Merge pull request #8161 from Param-29/paramm/gateway-k9s

K8s: test-gateway addition to tox
OpenMined · Oct 16, 2023 · b19b422 · b19b422
2 parents 2eed56a + 54fe0fc
commit b19b422
Show file tree

Hide file tree

Showing 6 changed files with 169 additions and 64 deletions.
diff --git a/packages/syft/src/syft/node/gateway.py b/packages/syft/src/syft/node/gateway.py
@@ -11,10 +11,10 @@ class Gateway(Node):
     def post_init(self) -> None:
         self.node_type = NodeType.GATEWAY
         super().post_init()
-        try:
-            self.connect_to_vpn_self()
-        except Exception as e:
-            print("Error connecting to VPN: ", e)
+        # try:
+        #     self.connect_to_vpn_self()
+        # except Exception as e:
+        #     print("Error connecting to VPN: ", e)
 
     def connect_to_vpn_self(self) -> None:
         network_service = self.get_service(NetworkService)

diff --git a/packages/syft/src/syft/service/network/network_service.py b/packages/syft/src/syft/service/network/network_service.py
@@ -163,7 +163,13 @@ def exchange_credentials_with(
         challenge_signature, remote_node_peer = remote_res
 
         # Verifying if the challenge is valid
-        remote_node_verify_key.verify_key.verify(random_challenge, challenge_signature)
+
+        try:
+            remote_node_verify_key.verify_key.verify(
+                random_challenge, challenge_signature
+            )
+        except Exception as e:
+            return SyftError(message=str(e))
 
         # save the remote peer for later
         result = self.stash.update_peer(context.node.verify_key, remote_node_peer)
@@ -198,6 +204,27 @@ def add_peer(
                 message="verify_key does not match the remote node's verify_key for add_peer"
             )
 
+        remote_client = peer.client_with_context(context=context)
+        random_challenge = secrets.token_bytes(16)
+
+        try:
+            remote_res = remote_client.api.services.network.ping(
+                challenge=random_challenge
+            )
+        except Exception as e:
+            return SyftError(message="Remote Peer cannot ping peer:" + str(e))
+
+        if isinstance(remote_res, SyftError):
+            return remote_res
+
+        challenge_signature = remote_res
+
+        # Verifying if the challenge is valid
+        try:
+            peer.verify_key.verify_key.verify(random_challenge, challenge_signature)
+        except Exception as e:
+            return SyftError(message=str(e))
+
         result = self.stash.update_peer(context.node.verify_key, peer)
         if result.is_err():
             return SyftError(message=str(result.err()))
@@ -218,15 +245,15 @@ def add_peer(
 
         return [challenge_signature, self_node_peer]
 
-    @service_method(path="network.ping", name="ping")
+    @service_method(path="network.ping", name="ping", roles=GUEST_ROLE_LEVEL)
     def ping(
         self, context: AuthedServiceContext, challenge: bytes
     ) -> Union[bytes, SyftError]:
         """To check alivesness/authenticity of a peer"""
 
-        # Only the root user can ping the node to check its state
-        if context.node.verify_key != context.credentials:
-            return SyftError(message=("Only the root user can access ping endpoint"))
+        # # Only the root user can ping the node to check its state
+        # if context.node.verify_key != context.credentials:
+        #     return SyftError(message=("Only the root user can access ping endpoint"))
 
         # this way they can match up who we are with who they think we are
         # Sending a signed messages for the peer to verify

diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py
@@ -1,7 +1,23 @@
 # third party
 import _pytest
+import pytest
 
 
 def pytest_configure(config: _pytest.config.Config) -> None:
     config.addinivalue_line("markers", "frontend: frontend integration tests")
     config.addinivalue_line("markers", "network: network integration tests")
+
+
+@pytest.fixture
+def gateway_port() -> int:
+    return 9081
+
+
+@pytest.fixture
+def domain_1_port() -> int:
+    return 9082
+
+
+@pytest.fixture
+def domain_2_port() -> int:
+    return 9083
diff --git a/tests/integration/network/client_test.py b/tests/integration/network/client_test.py
@@ -22,7 +22,7 @@ def test_client_type(node_metadata):
 
 
 @pytest.mark.parametrize(
-    "node_metadata", [(NETWORK_PORT, "test_gateway_1"), (DOMAIN_PORT, "test_domain_1")]
+    "node_metadata", [(NETWORK_PORT, "test-gateway-1"), (DOMAIN_PORT, "test-domain-1")]
 )
 @pytest.mark.network
 def test_client_name(node_metadata):

diff --git a/tests/integration/network/gateway_test.py b/tests/integration/network/gateway_test.py
@@ -0,0 +1,52 @@
+# syft absolute
+import syft as sy
+from syft.abstract_node import NodeType
+from syft.client.domain_client import DomainClient
+from syft.client.gateway_client import GatewayClient
+from syft.service.network.node_peer import NodePeer
+from syft.service.response import SyftSuccess
+from syft.service.user.user_roles import ServiceRole
+
+
+def test_domain_connect_to_gateway(domain_1_port, gateway_port):
+    gateway_client: GatewayClient = sy.login(
+        port=gateway_port, email="[email protected]", password="changethis"
+    )
+
+    domain_client: DomainClient = sy.login(
+        port=domain_1_port, email="[email protected]", password="changethis"
+    )
+
+    result = domain_client.connect_to_gateway(gateway_client)
+    assert isinstance(result, SyftSuccess)
+
+    assert len(domain_client.peers) == 1
+    assert len(gateway_client.peers) == 1
+
+    proxy_domain_client = gateway_client.peers[0]
+    domain_peer = domain_client.peers[0]
+
+    assert isinstance(proxy_domain_client, DomainClient)
+    assert isinstance(domain_peer, NodePeer)
+
+    # Domain's peer is a gateway and vice-versa
+    assert domain_peer.node_type == NodeType.GATEWAY
+
+    assert gateway_client.name == domain_peer.name
+    assert domain_client.name == proxy_domain_client.name
+
+    assert len(gateway_client.domains) == 1
+    assert len(gateway_client.enclaves) == 0
+
+    assert proxy_domain_client.metadata == domain_client.metadata
+    assert proxy_domain_client.user_role == ServiceRole.NONE
+
+    domain_client.login(email="[email protected]", password="changethis")
+    proxy_domain_client.login(email="[email protected]", password="changethis")
+
+    assert proxy_domain_client.logged_in_user == "[email protected]"
+    assert proxy_domain_client.user_role == ServiceRole.ADMIN
+    assert proxy_domain_client.credentials == domain_client.credentials
+    assert (
+        proxy_domain_client.api.endpoints.keys() == domain_client.api.endpoints.keys()
+    )
diff --git a/tox.ini b/tox.ini
@@ -260,31 +260,30 @@ commands =
     bash -c "docker volume rm test-domain-1_mongo-data --force || true"
     bash -c "docker volume rm test-domain-1_credentials-data --force || true"
     bash -c "docker volume rm test-domain-1_seaweedfs-data --force || true"
-    bash -c "docker volume rm test-domain-2_mongo-data --force || true"
-    bash -c "docker volume rm test-domain-2_credentials-data --force || true"
-    bash -c "docker volume rm test-domain-2_seaweedfs-data --force || true"
+    bash -c "docker volume rm test-domain-1_tailscale-data --force || true"
+    ; bash -c "docker volume rm test-domain-2_mongo-data --force || true"
+    ; bash -c "docker volume rm test-domain-2_credentials-data --force || true"
+    ; bash -c "docker volume rm test-domain-2_seaweedfs-data --force || true"
+    ; bash -c "docker volume rm test-domain-2_tailscale-data --force || true"
     bash -c "docker volume rm test-gateway-1_mongo-data --force || true"
     bash -c "docker volume rm test-gateway-1_credentials-data --force || true"
     bash -c "docker volume rm test-gateway-1_seaweedfs-data --force || true"
-
-    bash -c "docker volume rm test-domain-1_tailscale-data --force || true"
-    bash -c "docker volume rm test-domain-2_tailscale-data --force || true"
     bash -c "docker volume rm test-gateway-1_tailscale-data --force || true"
     bash -c "docker volume rm test-gateway-1_headscale-data --force || true"
 
     python -c 'import syft as sy; sy.stage_protocol_changes()'
 
-    bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test_gateway_1 network to docker:9081 $HAGRID_FLAGS --no-health-checks --verbose --no-warnings --dev'
-    bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test_domain_1 domain to docker:9082 $HAGRID_FLAGS --no-health-checks --enable-signup --verbose --no-warnings --dev'
-    bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test_domain_2 domain to docker:9083 --headless $HAGRID_FLAGS --enable-signup --no-health-checks --verbose --no-warnings --dev'
+    bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test-gateway-1 network to docker:9081 $HAGRID_FLAGS --no-health-checks --verbose --no-warnings --dev'
+    bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test-domain-1 domain to docker:9082 $HAGRID_FLAGS --no-health-checks --enable-signup --verbose --no-warnings --dev'
+    ; bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test-domain-2 domain to docker:9083 --headless $HAGRID_FLAGS --enable-signup --no-health-checks --verbose --no-warnings --dev'
 
     ; wait for nodes to start
     docker ps
     bash -c "echo Waiting for Nodes; date"
-    bash -c '(docker logs test_domain_1-frontend-1 -f &) | grep -q -E "Network:\s+https?://[a-zA-Z0-9.-]+:[0-9]+/" || true'
-    bash -c '(docker logs test_domain_1-backend-1 -f &) | grep -q "Application startup complete" || true'
-    bash -c '(docker logs test_domain_2-backend-1 -f &) | grep -q "Application startup complete" || true'
-    bash -c '(docker logs test_gateway_1-backend-1 -f &) | grep -q "Application startup complete" || true'
+    bash -c '(docker logs test-domain-1-frontend-1 -f &) | grep -q -E "Network:\s+https?://[a-zA-Z0-9.-]+:[0-9]+/" || true'
+    bash -c '(docker logs test-domain-1-backend-1 -f &) | grep -q "Application startup complete" || true'
+    ; bash -c '(docker logs test_domain_2-backend-1 -f &) | grep -q "Application startup complete" || true'
+    bash -c '(docker logs test-gateway-1-backend-1 -f &) | grep -q "Application startup complete" || true'
 
     ; frontend
     bash -c 'if [[ "$PYTEST_MODULES" == *"frontend"* ]]; then \
@@ -627,42 +626,40 @@ commands =
     python -c 'import syft as sy; sy.stage_protocol_changes()'
     k3d version
 
-    ; bash -c "docker rm $(docker ps -aq) --force || true"
-    # bash -c "k3d cluster delete test-gateway-1 || true"
+    # bash -c "docker rm $(docker ps -aq) --force || true"
+    # Deleting current cluster
+    bash -c "k3d cluster delete test-gateway-1 || true"
     bash -c "k3d cluster delete test-domain-1 || true"
-    ; bash -c "k3d cluster delete test-domain-2 || true"
+    # bash -c "k3d cluster delete test-domain-2 || true"
+
+    # Deleting registery & volumes
     bash -c "k3d registry delete k3d-registry.localhost || true"
-    # bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
+    bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
     bash -c "docker volume rm k3d-test-domain-1-images --force || true"
     # bash -c "docker volume rm k3d-test-domain-2-images --force || true"
 
+    # Creating registory
     bash -c 'k3d registry create registry.localhost --port 12345  -v `pwd`/k3d-registry:/var/lib/registry || true'
 
-    # bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
-    #     k3d cluster create $NODE_NAME -p "$NODE_PORT:80@loadbalancer" --registry-use k3d-registry.localhost || true \
-    #     k3d cluster start $NODE_NAME'
-
-    # bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
-    #     cd packages/grid && \
-    #     devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
-    #     --var DOMAIN_NAME=$NODE_NAME \
-    #     --var NETWORK_CHECK_INTERVAL=5 \
-    #     --var TEST_MODE=1 \
-    #     --var CONTAINER_REGISTRY=k3d-registry.localhost:12345 \
-    #     build -b'
+    # Creating test-gateway-1 cluster on port 9081
+    bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
+        k3d cluster create $NODE_NAME -p "$NODE_PORT:80@loadbalancer" --registry-use k3d-registry.localhost || true \
+        k3d cluster start $NODE_NAME'
 
-    # bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
-    #     cd packages/grid && \
-    #     (r=5;while ! \
-    #     devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
-    #     --var DOMAIN_NAME=$NODE_NAME \
-    #     --var NETWORK_CHECK_INTERVAL=5 \
-    #     --var ASSOCIATION_TIMEOUT=100 \
-    #     --var TEST_MODE=1 \
-    #     --var CONTAINER_REGISTRY=k3d-registry.localhost:12345 \
-    #     deploy -b -p gateway; \
-    #     do ((--r))||exit;echo "retrying" && sleep 20;done)'
+    bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
+        cd packages/grid && \
+        (r=5;while ! \
+        devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
+        --var NODE_NAME=$NODE_NAME \
+        --var NETWORK_CHECK_INTERVAL=5 \
+        --var ASSOCIATION_TIMEOUT=100 \
+        --var TEST_MODE=1 \
+        --var CONTAINER_REGISTRY=k3d-registry.localhost:12345 \
+        --var NODE_TYPE=gateway \
+        deploy -b; \
+        do ((--r))||exit;echo "retrying" && sleep 20;done)'
 
+    # Creating test-domain-1 cluster on port 9082
     bash -c 'NODE_NAME=test-domain-1 NODE_PORT=9082 && \
         k3d cluster create $NODE_NAME -p "$NODE_PORT:80@loadbalancer" --registry-use k3d-registry.localhost || true \
         k3d cluster start $NODE_NAME'
@@ -671,7 +668,7 @@ commands =
         cd packages/grid && \
         (r=5;while ! \
         devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
-        --var DOMAIN_NAME=$NODE_NAME \
+        --var NODE_NAME=$NODE_NAME \
         --var DOMAIN_CHECK_INTERVAL=5 \
         --var ASSOCIATION_TIMEOUT=100 \
         --var TEST_MODE=1 \
@@ -697,29 +694,31 @@ commands =
 
     sleep 30
 
-    ; wait for front end
+    # wait for front end
     bash packages/grid/scripts/wait_for.sh service frontend --context k3d-test-domain-1 --namespace test-domain-1
     bash -c '(kubectl logs service/frontend --context k3d-test-domain-1 --namespace test-domain-1 -f &) | grep -q -E "Network:\s+https?://[a-zA-Z0-9.-]+:[0-9]+/" || true'
 
-    ; wait for everything else to be loaded
-    # bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-gateway-1 --namespace test-gateway-1
+    # wait for test gateway 1
+    bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-gateway-1 --namespace test-gateway-1
+    bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-gateway-1 --namespace test-gateway-1
+    bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-gateway-1 --namespace test-gateway-1
     # bash packages/grid/scripts/wait_for.sh service queue --context k3d-test-gateway-1 --namespace test-gateway-1
     # bash packages/grid/scripts/wait_for.sh service redis --context k3d-test-gateway-1 --namespace test-gateway-1
-    # bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-gateway-1 --namespace test-gateway-1
-    # bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-gateway-1 --namespace test-gateway-1
     # bash packages/grid/scripts/wait_for.sh service backend-stream --context k3d-test-gateway-1 --namespace test-gateway-1
     # bash packages/grid/scripts/wait_for.sh service headscale --context k3d-test-gateway-1 --namespace test-gateway-1
 
+    # wait for test domain 1
+    bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-domain-1 --namespace test-domain-1
+    bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-domain-1 --namespace test-domain-1
+    bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-1 --namespace test-domain-1
     # bash packages/grid/scripts/wait_for.sh service frontend --context k3d-test-domain-1 --namespace test-domain-1
     # bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-1 --namespace test-domain-1
     # bash packages/grid/scripts/wait_for.sh service queue --context k3d-test-domain-1 --namespace test-domain-1
     # bash packages/grid/scripts/wait_for.sh service redis --context k3d-test-domain-1 --namespace test-domain-1
-    bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-domain-1 --namespace test-domain-1
-    bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-domain-1 --namespace test-domain-1
-    bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-1 --namespace test-domain-1
     # bash packages/grid/scripts/wait_for.sh service backend-stream --context k3d-test-domain-1 --namespace test-domain-1
     # bash packages/grid/scripts/wait_for.sh service seaweedfs --context k3d-test-domain-1 --namespace test-domain-1
 
+    # wait for test domain 2
     # bash packages/grid/scripts/wait_for.sh service frontend --context k3d-test-domain-2 --namespace test-domain-2
     # bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-2 --namespace test-domain-2
     # bash packages/grid/scripts/wait_for.sh service queue --context k3d-test-domain-2 --namespace test-domain-2
@@ -732,9 +731,13 @@ commands =
     # pytest tests/integration -m frontend -p no:randomly --co
     # bash -c "CONTAINER_HOST=$CONTAINER_HOST pytest tests/integration -m frontend -vvvv -p no:randomly -p no:benchmark -o log_cli=True --capture=no"
 
+    # Checking logs generated & startup of test-domain 1
     bash -c '(kubectl logs service/backend --context k3d-test-domain-1 --namespace test-domain-1 -f &) | grep -q "Application startup complete" || true'
+    # Checking logs generated & startup of test-gateway-1
+    bash -c '(kubectl logs service/backend --context k3d-test-gateway-1 --namespace test-gateway-1 -f &) | grep -q "Application startup complete" || true'
 
-    ; frontend
+
+    # frontend
     bash -c 'if [[ "$PYTEST_MODULES" == *"frontend"* ]]; then \
         echo "Starting frontend"; date; \
         pytest tests/integration -m frontend -p no:randomly -k "test_serves_domain_frontend" --co; \
@@ -744,19 +747,26 @@ commands =
         exit $return; \
     fi'
 
-    ; ignore 06 because of opendp on arm64
+
+    # ignore 06 because of opendp on arm64
+    # Run 0.8 notebooks
     pytest --nbmake notebooks/api/0.8 -p no:randomly -vvvv -k 'not 06'
 
-    ; bash -c "k3d cluster delete test-gateway-1 || true"
+    #Integration + Gateway Connection Tests
+    pytest tests/integration/network -p no:randomly -vvvv
+
+    # deleting clusters created
+    bash -c "k3d cluster delete test-gateway-1 || true"
     bash -c "k3d cluster delete test-domain-1 || true"
-    ; bash -c "k3d cluster delete test-domain-2 || true"
+    # bash -c "k3d cluster delete test-domain-2 || true"
     bash -c "k3d registry delete k3d-registry.localhost || true"
     bash -c "docker rm $(docker ps -aq) --force || true"
-    # bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
+    bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
     bash -c "docker volume rm k3d-test-domain-1-images --force || true"
     # bash -c "docker volume rm k3d-test-domain-2-images --force || true"
 
 
+
 [testenv:syft.build.helm]
 description = Build Helm Chart for Kubernetes
 deps =