Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

K8s: test-gateway addition to tox #8161

Merged
merged 7 commits into from
Oct 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions packages/syft/src/syft/node/gateway.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ class Gateway(Node):
def post_init(self) -> None:
self.node_type = NodeType.GATEWAY
super().post_init()
try:
self.connect_to_vpn_self()
except Exception as e:
print("Error connecting to VPN: ", e)
# try:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shubham3121 , for info, I have commented it out, as we are not currently using tailscale, headscale.This was causing very slow startup times, while launching a gateway.

# self.connect_to_vpn_self()
# except Exception as e:
# print("Error connecting to VPN: ", e)

def connect_to_vpn_self(self) -> None:
network_service = self.get_service(NetworkService)
Expand Down
37 changes: 32 additions & 5 deletions packages/syft/src/syft/service/network/network_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,13 @@ def exchange_credentials_with(
challenge_signature, remote_node_peer = remote_res

# Verifying if the challenge is valid
remote_node_verify_key.verify_key.verify(random_challenge, challenge_signature)

try:
remote_node_verify_key.verify_key.verify(
random_challenge, challenge_signature
)
except Exception as e:
return SyftError(message=str(e))

# save the remote peer for later
result = self.stash.update_peer(context.node.verify_key, remote_node_peer)
Expand Down Expand Up @@ -198,6 +204,27 @@ def add_peer(
message="verify_key does not match the remote node's verify_key for add_peer"
)

remote_client = peer.client_with_context(context=context)
random_challenge = secrets.token_bytes(16)

try:
remote_res = remote_client.api.services.network.ping(
challenge=random_challenge
)
except Exception as e:
return SyftError(message="Remote Peer cannot ping peer:" + str(e))

if isinstance(remote_res, SyftError):
return remote_res

challenge_signature = remote_res

# Verifying if the challenge is valid
try:
peer.verify_key.verify_key.verify(random_challenge, challenge_signature)
except Exception as e:
return SyftError(message=str(e))

result = self.stash.update_peer(context.node.verify_key, peer)
if result.is_err():
return SyftError(message=str(result.err()))
Expand All @@ -218,15 +245,15 @@ def add_peer(

return [challenge_signature, self_node_peer]

@service_method(path="network.ping", name="ping")
@service_method(path="network.ping", name="ping", roles=GUEST_ROLE_LEVEL)
def ping(
self, context: AuthedServiceContext, challenge: bytes
) -> Union[bytes, SyftError]:
"""To check alivesness/authenticity of a peer"""

# Only the root user can ping the node to check its state
if context.node.verify_key != context.credentials:
return SyftError(message=("Only the root user can access ping endpoint"))
# # Only the root user can ping the node to check its state
# if context.node.verify_key != context.credentials:
# return SyftError(message=("Only the root user can access ping endpoint"))

# this way they can match up who we are with who they think we are
# Sending a signed messages for the peer to verify
Expand Down
16 changes: 16 additions & 0 deletions tests/integration/conftest.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,23 @@
# third party
import _pytest
import pytest


def pytest_configure(config: _pytest.config.Config) -> None:
config.addinivalue_line("markers", "frontend: frontend integration tests")
config.addinivalue_line("markers", "network: network integration tests")


@pytest.fixture
def gateway_port() -> int:
return 9081


@pytest.fixture
def domain_1_port() -> int:
return 9082


@pytest.fixture
def domain_2_port() -> int:
return 9083
2 changes: 1 addition & 1 deletion tests/integration/network/client_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def test_client_type(node_metadata):


@pytest.mark.parametrize(
"node_metadata", [(NETWORK_PORT, "test_gateway_1"), (DOMAIN_PORT, "test_domain_1")]
"node_metadata", [(NETWORK_PORT, "test-gateway-1"), (DOMAIN_PORT, "test-domain-1")]
)
@pytest.mark.network
def test_client_name(node_metadata):
Expand Down
52 changes: 52 additions & 0 deletions tests/integration/network/gateway_test.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# syft absolute
import syft as sy
from syft.abstract_node import NodeType
from syft.client.domain_client import DomainClient
from syft.client.gateway_client import GatewayClient
from syft.service.network.node_peer import NodePeer
from syft.service.response import SyftSuccess
from syft.service.user.user_roles import ServiceRole


def test_domain_connect_to_gateway(domain_1_port, gateway_port):
gateway_client: GatewayClient = sy.login(
port=gateway_port, email="[email protected]", password="changethis"
)

domain_client: DomainClient = sy.login(
port=domain_1_port, email="[email protected]", password="changethis"
)

result = domain_client.connect_to_gateway(gateway_client)
assert isinstance(result, SyftSuccess)

assert len(domain_client.peers) == 1
assert len(gateway_client.peers) == 1

proxy_domain_client = gateway_client.peers[0]
domain_peer = domain_client.peers[0]

assert isinstance(proxy_domain_client, DomainClient)
assert isinstance(domain_peer, NodePeer)

# Domain's peer is a gateway and vice-versa
assert domain_peer.node_type == NodeType.GATEWAY

assert gateway_client.name == domain_peer.name
assert domain_client.name == proxy_domain_client.name

assert len(gateway_client.domains) == 1
assert len(gateway_client.enclaves) == 0

assert proxy_domain_client.metadata == domain_client.metadata
assert proxy_domain_client.user_role == ServiceRole.NONE

domain_client.login(email="[email protected]", password="changethis")
proxy_domain_client.login(email="[email protected]", password="changethis")

assert proxy_domain_client.logged_in_user == "[email protected]"
assert proxy_domain_client.user_role == ServiceRole.ADMIN
assert proxy_domain_client.credentials == domain_client.credentials
assert (
proxy_domain_client.api.endpoints.keys() == domain_client.api.endpoints.keys()
)
118 changes: 64 additions & 54 deletions tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -260,31 +260,30 @@ commands =
bash -c "docker volume rm test-domain-1_mongo-data --force || true"
bash -c "docker volume rm test-domain-1_credentials-data --force || true"
bash -c "docker volume rm test-domain-1_seaweedfs-data --force || true"
bash -c "docker volume rm test-domain-2_mongo-data --force || true"
bash -c "docker volume rm test-domain-2_credentials-data --force || true"
bash -c "docker volume rm test-domain-2_seaweedfs-data --force || true"
bash -c "docker volume rm test-domain-1_tailscale-data --force || true"
; bash -c "docker volume rm test-domain-2_mongo-data --force || true"
; bash -c "docker volume rm test-domain-2_credentials-data --force || true"
; bash -c "docker volume rm test-domain-2_seaweedfs-data --force || true"
; bash -c "docker volume rm test-domain-2_tailscale-data --force || true"
bash -c "docker volume rm test-gateway-1_mongo-data --force || true"
bash -c "docker volume rm test-gateway-1_credentials-data --force || true"
bash -c "docker volume rm test-gateway-1_seaweedfs-data --force || true"

bash -c "docker volume rm test-domain-1_tailscale-data --force || true"
bash -c "docker volume rm test-domain-2_tailscale-data --force || true"
bash -c "docker volume rm test-gateway-1_tailscale-data --force || true"
bash -c "docker volume rm test-gateway-1_headscale-data --force || true"

python -c 'import syft as sy; sy.stage_protocol_changes()'

bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test_gateway_1 network to docker:9081 $HAGRID_FLAGS --no-health-checks --verbose --no-warnings --dev'
bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test_domain_1 domain to docker:9082 $HAGRID_FLAGS --no-health-checks --enable-signup --verbose --no-warnings --dev'
bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test_domain_2 domain to docker:9083 --headless $HAGRID_FLAGS --enable-signup --no-health-checks --verbose --no-warnings --dev'
bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test-gateway-1 network to docker:9081 $HAGRID_FLAGS --no-health-checks --verbose --no-warnings --dev'
bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test-domain-1 domain to docker:9082 $HAGRID_FLAGS --no-health-checks --enable-signup --verbose --no-warnings --dev'
; bash -c 'HAGRID_ART=$HAGRID_ART hagrid launch test-domain-2 domain to docker:9083 --headless $HAGRID_FLAGS --enable-signup --no-health-checks --verbose --no-warnings --dev'

; wait for nodes to start
docker ps
bash -c "echo Waiting for Nodes; date"
bash -c '(docker logs test_domain_1-frontend-1 -f &) | grep -q -E "Network:\s+https?://[a-zA-Z0-9.-]+:[0-9]+/" || true'
bash -c '(docker logs test_domain_1-backend-1 -f &) | grep -q "Application startup complete" || true'
bash -c '(docker logs test_domain_2-backend-1 -f &) | grep -q "Application startup complete" || true'
bash -c '(docker logs test_gateway_1-backend-1 -f &) | grep -q "Application startup complete" || true'
bash -c '(docker logs test-domain-1-frontend-1 -f &) | grep -q -E "Network:\s+https?://[a-zA-Z0-9.-]+:[0-9]+/" || true'
bash -c '(docker logs test-domain-1-backend-1 -f &) | grep -q "Application startup complete" || true'
; bash -c '(docker logs test_domain_2-backend-1 -f &) | grep -q "Application startup complete" || true'
bash -c '(docker logs test-gateway-1-backend-1 -f &) | grep -q "Application startup complete" || true'

; frontend
bash -c 'if [[ "$PYTEST_MODULES" == *"frontend"* ]]; then \
Expand Down Expand Up @@ -627,42 +626,40 @@ commands =
python -c 'import syft as sy; sy.stage_protocol_changes()'
k3d version

; bash -c "docker rm $(docker ps -aq) --force || true"
# bash -c "k3d cluster delete test-gateway-1 || true"
# bash -c "docker rm $(docker ps -aq) --force || true"
# Deleting current cluster
bash -c "k3d cluster delete test-gateway-1 || true"
bash -c "k3d cluster delete test-domain-1 || true"
; bash -c "k3d cluster delete test-domain-2 || true"
# bash -c "k3d cluster delete test-domain-2 || true"

# Deleting registery & volumes
bash -c "k3d registry delete k3d-registry.localhost || true"
# bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
bash -c "docker volume rm k3d-test-domain-1-images --force || true"
# bash -c "docker volume rm k3d-test-domain-2-images --force || true"

# Creating registory
bash -c 'k3d registry create registry.localhost --port 12345 -v `pwd`/k3d-registry:/var/lib/registry || true'

# bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
# k3d cluster create $NODE_NAME -p "$NODE_PORT:80@loadbalancer" --registry-use k3d-registry.localhost || true \
# k3d cluster start $NODE_NAME'

# bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
# cd packages/grid && \
# devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
# --var DOMAIN_NAME=$NODE_NAME \
# --var NETWORK_CHECK_INTERVAL=5 \
# --var TEST_MODE=1 \
# --var CONTAINER_REGISTRY=k3d-registry.localhost:12345 \
# build -b'
# Creating test-gateway-1 cluster on port 9081
bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
k3d cluster create $NODE_NAME -p "$NODE_PORT:80@loadbalancer" --registry-use k3d-registry.localhost || true \
k3d cluster start $NODE_NAME'

# bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
# cd packages/grid && \
# (r=5;while ! \
# devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
# --var DOMAIN_NAME=$NODE_NAME \
# --var NETWORK_CHECK_INTERVAL=5 \
# --var ASSOCIATION_TIMEOUT=100 \
# --var TEST_MODE=1 \
# --var CONTAINER_REGISTRY=k3d-registry.localhost:12345 \
# deploy -b -p gateway; \
# do ((--r))||exit;echo "retrying" && sleep 20;done)'
bash -c 'NODE_NAME=test-gateway-1 NODE_PORT=9081 && \
cd packages/grid && \
(r=5;while ! \
devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
--var NODE_NAME=$NODE_NAME \
--var NETWORK_CHECK_INTERVAL=5 \
--var ASSOCIATION_TIMEOUT=100 \
--var TEST_MODE=1 \
--var CONTAINER_REGISTRY=k3d-registry.localhost:12345 \
--var NODE_TYPE=gateway \
deploy -b; \
do ((--r))||exit;echo "retrying" && sleep 20;done)'

# Creating test-domain-1 cluster on port 9082
bash -c 'NODE_NAME=test-domain-1 NODE_PORT=9082 && \
k3d cluster create $NODE_NAME -p "$NODE_PORT:80@loadbalancer" --registry-use k3d-registry.localhost || true \
k3d cluster start $NODE_NAME'
Expand All @@ -671,7 +668,7 @@ commands =
cd packages/grid && \
(r=5;while ! \
devspace --no-warn --kube-context "k3d-$NODE_NAME" --namespace $NODE_NAME \
--var DOMAIN_NAME=$NODE_NAME \
--var NODE_NAME=$NODE_NAME \
--var DOMAIN_CHECK_INTERVAL=5 \
--var ASSOCIATION_TIMEOUT=100 \
--var TEST_MODE=1 \
Expand All @@ -697,29 +694,31 @@ commands =

sleep 30

; wait for front end
# wait for front end
bash packages/grid/scripts/wait_for.sh service frontend --context k3d-test-domain-1 --namespace test-domain-1
bash -c '(kubectl logs service/frontend --context k3d-test-domain-1 --namespace test-domain-1 -f &) | grep -q -E "Network:\s+https?://[a-zA-Z0-9.-]+:[0-9]+/" || true'

; wait for everything else to be loaded
# bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-gateway-1 --namespace test-gateway-1
# wait for test gateway 1
bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-gateway-1 --namespace test-gateway-1
bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-gateway-1 --namespace test-gateway-1
bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-gateway-1 --namespace test-gateway-1
# bash packages/grid/scripts/wait_for.sh service queue --context k3d-test-gateway-1 --namespace test-gateway-1
# bash packages/grid/scripts/wait_for.sh service redis --context k3d-test-gateway-1 --namespace test-gateway-1
# bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-gateway-1 --namespace test-gateway-1
# bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-gateway-1 --namespace test-gateway-1
# bash packages/grid/scripts/wait_for.sh service backend-stream --context k3d-test-gateway-1 --namespace test-gateway-1
# bash packages/grid/scripts/wait_for.sh service headscale --context k3d-test-gateway-1 --namespace test-gateway-1

# wait for test domain 1
bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-domain-1 --namespace test-domain-1
bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-domain-1 --namespace test-domain-1
bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-1 --namespace test-domain-1
# bash packages/grid/scripts/wait_for.sh service frontend --context k3d-test-domain-1 --namespace test-domain-1
# bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-1 --namespace test-domain-1
# bash packages/grid/scripts/wait_for.sh service queue --context k3d-test-domain-1 --namespace test-domain-1
# bash packages/grid/scripts/wait_for.sh service redis --context k3d-test-domain-1 --namespace test-domain-1
bash packages/grid/scripts/wait_for.sh service mongo --context k3d-test-domain-1 --namespace test-domain-1
bash packages/grid/scripts/wait_for.sh service backend --context k3d-test-domain-1 --namespace test-domain-1
bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-1 --namespace test-domain-1
# bash packages/grid/scripts/wait_for.sh service backend-stream --context k3d-test-domain-1 --namespace test-domain-1
# bash packages/grid/scripts/wait_for.sh service seaweedfs --context k3d-test-domain-1 --namespace test-domain-1

# wait for test domain 2
# bash packages/grid/scripts/wait_for.sh service frontend --context k3d-test-domain-2 --namespace test-domain-2
# bash packages/grid/scripts/wait_for.sh service proxy --context k3d-test-domain-2 --namespace test-domain-2
# bash packages/grid/scripts/wait_for.sh service queue --context k3d-test-domain-2 --namespace test-domain-2
Expand All @@ -732,9 +731,13 @@ commands =
# pytest tests/integration -m frontend -p no:randomly --co
# bash -c "CONTAINER_HOST=$CONTAINER_HOST pytest tests/integration -m frontend -vvvv -p no:randomly -p no:benchmark -o log_cli=True --capture=no"

# Checking logs generated & startup of test-domain 1
bash -c '(kubectl logs service/backend --context k3d-test-domain-1 --namespace test-domain-1 -f &) | grep -q "Application startup complete" || true'
# Checking logs generated & startup of test-gateway-1
bash -c '(kubectl logs service/backend --context k3d-test-gateway-1 --namespace test-gateway-1 -f &) | grep -q "Application startup complete" || true'

; frontend

# frontend
bash -c 'if [[ "$PYTEST_MODULES" == *"frontend"* ]]; then \
echo "Starting frontend"; date; \
pytest tests/integration -m frontend -p no:randomly -k "test_serves_domain_frontend" --co; \
Expand All @@ -744,19 +747,26 @@ commands =
exit $return; \
fi'

; ignore 06 because of opendp on arm64

# ignore 06 because of opendp on arm64
# Run 0.8 notebooks
pytest --nbmake notebooks/api/0.8 -p no:randomly -vvvv -k 'not 06'

; bash -c "k3d cluster delete test-gateway-1 || true"
#Integration + Gateway Connection Tests
pytest tests/integration/network -p no:randomly -vvvv

# deleting clusters created
bash -c "k3d cluster delete test-gateway-1 || true"
bash -c "k3d cluster delete test-domain-1 || true"
; bash -c "k3d cluster delete test-domain-2 || true"
# bash -c "k3d cluster delete test-domain-2 || true"
bash -c "k3d registry delete k3d-registry.localhost || true"
bash -c "docker rm $(docker ps -aq) --force || true"
# bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
bash -c "docker volume rm k3d-test-gateway-1-images --force || true"
bash -c "docker volume rm k3d-test-domain-1-images --force || true"
# bash -c "docker volume rm k3d-test-domain-2-images --force || true"



[testenv:syft.build.helm]
description = Build Helm Chart for Kubernetes
deps =
Expand Down
Loading