flwr 1.13.1__py3-none-any.whl → 1.15.0__py3-none-any.whl

flwr/cli/run/run.py

@@ -14,28 +14,31 @@
 # ==============================================================================
 """Flower command line interface `run` command."""
 
+
+import io
 import json
 import subprocess
-from logging import DEBUG
 from pathlib import Path
 from typing import Annotated, Any, Optional
 
 import typer
+from rich.console import Console
 
 from flwr.cli.build import build
 from flwr.cli.config_utils import (
+    get_fab_metadata,
     load_and_validate,
-    validate_certificate_in_federation_config,
+    process_loaded_project_config,
     validate_federation_in_project_config,
-    validate_project_config,
 )
+from flwr.cli.constant import FEDERATION_CONFIG_HELP_MESSAGE
 from flwr.common.config import (
     flatten_dict,
     parse_config_args,
     user_config_to_configsrecord,
 )
-from flwr.common.grpc import GRPC_MAX_MESSAGE_LENGTH, create_channel
-from flwr.common.logger import log
+from flwr.common.constant import CliOutputFormat
+from flwr.common.logger import print_json_error, redirect_output, restore_output
 from flwr.common.serde import (
     configs_record_to_proto,
     fab_to_proto,
@@ -46,16 +49,16 @@ from flwr.proto.exec_pb2 import StartRunRequest  # pylint: disable=E0611
 from flwr.proto.exec_pb2_grpc import ExecStub
 
 from ..log import start_stream
+from ..utils import (
+    init_channel,
+    try_obtain_cli_auth_plugin,
+    unauthenticated_exc_handler,
+)
 
 CONN_REFRESH_PERIOD = 60  # Connection refresh period for log streaming (seconds)
 
 
-def on_channel_state_change(channel_connectivity: str) -> None:
-    """Log channel connectivity."""
-    log(DEBUG, channel_connectivity)
-
-
-# pylint: disable-next=too-many-locals
+# pylint: disable-next=too-many-locals, R0913, R0917
 def run(
     app: Annotated[
         Path,
@@ -65,16 +68,23 @@ def run(
         Optional[str],
         typer.Argument(help="Name of the federation to run the app on."),
     ] = None,
-    config_overrides: Annotated[
+    run_config_overrides: Annotated[
         Optional[list[str]],
         typer.Option(
             "--run-config",
             "-c",
-            help="Override configuration key-value pairs, should be of the format:\n\n"
-            '`--run-config \'key1="value1" key2="value2"\' '
-            "--run-config 'key3=\"value3\"'`\n\n"
-            "Note that `key1`, `key2`, and `key3` in this example need to exist "
-            "inside the `pyproject.toml` in order to be properly overriden.",
+            help="Override run configuration values in the format:\n\n"
+            "`--run-config 'key1=value1 key2=value2' --run-config 'key3=value3'`\n\n"
+            "Values can be of any type supported in TOML, such as bool, int, "
+            "float, or string. Ensure that the keys (`key1`, `key2`, `key3` "
+            "in this example) exist in `pyproject.toml` for proper overriding.",
+        ),
+    ] = None,
+    federation_config_overrides: Annotated[
+        Optional[list[str]],
+        typer.Option(
+            "--federation-config",
+            help=FEDERATION_CONFIG_HELP_MESSAGE,
         ),
     ] = None,
     stream: Annotated[
@@ -85,46 +95,76 @@ def run(
             "logs are not streamed by default.",
         ),
     ] = False,
+    output_format: Annotated[
+        str,
+        typer.Option(
+            "--format",
+            case_sensitive=False,
+            help="Format output using 'default' view or 'json'",
+        ),
+    ] = CliOutputFormat.DEFAULT,
 ) -> None:
     """Run Flower App."""
-    typer.secho("Loading project configuration... ", fg=typer.colors.BLUE)
+    suppress_output = output_format == CliOutputFormat.JSON
+    captured_output = io.StringIO()
+    try:
+        if suppress_output:
+            redirect_output(captured_output)
+        typer.secho("Loading project configuration... ", fg=typer.colors.BLUE)
 
-    pyproject_path = app / "pyproject.toml" if app else None
-    config, errors, warnings = load_and_validate(path=pyproject_path)
-    config = validate_project_config(config, errors, warnings)
-    federation, federation_config = validate_federation_in_project_config(
-        federation, config
-    )
+        pyproject_path = app / "pyproject.toml" if app else None
+        config, errors, warnings = load_and_validate(path=pyproject_path)
+        config = process_loaded_project_config(config, errors, warnings)
+        federation, federation_config = validate_federation_in_project_config(
+            federation, config, federation_config_overrides
+        )
 
-    if "address" in federation_config:
-        _run_with_exec_api(app, federation_config, config_overrides, stream)
-    else:
-        _run_without_exec_api(app, federation_config, config_overrides, federation)
+        if "address" in federation_config:
+            _run_with_exec_api(
+                app,
+                federation,
+                federation_config,
+                run_config_overrides,
+                stream,
+                output_format,
+            )
+        else:
+            _run_without_exec_api(
+                app, federation_config, run_config_overrides, federation
+            )
+    except (typer.Exit, Exception) as err:  # pylint: disable=broad-except
+        if suppress_output:
+            restore_output()
+            e_message = captured_output.getvalue()
+            print_json_error(e_message, err)
+        else:
+            typer.secho(
+                f"{err}",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+    finally:
+        if suppress_output:
+            restore_output()
+        captured_output.close()
 
 
-# pylint: disable-next=too-many-locals
+# pylint: disable-next=R0913, R0914, R0917
 def _run_with_exec_api(
     app: Path,
+    federation: str,
     federation_config: dict[str, Any],
     config_overrides: Optional[list[str]],
     stream: bool,
+    output_format: str,
 ) -> None:
-
-    insecure, root_certificates_bytes = validate_certificate_in_federation_config(
-        app, federation_config
-    )
-    channel = create_channel(
-        server_address=federation_config["address"],
-        insecure=insecure,
-        root_certificates=root_certificates_bytes,
-        max_message_length=GRPC_MAX_MESSAGE_LENGTH,
-        interceptors=None,
-    )
-    channel.subscribe(on_channel_state_change)
+    auth_plugin = try_obtain_cli_auth_plugin(app, federation, federation_config)
+    channel = init_channel(app, federation_config, auth_plugin)
     stub = ExecStub(channel)
 
     fab_path, fab_hash = build(app)
     content = Path(fab_path).read_bytes()
+    fab_id, fab_version = get_fab_metadata(Path(fab_path))
 
     # Delete FAB file once the bytes is computed
     Path(fab_path).unlink()
@@ -140,9 +180,29 @@ def _run_with_exec_api(
         override_config=user_config_to_proto(parse_config_args(config_overrides)),
         federation_options=configs_record_to_proto(c_record),
     )
-    res = stub.StartRun(req)
+    with unauthenticated_exc_handler():
+        res = stub.StartRun(req)
 
-    typer.secho(f"🎊 Successfully started run {res.run_id}", fg=typer.colors.GREEN)
+    if res.HasField("run_id"):
+        typer.secho(f"🎊 Successfully started run {res.run_id}", fg=typer.colors.GREEN)
+    else:
+        typer.secho("❌ Failed to start run", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
+
+    if output_format == CliOutputFormat.JSON:
+        run_output = json.dumps(
+            {
+                "success": res.HasField("run_id"),
+                "run-id": res.run_id if res.HasField("run_id") else None,
+                "fab-id": fab_id,
+                "fab-name": fab_id.rsplit("/", maxsplit=1)[-1],
+                "fab-version": fab_version,
+                "fab-hash": fab_hash[:8],
+                "fab-filename": fab_path,
+            }
+        )
+        restore_output()
+        Console().print_json(run_output)
 
     if stream:
         start_stream(res.run_id, channel, CONN_REFRESH_PERIOD)

flwr/cli/stop.py

@@ -0,0 +1,139 @@
+# Copyright 2024 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Flower command line interface `stop` command."""
+
+
+import io
+import json
+from pathlib import Path
+from typing import Annotated, Optional
+
+import typer
+from rich.console import Console
+
+from flwr.cli.config_utils import (
+    exit_if_no_address,
+    load_and_validate,
+    process_loaded_project_config,
+    validate_federation_in_project_config,
+)
+from flwr.cli.constant import FEDERATION_CONFIG_HELP_MESSAGE
+from flwr.common.constant import FAB_CONFIG_FILE, CliOutputFormat
+from flwr.common.logger import print_json_error, redirect_output, restore_output
+from flwr.proto.exec_pb2 import StopRunRequest, StopRunResponse  # pylint: disable=E0611
+from flwr.proto.exec_pb2_grpc import ExecStub
+
+from .utils import init_channel, try_obtain_cli_auth_plugin, unauthenticated_exc_handler
+
+
+def stop(  # pylint: disable=R0914
+    run_id: Annotated[  # pylint: disable=unused-argument
+        int,
+        typer.Argument(help="The Flower run ID to stop"),
+    ],
+    app: Annotated[
+        Path,
+        typer.Argument(help="Path of the Flower project"),
+    ] = Path("."),
+    federation: Annotated[
+        Optional[str],
+        typer.Argument(help="Name of the federation"),
+    ] = None,
+    federation_config_overrides: Annotated[
+        Optional[list[str]],
+        typer.Option(
+            "--federation-config",
+            help=FEDERATION_CONFIG_HELP_MESSAGE,
+        ),
+    ] = None,
+    output_format: Annotated[
+        str,
+        typer.Option(
+            "--format",
+            case_sensitive=False,
+            help="Format output using 'default' view or 'json'",
+        ),
+    ] = CliOutputFormat.DEFAULT,
+) -> None:
+    """Stop a run."""
+    suppress_output = output_format == CliOutputFormat.JSON
+    captured_output = io.StringIO()
+    try:
+        if suppress_output:
+            redirect_output(captured_output)
+
+        # Load and validate federation config
+        typer.secho("Loading project configuration... ", fg=typer.colors.BLUE)
+
+        pyproject_path = app / FAB_CONFIG_FILE if app else None
+        config, errors, warnings = load_and_validate(path=pyproject_path)
+        config = process_loaded_project_config(config, errors, warnings)
+        federation, federation_config = validate_federation_in_project_config(
+            federation, config, federation_config_overrides
+        )
+        exit_if_no_address(federation_config, "stop")
+        channel = None
+        try:
+            auth_plugin = try_obtain_cli_auth_plugin(app, federation, federation_config)
+            channel = init_channel(app, federation_config, auth_plugin)
+            stub = ExecStub(channel)  # pylint: disable=unused-variable # noqa: F841
+
+            typer.secho(f"✋ Stopping run ID {run_id}...", fg=typer.colors.GREEN)
+            _stop_run(stub=stub, run_id=run_id, output_format=output_format)
+
+        except ValueError as err:
+            typer.secho(
+                f"❌ {err}",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1) from err
+        finally:
+            if channel:
+                channel.close()
+    except (typer.Exit, Exception) as err:  # pylint: disable=broad-except
+        if suppress_output:
+            restore_output()
+            e_message = captured_output.getvalue()
+            print_json_error(e_message, err)
+        else:
+            typer.secho(
+                f"{err}",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+    finally:
+        if suppress_output:
+            restore_output()
+        captured_output.close()
+
+
+def _stop_run(stub: ExecStub, run_id: int, output_format: str) -> None:
+    """Stop a run."""
+    with unauthenticated_exc_handler():
+        response: StopRunResponse = stub.StopRun(request=StopRunRequest(run_id=run_id))
+    if response.success:
+        typer.secho(f"✅ Run {run_id} successfully stopped.", fg=typer.colors.GREEN)
+        if output_format == CliOutputFormat.JSON:
+            run_output = json.dumps(
+                {
+                    "success": True,
+                    "run-id": run_id,
+                }
+            )
+            restore_output()
+            Console().print_json(run_output)
+    else:
+        typer.secho(f"❌ Run {run_id} couldn't be stopped.", fg=typer.colors.RED)

flwr/cli/utils.py

@@ -14,13 +14,30 @@
 # ==============================================================================
 """Flower command line interface utils."""
 
+
 import hashlib
+import json
 import re
+from collections.abc import Iterator
+from contextlib import contextmanager
 from pathlib import Path
-from typing import Callable, Optional, cast
+from typing import Any, Callable, Optional, Union, cast
 
+import grpc
 import typer
 
+from flwr.cli.cli_user_auth_interceptor import CliUserAuthInterceptor
+from flwr.common.auth_plugin import CliAuthPlugin
+from flwr.common.constant import AUTH_TYPE_KEY, CREDENTIALS_DIR, FLWR_DIR
+from flwr.common.grpc import (
+    GRPC_MAX_MESSAGE_LENGTH,
+    create_channel,
+    on_channel_state_change,
+)
+
+from .auth_plugin import get_cli_auth_plugins
+from .config_utils import validate_certificate_in_federation_config
+
 
 def prompt_text(
     text: str,
@@ -126,13 +143,174 @@ def sanitize_project_name(name: str) -> str:
     return sanitized_name
 
 
-def get_sha256_hash(file_path: Path) -> str:
+def get_sha256_hash(file_path_or_int: Union[Path, int]) -> str:
     """Calculate the SHA-256 hash of a file."""
     sha256 = hashlib.sha256()
-    with open(file_path, "rb") as f:
-        while True:
-            data = f.read(65536)  # Read in 64kB blocks
-            if not data:
-                break
-            sha256.update(data)
+    if isinstance(file_path_or_int, Path):
+        with open(file_path_or_int, "rb") as f:
+            while True:
+                data = f.read(65536)  # Read in 64kB blocks
+                if not data:
+                    break
+                sha256.update(data)
+    elif isinstance(file_path_or_int, int):
+        sha256.update(str(file_path_or_int).encode())
     return sha256.hexdigest()
+
+
+def get_user_auth_config_path(root_dir: Path, federation: str) -> Path:
+    """Return the path to the user auth config file.
+
+    Additionally, a `.gitignore` file will be created in the Flower directory to
+    include the `.credentials` folder to be excluded from git. If the `.gitignore`
+    file already exists, a warning will be displayed if the `.credentials` entry is
+    not found.
+    """
+    # Locate the credentials directory
+    abs_flwr_dir = root_dir.absolute() / FLWR_DIR
+    credentials_dir = abs_flwr_dir / CREDENTIALS_DIR
+    credentials_dir.mkdir(parents=True, exist_ok=True)
+
+    # Determine the absolute path of the Flower directory for .gitignore
+    gitignore_path = abs_flwr_dir / ".gitignore"
+    credential_entry = CREDENTIALS_DIR
+
+    try:
+        if gitignore_path.exists():
+            with open(gitignore_path, encoding="utf-8") as gitignore_file:
+                lines = gitignore_file.read().splitlines()
+
+            # Warn if .credentials is not already in .gitignore
+            if credential_entry not in lines:
+                typer.secho(
+                    f"`.gitignore` exists, but `{credential_entry}` entry not found. "
+                    "Consider adding it to your `.gitignore` to exclude Flower "
+                    "credentials from git.",
+                    fg=typer.colors.YELLOW,
+                    bold=True,
+                )
+        else:
+            typer.secho(
+                f"Creating a new `.gitignore` with `{credential_entry}` entry...",
+                fg=typer.colors.BLUE,
+            )
+            # Create a new .gitignore with .credentials
+            with open(gitignore_path, "w", encoding="utf-8") as gitignore_file:
+                gitignore_file.write(f"{credential_entry}\n")
+    except Exception as err:
+        typer.secho(
+            "❌ An error occurred while handling `.gitignore.` "
+            f"Please check the permissions of `{gitignore_path}` and try again.",
+            fg=typer.colors.RED,
+            bold=True,
+        )
+        raise typer.Exit(code=1) from err
+
+    return credentials_dir / f"{federation}.json"
+
+
+def try_obtain_cli_auth_plugin(
+    root_dir: Path,
+    federation: str,
+    federation_config: dict[str, Any],
+    auth_type: Optional[str] = None,
+) -> Optional[CliAuthPlugin]:
+    """Load the CLI-side user auth plugin for the given auth type."""
+    # Check if user auth is enabled
+    if not federation_config.get("enable-user-auth", False):
+        return None
+
+    # Check if TLS is enabled. If not, raise an error
+    if federation_config.get("root-certificates") is None:
+        typer.secho(
+            "❌ User authentication requires TLS to be enabled. "
+            "Please provide 'root-certificates' in the federation"
+            " configuration.",
+            fg=typer.colors.RED,
+            bold=True,
+        )
+        raise typer.Exit(code=1)
+
+    config_path = get_user_auth_config_path(root_dir, federation)
+
+    # Get the auth type from the config if not provided
+    # auth_type will be None for all CLI commands except login
+    if auth_type is None:
+        try:
+            with config_path.open("r", encoding="utf-8") as file:
+                json_file = json.load(file)
+            auth_type = json_file[AUTH_TYPE_KEY]
+        except (FileNotFoundError, KeyError):
+            typer.secho(
+                "❌ Missing or invalid credentials for user authentication. "
+                "Please run `flwr login` to authenticate.",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1) from None
+
+    # Retrieve auth plugin class and instantiate it
+    try:
+        all_plugins: dict[str, type[CliAuthPlugin]] = get_cli_auth_plugins()
+        auth_plugin_class = all_plugins[auth_type]
+        return auth_plugin_class(config_path)
+    except KeyError:
+        typer.echo(f"❌ Unknown user authentication type: {auth_type}")
+        raise typer.Exit(code=1) from None
+    except ImportError:
+        typer.echo("❌ No authentication plugins are currently supported.")
+        raise typer.Exit(code=1) from None
+
+
+def init_channel(
+    app: Path, federation_config: dict[str, Any], auth_plugin: Optional[CliAuthPlugin]
+) -> grpc.Channel:
+    """Initialize gRPC channel to the Exec API."""
+    insecure, root_certificates_bytes = validate_certificate_in_federation_config(
+        app, federation_config
+    )
+
+    # Initialize the CLI-side user auth interceptor
+    interceptors: list[grpc.UnaryUnaryClientInterceptor] = []
+    if auth_plugin is not None:
+        auth_plugin.load_tokens()
+        interceptors.append(CliUserAuthInterceptor(auth_plugin))
+
+    # Create the gRPC channel
+    channel = create_channel(
+        server_address=federation_config["address"],
+        insecure=insecure,
+        root_certificates=root_certificates_bytes,
+        max_message_length=GRPC_MAX_MESSAGE_LENGTH,
+        interceptors=interceptors or None,
+    )
+    channel.subscribe(on_channel_state_change)
+    return channel
+
+
+@contextmanager
+def unauthenticated_exc_handler() -> Iterator[None]:
+    """Context manager to handle gRPC UNAUTHENTICATED errors.
+
+    It catches grpc.RpcError exceptions with UNAUTHENTICATED status, informs the user,
+    and exits the application. All other exceptions will be allowed to escape.
+    """
+    try:
+        yield
+    except grpc.RpcError as e:
+        if e.code() == grpc.StatusCode.UNAUTHENTICATED:
+            typer.secho(
+                "❌ Authentication failed. Please run `flwr login`"
+                " to authenticate and try again.",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1) from None
+        if e.code() == grpc.StatusCode.UNIMPLEMENTED:
+            typer.secho(
+                "❌ User authentication is not enabled on this SuperLink.",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1) from None
+        raise