✨ Allow connection to multiple dask-gateways (ITISFoundation#2652)

Author: sanderegg

.codecov.yml

@@ -1,6 +1,6 @@
 codecov:
-    require_ci_to_pass: yes
-    branch: master
+  require_ci_to_pass: true
+  branch: master
 
 coverage:
   precision: 1
@@ -32,7 +32,6 @@ coverage:
         paths:
           - services
 
-
     patch:
       default:
         informational: true
@@ -53,4 +52,4 @@ parsers:
 comment:
   layout: "reach,diff,flags,tree"
   behavior: default
-  require_changes: no
+  require_changes: false

.vscode/launch.template.json

@@ -5,6 +5,23 @@
   // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
   "version": "0.2.0",
   "configurations": [
+    {
+      "name": "Python: Run Test",
+      "type": "python",
+      "request": "launch",
+      "module": "pytest",
+      "args": [
+        "-sx",
+        "--log-cli-level=INFO",
+        "--ff",
+        "--keep-docker-up",
+        "--setup-show",
+        "${file}"
+      ],
+      "cwd": "${workspaceFolder}",
+      "console": "integratedTerminal",
+      "justMyCode": false
+    },
     {
       "name": "Python: Remote Attach api-server",
       "type": "python",

Makefile

@@ -512,6 +512,7 @@ info: ## displays setup information
 	@echo ' python        : $(shell python3 --version)'
 	@echo ' node          : $(shell node --version 2> /dev/null || echo ERROR nodejs missing)'
 	@echo ' docker        : $(shell docker --version)'
+	@echo ' docker buildx : $(shell docker buildx version)'
 	@echo ' docker-compose: $(shell docker-compose --version)'
 
 

api/specs/webserver/components/schemas/cluster.yaml

@@ -211,6 +211,10 @@ JupyterHubTokenAuthentication:
       type: string
       enum: [jupyterhub]
       default: jupyterhub
+    api_token:
+      type: string
+  required:
+    - api_token
   additionalProperties: false
 
 ClusterAccessRights:

packages/models-library/src/models_library/clusters.py

@@ -0,0 +1,180 @@
+from typing import Any, Dict, Literal, Optional, Union
+
+from pydantic import AnyUrl, BaseModel, Extra, Field, HttpUrl, validator
+from pydantic.types import NonNegativeInt
+from simcore_postgres_database.models.clusters import ClusterType
+
+from .users import GroupID
+
+
+class ClusterAccessRights(BaseModel):
+    read: bool = Field(..., description="allows to run pipelines on that cluster")
+    write: bool = Field(..., description="allows to modify the cluster")
+    delete: bool = Field(..., description="allows to delete a cluster")
+
+    class Config:
+        extra = Extra.forbid
+
+
+CLUSTER_ADMIN_RIGHTS = ClusterAccessRights(read=True, write=True, delete=True)
+CLUSTER_MANAGER_RIGHTS = ClusterAccessRights(read=True, write=True, delete=False)
+CLUSTER_USER_RIGHTS = ClusterAccessRights(read=True, write=False, delete=False)
+CLUSTER_NO_RIGHTS = ClusterAccessRights(read=False, write=False, delete=False)
+
+
+class BaseAuthentication(BaseModel):
+    type: str
+
+    class Config:
+        extra = Extra.forbid
+
+
+class SimpleAuthentication(BaseAuthentication):
+    type: Literal["simple"] = "simple"
+    username: str
+    password: str
+
+    class Config(BaseAuthentication.Config):
+        schema_extra = {
+            "examples": [
+                {
+                    "type": "simple",
+                    "username": "someuser",
+                    "password": "somepassword",
+                },
+            ]
+        }
+
+
+class KerberosAuthentication(BaseAuthentication):
+    type: Literal["kerberos"] = "kerberos"
+    # NOTE: the entries here still need to be defined
+    class Config(BaseAuthentication.Config):
+        schema_extra = {
+            "examples": [
+                {
+                    "type": "kerberos",
+                },
+            ]
+        }
+
+
+class JupyterHubTokenAuthentication(BaseAuthentication):
+    type: Literal["jupyterhub"] = "jupyterhub"
+    api_token: str
+
+    class Config(BaseAuthentication.Config):
+        schema_extra = {
+            "examples": [
+                {"type": "jupyterhub", "api_token": "some_jupyterhub_token"},
+            ]
+        }
+
+
+class NoAuthentication(BaseAuthentication):
+    type: Literal["none"] = "none"
+
+
+InternalClusterAuthentication = NoAuthentication
+ExternalClusterAuthentication = Union[
+    SimpleAuthentication, KerberosAuthentication, JupyterHubTokenAuthentication
+]
+ClusterAuthentication = Union[
+    ExternalClusterAuthentication,
+    InternalClusterAuthentication,
+]
+
+
+class BaseCluster(BaseModel):
+    name: str = Field(..., description="The human readable name of the cluster")
+    description: Optional[str] = None
+    type: ClusterType
+    owner: GroupID
+    thumbnail: Optional[HttpUrl] = Field(
+        None,
+        description="url to the image describing this cluster",
+        examples=["https://placeimg.com/171/96/tech/grayscale/?0.jpg"],
+    )
+    endpoint: AnyUrl
+    authentication: ClusterAuthentication = Field(
+        ..., description="Dask gateway authentication"
+    )
+    access_rights: Dict[GroupID, ClusterAccessRights] = Field(default_factory=dict)
+
+    class Config:
+        extra = Extra.forbid
+        use_enum_values = True
+
+    def to_clusters_db(self, only_update: bool) -> Dict[str, Any]:
+        db_model = self.dict(
+            by_alias=True,
+            exclude={"id", "access_rights"},
+            exclude_unset=only_update,
+            exclude_none=only_update,
+        )
+        return db_model
+
+
+class Cluster(BaseCluster):
+    id: NonNegativeInt = Field(..., description="The cluster ID")
+
+    class Config(BaseCluster.Config):
+        schema_extra = {
+            "examples": [
+                {
+                    "id": 432,
+                    "name": "My awesome cluster",
+                    "type": ClusterType.ON_PREMISE,
+                    "owner": 12,
+                    "endpoint": "https://registry.osparc-development.fake.dev",
+                    "authentication": {
+                        "type": "simple",
+                        "username": "someuser",
+                        "password": "somepassword",
+                    },
+                },
+                {
+                    "id": 432546,
+                    "name": "My AWS cluster",
+                    "description": "a AWS cluster administered by me",
+                    "type": ClusterType.AWS,
+                    "owner": 154,
+                    "endpoint": "https://registry.osparc-development.fake.dev",
+                    "authentication": {"type": "kerberos"},
+                    "access_rights": {
+                        154: CLUSTER_ADMIN_RIGHTS,
+                        12: CLUSTER_MANAGER_RIGHTS,
+                        7899: CLUSTER_USER_RIGHTS,
+                    },
+                },
+                {
+                    "id": 325436,
+                    "name": "My AWS cluster",
+                    "description": "a AWS cluster administered by me",
+                    "type": ClusterType.AWS,
+                    "owner": 2321,
+                    "endpoint": "https://registry.osparc-development.fake2.dev",
+                    "authentication": {
+                        "type": "jupyterhub",
+                        "api_token": "some_fake_token",
+                    },
+                    "access_rights": {
+                        154: CLUSTER_ADMIN_RIGHTS,
+                        12: CLUSTER_MANAGER_RIGHTS,
+                        7899: CLUSTER_USER_RIGHTS,
+                    },
+                },
+            ]
+        }
+
+    @validator("access_rights", always=True, pre=True)
+    @classmethod
+    def check_owner_has_access_rights(cls, v, values):
+        owner_gid = values["owner"]
+        # check owner is in the access rights, if not add it
+        if owner_gid not in v:
+            v[owner_gid] = CLUSTER_ADMIN_RIGHTS
+        # check owner has full access
+        if v[owner_gid] != CLUSTER_ADMIN_RIGHTS:
+            raise ValueError("the cluster owner access rights are incorrectly set")
+        return v

packages/models-library/tests/test_clusters.py

@@ -0,0 +1,72 @@
+from contextlib import suppress
+from typing import Any, Dict, Type
+
+import pytest
+from models_library.clusters import (
+    CLUSTER_ADMIN_RIGHTS,
+    CLUSTER_MANAGER_RIGHTS,
+    CLUSTER_USER_RIGHTS,
+    Cluster,
+)
+from pydantic import BaseModel, ValidationError
+
+
+@pytest.mark.parametrize(
+    "model_cls",
+    (Cluster,),
+)
+def test_cluster_access_rights_correctly_created_when_owner_access_rights_not_present(
+    model_cls: Type[BaseModel], model_cls_examples: Dict[str, Dict[str, Any]]
+):
+    for example in model_cls_examples.values():
+        owner_gid = example["owner"]
+        # remove the owner from the access rights if any
+        example.get("access_rights", {}).pop(owner_gid, None)
+
+        instance = model_cls(**example)
+        assert instance.access_rights[owner_gid] == CLUSTER_ADMIN_RIGHTS  # type: ignore
+
+
+@pytest.mark.parametrize(
+    "model_cls",
+    (Cluster,),
+)
+def test_cluster_fails_when_owner_has_no_admin_rights(
+    model_cls: Type[BaseModel], model_cls_examples: Dict[str, Dict[str, Any]]
+):
+    for example in model_cls_examples.values():
+        owner_gid = example["owner"]
+        # ensure there are access rights
+        example.setdefault("access_rights", {})
+        # set the owner with manager rights
+        example["access_rights"][owner_gid] = CLUSTER_MANAGER_RIGHTS
+        with pytest.raises(ValidationError):
+            model_cls(**example)
+
+        # set the owner with user rights
+        example["access_rights"][owner_gid] = CLUSTER_USER_RIGHTS
+        with pytest.raises(ValidationError):
+            model_cls(**example)
+
+
+@pytest.mark.parametrize(
+    "model_cls",
+    (Cluster,),
+)
+def test_export_clusters_to_db(
+    model_cls: Type[BaseModel], model_cls_examples: Dict[str, Dict[str, Any]]
+):
+    for example in model_cls_examples.values():
+        owner_gid = example["owner"]
+        # remove the owner from the access rights if any
+        with suppress(KeyError):
+            example.get("access_rights", {}).pop(owner_gid)
+        instance = model_cls(**example)
+
+        # for inserts
+        cluster_db_dict = instance.to_clusters_db(only_update=True)  # type: ignore
+        keys_not_in_db = ["id", "access_rights"]
+
+        assert list(cluster_db_dict.keys()) == [
+            x for x in example if x not in keys_not_in_db
+        ]

packages/models-library/tests/test_utils_misc.py

@@ -13,6 +13,7 @@
 import pytest
 from models_library.utils.misc import extract_examples
 from pydantic import BaseModel
+from pydantic.json import pydantic_encoder
 
 NameClassPair = Tuple[str, Type[BaseModel]]
 
@@ -48,6 +49,6 @@ def test_extract_examples(class_name, model_cls):
     # check if correct examples
     for example in examples:
         print(class_name)
-        print(json.dumps(example, indent=2))
+        print(json.dumps(example, default=pydantic_encoder, indent=2))
         model_instance = model_cls.parse_obj(example)
         assert isinstance(model_instance, model_cls)

services/dask-sidecar/Dockerfile

@@ -125,10 +125,10 @@ COPY --chown=scu:scu services/dask-sidecar/docker services/dask-sidecar/docker
 # make sure dask worker is started as ``dask-worker --dashboard-address 8787``.
 # Otherwise the worker will take random ports to serve the /health entrypoint.
 HEALTHCHECK \
-  --interval=30s \
-  --timeout=15s \
+  --interval=10s \
+  --timeout=5s \
   --start-period=5s \
-  --retries=3 \
+  --retries=5 \
   CMD ["curl", "-Lf", "http://127.0.0.1:8787/health"]
 
 ENTRYPOINT [ "/bin/sh", "services/dask-sidecar/docker/entrypoint.sh" ]