mirror of
https://gitea.publichub.eu/oscar.krause/fastapi-dls.git
synced 2026-04-08 22:15:47 +03:00
Compare commits
27 Commits
cd4674caad
...
1.4.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
a7fe8b867e | ||
|
|
78214df9cc | ||
|
|
4245d5a582 | ||
|
|
9b5a387169 | ||
|
|
9377d5ce28 | ||
|
|
7489307db8 | ||
|
|
d41314e81d | ||
|
|
a1123d5451 | ||
|
|
93cf719454 | ||
|
|
0dc8f6c582 | ||
|
|
4b0219b85a | ||
|
|
8edbb25c16 | ||
|
|
49a24f0b68 | ||
|
|
8af3c8e2b3 | ||
|
|
3c321a202c | ||
|
|
1b7d8bc0dc | ||
|
|
23ccea538f | ||
|
|
6a54c05fbb | ||
|
|
006d3a1833 | ||
|
|
42fe066e1a | ||
|
|
ef542ec821 | ||
|
|
5b39598487 | ||
|
|
65de4d0534 | ||
|
|
58ffa752f3 | ||
|
|
fd4fa84dc5 | ||
|
|
5ff3295658 | ||
|
|
ca38ebe3fd |
@@ -297,13 +297,17 @@ gemnasium-python-dependency_scanning:
|
||||
|
||||
deploy:docker:
|
||||
extends: .deploy
|
||||
image: docker:dind
|
||||
stage: deploy
|
||||
tags: [ docker ]
|
||||
before_script:
|
||||
- echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME"
|
||||
- docker buildx inspect
|
||||
- docker buildx create --use
|
||||
script:
|
||||
- echo "========== GitLab-Registry =========="
|
||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
- IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME
|
||||
- IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH
|
||||
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
|
||||
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
|
||||
- echo "========== Docker-Hub =========="
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM python:3.11-alpine
|
||||
FROM python:3.12-alpine
|
||||
|
||||
ARG VERSION
|
||||
ARG COMMIT=""
|
||||
|
||||
94
README.md
94
README.md
@@ -2,7 +2,8 @@
|
||||
|
||||
Minimal Delegated License Service (DLS).
|
||||
|
||||
Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0. For Driver compatibility see [here](#setup-client).
|
||||
Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1. For Driver compatibility
|
||||
see [compatibility matrix](#vgpu-software-compatibility-matrix).
|
||||
|
||||
This service can be used without internet connection.
|
||||
Only the clients need a connection to this service on configured port.
|
||||
@@ -42,6 +43,9 @@ Tested with Ubuntu 22.10 (EOL!) (from Proxmox templates), actually its consuming
|
||||
|
||||
- Make sure your timezone is set correct on you fastapi-dls server and your client
|
||||
|
||||
This guide does not show how to install vGPU host drivers! Look at the official documentation packed with the driver
|
||||
releases.
|
||||
|
||||
## Docker
|
||||
|
||||
Docker-Images are available here for Intel (x86), AMD (amd64) and ARM (arm64):
|
||||
@@ -434,32 +438,8 @@ client has 19.2 hours in which to re-establish connectivity before its license e
|
||||
|
||||
**The token file has to be copied! It's not enough to C&P file contents, because there can be special characters.**
|
||||
|
||||
Successfully tested with this package versions:
|
||||
|
||||
| vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver | Release Date | EOL Date |
|
||||
|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
|
||||
| `17.2` | R550 | `550.90.05` | `550.90.07` | `552.55` | June 2024 | February 2025 |
|
||||
| `17.1` | R550 | `550.54.16` | `550.54.15` | `551.78` | March 2024 | |
|
||||
| `17.0` | R550 | `550.54.10` | `550.54.14` | `551.61` | February 2024 | |
|
||||
| `16.6` | R535 | `535.183.04` | `535.183.01` | `538.67` | June 2024 | July 2026 |
|
||||
| `16.5` | R535 | `535.161.05` | `535.161.08` | `538.46` | February 2024 | |
|
||||
| `16.4` | R535 | `535.161.05` | `535.161.07` | `538.33` | February 2024 | |
|
||||
| `16.3` | R535 | `535.154.02` | `535.154.05` | `538.15` | January 2024 | |
|
||||
| `16.2` | R535 | `535.129.03` | `535.129.03` | `537.70` | October 2023 | |
|
||||
| `16.1` | R535 | `535.104.06` | `535.104.05` | `537.13` | August 2023 | |
|
||||
| `16.0` | R535 | `535.54.06` | `535.54.03` | `536.22` | July 2023 | |
|
||||
| `15.4` | R525 | `525.147.01` | `525.147.05` | `529.19` | June 2023 | October 2023 |
|
||||
| `15.3` | R525 | `525.125.03` | `525.125.06` | `529.11` | June 2023 | |
|
||||
| `15.2` | R525 | `525.105.14` | `525.105.17` | `528.89` | March 2023 | |
|
||||
| `15.1` | R525 | `525.85.07` | `525.85.05` | `528.24` | January 2023 | |
|
||||
| `15.0` | R525 | `525.60.12` | `525.60.13` | `527.41` | December 2022 | |
|
||||
| `14.4` | R510 | `510.108.03` | `510.108.03` | `514.08` | December 2022 | February 2023 |
|
||||
| `14.3` | R510 | `510.108.03` | `510.108.03` | `513.91` | November 2022 | |
|
||||
|
||||
- https://docs.nvidia.com/grid/index.html
|
||||
- https://docs.nvidia.com/grid/gpus-supported-by-vgpu.html
|
||||
|
||||
*To get the latest drivers, visit Nvidia or search in Discord-Channel `GPU Unlocking` (Server-ID: `829786927829745685`) on channel `licensing` `biggerthanshit`
|
||||
This guide does not show how to install vGPU guest drivers! Look at the official documentation packed with the driver
|
||||
releases.
|
||||
|
||||
## Linux
|
||||
|
||||
@@ -535,33 +515,32 @@ Done. For more information check [troubleshoot section](#troubleshoot).
|
||||
8. Set schedule to `At First Array Start Only`
|
||||
9. Click on Apply
|
||||
|
||||
|
||||
# Endpoints
|
||||
# API Endpoints
|
||||
|
||||
<details>
|
||||
<summary>show</summary>
|
||||
|
||||
### `GET /`
|
||||
**`GET /`**
|
||||
|
||||
Redirect to `/-/readme`.
|
||||
|
||||
### `GET /-/health`
|
||||
**`GET /-/health`**
|
||||
|
||||
Status endpoint, used for *healthcheck*.
|
||||
|
||||
### `GET /-/config`
|
||||
**`GET /-/config`**
|
||||
|
||||
Shows current runtime environment variables and their values.
|
||||
|
||||
### `GET /-/readme`
|
||||
**`GET /-/readme`**
|
||||
|
||||
HTML rendered README.md.
|
||||
|
||||
### `GET /-/manage`
|
||||
**`GET /-/manage`**
|
||||
|
||||
Shows a very basic UI to delete origins or leases.
|
||||
|
||||
### `GET /-/origins?leases=false`
|
||||
**`GET /-/origins?leases=false`**
|
||||
|
||||
List registered origins.
|
||||
|
||||
@@ -569,11 +548,11 @@ List registered origins.
|
||||
|-----------------|---------|--------------------------------------|
|
||||
| `leases` | `false` | Include referenced leases per origin |
|
||||
|
||||
### `DELETE /-/origins`
|
||||
**`DELETE /-/origins`**
|
||||
|
||||
Deletes all origins and their leases.
|
||||
|
||||
### `GET /-/leases?origin=false`
|
||||
**`GET /-/leases?origin=false`**
|
||||
|
||||
List current leases.
|
||||
|
||||
@@ -581,15 +560,15 @@ List current leases.
|
||||
|-----------------|---------|-------------------------------------|
|
||||
| `origin` | `false` | Include referenced origin per lease |
|
||||
|
||||
### `DELETE /-/lease/{lease_ref}`
|
||||
**`DELETE /-/lease/{lease_ref}`**
|
||||
|
||||
Deletes an lease.
|
||||
|
||||
### `GET /-/client-token`
|
||||
**`GET /-/client-token`**
|
||||
|
||||
Generate client token, (see [installation](#installation)).
|
||||
|
||||
### Others
|
||||
**Others**
|
||||
|
||||
There are many other internal api endpoints for handling authentication and lease process.
|
||||
</details>
|
||||
@@ -616,9 +595,9 @@ Logs are available in `C:\Users\Public\Documents\Nvidia\LoggingLog.NVDisplay.Con
|
||||
|
||||
## Linux
|
||||
|
||||
### `uvicorn.error:Invalid HTTP request received.`
|
||||
### Invalid HTTP request
|
||||
|
||||
This message can be ignored.
|
||||
This error message: `uvicorn.error:Invalid HTTP request received.` can be ignored.
|
||||
|
||||
- Ref. https://github.com/encode/uvicorn/issues/441
|
||||
|
||||
@@ -744,11 +723,40 @@ The error message can safely be ignored (since we have no license limitation :P)
|
||||
|
||||
</details>
|
||||
|
||||
# vGPU Software Compatibility Matrix
|
||||
|
||||
Successfully tested with this package versions.
|
||||
|
||||
| vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver | Release Date | EOL Date |
|
||||
|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
|
||||
| `17.4` | R550 | `550.127.06` | `550.127.05` | `553.24` | October 2024 | February 2025 |
|
||||
| `17.3` | R550 | `550.90.05` | `550.90.07` | `552.74` | July 2024 | |
|
||||
| `17.2` | R550 | `550.90.05` | `550.90.07` | `552.55` | June 2024 | |
|
||||
| `17.1` | R550 | `550.54.16` | `550.54.15` | `551.78` | March 2024 | |
|
||||
| `17.0` | R550 | `550.54.10` | `550.54.14` | `551.61` | February 2024 | |
|
||||
| `16.8` | R535 | `535.216.01` | `535.216.01` | `538.95` | October 2024 | July 2026 |
|
||||
| `16.7` | R535 | `535.183.04` | `535.183.06` | `538.78` | July 2024 | |
|
||||
| `16.6` | R535 | `535.183.04` | `535.183.01` | `538.67` | June 2024 | |
|
||||
| `16.5` | R535 | `535.161.05` | `535.161.08` | `538.46` | February 2024 | |
|
||||
| `16.4` | R535 | `535.161.05` | `535.161.07` | `538.33` | February 2024 | |
|
||||
| `16.3` | R535 | `535.154.02` | `535.154.05` | `538.15` | January 2024 | |
|
||||
| `16.2` | R535 | `535.129.03` | `535.129.03` | `537.70` | October 2023 | |
|
||||
| `16.1` | R535 | `535.104.06` | `535.104.05` | `537.13` | August 2023 | |
|
||||
| `16.0` | R535 | `535.54.06` | `535.54.03` | `536.22` | July 2023 | |
|
||||
| `15.4` | R525 | `525.147.01` | `525.147.05` | `529.19` | June 2023 | December 2023 |
|
||||
| `14.4` | R510 | `510.108.03` | `510.108.03` | `514.08` | December 2022 | February 2023 |
|
||||
|
||||
- https://docs.nvidia.com/grid/index.html
|
||||
- https://docs.nvidia.com/grid/gpus-supported-by-vgpu.html
|
||||
|
||||
*To get the latest drivers, visit Nvidia or search in Discord-Channel `GPU Unlocking` (Server-ID: `829786927829745685`)
|
||||
on channel `licensing`
|
||||
|
||||
# Credits
|
||||
|
||||
Thanks to vGPU community and all who uses this project and report bugs.
|
||||
|
||||
Special thanks to
|
||||
Special thanks to:
|
||||
|
||||
- @samicrusader who created build file for **ArchLinux**
|
||||
- @cyrus who wrote the section for **openSUSE**
|
||||
|
||||
177
app/main.py
177
app/main.py
@@ -2,7 +2,7 @@ import logging
|
||||
from base64 import b64encode as b64enc
|
||||
from calendar import timegm
|
||||
from contextlib import asynccontextmanager
|
||||
from datetime import datetime
|
||||
from datetime import datetime, timedelta
|
||||
from hashlib import sha256
|
||||
from json import loads as json_loads
|
||||
from os import getenv as env
|
||||
@@ -13,15 +13,15 @@ from dateutil.relativedelta import relativedelta
|
||||
from dotenv import load_dotenv
|
||||
from fastapi import FastAPI
|
||||
from fastapi.requests import Request
|
||||
from jose import jws, jwt, JWTError
|
||||
from jose import jws, jwk, jwt, JWTError
|
||||
from jose.constants import ALGORITHMS
|
||||
from sqlalchemy import create_engine
|
||||
from sqlalchemy.orm import sessionmaker
|
||||
from starlette.middleware.cors import CORSMiddleware
|
||||
from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, \
|
||||
RedirectResponse
|
||||
from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse
|
||||
|
||||
from orm import init as db_init, migrate, Site, Instance, Origin, Lease
|
||||
from orm import Origin, Lease, init as db_init, migrate
|
||||
from util import load_key, load_file
|
||||
|
||||
# Load variables
|
||||
load_dotenv('../version.env')
|
||||
@@ -39,34 +39,46 @@ db_init(db), migrate(db)
|
||||
# Load DLS variables (all prefixed with "INSTANCE_*" is used as "SERVICE_INSTANCE_*" or "SI_*" in official dls service)
|
||||
DLS_URL = str(env('DLS_URL', 'localhost'))
|
||||
DLS_PORT = int(env('DLS_PORT', '443'))
|
||||
SITE_KEY_XID = str(env('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
|
||||
INSTANCE_REF = str(env('INSTANCE_REF', '10000000-0000-0000-0000-000000000001'))
|
||||
ALLOTMENT_REF = str(env('ALLOTMENT_REF', '20000000-0000-0000-0000-000000000001'))
|
||||
INSTANCE_KEY_RSA = load_key(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
|
||||
INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
|
||||
TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0)))
|
||||
LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||
LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
|
||||
LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||
CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
|
||||
CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
|
||||
|
||||
ALLOTMENT_REF = str(env('ALLOTMENT_REF', '20000000-0000-0000-0000-000000000001')) # todo
|
||||
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
|
||||
# Logging
|
||||
LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO
|
||||
logging.basicConfig(format='[{levelname:^7}] [{module:^15}] {message}', style='{')
|
||||
logger = logging.getLogger(__name__)
|
||||
logger.setLevel(LOG_LEVEL)
|
||||
logging.getLogger('util').setLevel(LOG_LEVEL)
|
||||
logging.getLogger('NV').setLevel(LOG_LEVEL)
|
||||
|
||||
|
||||
# FastAPI
|
||||
@asynccontextmanager
|
||||
async def lifespan(_: FastAPI):
|
||||
# on startup
|
||||
default_instance = Instance.get_default_instance(db)
|
||||
|
||||
lease_renewal_period = default_instance.lease_renewal_period
|
||||
lease_renewal_delta = default_instance.get_lease_renewal_delta()
|
||||
client_token_expire_delta = default_instance.get_client_token_expire_delta()
|
||||
|
||||
logger.info(f'''
|
||||
|
||||
Using timezone: {str(TZ)}. Make sure this is correct and match your clients!
|
||||
|
||||
Your clients will renew their license every {str(Lease.calculate_renewal(lease_renewal_period, lease_renewal_delta))}.
|
||||
If the renewal fails, the license is valid for {str(lease_renewal_delta)}.
|
||||
Your clients renew their license every {str(Lease.calculate_renewal(LEASE_RENEWAL_PERIOD, LEASE_RENEWAL_DELTA))}.
|
||||
If the renewal fails, the license is {str(LEASE_RENEWAL_DELTA)} valid.
|
||||
|
||||
Your client-token file (.tok) is valid for {str(client_token_expire_delta)}.
|
||||
Your client-token file (.tok) is valid for {str(CLIENT_TOKEN_EXPIRE_DELTA)}.
|
||||
''')
|
||||
|
||||
logger.info(f'Debug is {"enabled" if DEBUG else "disabled"}.')
|
||||
|
||||
validate_settings()
|
||||
|
||||
yield
|
||||
|
||||
# on shutdown
|
||||
@@ -85,34 +97,14 @@ app.add_middleware(
|
||||
allow_headers=['*'],
|
||||
)
|
||||
|
||||
# Logging
|
||||
LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO
|
||||
logging.basicConfig(format='[{levelname:^7}] [{module:^15}] {message}', style='{')
|
||||
logger = logging.getLogger(__name__)
|
||||
logger.setLevel(LOG_LEVEL)
|
||||
logging.getLogger('util').setLevel(LOG_LEVEL)
|
||||
logging.getLogger('NV').setLevel(LOG_LEVEL)
|
||||
|
||||
|
||||
# Helper
|
||||
def __get_token(request: Request, jwt_decode_key: "jose.jwt") -> dict:
|
||||
def __get_token(request: Request) -> dict:
|
||||
authorization_header = request.headers.get('authorization')
|
||||
token = authorization_header.split(' ')[1]
|
||||
return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
||||
|
||||
|
||||
def validate_settings():
|
||||
session = sessionmaker(bind=db)()
|
||||
|
||||
lease_expire_delta_min, lease_expire_delta_max = 86_400, 7_776_000
|
||||
for instance in session.query(Instance).all():
|
||||
lease_expire_delta = instance.lease_expire_delta
|
||||
if lease_expire_delta < 86_400 or lease_expire_delta > 7_776_000:
|
||||
logging.warning(f'> [ instance ]: {instance.instance_ref}: "lease_expire_delta" should be between {lease_expire_delta_min} and {lease_expire_delta_max}')
|
||||
|
||||
session.close()
|
||||
|
||||
|
||||
# Endpoints
|
||||
|
||||
@app.get('/', summary='Index')
|
||||
@@ -132,20 +124,18 @@ async def _health():
|
||||
|
||||
@app.get('/-/config', summary='* Config', description='returns environment variables.')
|
||||
async def _config():
|
||||
default_site, default_instance = Site.get_default_site(db), Instance.get_default_instance(db)
|
||||
|
||||
return JSONr({
|
||||
'VERSION': str(VERSION),
|
||||
'COMMIT': str(COMMIT),
|
||||
'DEBUG': str(DEBUG),
|
||||
'DLS_URL': str(DLS_URL),
|
||||
'DLS_PORT': str(DLS_PORT),
|
||||
'SITE_KEY_XID': str(default_site.site_key),
|
||||
'INSTANCE_REF': str(default_instance.instance_ref),
|
||||
'SITE_KEY_XID': str(SITE_KEY_XID),
|
||||
'INSTANCE_REF': str(INSTANCE_REF),
|
||||
'ALLOTMENT_REF': [str(ALLOTMENT_REF)],
|
||||
'TOKEN_EXPIRE_DELTA': str(default_instance.get_token_expire_delta()),
|
||||
'LEASE_EXPIRE_DELTA': str(default_instance.get_lease_expire_delta()),
|
||||
'LEASE_RENEWAL_PERIOD': str(default_instance.lease_renewal_period),
|
||||
'TOKEN_EXPIRE_DELTA': str(TOKEN_EXPIRE_DELTA),
|
||||
'LEASE_EXPIRE_DELTA': str(LEASE_EXPIRE_DELTA),
|
||||
'LEASE_RENEWAL_PERIOD': str(LEASE_RENEWAL_PERIOD),
|
||||
'CORS_ORIGINS': str(CORS_ORIGINS),
|
||||
'TZ': str(TZ),
|
||||
})
|
||||
@@ -154,7 +144,6 @@ async def _config():
|
||||
@app.get('/-/readme', summary='* Readme')
|
||||
async def _readme():
|
||||
from markdown import markdown
|
||||
from util import load_file
|
||||
content = load_file(join(dirname(__file__), '../README.md')).decode('utf-8')
|
||||
return HTMLr(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc']))
|
||||
|
||||
@@ -204,7 +193,8 @@ async def _origins(request: Request, leases: bool = False):
|
||||
for origin in session.query(Origin).all():
|
||||
x = origin.serialize()
|
||||
if leases:
|
||||
x['leases'] = list(map(lambda _: _.serialize(), Lease.find_by_origin_ref(db, origin.origin_ref)))
|
||||
serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
|
||||
x['leases'] = list(map(lambda _: _.serialize(**serialize), Lease.find_by_origin_ref(db, origin.origin_ref)))
|
||||
response.append(x)
|
||||
session.close()
|
||||
return JSONr(response)
|
||||
@@ -221,7 +211,8 @@ async def _leases(request: Request, origin: bool = False):
|
||||
session = sessionmaker(bind=db)()
|
||||
response = []
|
||||
for lease in session.query(Lease).all():
|
||||
x = lease.serialize()
|
||||
serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
|
||||
x = lease.serialize(**serialize)
|
||||
if origin:
|
||||
lease_origin = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first()
|
||||
if lease_origin is not None:
|
||||
@@ -248,13 +239,7 @@ async def _lease_delete(request: Request, lease_ref: str):
|
||||
@app.get('/-/client-token', summary='* Client-Token', description='creates a new messenger token for this service instance')
|
||||
async def _client_token():
|
||||
cur_time = datetime.utcnow()
|
||||
|
||||
default_instance = Instance.get_default_instance(db)
|
||||
public_key = default_instance.get_public_key()
|
||||
# todo: implemented request parameter to support different instances
|
||||
jwt_encode_key = default_instance.get_jwt_encode_key()
|
||||
|
||||
exp_time = cur_time + default_instance.get_client_token_expire_delta()
|
||||
exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
|
||||
|
||||
payload = {
|
||||
"jti": str(uuid4()),
|
||||
@@ -267,7 +252,7 @@ async def _client_token():
|
||||
"scope_ref_list": [ALLOTMENT_REF],
|
||||
"fulfillment_class_ref_list": [],
|
||||
"service_instance_configuration": {
|
||||
"nls_service_instance_ref": default_instance.instance_ref,
|
||||
"nls_service_instance_ref": INSTANCE_REF,
|
||||
"svc_port_set_list": [
|
||||
{
|
||||
"idx": 0,
|
||||
@@ -279,10 +264,10 @@ async def _client_token():
|
||||
},
|
||||
"service_instance_public_key_configuration": {
|
||||
"service_instance_public_key_me": {
|
||||
"mod": hex(public_key.public_key().n)[2:],
|
||||
"exp": int(public_key.public_key().e),
|
||||
"mod": hex(INSTANCE_KEY_PUB.public_key().n)[2:],
|
||||
"exp": int(INSTANCE_KEY_PUB.public_key().e),
|
||||
},
|
||||
"service_instance_public_key_pem": public_key.export_key().decode('utf-8'),
|
||||
"service_instance_public_key_pem": INSTANCE_KEY_PUB.export_key().decode('utf-8'),
|
||||
"key_retention_mode": "LATEST_ONLY"
|
||||
},
|
||||
}
|
||||
@@ -364,16 +349,13 @@ async def auth_v1_code(request: Request):
|
||||
delta = relativedelta(minutes=15)
|
||||
expires = cur_time + delta
|
||||
|
||||
default_site = Site.get_default_site(db)
|
||||
jwt_encode_key = Instance.get_default_instance(db).get_jwt_encode_key()
|
||||
|
||||
payload = {
|
||||
'iat': timegm(cur_time.timetuple()),
|
||||
'exp': timegm(expires.timetuple()),
|
||||
'challenge': j.get('code_challenge'),
|
||||
'origin_ref': j.get('origin_ref'),
|
||||
'key_ref': default_site.site_key,
|
||||
'kid': default_site.site_key,
|
||||
'key_ref': SITE_KEY_XID,
|
||||
'kid': SITE_KEY_XID
|
||||
}
|
||||
|
||||
auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256)
|
||||
@@ -393,11 +375,8 @@ async def auth_v1_code(request: Request):
|
||||
async def auth_v1_token(request: Request):
|
||||
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||
|
||||
default_site, default_instance = Site.get_default_site(db), Instance.get_default_instance(db)
|
||||
jwt_encode_key, jwt_decode_key = default_instance.get_jwt_encode_key(), default_instance.get_jwt_decode_key()
|
||||
|
||||
try:
|
||||
payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key, algorithms=[ALGORITHMS.RS256])
|
||||
payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key)
|
||||
except JWTError as e:
|
||||
return JSONr(status_code=400, content={'status': 400, 'title': 'invalid token', 'detail': str(e)})
|
||||
|
||||
@@ -409,7 +388,7 @@ async def auth_v1_token(request: Request):
|
||||
if payload.get('challenge') != challenge:
|
||||
return JSONr(status_code=401, content={'status': 401, 'detail': 'expected challenge did not match verifier'})
|
||||
|
||||
access_expires_on = cur_time + default_instance.get_token_expire_delta()
|
||||
access_expires_on = cur_time + TOKEN_EXPIRE_DELTA
|
||||
|
||||
new_payload = {
|
||||
'iat': timegm(cur_time.timetuple()),
|
||||
@@ -418,8 +397,8 @@ async def auth_v1_token(request: Request):
|
||||
'aud': 'https://cls.nvidia.org',
|
||||
'exp': timegm(access_expires_on.timetuple()),
|
||||
'origin_ref': origin_ref,
|
||||
'key_ref': default_site.site_key,
|
||||
'kid': default_site.site_key,
|
||||
'key_ref': SITE_KEY_XID,
|
||||
'kid': SITE_KEY_XID,
|
||||
}
|
||||
|
||||
auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256)
|
||||
@@ -436,13 +415,10 @@ async def auth_v1_token(request: Request):
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||
@app.post('/leasing/v1/lessor', description='request multiple leases (borrow) for current origin')
|
||||
async def leasing_v1_lessor(request: Request):
|
||||
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||
|
||||
default_instance = Instance.get_default_instance(db)
|
||||
jwt_decode_key = default_instance.get_jwt_decode_key()
|
||||
j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.utcnow()
|
||||
|
||||
try:
|
||||
token = __get_token(request, jwt_decode_key)
|
||||
token = __get_token(request)
|
||||
except JWTError:
|
||||
return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
|
||||
|
||||
@@ -456,7 +432,7 @@ async def leasing_v1_lessor(request: Request):
|
||||
# return JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]')
|
||||
|
||||
lease_ref = str(uuid4())
|
||||
expires = cur_time + default_instance.get_lease_expire_delta()
|
||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||
lease_result_list.append({
|
||||
"ordinal": 0,
|
||||
# https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html
|
||||
@@ -464,13 +440,13 @@ async def leasing_v1_lessor(request: Request):
|
||||
"ref": lease_ref,
|
||||
"created": cur_time.isoformat(),
|
||||
"expires": expires.isoformat(),
|
||||
"recommended_lease_renewal": default_instance.lease_renewal_period,
|
||||
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||
"offline_lease": "true",
|
||||
"license_type": "CONCURRENT_COUNTED_SINGLE"
|
||||
}
|
||||
})
|
||||
|
||||
data = Lease(instance_ref=default_instance.instance_ref, origin_ref=origin_ref, lease_ref=lease_ref, lease_created=cur_time, lease_expires=expires)
|
||||
data = Lease(origin_ref=origin_ref, lease_ref=lease_ref, lease_created=cur_time, lease_expires=expires)
|
||||
Lease.create_or_update(db, data)
|
||||
|
||||
response = {
|
||||
@@ -487,14 +463,7 @@ async def leasing_v1_lessor(request: Request):
|
||||
# venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
|
||||
@app.get('/leasing/v1/lessor/leases', description='get active leases for current origin')
|
||||
async def leasing_v1_lessor_lease(request: Request):
|
||||
cur_time = datetime.utcnow()
|
||||
|
||||
jwt_decode_key = Instance.get_default_instance(db).get_jwt_decode_key()
|
||||
|
||||
try:
|
||||
token = __get_token(request, jwt_decode_key)
|
||||
except JWTError:
|
||||
return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
|
||||
token, cur_time = __get_token(request), datetime.utcnow()
|
||||
|
||||
origin_ref = token.get('origin_ref')
|
||||
|
||||
@@ -514,15 +483,7 @@ async def leasing_v1_lessor_lease(request: Request):
|
||||
# venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
|
||||
@app.put('/leasing/v1/lease/{lease_ref}', description='renew a lease')
|
||||
async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
||||
cur_time = datetime.utcnow()
|
||||
|
||||
default_instance = Instance.get_default_instance(db)
|
||||
jwt_decode_key = default_instance.get_jwt_decode_key()
|
||||
|
||||
try:
|
||||
token = __get_token(request, jwt_decode_key)
|
||||
except JWTError:
|
||||
return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
|
||||
token, cur_time = __get_token(request), datetime.utcnow()
|
||||
|
||||
origin_ref = token.get('origin_ref')
|
||||
logging.info(f'> [ renew ]: {origin_ref}: renew {lease_ref}')
|
||||
@@ -531,11 +492,11 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
||||
if entity is None:
|
||||
return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'})
|
||||
|
||||
expires = cur_time + default_instance.get_lease_expire_delta()
|
||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||
response = {
|
||||
"lease_ref": lease_ref,
|
||||
"expires": expires.isoformat(),
|
||||
"recommended_lease_renewal": default_instance.lease_renewal_period,
|
||||
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||
"offline_lease": True,
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
@@ -549,14 +510,7 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
|
||||
@app.delete('/leasing/v1/lease/{lease_ref}', description='release (return) a lease')
|
||||
async def leasing_v1_lease_delete(request: Request, lease_ref: str):
|
||||
cur_time = datetime.utcnow()
|
||||
|
||||
jwt_decode_key = Instance.get_default_instance(db).get_jwt_decode_key()
|
||||
|
||||
try:
|
||||
token = __get_token(request, jwt_decode_key)
|
||||
except JWTError:
|
||||
return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
|
||||
token, cur_time = __get_token(request), datetime.utcnow()
|
||||
|
||||
origin_ref = token.get('origin_ref')
|
||||
logging.info(f'> [ return ]: {origin_ref}: return {lease_ref}')
|
||||
@@ -582,14 +536,7 @@ async def leasing_v1_lease_delete(request: Request, lease_ref: str):
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||
@app.delete('/leasing/v1/lessor/leases', description='release all leases')
|
||||
async def leasing_v1_lessor_lease_remove(request: Request):
|
||||
cur_time = datetime.utcnow()
|
||||
|
||||
jwt_decode_key = Instance.get_default_instance(db).get_jwt_decode_key()
|
||||
|
||||
try:
|
||||
token = __get_token(request, jwt_decode_key)
|
||||
except JWTError:
|
||||
return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
|
||||
token, cur_time = __get_token(request), datetime.utcnow()
|
||||
|
||||
origin_ref = token.get('origin_ref')
|
||||
|
||||
@@ -611,8 +558,6 @@ async def leasing_v1_lessor_lease_remove(request: Request):
|
||||
async def leasing_v1_lessor_shutdown(request: Request):
|
||||
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||
|
||||
jwt_decode_key = Instance.get_default_instance(db).get_jwt_decode_key()
|
||||
|
||||
token = j.get('token')
|
||||
token = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
||||
origin_ref = token.get('origin_ref')
|
||||
|
||||
254
app/orm.py
254
app/orm.py
@@ -1,144 +1,20 @@
|
||||
import logging
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from dateutil.relativedelta import relativedelta
|
||||
from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect, text, BLOB, INT, FLOAT
|
||||
from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect, text
|
||||
from sqlalchemy.engine import Engine
|
||||
from sqlalchemy.orm import sessionmaker, declarative_base, Session, relationship
|
||||
from sqlalchemy.orm import sessionmaker, declarative_base
|
||||
|
||||
from util import NV
|
||||
|
||||
logging.basicConfig()
|
||||
logger = logging.getLogger(__name__)
|
||||
logger.setLevel(logging.INFO)
|
||||
|
||||
Base = declarative_base()
|
||||
|
||||
|
||||
class Site(Base):
|
||||
__tablename__ = "site"
|
||||
|
||||
INITIAL_SITE_KEY_XID = '00000000-0000-0000-0000-000000000000'
|
||||
INITIAL_SITE_NAME = 'default'
|
||||
|
||||
site_key = Column(CHAR(length=36), primary_key=True, unique=True, index=True) # uuid4, SITE_KEY_XID
|
||||
name = Column(VARCHAR(length=256), nullable=False)
|
||||
|
||||
def __str__(self):
|
||||
return f'SITE_KEY_XID: {self.site_key}'
|
||||
|
||||
@staticmethod
|
||||
def create_statement(engine: Engine):
|
||||
from sqlalchemy.schema import CreateTable
|
||||
return CreateTable(Site.__table__).compile(engine)
|
||||
|
||||
@staticmethod
|
||||
def get_default_site(engine: Engine) -> "Site":
|
||||
session = sessionmaker(bind=engine)()
|
||||
entity = session.query(Site).filter(Site.site_key == Site.INITIAL_SITE_KEY_XID).first()
|
||||
session.close()
|
||||
return entity
|
||||
|
||||
|
||||
class Instance(Base):
|
||||
__tablename__ = "instance"
|
||||
|
||||
DEFAULT_INSTANCE_REF = '10000000-0000-0000-0000-000000000001'
|
||||
DEFAULT_TOKEN_EXPIRE_DELTA = 86_400 # 1 day
|
||||
DEFAULT_LEASE_EXPIRE_DELTA = 7_776_000 # 90 days
|
||||
DEFAULT_LEASE_RENEWAL_PERIOD = 0.15
|
||||
DEFAULT_CLIENT_TOKEN_EXPIRE_DELTA = 378_432_000 # 12 years
|
||||
# 1 day = 86400 (min. in production setup, max 90 days), 1 hour = 3600
|
||||
|
||||
instance_ref = Column(CHAR(length=36), primary_key=True, unique=True, index=True) # uuid4, INSTANCE_REF
|
||||
site_key = Column(CHAR(length=36), ForeignKey(Site.site_key, ondelete='CASCADE'), nullable=False, index=True) # uuid4
|
||||
private_key = Column(BLOB(length=2048), nullable=False)
|
||||
public_key = Column(BLOB(length=512), nullable=False)
|
||||
token_expire_delta = Column(INT(), nullable=False, default=DEFAULT_TOKEN_EXPIRE_DELTA, comment='in seconds')
|
||||
lease_expire_delta = Column(INT(), nullable=False, default=DEFAULT_LEASE_EXPIRE_DELTA, comment='in seconds')
|
||||
lease_renewal_period = Column(FLOAT(precision=2), nullable=False, default=DEFAULT_LEASE_RENEWAL_PERIOD)
|
||||
client_token_expire_delta = Column(INT(), nullable=False, default=DEFAULT_CLIENT_TOKEN_EXPIRE_DELTA, comment='in seconds')
|
||||
|
||||
__origin = relationship(Site, foreign_keys=[site_key])
|
||||
|
||||
def __str__(self):
|
||||
return f'INSTANCE_REF: {self.instance_ref} (SITE_KEY_XID: {self.site_key})'
|
||||
|
||||
@staticmethod
|
||||
def create_statement(engine: Engine):
|
||||
from sqlalchemy.schema import CreateTable
|
||||
return CreateTable(Instance.__table__).compile(engine)
|
||||
|
||||
@staticmethod
|
||||
def create_or_update(engine: Engine, instance: "Instance"):
|
||||
session = sessionmaker(bind=engine)()
|
||||
entity = session.query(Instance).filter(Instance.instance_ref == instance.instance_ref).first()
|
||||
if entity is None:
|
||||
session.add(instance)
|
||||
else:
|
||||
x = dict(
|
||||
site_key=instance.site_key,
|
||||
private_key=instance.private_key,
|
||||
public_key=instance.public_key,
|
||||
token_expire_delta=instance.token_expire_delta,
|
||||
lease_expire_delta=instance.lease_expire_delta,
|
||||
lease_renewal_period=instance.lease_renewal_period,
|
||||
client_token_expire_delta=instance.client_token_expire_delta,
|
||||
)
|
||||
session.execute(update(Instance).where(Instance.instance_ref == instance.instance_ref).values(**x))
|
||||
session.commit()
|
||||
session.flush()
|
||||
session.close()
|
||||
|
||||
# todo: validate on startup that "lease_expire_delta" is between 1 day and 90 days
|
||||
|
||||
@staticmethod
|
||||
def get_default_instance(engine: Engine) -> "Instance":
|
||||
session = sessionmaker(bind=engine)()
|
||||
site = Site.get_default_site(engine)
|
||||
entity = session.query(Instance).filter(Instance.site_key == site.site_key).first()
|
||||
session.close()
|
||||
return entity
|
||||
|
||||
def get_token_expire_delta(self) -> "dateutil.relativedelta.relativedelta":
|
||||
return relativedelta(seconds=self.token_expire_delta)
|
||||
|
||||
def get_lease_expire_delta(self) -> "dateutil.relativedelta.relativedelta":
|
||||
return relativedelta(seconds=self.lease_expire_delta)
|
||||
|
||||
def get_lease_renewal_delta(self) -> "datetime.timedelta":
|
||||
return timedelta(seconds=self.lease_expire_delta)
|
||||
|
||||
def get_client_token_expire_delta(self) -> "dateutil.relativedelta.relativedelta":
|
||||
return relativedelta(seconds=self.client_token_expire_delta)
|
||||
|
||||
def __get_private_key(self) -> "RsaKey":
|
||||
return parse_key(self.private_key)
|
||||
|
||||
def get_public_key(self) -> "RsaKey":
|
||||
return parse_key(self.public_key)
|
||||
|
||||
def get_jwt_encode_key(self) -> "jose.jkw":
|
||||
from jose import jwk
|
||||
from jose.constants import ALGORITHMS
|
||||
return jwk.construct(self.__get_private_key().export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
|
||||
def get_jwt_decode_key(self) -> "jose.jwt":
|
||||
from jose import jwk
|
||||
from jose.constants import ALGORITHMS
|
||||
return jwk.construct(self.get_public_key().export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
|
||||
def get_private_key_str(self, encoding: str = 'utf-8') -> str:
|
||||
return self.private_key.decode(encoding)
|
||||
|
||||
def get_public_key_str(self, encoding: str = 'utf-8') -> str:
|
||||
return self.private_key.decode(encoding)
|
||||
|
||||
|
||||
class Origin(Base):
|
||||
__tablename__ = "origin"
|
||||
|
||||
origin_ref = Column(CHAR(length=36), primary_key=True, unique=True, index=True) # uuid4
|
||||
|
||||
# service_instance_xid = Column(CHAR(length=36), nullable=False, index=True) # uuid4 # not necessary, we only support one service_instance_xid ('INSTANCE_REF')
|
||||
hostname = Column(VARCHAR(length=256), nullable=True)
|
||||
guest_driver_version = Column(VARCHAR(length=10), nullable=True)
|
||||
@@ -199,24 +75,18 @@ class Origin(Base):
|
||||
class Lease(Base):
|
||||
__tablename__ = "lease"
|
||||
|
||||
instance_ref = Column(CHAR(length=36), ForeignKey(Instance.instance_ref, ondelete='CASCADE'), nullable=False, index=True) # uuid4
|
||||
lease_ref = Column(CHAR(length=36), primary_key=True, nullable=False, index=True) # uuid4
|
||||
|
||||
origin_ref = Column(CHAR(length=36), ForeignKey(Origin.origin_ref, ondelete='CASCADE'), nullable=False, index=True) # uuid4
|
||||
# scope_ref = Column(CHAR(length=36), nullable=False, index=True) # uuid4 # not necessary, we only support one scope_ref ('ALLOTMENT_REF')
|
||||
lease_created = Column(DATETIME(), nullable=False)
|
||||
lease_expires = Column(DATETIME(), nullable=False)
|
||||
lease_updated = Column(DATETIME(), nullable=False)
|
||||
|
||||
__instance = relationship(Instance, foreign_keys=[instance_ref])
|
||||
__origin = relationship(Origin, foreign_keys=[origin_ref])
|
||||
|
||||
def __repr__(self):
|
||||
return f'Lease(origin_ref={self.origin_ref}, lease_ref={self.lease_ref}, expires={self.lease_expires})'
|
||||
|
||||
def serialize(self) -> dict:
|
||||
renewal_period = self.__instance.lease_renewal_period
|
||||
renewal_delta = self.__instance.get_lease_renewal_delta
|
||||
|
||||
def serialize(self, renewal_period: float, renewal_delta: timedelta) -> dict:
|
||||
lease_renewal = int(Lease.calculate_renewal(renewal_period, renewal_delta).total_seconds())
|
||||
lease_renewal = self.lease_updated + relativedelta(seconds=lease_renewal)
|
||||
|
||||
@@ -326,110 +196,38 @@ class Lease(Base):
|
||||
return renew
|
||||
|
||||
|
||||
def init_default_site(session: Session):
|
||||
from app.util import generate_key
|
||||
|
||||
private_key = generate_key()
|
||||
public_key = private_key.public_key()
|
||||
|
||||
site = Site(
|
||||
site_key=Site.INITIAL_SITE_KEY_XID,
|
||||
name=Site.INITIAL_SITE_NAME
|
||||
)
|
||||
session.add(site)
|
||||
session.commit()
|
||||
|
||||
instance = Instance(
|
||||
instance_ref=Instance.DEFAULT_INSTANCE_REF,
|
||||
site_key=site.site_key,
|
||||
private_key=private_key.export_key(),
|
||||
public_key=public_key.export_key(),
|
||||
)
|
||||
session.add(instance)
|
||||
session.commit()
|
||||
|
||||
|
||||
def init(engine: Engine):
|
||||
tables = [Site, Instance, Origin, Lease]
|
||||
tables = [Origin, Lease]
|
||||
db = inspect(engine)
|
||||
session = sessionmaker(bind=engine)()
|
||||
for table in tables:
|
||||
exists = db.dialect.has_table(engine.connect(), table.__tablename__)
|
||||
logger.info(f'> Table "{table.__tablename__:<16}" exists: {exists}')
|
||||
if not exists:
|
||||
if not db.dialect.has_table(engine.connect(), table.__tablename__):
|
||||
session.execute(text(str(table.create_statement(engine))))
|
||||
session.commit()
|
||||
|
||||
# create default site
|
||||
cnt = session.query(Site).count()
|
||||
if cnt == 0:
|
||||
init_default_site(session)
|
||||
|
||||
session.flush()
|
||||
session.close()
|
||||
|
||||
|
||||
def migrate(engine: Engine):
|
||||
from os import getenv as env
|
||||
from os.path import join, dirname, isfile
|
||||
from util import load_key
|
||||
|
||||
db = inspect(engine)
|
||||
|
||||
# todo: add update guide to use 1.LATEST to 2.0
|
||||
def upgrade_1_x_to_2_0():
|
||||
site = Site.get_default_site(engine)
|
||||
logger.info(site)
|
||||
instance = Instance.get_default_instance(engine)
|
||||
logger.info(instance)
|
||||
def upgrade_1_0_to_1_1():
|
||||
x = db.dialect.get_columns(engine.connect(), Lease.__tablename__)
|
||||
x = next(_ for _ in x if _['name'] == 'origin_ref')
|
||||
if x['primary_key'] > 0:
|
||||
print('Found old database schema with "origin_ref" as primary-key in "lease" table. Dropping table!')
|
||||
print(' Your leases are recreated on next renewal!')
|
||||
print(' If an error message appears on the client, you can ignore it.')
|
||||
Lease.__table__.drop(bind=engine)
|
||||
init(engine)
|
||||
|
||||
# SITE_KEY_XID
|
||||
if site_key := env('SITE_KEY_XID', None) is not None:
|
||||
site.site_key = str(site_key)
|
||||
# def upgrade_1_2_to_1_3():
|
||||
# x = db.dialect.get_columns(engine.connect(), Lease.__tablename__)
|
||||
# x = next((_ for _ in x if _['name'] == 'scope_ref'), None)
|
||||
# if x is None:
|
||||
# Lease.scope_ref.compile()
|
||||
# column_name = Lease.scope_ref.name
|
||||
# column_type = Lease.scope_ref.type.compile(engine.dialect)
|
||||
# engine.execute(f'ALTER TABLE "{Lease.__tablename__}" ADD COLUMN "{column_name}" {column_type}')
|
||||
|
||||
# INSTANCE_REF
|
||||
if instance_ref := env('INSTANCE_REF', None) is not None:
|
||||
instance.instance_ref = str(instance_ref)
|
||||
|
||||
# ALLOTMENT_REF
|
||||
if allotment_ref := env('ALLOTMENT_REF', None) is not None:
|
||||
pass # todo
|
||||
|
||||
# INSTANCE_KEY_RSA, INSTANCE_KEY_PUB
|
||||
default_instance_private_key_path = str(join(dirname(__file__), 'cert/instance.private.pem'))
|
||||
instance_private_key = env('INSTANCE_KEY_RSA', None)
|
||||
if instance_private_key is not None:
|
||||
instance.private_key = load_key(str(instance_private_key))
|
||||
elif isfile(default_instance_private_key_path):
|
||||
instance.private_key = load_key(default_instance_private_key_path)
|
||||
default_instance_public_key_path = str(join(dirname(__file__), 'cert/instance.public.pem'))
|
||||
instance_public_key = env('INSTANCE_KEY_PUB', None)
|
||||
if instance_public_key is not None:
|
||||
instance.public_key = load_key(str(instance_public_key))
|
||||
elif isfile(default_instance_public_key_path):
|
||||
instance.public_key = load_key(default_instance_public_key_path)
|
||||
|
||||
# TOKEN_EXPIRE_DELTA
|
||||
token_expire_delta = env('TOKEN_EXPIRE_DAYS', None)
|
||||
if token_expire_delta not in (None, 0):
|
||||
instance.token_expire_delta = token_expire_delta * 86_400
|
||||
token_expire_delta = env('TOKEN_EXPIRE_HOURS', None)
|
||||
if token_expire_delta not in (None, 0):
|
||||
instance.token_expire_delta = token_expire_delta * 3_600
|
||||
|
||||
# LEASE_EXPIRE_DELTA, LEASE_RENEWAL_DELTA
|
||||
lease_expire_delta = env('LEASE_EXPIRE_DAYS', None)
|
||||
if lease_expire_delta not in (None, 0):
|
||||
instance.lease_expire_delta = lease_expire_delta * 86_400
|
||||
lease_expire_delta = env('LEASE_EXPIRE_HOURS', None)
|
||||
if lease_expire_delta not in (None, 0):
|
||||
instance.lease_expire_delta = lease_expire_delta * 3_600
|
||||
|
||||
# LEASE_RENEWAL_PERIOD
|
||||
lease_renewal_period = env('LEASE_RENEWAL_PERIOD', None)
|
||||
if lease_renewal_period is not None:
|
||||
instance.lease_renewal_period = lease_renewal_period
|
||||
|
||||
# todo: update site, instance
|
||||
|
||||
upgrade_1_x_to_2_0()
|
||||
upgrade_1_0_to_1_1()
|
||||
# upgrade_1_2_to_1_3()
|
||||
|
||||
12
app/util.py
12
app/util.py
@@ -25,18 +25,6 @@ def load_key(filename: str) -> "RsaKey":
|
||||
return RSA.import_key(extern_key=load_file(filename), passphrase=None)
|
||||
|
||||
|
||||
def parse_key(content: bytes) -> "RsaKey":
|
||||
try:
|
||||
# Crypto | Cryptodome on Debian
|
||||
from Crypto.PublicKey import RSA
|
||||
from Crypto.PublicKey.RSA import RsaKey
|
||||
except ModuleNotFoundError:
|
||||
from Cryptodome.PublicKey import RSA
|
||||
from Cryptodome.PublicKey.RSA import RsaKey
|
||||
|
||||
return RSA.import_key(extern_key=content, passphrase=None)
|
||||
|
||||
|
||||
def generate_key() -> "RsaKey":
|
||||
try:
|
||||
# Crypto | Cryptodome on Debian
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
fastapi==0.111.0
|
||||
uvicorn[standard]==0.29.0
|
||||
fastapi==0.115.3
|
||||
uvicorn[standard]==0.32.0
|
||||
python-jose==3.3.0
|
||||
pycryptodome==3.20.0
|
||||
pycryptodome==3.21.0
|
||||
python-dateutil==2.8.2
|
||||
sqlalchemy==2.0.30
|
||||
markdown==3.6
|
||||
sqlalchemy==2.0.36
|
||||
markdown==3.7
|
||||
python-dotenv==1.0.1
|
||||
|
||||
@@ -4,7 +4,7 @@ logging.basicConfig()
|
||||
logger = logging.getLogger(__name__)
|
||||
logger.setLevel(logging.INFO)
|
||||
|
||||
URL = 'https://docs.nvidia.com/grid/'
|
||||
URL = 'https://docs.nvidia.com/vgpu/index.html'
|
||||
|
||||
BRANCH_STATUS_KEY, SOFTWARE_BRANCH_KEY, = 'vGPU Branch Status', 'vGPU Software Branch'
|
||||
VGPU_KEY, GRID_KEY, DRIVER_BRANCH_KEY = 'vGPU Software', 'vGPU Software', 'Driver Branch'
|
||||
@@ -25,15 +25,15 @@ def __driver_versions(html: 'BeautifulSoup'):
|
||||
return _
|
||||
|
||||
# find wrapper for "DriverVersions" and find tables
|
||||
data = html.find('div', {'id': 'DriverVersions'})
|
||||
tables = data.findAll('table')
|
||||
for table in tables:
|
||||
# parse software-branch (e.g. "vGPU software 17 Releases" and remove " Releases" for "matrix_key")
|
||||
software_branch = table.parent.find_previous_sibling('button', {'class': 'accordion'}).text.strip()
|
||||
data = html.find('div', {'id': 'driver-versions'})
|
||||
items = data.findAll('bsp-accordion', {'class': 'Accordion-items-item'})
|
||||
for item in items:
|
||||
software_branch = item.find('div', {'class': 'Accordion-items-item-title'}).text.strip()
|
||||
software_branch = software_branch.replace(' Releases', '')
|
||||
matrix_key = software_branch.lower()
|
||||
|
||||
# driver version info from table-heads (ths) and table-rows (trs)
|
||||
table = item.find('table')
|
||||
ths, trs = table.find_all('th'), table.find_all('tr')
|
||||
headers, releases = [header.text.strip() for header in ths], []
|
||||
for trs in trs:
|
||||
@@ -50,7 +50,7 @@ def __driver_versions(html: 'BeautifulSoup'):
|
||||
|
||||
def __release_branches(html: 'BeautifulSoup'):
|
||||
# find wrapper for "AllReleaseBranches" and find table
|
||||
data = html.find('div', {'id': 'AllReleaseBranches'})
|
||||
data = html.find('div', {'id': 'all-release-branches'})
|
||||
table = data.find('table')
|
||||
|
||||
# branch releases info from table-heads (ths) and table-rows (trs)
|
||||
|
||||
35
test/main.py
35
test/main.py
@@ -1,15 +1,14 @@
|
||||
from os import getenv as env
|
||||
from base64 import b64encode as b64enc
|
||||
from hashlib import sha256
|
||||
from calendar import timegm
|
||||
from datetime import datetime
|
||||
from uuid import UUID, uuid4
|
||||
from os.path import dirname, join
|
||||
from uuid import uuid4, UUID
|
||||
|
||||
from dateutil.relativedelta import relativedelta
|
||||
from jose import jwt
|
||||
from jose import jwt, jwk
|
||||
from jose.constants import ALGORITHMS
|
||||
from starlette.testclient import TestClient
|
||||
from sqlalchemy import create_engine
|
||||
import sys
|
||||
|
||||
# add relative path to use packages as they were in the app/ dir
|
||||
@@ -17,23 +16,20 @@ sys.path.append('../')
|
||||
sys.path.append('../app')
|
||||
|
||||
from app import main
|
||||
from app.orm import init as db_init, migrate, Site, Instance
|
||||
from app.util import load_key
|
||||
|
||||
client = TestClient(main.app)
|
||||
|
||||
ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-000000000001', 'HelloWorld'
|
||||
|
||||
# fastapi setup
|
||||
client = TestClient(main.app)
|
||||
# INSTANCE_KEY_RSA = generate_key()
|
||||
# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
|
||||
|
||||
# database setup
|
||||
db = create_engine(str(env('DATABASE', 'sqlite:///db.sqlite')))
|
||||
db_init(db), migrate(db)
|
||||
INSTANCE_KEY_RSA = load_key(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
|
||||
INSTANCE_KEY_PUB = load_key(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
|
||||
|
||||
# test vars
|
||||
DEFAULT_SITE, DEFAULT_INSTANCE = Site.get_default_site(db), Instance.get_default_instance(db)
|
||||
|
||||
SITE_KEY = DEFAULT_SITE.site_key
|
||||
jwt_encode_key, jwt_decode_key = DEFAULT_INSTANCE.get_jwt_encode_key(), DEFAULT_INSTANCE.get_jwt_decode_key()
|
||||
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
|
||||
|
||||
def __bearer_token(origin_ref: str) -> str:
|
||||
@@ -42,12 +38,6 @@ def __bearer_token(origin_ref: str) -> str:
|
||||
return token
|
||||
|
||||
|
||||
def test_initial_default_site_and_instance():
|
||||
default_site, default_instance = Site.get_default_site(db), Instance.get_default_instance(db)
|
||||
assert default_site.site_key == Site.INITIAL_SITE_KEY_XID
|
||||
assert default_instance.instance_ref == Instance.DEFAULT_INSTANCE_REF
|
||||
|
||||
|
||||
def test_index():
|
||||
response = client.get('/')
|
||||
assert response.status_code == 200
|
||||
@@ -163,7 +153,8 @@ def test_auth_v1_token():
|
||||
"kid": "00000000-0000-0000-0000-000000000000"
|
||||
}
|
||||
payload = {
|
||||
"auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256),
|
||||
"auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')},
|
||||
algorithm=ALGORITHMS.RS256),
|
||||
"code_verifier": SECRET,
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user