mirror of
https://gitea.publichub.eu/oscar.krause/fastapi-dls.git
synced 2026-04-08 16:45:48 +03:00
Compare commits
26 Commits
1.x
...
fda73a95d3
| Author | SHA1 | Date | |
|---|---|---|---|
|
fda73a95d3 | ||
|
|
3f6ff0b178 | ||
|
|
c9068ad034 | ||
|
|
c98aa76d5e | ||
|
|
c31aedb28d | ||
|
|
b12eb87077 | ||
|
|
3415b2b9ec | ||
|
|
6edc88662d | ||
|
|
bac32a77c8 | ||
|
|
f851370db4 | ||
|
|
10428820f8 | ||
|
|
9dc3643fdd | ||
|
|
ea612bf2e7 | ||
|
|
3c1a1d89a4 | ||
|
|
27b131a789 | ||
|
|
a8e14c0ed0 | ||
|
|
b0fe646b03 | ||
|
|
38ae14f6cf | ||
|
|
e967bda446 | ||
|
|
cf6fc9a4ce | ||
|
|
5a98df563a | ||
|
|
50a9d70b77 | ||
|
|
cca169881c | ||
|
|
426da28382 | ||
|
|
d249ef34bc | ||
|
|
e94db9c33b |
@@ -41,10 +41,11 @@ build:apt:
|
||||
interruptible: true
|
||||
stage: build
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
- if: $CI_COMMIT_TAG
|
||||
variables:
|
||||
VERSION: $CI_COMMIT_REF_NAME
|
||||
- if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
|
||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||
changes:
|
||||
- app/**/*
|
||||
- .DEBIAN/**/*
|
||||
@@ -91,7 +92,7 @@ build:pacman:
|
||||
- if: $CI_COMMIT_TAG
|
||||
variables:
|
||||
VERSION: $CI_COMMIT_REF_NAME
|
||||
- if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
|
||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||
changes:
|
||||
- app/**/*
|
||||
- .PKGBUILD/**/*
|
||||
@@ -120,12 +121,13 @@ build:pacman:
|
||||
paths:
|
||||
- "*.pkg.tar.zst"
|
||||
|
||||
test:python:
|
||||
image: $IMAGE
|
||||
test:
|
||||
image: python:3.12-slim-bookworm
|
||||
stage: test
|
||||
interruptible: true
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
- if: $CI_COMMIT_TAG
|
||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||
changes:
|
||||
@@ -135,20 +137,17 @@ test:python:
|
||||
DATABASE: sqlite:///../app/db.sqlite
|
||||
parallel:
|
||||
matrix:
|
||||
- IMAGE:
|
||||
# https://devguide.python.org/versions/#supported-versions
|
||||
# - python:3.14-rc-alpine # EOL 2030-10 => uvicorn does not support 3.14 yet
|
||||
- python:3.13-alpine # EOL 2029-10
|
||||
- python:3.12-alpine # EOL 2028-10
|
||||
- python:3.11-alpine # EOL 2027-10
|
||||
# - python:3.10-alpine # EOL 2026-10 => ImportError: cannot import name 'UTC' from 'datetime'
|
||||
# - python:3.9-alpine # EOL 2025-10 => ImportError: cannot import name 'UTC' from 'datetime'
|
||||
- REQUIREMENTS:
|
||||
- 'requirements.txt'
|
||||
# - '.DEBIAN/requirements-bookworm-12.txt'
|
||||
# - '.DEBIAN/requirements-ubuntu-24.04.txt'
|
||||
# - '.DEBIAN/requirements-ubuntu-24.10.txt'
|
||||
before_script:
|
||||
- apk --no-cache add openssl
|
||||
- apt-get update && apt-get install -y python3-dev python3-pip python3-venv gcc
|
||||
- python3 -m venv venv
|
||||
- source venv/bin/activate
|
||||
- pip install --upgrade pip
|
||||
- pip install -r requirements.txt
|
||||
- pip install -r $REQUIREMENTS
|
||||
- pip install pytest pytest-cov pytest-custom_exit_code httpx
|
||||
- mkdir -p app/cert
|
||||
- openssl genrsa -out app/cert/instance.private.pem 2048
|
||||
@@ -158,10 +157,10 @@ test:python:
|
||||
- python -m pytest main.py --junitxml=report.xml
|
||||
artifacts:
|
||||
reports:
|
||||
dotenv: version.env
|
||||
junit: ['**/report.xml']
|
||||
|
||||
test:apt:
|
||||
image: $IMAGE
|
||||
.test:apt:
|
||||
stage: test
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
@@ -169,15 +168,7 @@ test:apt:
|
||||
changes:
|
||||
- app/**/*
|
||||
- .DEBIAN/**/*
|
||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||
parallel:
|
||||
matrix:
|
||||
- IMAGE:
|
||||
- debian:trixie-slim # EOL: t.b.a.
|
||||
- debian:bookworm-slim # EOL: June 06, 2026
|
||||
- debian:bookworm-slim # EOL: June 06, 2026
|
||||
- ubuntu:24.04 # EOL: April 2036
|
||||
- ubuntu:24.10
|
||||
- .gitlab-ci.yml
|
||||
needs:
|
||||
- job: build:apt
|
||||
artifacts: true
|
||||
@@ -209,6 +200,16 @@ test:apt:
|
||||
- apt-get purge -qq -y fastapi-dls
|
||||
- apt-get autoremove -qq -y && apt-get clean -qq
|
||||
|
||||
test:apt:
|
||||
extends: .test:apt
|
||||
image: $IMAGE
|
||||
parallel:
|
||||
matrix:
|
||||
- IMAGE:
|
||||
- debian:bookworm-slim # EOL: June 06, 2026
|
||||
- ubuntu:24.04 # EOL: April 2036
|
||||
- ubuntu:24.10
|
||||
|
||||
test:pacman:archlinux:
|
||||
image: archlinux:base
|
||||
rules:
|
||||
@@ -292,12 +293,15 @@ gemnasium-python-dependency_scanning:
|
||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
|
||||
.deploy:
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
|
||||
deploy:docker:
|
||||
extends: .deploy
|
||||
image: docker:dind
|
||||
stage: deploy
|
||||
tags: [ docker ]
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
before_script:
|
||||
- echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME"
|
||||
- docker buildx inspect
|
||||
@@ -316,10 +320,9 @@ deploy:docker:
|
||||
|
||||
deploy:apt:
|
||||
# doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
|
||||
extends: .deploy
|
||||
image: debian:bookworm-slim
|
||||
stage: deploy
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
needs:
|
||||
- job: build:apt
|
||||
artifacts: true
|
||||
@@ -356,10 +359,9 @@ deploy:apt:
|
||||
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
|
||||
|
||||
deploy:pacman:
|
||||
extends: .deploy
|
||||
image: archlinux:base-devel
|
||||
stage: deploy
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
needs:
|
||||
- job: build:pacman
|
||||
artifacts: true
|
||||
@@ -380,7 +382,7 @@ deploy:pacman:
|
||||
release:
|
||||
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
||||
stage: .post
|
||||
needs: [ deploy:docker, deploy:apt, deploy:pacman ]
|
||||
needs: [ test ]
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
script:
|
||||
|
||||
16
README.md
16
README.md
@@ -795,13 +795,13 @@ Thanks to vGPU community and all who uses this project and report bugs.
|
||||
|
||||
Special thanks to:
|
||||
|
||||
- `samicrusader` who created build file for **ArchLinux**
|
||||
- `cyrus` who wrote the section for **openSUSE**
|
||||
- `midi` who wrote the section for **unRAID**
|
||||
- `polloloco` who wrote the *[NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox)*
|
||||
- `DualCoder` who creates the `vgpu_unlock` functionality [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock)
|
||||
- `Krutav Shah` who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
|
||||
- `Wim van 't Hoog` for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
|
||||
- `mrzenc` who wrote [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos)
|
||||
- @samicrusader who created build file for **ArchLinux**
|
||||
- @cyrus who wrote the section for **openSUSE**
|
||||
- @midi who wrote the section for **unRAID**
|
||||
- @polloloco who wrote the *[NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox)*
|
||||
- @DualCoder who creates the `vgpu_unlock` functionality [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock)
|
||||
- Krutav Shah who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
|
||||
- Wim van 't Hoog for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
|
||||
- @mrzenc who wrote [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos)
|
||||
|
||||
And thanks to all people who contributed to all these libraries!
|
||||
|
||||
336
app/main.py
336
app/main.py
@@ -6,7 +6,8 @@ from datetime import datetime, timedelta, UTC
|
||||
from hashlib import sha256
|
||||
from json import loads as json_loads
|
||||
from os import getenv as env
|
||||
from os.path import join, dirname
|
||||
from os.path import join, dirname, isfile
|
||||
from random import randbytes
|
||||
from uuid import uuid4
|
||||
|
||||
from dateutil.relativedelta import relativedelta
|
||||
@@ -21,7 +22,7 @@ from starlette.middleware.cors import CORSMiddleware
|
||||
from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse
|
||||
|
||||
from orm import Origin, Lease, init as db_init, migrate
|
||||
from util import PrivateKey, PublicKey, load_file
|
||||
from util import PrivateKey, PublicKey, load_file, Cert
|
||||
|
||||
# Load variables
|
||||
load_dotenv('../version.env')
|
||||
@@ -50,6 +51,7 @@ LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
|
||||
LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||
CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
|
||||
CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
|
||||
DT_FORMAT = '%Y-%m-%dT%H:%M:%S.%fZ'
|
||||
|
||||
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.pem(), algorithm=ALGORITHMS.RS256)
|
||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.pem(), algorithm=ALGORITHMS.RS256)
|
||||
@@ -248,6 +250,7 @@ async def _client_token():
|
||||
"iat": timegm(cur_time.timetuple()),
|
||||
"nbf": timegm(cur_time.timetuple()),
|
||||
"exp": timegm(exp_time.timetuple()),
|
||||
"protocol_version": "2.0",
|
||||
"update_mode": "ABSOLUTE",
|
||||
"scope_ref_list": [ALLOTMENT_REF],
|
||||
"fulfillment_class_ref_list": [],
|
||||
@@ -298,14 +301,19 @@ async def auth_v1_origin(request: Request):
|
||||
|
||||
Origin.create_or_update(db, data)
|
||||
|
||||
environment = {
|
||||
'raw_env': j.get('environment')
|
||||
}
|
||||
environment.update(j.get('environment'))
|
||||
|
||||
response = {
|
||||
"origin_ref": origin_ref,
|
||||
"environment": j.get('environment'),
|
||||
"environment": environment,
|
||||
"svc_port_set_list": None,
|
||||
"node_url_list": None,
|
||||
"node_query_order": None,
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat()
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT)
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
@@ -331,7 +339,7 @@ async def auth_v1_origin_update(request: Request):
|
||||
response = {
|
||||
"environment": j.get('environment'),
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat()
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT)
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
@@ -362,8 +370,8 @@ async def auth_v1_code(request: Request):
|
||||
|
||||
response = {
|
||||
"auth_code": auth_code,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
@@ -396,27 +404,274 @@ async def auth_v1_token(request: Request):
|
||||
'iss': 'https://cls.nvidia.org',
|
||||
'aud': 'https://cls.nvidia.org',
|
||||
'exp': timegm(access_expires_on.timetuple()),
|
||||
'origin_ref': origin_ref,
|
||||
'key_ref': SITE_KEY_XID,
|
||||
'kid': SITE_KEY_XID,
|
||||
'origin_ref': origin_ref,
|
||||
}
|
||||
|
||||
auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256)
|
||||
|
||||
response = {
|
||||
"expires": access_expires_on.isoformat(),
|
||||
"auth_token": auth_token,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"expires": access_expires_on.strftime(DT_FORMAT),
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
|
||||
|
||||
# NLS 3.4.0 - venv/lib/python3.12/site-packages/nls_services_lease/test/test_lease_single_controller.py
|
||||
@app.post('/leasing/v1/config-token', description='request to get config token for lease operations')
|
||||
async def leasing_v1_config_token(request: Request):
|
||||
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
|
||||
|
||||
logger.debug(f'CALLED /leasing/v1/config-token')
|
||||
logger.debug(f'Headers: {request.headers}')
|
||||
logger.debug(f'Request: {j}')
|
||||
|
||||
# todo: THIS IS A DEMO ONLY
|
||||
|
||||
###
|
||||
#
|
||||
# https://git.collinwebdesigns.de/nvidia/nls/-/blob/main/src/test/test_config_token.py
|
||||
#
|
||||
###
|
||||
|
||||
root_private_key_filename = join(dirname(__file__), 'cert/my_demo_root_private_key.pem')
|
||||
root_certificate_filename = join(dirname(__file__), 'cert/my_demo_root_certificate.pem')
|
||||
ca_private_key_filename = join(dirname(__file__), 'cert/my_demo_ca_private_key.pem')
|
||||
ca_certificate_filename = join(dirname(__file__), 'cert/my_demo_ca_certificate.pem')
|
||||
si_private_key_filename = join(dirname(__file__), 'cert/my_demo_si_private_key.pem')
|
||||
si_certificate_filename = join(dirname(__file__), 'cert/my_demo_si_certificate.pem')
|
||||
|
||||
def init_config_token_demo():
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat._oid import NameOID
|
||||
from cryptography.hazmat.primitives import serialization, hashes
|
||||
from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key
|
||||
from cryptography.hazmat.primitives.serialization import Encoding
|
||||
|
||||
""" Create Root Key and Certificate """
|
||||
|
||||
# create root keypair
|
||||
my_root_private_key = generate_private_key(public_exponent=65537, key_size=4096)
|
||||
my_root_public_key = my_root_private_key.public_key()
|
||||
|
||||
# create root-certificate subject
|
||||
my_root_subject = x509.Name([
|
||||
x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
|
||||
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'California'),
|
||||
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Nvidia'),
|
||||
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Nvidia Licensing Service (NLS)'),
|
||||
x509.NameAttribute(NameOID.COMMON_NAME, u'NLS Root CA'),
|
||||
])
|
||||
|
||||
# create self-signed root-certificate
|
||||
my_root_certificate = (
|
||||
x509.CertificateBuilder()
|
||||
.subject_name(my_root_subject)
|
||||
.issuer_name(my_root_subject)
|
||||
.public_key(my_root_public_key)
|
||||
.serial_number(x509.random_serial_number())
|
||||
.not_valid_before(datetime.now(tz=UTC) - timedelta(days=1))
|
||||
.not_valid_after(datetime.now(tz=UTC) + timedelta(days=365 * 10))
|
||||
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
|
||||
.add_extension(x509.SubjectKeyIdentifier.from_public_key(my_root_public_key), critical=False)
|
||||
.sign(my_root_private_key, hashes.SHA256()))
|
||||
|
||||
my_root_private_key_as_pem = my_root_private_key.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||
encryption_algorithm=serialization.NoEncryption(),
|
||||
)
|
||||
|
||||
with open(root_private_key_filename, 'wb') as f:
|
||||
f.write(my_root_private_key_as_pem)
|
||||
|
||||
with open(root_certificate_filename, 'wb') as f:
|
||||
f.write(my_root_certificate.public_bytes(encoding=Encoding.PEM))
|
||||
|
||||
""" Create CA (Intermediate) Key and Certificate """
|
||||
|
||||
# create ca keypair
|
||||
my_ca_private_key = generate_private_key(public_exponent=65537, key_size=4096)
|
||||
my_ca_public_key = my_ca_private_key.public_key()
|
||||
|
||||
# create ca-certificate subject
|
||||
my_ca_subject = x509.Name([
|
||||
x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
|
||||
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'California'),
|
||||
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Nvidia'),
|
||||
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Nvidia Licensing Service (NLS)'),
|
||||
x509.NameAttribute(NameOID.COMMON_NAME, u'NLS Intermediate CA'),
|
||||
])
|
||||
|
||||
# create self-signed ca-certificate
|
||||
my_ca_certificate = (
|
||||
x509.CertificateBuilder()
|
||||
.subject_name(my_ca_subject)
|
||||
.issuer_name(my_root_subject)
|
||||
.public_key(my_ca_public_key)
|
||||
.serial_number(x509.random_serial_number())
|
||||
.not_valid_before(datetime.now(tz=UTC) - timedelta(days=1))
|
||||
.not_valid_after(datetime.now(tz=UTC) + timedelta(days=365 * 10))
|
||||
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
|
||||
.add_extension(x509.KeyUsage(digital_signature=False, key_encipherment=False, key_cert_sign=True,
|
||||
key_agreement=False, content_commitment=False, data_encipherment=False,
|
||||
crl_sign=True, encipher_only=False, decipher_only=False), critical=True)
|
||||
.add_extension(x509.SubjectKeyIdentifier.from_public_key(my_ca_public_key), critical=False)
|
||||
# .add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(my_root_public_key), critical=False)
|
||||
.add_extension(x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
|
||||
my_root_certificate.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
|
||||
), critical=False)
|
||||
.sign(my_root_private_key, hashes.SHA256()))
|
||||
|
||||
my_ca_private_key_as_pem = my_ca_private_key.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||
encryption_algorithm=serialization.NoEncryption(),
|
||||
)
|
||||
|
||||
with open(ca_private_key_filename, 'wb') as f:
|
||||
f.write(my_ca_private_key_as_pem)
|
||||
|
||||
with open(ca_certificate_filename, 'wb') as f:
|
||||
f.write(my_ca_certificate.public_bytes(encoding=Encoding.PEM))
|
||||
|
||||
""" Create Service-Instance Key and Certificate """
|
||||
|
||||
# create si keypair
|
||||
my_si_private_key = generate_private_key(public_exponent=65537, key_size=2048)
|
||||
my_si_public_key = my_si_private_key.public_key()
|
||||
|
||||
my_si_private_key_as_pem = my_si_private_key.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||
encryption_algorithm=serialization.NoEncryption(),
|
||||
)
|
||||
my_si_public_key_as_pem = my_si_public_key.public_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PublicFormat.SubjectPublicKeyInfo,
|
||||
)
|
||||
|
||||
with open(si_private_key_filename, 'wb') as f:
|
||||
f.write(my_si_private_key_as_pem)
|
||||
|
||||
# with open('instance.public.pem', 'wb') as f:
|
||||
# f.write(my_si_public_key_as_pem)
|
||||
|
||||
# create si-certificate subject
|
||||
my_si_subject = x509.Name([
|
||||
# x509.NameAttribute(NameOID.COMMON_NAME, INSTANCE_REF),
|
||||
x509.NameAttribute(NameOID.COMMON_NAME, j.get('service_instance_ref')),
|
||||
])
|
||||
|
||||
# create self-signed si-certificate
|
||||
my_si_certificate = (
|
||||
x509.CertificateBuilder()
|
||||
.subject_name(my_si_subject)
|
||||
.issuer_name(my_ca_subject)
|
||||
.public_key(my_si_public_key)
|
||||
.serial_number(x509.random_serial_number())
|
||||
.not_valid_before(datetime.now(tz=UTC) - timedelta(days=1))
|
||||
.not_valid_after(datetime.now(tz=UTC) + timedelta(days=365 * 10))
|
||||
.add_extension(x509.KeyUsage(digital_signature=True, key_encipherment=True, key_cert_sign=False,
|
||||
key_agreement=True, content_commitment=False, data_encipherment=False,
|
||||
crl_sign=False, encipher_only=False, decipher_only=False), critical=True)
|
||||
.add_extension(x509.ExtendedKeyUsage([
|
||||
x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
|
||||
x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH]
|
||||
), critical=False)
|
||||
.add_extension(x509.SubjectKeyIdentifier.from_public_key(my_si_public_key), critical=False)
|
||||
# .add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(my_ca_public_key), critical=False)
|
||||
.add_extension(x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
|
||||
my_ca_certificate.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
|
||||
), critical=False)
|
||||
.add_extension(x509.SubjectAlternativeName([
|
||||
# x509.DNSName(INSTANCE_REF)
|
||||
x509.DNSName(j.get('service_instance_ref'))
|
||||
]), critical=False)
|
||||
.sign(my_ca_private_key, hashes.SHA256()))
|
||||
|
||||
my_si_public_key_exp = my_si_certificate.public_key().public_numbers().e
|
||||
my_si_public_key_mod = f'{my_si_certificate.public_key().public_numbers().n:x}' # hex value without "0x" prefix
|
||||
|
||||
with open(si_certificate_filename, 'wb') as f:
|
||||
f.write(my_si_certificate.public_bytes(encoding=Encoding.PEM))
|
||||
|
||||
if not (isfile(root_private_key_filename)
|
||||
and isfile(ca_private_key_filename)
|
||||
and isfile(ca_certificate_filename)
|
||||
and isfile(si_private_key_filename)
|
||||
and isfile(si_certificate_filename)):
|
||||
init_config_token_demo()
|
||||
|
||||
my_ca_certificate = Cert.from_file(ca_certificate_filename)
|
||||
my_si_certificate = Cert.from_file(si_certificate_filename)
|
||||
my_si_private_key = PrivateKey.from_file(si_private_key_filename)
|
||||
my_si_private_key_as_pem = my_si_private_key.pem()
|
||||
my_si_public_key = my_si_private_key.public_key().raw()
|
||||
my_si_public_key_as_pem = my_si_private_key.public_key().pem()
|
||||
|
||||
""" build out payload """
|
||||
|
||||
cur_time = datetime.now(UTC)
|
||||
exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
|
||||
|
||||
payload = {
|
||||
"iss": "NLS Service Instance",
|
||||
"aud": "NLS Licensed Client",
|
||||
"iat": timegm(cur_time.timetuple()),
|
||||
"nbf": timegm(cur_time.timetuple()),
|
||||
"exp": timegm(exp_time.timetuple()),
|
||||
"protocol_version": "2.0",
|
||||
"d_name": "DLS",
|
||||
"service_instance_ref": j.get('service_instance_ref'),
|
||||
"service_instance_public_key_configuration": {
|
||||
"service_instance_public_key_me": {
|
||||
"mod": hex(my_si_public_key.public_numbers().n)[2:],
|
||||
"exp": int(my_si_public_key.public_numbers().e),
|
||||
},
|
||||
# 64 chars per line (pem default)
|
||||
"service_instance_public_key_pem": my_si_public_key_as_pem.decode('utf-8').strip(),
|
||||
"key_retention_mode": "LATEST_ONLY"
|
||||
},
|
||||
}
|
||||
|
||||
my_jwt_encode_key = jwk.construct(my_si_private_key_as_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
config_token = jws.sign(payload, key=my_jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||
|
||||
response_ca_chain = my_ca_certificate.pem().decode('utf-8')
|
||||
response_si_certificate = my_si_certificate.pem().decode('utf-8')
|
||||
|
||||
response = {
|
||||
"certificateConfiguration": {
|
||||
# 76 chars per line
|
||||
"caChain": [response_ca_chain],
|
||||
# 76 chars per line
|
||||
"publicCert": response_si_certificate,
|
||||
"publicKey": {
|
||||
"exp": int(my_si_certificate.raw().public_key().public_numbers().e),
|
||||
"mod": [hex(my_si_certificate.raw().public_key().public_numbers().n)[2:]],
|
||||
},
|
||||
},
|
||||
"configToken": config_token,
|
||||
}
|
||||
|
||||
logging.debug(response)
|
||||
|
||||
return JSONr(response, status_code=200)
|
||||
|
||||
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||
@app.post('/leasing/v1/lessor', description='request multiple leases (borrow) for current origin')
|
||||
async def leasing_v1_lessor(request: Request):
|
||||
j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.now(UTC)
|
||||
|
||||
logger.debug(j)
|
||||
logger.debug(request.headers)
|
||||
|
||||
try:
|
||||
token = __get_token(request)
|
||||
except JWTError:
|
||||
@@ -427,6 +682,7 @@ async def leasing_v1_lessor(request: Request):
|
||||
logger.info(f'> [ create ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
|
||||
|
||||
lease_result_list = []
|
||||
# todo: for lease_proposal in lease_proposal_list
|
||||
for scope_ref in scope_ref_list:
|
||||
# if scope_ref not in [ALLOTMENT_REF]:
|
||||
# return JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]')
|
||||
@@ -434,29 +690,38 @@ async def leasing_v1_lessor(request: Request):
|
||||
lease_ref = str(uuid4())
|
||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||
lease_result_list.append({
|
||||
"ordinal": 0,
|
||||
"error": None,
|
||||
# https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html
|
||||
"lease": {
|
||||
"ref": lease_ref,
|
||||
"created": cur_time.isoformat(),
|
||||
"expires": expires.isoformat(),
|
||||
"created": cur_time.strftime(DT_FORMAT),
|
||||
"expires": expires.strftime(DT_FORMAT),
|
||||
"feature_name": "GRID-Virtual-WS", # todo
|
||||
"lease_intent_id": None,
|
||||
"license_type": "CONCURRENT_COUNTED_SINGLE",
|
||||
"metadata": None,
|
||||
"offline_lease": False, # todo
|
||||
"product_name": "NVIDIA RTX Virtual Workstation", # todo
|
||||
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||
"offline_lease": "true",
|
||||
"license_type": "CONCURRENT_COUNTED_SINGLE"
|
||||
}
|
||||
"ref": lease_ref,
|
||||
},
|
||||
"ordinal": None,
|
||||
})
|
||||
|
||||
data = Lease(origin_ref=origin_ref, lease_ref=lease_ref, lease_created=cur_time, lease_expires=expires)
|
||||
Lease.create_or_update(db, data)
|
||||
|
||||
response = {
|
||||
"client_challenge": j.get('client_challenge'),
|
||||
"lease_result_list": lease_result_list,
|
||||
"result_code": "SUCCESS",
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
"prompts": None,
|
||||
"result_code": None,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
logger.debug(response)
|
||||
|
||||
signature = f'b\'{randbytes(256).hex()}\''
|
||||
return JSONr(response, headers={'access-control-expose-headers': 'X-NLS-Signature', 'X-NLS-Signature': signature})
|
||||
|
||||
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||
@@ -472,8 +737,8 @@ async def leasing_v1_lessor_lease(request: Request):
|
||||
|
||||
response = {
|
||||
"active_lease_list": active_lease_list,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
@@ -483,7 +748,7 @@ async def leasing_v1_lessor_lease(request: Request):
|
||||
# venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
|
||||
@app.put('/leasing/v1/lease/{lease_ref}', description='renew a lease')
|
||||
async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
||||
token, cur_time = __get_token(request), datetime.now(UTC)
|
||||
j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.now(UTC)
|
||||
|
||||
origin_ref = token.get('origin_ref')
|
||||
logger.info(f'> [ renew ]: {origin_ref}: renew {lease_ref}')
|
||||
@@ -494,17 +759,21 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
||||
|
||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||
response = {
|
||||
"client_challenge": j.get('client_challenge'),
|
||||
"expires": expires.strftime(DT_FORMAT),
|
||||
"feature_expired": False,
|
||||
"lease_ref": lease_ref,
|
||||
"expires": expires.isoformat(),
|
||||
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||
"metadata": None,
|
||||
"offline_lease": True,
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
Lease.renew(db, entity, expires, cur_time)
|
||||
|
||||
return JSONr(response)
|
||||
signature = f'b\'{randbytes(256).hex()}\''
|
||||
return JSONr(response, headers={'access-control-expose-headers': 'X-NLS-Signature', 'X-NLS-Signature': signature})
|
||||
|
||||
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
|
||||
@@ -525,9 +794,10 @@ async def leasing_v1_lease_delete(request: Request, lease_ref: str):
|
||||
return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
|
||||
|
||||
response = {
|
||||
"client_challenge": None,
|
||||
"lease_ref": lease_ref,
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
@@ -547,8 +817,8 @@ async def leasing_v1_lessor_lease_remove(request: Request):
|
||||
response = {
|
||||
"released_lease_list": released_lease_list,
|
||||
"release_failure_list": None,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
@@ -569,8 +839,8 @@ async def leasing_v1_lessor_shutdown(request: Request):
|
||||
response = {
|
||||
"released_lease_list": released_lease_list,
|
||||
"release_failure_list": None,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.strftime(DT_FORMAT),
|
||||
}
|
||||
|
||||
return JSONr(response)
|
||||
|
||||
@@ -5,7 +5,7 @@ from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_
|
||||
from sqlalchemy.engine import Engine
|
||||
from sqlalchemy.orm import sessionmaker, declarative_base
|
||||
|
||||
from util import DriverMatrix
|
||||
from util import NV
|
||||
|
||||
Base = declarative_base()
|
||||
|
||||
@@ -25,7 +25,7 @@ class Origin(Base):
|
||||
return f'Origin(origin_ref={self.origin_ref}, hostname={self.hostname})'
|
||||
|
||||
def serialize(self) -> dict:
|
||||
_ = DriverMatrix().find(self.guest_driver_version)
|
||||
_ = NV().find(self.guest_driver_version)
|
||||
|
||||
return {
|
||||
'origin_ref': self.origin_ref,
|
||||
|
||||
71
app/util.py
71
app/util.py
@@ -1,21 +1,13 @@
|
||||
import logging
|
||||
from json import load as json_load
|
||||
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey, generate_private_key
|
||||
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
|
||||
from cryptography.x509 import load_pem_x509_certificate, Certificate
|
||||
|
||||
logging.basicConfig()
|
||||
|
||||
|
||||
def load_file(filename: str) -> bytes:
|
||||
log = logging.getLogger(f'{__name__}')
|
||||
log.debug(f'Loading contents of file "{filename}')
|
||||
with open(filename, 'rb') as file:
|
||||
content = file.read()
|
||||
return content
|
||||
|
||||
|
||||
class PrivateKey:
|
||||
|
||||
def __init__(self, data: bytes):
|
||||
@@ -86,31 +78,62 @@ class PublicKey:
|
||||
)
|
||||
|
||||
|
||||
class DriverMatrix:
|
||||
class Cert:
|
||||
|
||||
def __init__(self, data: bytes):
|
||||
self.__cert = load_pem_x509_certificate(data)
|
||||
|
||||
@staticmethod
|
||||
def from_file(filename: str) -> "Cert":
|
||||
log = logging.getLogger(__name__)
|
||||
log.debug(f'Importing Certificate from "{filename}"')
|
||||
|
||||
with open(filename, 'rb') as f:
|
||||
data = f.read()
|
||||
|
||||
return Cert(data=data.strip())
|
||||
|
||||
def raw(self) -> Certificate:
|
||||
return self.__cert
|
||||
|
||||
def pem(self) -> bytes:
|
||||
return self.__cert.public_bytes(encoding=serialization.Encoding.PEM)
|
||||
|
||||
def signature(self) -> bytes:
|
||||
return self.__cert.signature
|
||||
|
||||
|
||||
def load_file(filename: str) -> bytes:
|
||||
log = logging.getLogger(f'{__name__}')
|
||||
log.debug(f'Loading contents of file "{filename}')
|
||||
with open(filename, 'rb') as file:
|
||||
content = file.read()
|
||||
return content
|
||||
|
||||
|
||||
class NV:
|
||||
__DRIVER_MATRIX_FILENAME = 'static/driver_matrix.json'
|
||||
__DRIVER_MATRIX: None | dict = None # https://docs.nvidia.com/grid/ => "Driver Versions"
|
||||
|
||||
def __init__(self):
|
||||
self.log = logging.getLogger(self.__class__.__name__)
|
||||
|
||||
if DriverMatrix.__DRIVER_MATRIX is None:
|
||||
self.__load()
|
||||
|
||||
def __load(self):
|
||||
try:
|
||||
file = open(DriverMatrix.__DRIVER_MATRIX_FILENAME)
|
||||
DriverMatrix.__DRIVER_MATRIX = json_load(file)
|
||||
file.close()
|
||||
self.log.debug(f'Successfully loaded "{DriverMatrix.__DRIVER_MATRIX_FILENAME}".')
|
||||
except Exception as e:
|
||||
DriverMatrix.__DRIVER_MATRIX = {} # init empty dict to not try open file everytime, just when restarting app
|
||||
# self.log.warning(f'Failed to load "{NV.__DRIVER_MATRIX_FILENAME}": {e}')
|
||||
if NV.__DRIVER_MATRIX is None:
|
||||
from json import load as json_load
|
||||
try:
|
||||
file = open(NV.__DRIVER_MATRIX_FILENAME)
|
||||
NV.__DRIVER_MATRIX = json_load(file)
|
||||
file.close()
|
||||
self.log.debug(f'Successfully loaded "{NV.__DRIVER_MATRIX_FILENAME}".')
|
||||
except Exception as e:
|
||||
NV.__DRIVER_MATRIX = {} # init empty dict to not try open file everytime, just when restarting app
|
||||
# self.log.warning(f'Failed to load "{NV.__DRIVER_MATRIX_FILENAME}": {e}')
|
||||
|
||||
@staticmethod
|
||||
def find(version: str) -> dict | None:
|
||||
if DriverMatrix.__DRIVER_MATRIX is None:
|
||||
if NV.__DRIVER_MATRIX is None:
|
||||
return None
|
||||
for idx, (key, branch) in enumerate(DriverMatrix.__DRIVER_MATRIX.items()):
|
||||
for idx, (key, branch) in enumerate(NV.__DRIVER_MATRIX.items()):
|
||||
for release in branch.get('$releases'):
|
||||
linux_driver = release.get('Linux Driver')
|
||||
windows_driver = release.get('Windows Driver')
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
fastapi==0.115.12
|
||||
uvicorn[standard]==0.34.1
|
||||
uvicorn[standard]==0.34.0
|
||||
python-jose[cryptography]==3.4.0
|
||||
cryptography==44.0.2
|
||||
python-dateutil==2.9.0
|
||||
sqlalchemy==2.0.40
|
||||
markdown==3.8
|
||||
markdown==3.7
|
||||
python-dotenv==1.1.0
|
||||
|
||||
@@ -6,7 +6,7 @@ logger.setLevel(logging.INFO)
|
||||
|
||||
URL = 'https://docs.nvidia.com/vgpu/index.html'
|
||||
|
||||
BRANCH_STATUS_KEY = 'vGPU Branch Status'
|
||||
BRANCH_STATUS_KEY, SOFTWARE_BRANCH_KEY, = 'vGPU Branch Status', 'vGPU Software Branch'
|
||||
VGPU_KEY, GRID_KEY, DRIVER_BRANCH_KEY = 'vGPU Software', 'vGPU Software', 'Driver Branch'
|
||||
LINUX_VGPU_MANAGER_KEY, LINUX_DRIVER_KEY = 'Linux vGPU Manager', 'Linux Driver'
|
||||
WINDOWS_VGPU_MANAGER_KEY, WINDOWS_DRIVER_KEY = 'Windows vGPU Manager', 'Windows Driver'
|
||||
@@ -26,15 +26,12 @@ def __driver_versions(html: 'BeautifulSoup'):
|
||||
|
||||
# find wrapper for "DriverVersions" and find tables
|
||||
data = html.find('div', {'id': 'driver-versions'})
|
||||
items = data.find_all('bsp-accordion', {'class': 'Accordion-items-item'})
|
||||
items = data.findAll('bsp-accordion', {'class': 'Accordion-items-item'})
|
||||
for item in items:
|
||||
software_branch = item.find('div', {'class': 'Accordion-items-item-title'}).text.strip()
|
||||
software_branch = software_branch.replace(' Releases', '')
|
||||
matrix_key = software_branch.lower()
|
||||
|
||||
branch_status = item.find('a', href=True, string='Branch status')
|
||||
branch_status = branch_status.next_sibling.replace(':', '').strip()
|
||||
|
||||
# driver version info from table-heads (ths) and table-rows (trs)
|
||||
table = item.find('table')
|
||||
ths, trs = table.find_all('th'), table.find_all('tr')
|
||||
@@ -45,20 +42,48 @@ def __driver_versions(html: 'BeautifulSoup'):
|
||||
continue
|
||||
# create dict with table-heads as key and cell content as value
|
||||
x = {headers[i]: __strip(cell.text) for i, cell in enumerate(tds)}
|
||||
x.setdefault(BRANCH_STATUS_KEY, branch_status)
|
||||
releases.append(x)
|
||||
|
||||
# add to matrix
|
||||
MATRIX.update({matrix_key: {JSON_RELEASES_KEY: releases}})
|
||||
|
||||
|
||||
def __release_branches(html: 'BeautifulSoup'):
|
||||
# find wrapper for "AllReleaseBranches" and find table
|
||||
data = html.find('div', {'id': 'all-release-branches'})
|
||||
table = data.find('table')
|
||||
|
||||
# branch releases info from table-heads (ths) and table-rows (trs)
|
||||
ths, trs = table.find_all('th'), table.find_all('tr')
|
||||
headers = [header.text.strip() for header in ths]
|
||||
for trs in trs:
|
||||
tds = trs.find_all('td')
|
||||
if len(tds) == 0: # skip empty
|
||||
continue
|
||||
# create dict with table-heads as key and cell content as value
|
||||
x = {headers[i]: cell.text.strip() for i, cell in enumerate(tds)}
|
||||
|
||||
# get matrix_key
|
||||
software_branch = x.get(SOFTWARE_BRANCH_KEY)
|
||||
matrix_key = software_branch.lower()
|
||||
|
||||
# add to matrix
|
||||
MATRIX.update({matrix_key: MATRIX.get(matrix_key) | x})
|
||||
|
||||
|
||||
def __debug():
|
||||
# print table head
|
||||
s = f'{VGPU_KEY:^13} | {LINUX_VGPU_MANAGER_KEY:^21} | {LINUX_DRIVER_KEY:^21} | {WINDOWS_VGPU_MANAGER_KEY:^21} | {WINDOWS_DRIVER_KEY:^21} | {RELEASE_DATE_KEY:>21} | {BRANCH_STATUS_KEY:^21}'
|
||||
s = f'{SOFTWARE_BRANCH_KEY:^21} | {BRANCH_STATUS_KEY:^21} | {VGPU_KEY:^13} | {LINUX_VGPU_MANAGER_KEY:^21} | {LINUX_DRIVER_KEY:^21} | {WINDOWS_VGPU_MANAGER_KEY:^21} | {WINDOWS_DRIVER_KEY:^21} | {RELEASE_DATE_KEY:>21} | {EOL_KEY:>21}'
|
||||
print(s)
|
||||
|
||||
# iterate over dict & format some variables to not overload table
|
||||
for idx, (key, branch) in enumerate(MATRIX.items()):
|
||||
branch_status = branch.get(BRANCH_STATUS_KEY)
|
||||
branch_status = branch_status.replace('Branch ', '')
|
||||
branch_status = branch_status.replace('Long-Term Support', 'LTS')
|
||||
branch_status = branch_status.replace('Production', 'Prod.')
|
||||
|
||||
software_branch = branch.get(SOFTWARE_BRANCH_KEY).replace('NVIDIA ', '')
|
||||
for release in branch.get(JSON_RELEASES_KEY):
|
||||
version = release.get(VGPU_KEY, release.get(GRID_KEY, ''))
|
||||
linux_manager = release.get(LINUX_VGPU_MANAGER_KEY, release.get(ALT_VGPU_MANAGER_KEY, ''))
|
||||
@@ -67,25 +92,13 @@ def __debug():
|
||||
windows_driver = release.get(WINDOWS_DRIVER_KEY)
|
||||
release_date = release.get(RELEASE_DATE_KEY)
|
||||
is_latest = release.get(VGPU_KEY) == branch.get(LATEST_KEY)
|
||||
branch_status = __parse_branch_status(release.get(BRANCH_STATUS_KEY, ''))
|
||||
|
||||
version = f'{version} *' if is_latest else version
|
||||
s = f'{version:<13} | {linux_manager:<21} | {linux_driver:<21} | {windows_manager:<21} | {windows_driver:<21} | {release_date:>21} | {branch_status:^21}'
|
||||
eol = branch.get(EOL_KEY) if is_latest else ''
|
||||
s = f'{software_branch:^21} | {branch_status:^21} | {version:<13} | {linux_manager:<21} | {linux_driver:<21} | {windows_manager:<21} | {windows_driver:<21} | {release_date:>21} | {eol:>21}'
|
||||
print(s)
|
||||
|
||||
|
||||
def __parse_branch_status(string: str) -> str:
|
||||
string = string.replace('Production Branch', 'Prod. -')
|
||||
string = string.replace('Long-Term Support Branch', 'LTS -')
|
||||
|
||||
string = string.replace('supported until', '')
|
||||
|
||||
string = string.replace('EOL since', 'EOL - ')
|
||||
string = string.replace('EOL from', 'EOL -')
|
||||
|
||||
return string
|
||||
|
||||
|
||||
def __dump(filename: str):
|
||||
import json
|
||||
|
||||
@@ -115,6 +128,7 @@ if __name__ == '__main__':
|
||||
|
||||
# build matrix
|
||||
__driver_versions(soup)
|
||||
__release_branches(soup)
|
||||
|
||||
# debug output
|
||||
__debug()
|
||||
|
||||
43
test/main.py
43
test/main.py
@@ -1,3 +1,4 @@
|
||||
import json
|
||||
import sys
|
||||
from base64 import b64encode as b64enc
|
||||
from calendar import timegm
|
||||
@@ -7,7 +8,7 @@ from os.path import dirname, join
|
||||
from uuid import uuid4, UUID
|
||||
|
||||
from dateutil.relativedelta import relativedelta
|
||||
from jose import jwt, jwk
|
||||
from jose import jwt, jwk, jws
|
||||
from jose.constants import ALGORITHMS
|
||||
from starlette.testclient import TestClient
|
||||
|
||||
@@ -20,6 +21,7 @@ from util import PrivateKey, PublicKey
|
||||
|
||||
client = TestClient(main.app)
|
||||
|
||||
INSTANCE_REF = '10000000-0000-0000-0000-000000000001'
|
||||
ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-000000000001', 'HelloWorld'
|
||||
|
||||
# INSTANCE_KEY_RSA = generate_key()
|
||||
@@ -69,6 +71,31 @@ def test_client_token():
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_config_token(): # todo: /leasing/v1/config-token
|
||||
# https://git.collinwebdesigns.de/nvidia/nls/-/blob/main/src/test/test_config_token.py
|
||||
|
||||
response = client.post('/leasing/v1/config-token', json={"service_instance_ref": INSTANCE_REF})
|
||||
assert response.status_code == 200
|
||||
|
||||
nv_response_certificate_configuration = response.json().get('certificateConfiguration')
|
||||
nv_response_public_cert = nv_response_certificate_configuration.get('publicCert').encode('utf-8')
|
||||
nv_jwt_decode_key = jwk.construct(nv_response_public_cert, algorithm=ALGORITHMS.RS256)
|
||||
|
||||
nv_response_config_token = response.json().get('configToken')
|
||||
|
||||
payload = jws.verify(nv_response_config_token, key=nv_jwt_decode_key, algorithms=ALGORITHMS.RS256)
|
||||
payload = json.loads(payload)
|
||||
assert payload.get('iss') == 'NLS Service Instance'
|
||||
assert payload.get('aud') == 'NLS Licensed Client'
|
||||
assert payload.get('service_instance_ref') == INSTANCE_REF
|
||||
|
||||
nv_si_public_key_configuration = payload.get('service_instance_public_key_configuration')
|
||||
nv_si_public_key_me = nv_si_public_key_configuration.get('service_instance_public_key_me')
|
||||
# assert nv_si_public_key_me.get('mod') == 1 #nv_si_public_key_mod
|
||||
assert len(nv_si_public_key_me.get('mod')) == 512
|
||||
assert nv_si_public_key_me.get('exp') == 65537 # nv_si_public_key_exp
|
||||
|
||||
|
||||
def test_origins():
|
||||
pass
|
||||
|
||||
@@ -168,6 +195,7 @@ def test_auth_v1_token():
|
||||
|
||||
def test_leasing_v1_lessor():
|
||||
payload = {
|
||||
'client_challenge': 'my_unique_string',
|
||||
'fulfillment_context': {
|
||||
'fulfillment_class_ref_list': []
|
||||
},
|
||||
@@ -182,6 +210,11 @@ def test_leasing_v1_lessor():
|
||||
response = client.post('/leasing/v1/lessor', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||
assert response.status_code == 200
|
||||
|
||||
client_challenge = response.json().get('client_challenge')
|
||||
assert client_challenge == payload.get('client_challenge')
|
||||
signature = eval(response.headers.get('X-NLS-Signature'))
|
||||
assert len(signature) == 512
|
||||
|
||||
lease_result_list = response.json().get('lease_result_list')
|
||||
assert len(lease_result_list) == 1
|
||||
assert len(lease_result_list[0]['lease']['ref']) == 36
|
||||
@@ -205,9 +238,15 @@ def test_leasing_v1_lease_renew():
|
||||
|
||||
###
|
||||
|
||||
response = client.put(f'/leasing/v1/lease/{active_lease_ref}', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||
payload = {'client_challenge': 'my_unique_string'}
|
||||
response = client.put(f'/leasing/v1/lease/{active_lease_ref}', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||
assert response.status_code == 200
|
||||
|
||||
client_challenge = response.json().get('client_challenge')
|
||||
assert client_challenge == payload.get('client_challenge')
|
||||
signature = eval(response.headers.get('X-NLS-Signature'))
|
||||
assert len(signature) == 512
|
||||
|
||||
lease_ref = response.json().get('lease_ref')
|
||||
assert len(lease_ref) == 36
|
||||
assert lease_ref == active_lease_ref
|
||||
|
||||
Reference in New Issue
Block a user