[RayJob] Add token authentication support for light weight job submitter (#4215)

Future-Outlier · rueian · web-flow · commit 1daadda8b0bc · 2025-11-20T13:45:19.000-08:00
* [RayJob] light weight job submitter auth token support

Signed-off-by: Future-Outlier &lt;eric901201@gmail.com&gt;

* X-Ray-Authorization

Signed-off-by: Rueian &lt;rueiancsie@gmail.com&gt;

---------

Signed-off-by: Future-Outlier &lt;eric901201@gmail.com&gt;
Signed-off-by: Rueian &lt;rueiancsie@gmail.com&gt;
Co-authored-by: Rueian &lt;rueiancsie@gmail.com&gt;
diff --git a/ray-operator/rayjob-submitter/cmd/main.go b/ray-operator/rayjob-submitter/cmd/main.go
@@ -64,7 +64,8 @@ func main() {
 	}
 	rayDashboardClient := &dashboardclient.RayDashboardClient{}
 	address = rayjobsubmitter.JobSubmissionURL(address)
-	rayDashboardClient.InitClient(&http.Client{Timeout: time.Second * 10}, address, "")
+	authToken := os.Getenv("RAY_AUTH_TOKEN")
+	rayDashboardClient.InitClient(&http.Client{Timeout: time.Second * 10}, address, authToken)
 	submissionId, err := rayDashboardClient.SubmitJobReq(context.Background(), &req)
 	if err != nil {
 		if strings.Contains(err.Error(), "Please use a different submission_id") {
@@ -76,7 +77,7 @@ func main() {
 		fmt.Fprintf(os.Stdout, "SUCC -- Job '%s' submitted successfully\n", submissionId)
 	}
 	fmt.Fprintf(os.Stdout, "INFO -- Tailing logs until the job finishes:\n")
-	err = rayjobsubmitter.TailJobLogs(address, submissionId, os.Stdout)
+	err = rayjobsubmitter.TailJobLogs(address, submissionId, authToken, os.Stdout)
 	exitOnError(err)
 }
 
diff --git a/ray-operator/rayjob-submitter/rayjob-submitter.go b/ray-operator/rayjob-submitter/rayjob-submitter.go
@@ -31,12 +31,22 @@ func logTailingURL(address, submissionId string) (string, error) {
 	return address, nil
 }
 
-func TailJobLogs(address, submissionId string, out io.Writer) error {
+func TailJobLogs(address, submissionId string, authToken string, out io.Writer) error {
 	wsAddr, err := logTailingURL(address, submissionId)
 	if err != nil {
 		return err
 	}
-	c, _, err := websocket.Dial(context.Background(), wsAddr, nil)
+
+	var dialOptions *websocket.DialOptions
+	if authToken != "" {
+		dialOptions = &websocket.DialOptions{
+			HTTPHeader: map[string][]string{
+				"X-Ray-Authorization": {fmt.Sprintf("Bearer %s", authToken)},
+			},
+		}
+	}
+
+	c, _, err := websocket.Dial(context.Background(), wsAddr, dialOptions)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,8 @@ func main() {`
`64`	`64`	`}`
`65`	`65`	`rayDashboardClient := &dashboardclient.RayDashboardClient{}`
`66`	`66`	`address = rayjobsubmitter.JobSubmissionURL(address)`
`67`		`- rayDashboardClient.InitClient(&http.Client{Timeout: time.Second * 10}, address, "")`
	`67`	`+ authToken := os.Getenv("RAY_AUTH_TOKEN")`
	`68`	`+ rayDashboardClient.InitClient(&http.Client{Timeout: time.Second * 10}, address, authToken)`
`68`	`69`	`submissionId, err := rayDashboardClient.SubmitJobReq(context.Background(), &req)`
`69`	`70`	`if err != nil {`
`70`	`71`	`if strings.Contains(err.Error(), "Please use a different submission_id") {`
`@@ -76,7 +77,7 @@ func main() {`
`76`	`77`	`fmt.Fprintf(os.Stdout, "SUCC -- Job '%s' submitted successfully\n", submissionId)`
`77`	`78`	`}`
`78`	`79`	`fmt.Fprintf(os.Stdout, "INFO -- Tailing logs until the job finishes:\n")`
`79`		`- err = rayjobsubmitter.TailJobLogs(address, submissionId, os.Stdout)`
	`80`	`+ err = rayjobsubmitter.TailJobLogs(address, submissionId, authToken, os.Stdout)`
`80`	`81`	`exitOnError(err)`
`81`	`82`	`}`
`82`	`83`