feat(lmeval): Disable remote code execution

Refer to [RHOAIENG-16203](https://issues.redhat.com/browse/RHOAIENG-16203)

controllers/lmes/lmevaljob_controller.go

@@ -713,6 +713,19 @@ func CreatePod(svcOpts *serviceOptions, job *lmesv1alpha1.LMEvalJob, log logr.Lo
 		volumes = append(volumes, outputPVC)
 	}
 
+	// Disable remote code execution by default
+	remoteCodeEnvVars := []corev1.EnvVar{
+		{
+			Name:  "TRUST_REMOTE_CODE",
+			Value: "0",
+		},
+		{
+			Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+			Value: "0",
+		},
+	}
+	envVars = append(envVars, remoteCodeEnvVars...)
+
 	// Enforce offline mode by default
 	offlineHuggingFaceEnvVars := []corev1.EnvVar{
 		{

controllers/lmes/lmevaljob_controller_test.go

@@ -117,6 +117,14 @@ func Test_SimplePod(t *testing.T) {
 						},
 					},
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -313,6 +321,14 @@ func Test_WithCustomPod(t *testing.T) {
 						},
 					},
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -491,6 +507,14 @@ func Test_EnvSecretsPod(t *testing.T) {
 								},
 							},
 						},
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -633,6 +657,14 @@ func Test_FileSecretsPod(t *testing.T) {
 					Args:            generateArgs(svcOpts, job, log),
 					SecurityContext: defaultSecurityContext,
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -1074,6 +1106,14 @@ func Test_ManagedPVC(t *testing.T) {
 					Args:            generateArgs(svcOpts, job, log),
 					SecurityContext: defaultSecurityContext,
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -1205,6 +1245,14 @@ func Test_ExistingPVC(t *testing.T) {
 					Args:            generateArgs(svcOpts, job, log),
 					SecurityContext: defaultSecurityContext,
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -1353,6 +1401,14 @@ func Test_PVCPreference(t *testing.T) {
 						},
 					},
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -1532,6 +1588,14 @@ func Test_OfflineMode(t *testing.T) {
 						},
 					},
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",
@@ -1688,6 +1752,14 @@ func Test_OfflineModeWithOutput(t *testing.T) {
 						},
 					},
 					Env: []corev1.EnvVar{
+						{
+							Name:  "TRUST_REMOTE_CODE",
+							Value: "0",
+						},
+						{
+							Name:  "HF_DATASETS_TRUST_REMOTE_CODE",
+							Value: "0",
+						},
 						{
 							Name:  "HF_DATASETS_OFFLINE",
 							Value: "1",