service package repository
 RUN if [[ "$EXTRAS" == *"mariadb"* ]]; then  \
 		curl -LsSO https://r.mariadb.com/downloads/mariadb_repo_setup && \
-    	echo "c4a0f3dade02c51a6a28ca3609a13d7a0f8910cccbb90935a2f218454d3a914a  mariadb_repo_setup" | sha256sum -c - && \
     	chmod +x mariadb_repo_setup && \
-    	./mariadb_repo_setup --mariadb-server-version="mariadb-10.6" && \
+    	./mariadb_repo_setup --mariadb-server-version="mariadb-11.4" && \
     	dnf install -y MariaDB-shared MariaDB-devel;  \
     fi
 RUN pip install uv==0.6.16 && \
     uv pip install ".[$EXTRAS]"
 COPY . .
 USER 1001
-EXPOSE 4443
+EXPOSE 8080 4443
 
 
-CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8080"]
-#CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "4443", "--ssl-keyfile", "/etc/tls/internal/tls.key", "--ssl-certfile", "/etc/tls/internal/tls.crt"]
+CMD ["python", "-m", "src.main"]

README.md

@@ -65,6 +65,24 @@ uv run uvicorn src.main --host 0.0.0.0 --port 8080
 podman run -t $IMAGE_NAME -p 8080:8080 .
 ```
 
+### 🔐 TLS Support
+The service supports TLS encryption and automatically detects certificates at startup:
+
+- **With TLS certificates**: Runs on port 4443 (HTTPS)
+- **Without TLS certificates**: Runs on port 8080 (HTTP)
+
+**Certificate locations** (configurable via environment variables):
+- Certificate: `/etc/tls/internal/tls.crt` (or `TLS_CERT_FILE`)
+- Private key: `/etc/tls/internal/tls.key` (or `TLS_KEY_FILE`)
+
+**Environment variables**:
+- `TLS_CERT_FILE`: Path to TLS certificate file
+- `TLS_KEY_FILE`: Path to TLS private key file
+- `SSL_PORT`: HTTPS port (default: 4443)
+- `HTTP_PORT`: HTTP port (default: 8080)
+
+The TLS implementation is fully compatible with the TrustyAI operator for seamless Kubernetes deployment.
+
 ## 🧪 Testing 🧪
 ### Running All Tests
 To run all tests in the project:

pyproject.toml

@@ -6,7 +6,9 @@ authors = [{ name = "Rui Vieira" }, { name = "TrustyAI team" }]
 requires-python = "~=3.11"
 readme = "README.md"
 dependencies = [
-    "fastapi>=0.115.9,<0.120",
+    "fastapi>=0.115.9,<0.117",
+    "fastapi-utils>=0.8.0",
+    "typing-inspect==0.9.0",
     "pandas>=2.2.3,<3",
     "prometheus-client>=0.21.1,<0.24",
     "pydantic>=2.4.2,<3",

src/core/metrics/fairness/group/group_average_odds_difference.py

@@ -6,18 +6,20 @@
 
 from src.core.metrics.fairness.fairness_metrics_utils import filter_rows_by_inputs, calculate_confusion_matrix
 
+
 class GroupAverageOddsDifference:
     """
     Calculate group average odds difference.
     """
-    @ staticmethod
+
+    @staticmethod
     def calculate_model(
         samples: np.ndarray,
         model: ClassifierMixin,
         privilege_columns: List[int],
         privilege_values: List[int],
         postive_class: List[int],
-        output_column: int
+        output_column: int,
     ):
         """
         Calculate group average odds difference for model outputs.
@@ -32,7 +34,9 @@ def calculate_model(
         outputs = model.predict(samples)
         truth = np.append(samples, outputs, axis=1)
 
-        return GroupAverageOddsDifference.calculate(samples, truth, privilege_columns, privilege_values, postive_class, output_column)
+        return GroupAverageOddsDifference.calculate(
+            samples, truth, privilege_columns, privilege_values, postive_class, output_column
+        )
 
     @staticmethod
     def calculate(test, truth, privilege_columns, privilege_values, positive_class, output_column):
@@ -46,6 +50,7 @@ def calculate(test, truth, privilege_columns, privilege_values, positive_class,
         :param output_column the column where the output is located
         return group average odds difference, between -1 and 1
         """
+
         def privilege_filter(row):
             return np.array_equal(row[privilege_columns], privilege_values)
 
@@ -55,11 +60,16 @@ def privilege_filter(row):
         truth_privileged = filter_rows_by_inputs(truth, privilege_filter)
         truth_unprivileged = filter_rows_by_inputs(truth, lambda row: not privilege_filter(row))
 
-        ucm = calculate_confusion_matrix(test_unprivileged[:, output_column], truth_unprivileged[:, output_column], positive_class)
-        pcm = calculate_confusion_matrix(test_privileged[:, output_column], truth_privileged[:, output_column], positive_class)
+        ucm = calculate_confusion_matrix(
+            test_unprivileged[:, output_column], truth_unprivileged[:, output_column], positive_class
+        )
+        pcm = calculate_confusion_matrix(
+            test_privileged[:, output_column], truth_privileged[:, output_column], positive_class
+        )
 
         utp, utn, ufp, ufn = ucm["tp"], ucm["tn"], ucm["fp"], ucm["fn"]
         ptp, ptn, pfp, pfn = pcm["tp"], pcm["tn"], pcm["fp"], pcm["fn"]
 
-        return (utp / (utp + ufn + 1e-10) - ptp / (ptp + pfn + 1e-10)) / 2 + \
-            (ufp / (ufp + utn + 1e-10) - pfp / (pfp + ptn + 1e-10)) / 2
+        return (utp / (utp + ufn + 1e-10) - ptp / (ptp + pfn + 1e-10)) / 2 + (
+            ufp / (ufp + utn + 1e-10) - pfp / (pfp + ptn + 1e-10)
+        ) / 2

src/core/metrics/fairness/group/group_average_predictive_value_difference.py

@@ -6,18 +6,20 @@
 
 from src.core.metrics.fairness.fairness_metrics_utils import filter_rows_by_inputs, calculate_confusion_matrix
 
+
 class GroupAveragePredictiveValueDifference:
     """
     Calculate group average predictive value difference.
     """
+
     @staticmethod
     def calculate_model(
         samples: np.ndarray,
         model: ClassifierMixin,
         privilege_columns: List[int],
         privilege_values: List[int],
         positive_class: int,
-        output_column: int
+        output_column: int,
     ) -> float:
         """
         Calculate group average predictive value difference for model outputs.
@@ -30,7 +32,9 @@ def calculate_model(
         """
         outputs = model.predict(samples)
         truth = np.append(samples, outputs, axis=1)
-        return GroupAveragePredictiveValueDifference.calculate(samples, truth, privilege_columns, privilege_values, positive_class, output_column)
+        return GroupAveragePredictiveValueDifference.calculate(
+            samples, truth, privilege_columns, privilege_values, positive_class, output_column
+        )
 
     @staticmethod
     def calculate(test, truth, privilege_columns, privilege_values, positive_class, output_column):
@@ -44,6 +48,7 @@ def calculate(test, truth, privilege_columns, privilege_values, positive_class,
         :param output_column the column where the output is located
         return group average predictive value difference, between -1 and 1
         """
+
         def privilege_filter(row):
             return np.array_equal(row[privilege_columns], privilege_values)
 
@@ -53,11 +58,16 @@ def privilege_filter(row):
         truth_privileged = filter_rows_by_inputs(truth, privilege_filter)
         truth_unprivileged = filter_rows_by_inputs(truth, lambda row: not privilege_filter(row))
 
-        ucm = calculate_confusion_matrix(test_unprivileged[:, output_column], truth_unprivileged[:, output_column], positive_class)
-        pcm = calculate_confusion_matrix(test_privileged[:, output_column], truth_privileged[:, output_column], positive_class)
+        ucm = calculate_confusion_matrix(
+            test_unprivileged[:, output_column], truth_unprivileged[:, output_column], positive_class
+        )
+        pcm = calculate_confusion_matrix(
+            test_privileged[:, output_column], truth_privileged[:, output_column], positive_class
+        )
 
         utp, utn, ufp, ufn = ucm["tp"], ucm["tn"], ucm["fp"], ucm["fn"]
         ptp, ptn, pfp, pfn = pcm["tp"], pcm["tn"], pcm["fp"], pcm["fn"]
 
-        return (utp / (utp + ufp + 1e-10) - ptp / (ptp + pfp + 1e-10)) / 2 + \
-            (ufn / (ufn + utn + 1e-10) - pfn / (pfn + ptn + 1e-10)) / 2
+        return (utp / (utp + ufp + 1e-10) - ptp / (ptp + pfp + 1e-10)) / 2 + (
+            ufn / (ufn + utn + 1e-10) - pfn / (pfn + ptn + 1e-10)
+        ) / 2

src/core/metrics/fairness/individual/individual_consistency.py

@@ -4,6 +4,7 @@
 import numpy as np
 from sklearn.base import ClassifierMixin
 
+
 class IndividualConsistency:
     """
     Calculate individual fairness in terms of consistency of predictions across similar inputs.
@@ -12,20 +13,17 @@ class IndividualConsistency:
     :param predictionProvider the model under inspection
     return the consistency measure
     """
+
     @staticmethod
-    def calculate(
-        proximity_function: Any,
-        samples: np.ndarray,
-        model: ClassifierMixin
-    ) -> float:
+    def calculate(proximity_function: Any, samples: np.ndarray, model: ClassifierMixin) -> float:
         """
         Calculate individual fairness.
         :param proximity_function: a function that finds the top k similar inputs, given a reference input and a list of inputs
         :param samples: a list of inputs to be tested for consistency
         :param model: the model under inspection
         return the consistency measure
         """
-        consistency =  1
+        consistency = 1
         for sample in samples:
             prediction_outputs = model.predict(sample)
             if len(prediction_outputs) == 0: