flwr 1.19.0__py3-none-any.whl → 1.21.0__py3-none-any.whl

flwr/{superexec/exec_servicer.py → superlink/servicer/control/control_servicer.py}

@@ -12,9 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ==============================================================================
-"""SuperExec API servicer."""
+"""Control API servicer."""
 
 
+import hashlib
 import time
 from collections.abc import Generator
 from logging import ERROR, INFO
@@ -22,10 +23,13 @@ from typing import Any, Optional, cast
 
 import grpc
 
-from flwr.common import now
-from flwr.common.auth_plugin import ExecAuthPlugin
+from flwr.cli.config_utils import get_fab_metadata
+from flwr.common import Context, RecordDict, now
+from flwr.common.auth_plugin import ControlAuthPlugin
 from flwr.common.constant import (
+    FAB_MAX_SIZE,
     LOG_STREAM_INTERVAL,
+    NO_USER_AUTH_MESSAGE,
     RUN_ID_NOT_FOUND_MESSAGE,
     Status,
     SubStatus,
@@ -36,9 +40,9 @@ from flwr.common.serde import (
     run_to_proto,
     user_config_from_proto,
 )
-from flwr.common.typing import Run, RunStatus
-from flwr.proto import exec_pb2_grpc  # pylint: disable=E0611
-from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
+from flwr.common.typing import Fab, Run, RunStatus
+from flwr.proto import control_pb2_grpc  # pylint: disable=E0611
+from flwr.proto.control_pb2 import (  # pylint: disable=E0611
     GetAuthTokensRequest,
     GetAuthTokensResponse,
     GetLoginDetailsRequest,
@@ -52,57 +56,101 @@ from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
     StreamLogsRequest,
     StreamLogsResponse,
 )
-from flwr.server.superlink.ffs.ffs_factory import FfsFactory
 from flwr.server.superlink.linkstate import LinkState, LinkStateFactory
+from flwr.supercore.ffs import FfsFactory
 from flwr.supercore.object_store import ObjectStore, ObjectStoreFactory
 
-from .exec_user_auth_interceptor import shared_account_info
-from .executor import Executor
+from .control_user_auth_interceptor import shared_account_info
 
 
-class ExecServicer(exec_pb2_grpc.ExecServicer):
-    """SuperExec API servicer."""
+class ControlServicer(control_pb2_grpc.ControlServicer):
+    """Control API servicer."""
 
     def __init__(  # pylint: disable=R0913, R0917
         self,
         linkstate_factory: LinkStateFactory,
         ffs_factory: FfsFactory,
         objectstore_factory: ObjectStoreFactory,
-        executor: Executor,
-        auth_plugin: Optional[ExecAuthPlugin] = None,
+        is_simulation: bool,
+        auth_plugin: Optional[ControlAuthPlugin] = None,
     ) -> None:
         self.linkstate_factory = linkstate_factory
         self.ffs_factory = ffs_factory
         self.objectstore_factory = objectstore_factory
-        self.executor = executor
-        self.executor.initialize(linkstate_factory, ffs_factory)
+        self.is_simulation = is_simulation
         self.auth_plugin = auth_plugin
 
     def StartRun(
         self, request: StartRunRequest, context: grpc.ServicerContext
     ) -> StartRunResponse:
         """Create run ID."""
-        log(INFO, "ExecServicer.StartRun")
+        log(INFO, "ControlServicer.StartRun")
+        state = self.linkstate_factory.state()
+        ffs = self.ffs_factory.ffs()
+
+        if len(request.fab.content) > FAB_MAX_SIZE:
+            log(
+                ERROR,
+                "FAB size exceeds maximum allowed size of %d bytes.",
+                FAB_MAX_SIZE,
+            )
+            return StartRunResponse()
 
         flwr_aid = shared_account_info.get().flwr_aid if self.auth_plugin else None
-        run_id = self.executor.start_run(
-            request.fab.content,
-            user_config_from_proto(request.override_config),
-            config_record_from_proto(request.federation_options),
-            flwr_aid,
-        )
+        override_config = user_config_from_proto(request.override_config)
+        federation_options = config_record_from_proto(request.federation_options)
+        fab_file = request.fab.content
+
+        try:
+            # Check that num-supernodes is set
+            if self.is_simulation and "num-supernodes" not in federation_options:
+                raise ValueError(
+                    "Federation options doesn't contain key `num-supernodes`."
+                )
+
+            # Create run
+            fab = Fab(hashlib.sha256(fab_file).hexdigest(), fab_file)
+            fab_hash = ffs.put(fab.content, {})
+            if fab_hash != fab.hash_str:
+                raise RuntimeError(
+                    f"FAB ({fab.hash_str}) hash from request doesn't match contents"
+                )
+            fab_id, fab_version = get_fab_metadata(fab.content)
+
+            run_id = state.create_run(
+                fab_id,
+                fab_version,
+                fab_hash,
+                override_config,
+                federation_options,
+                flwr_aid,
+            )
+
+            # Create an empty context for the Run
+            context = Context(
+                run_id=run_id,
+                node_id=0,
+                node_config={},
+                state=RecordDict(),
+                run_config={},
+            )
+
+            # Register the context at the LinkState
+            state.set_serverapp_context(run_id=run_id, context=context)
 
-        if run_id is None:
-            log(ERROR, "Executor failed to start run")
+        # pylint: disable-next=broad-except
+        except Exception as e:
+            log(ERROR, "Could not start run: %s", str(e))
             return StartRunResponse()
 
+        log(INFO, "Created run %s", str(run_id))
         return StartRunResponse(run_id=run_id)
 
     def StreamLogs(  # pylint: disable=C0103
         self, request: StreamLogsRequest, context: grpc.ServicerContext
     ) -> Generator[StreamLogsResponse, Any, None]:
         """Get logs."""
-        log(INFO, "ExecServicer.StreamLogs")
+        log(INFO, "ControlServicer.StreamLogs")
         state = self.linkstate_factory.state()
 
         # Retrieve run ID and run
@@ -149,7 +197,7 @@ class ExecServicer(exec_pb2_grpc.ExecServicer):
         self, request: ListRunsRequest, context: grpc.ServicerContext
     ) -> ListRunsResponse:
         """Handle `flwr ls` command."""
-        log(INFO, "ExecServicer.List")
+        log(INFO, "ControlServicer.List")
         state = self.linkstate_factory.state()
 
         # Build a set of run IDs for `flwr ls --runs`
@@ -195,7 +243,7 @@ class ExecServicer(exec_pb2_grpc.ExecServicer):
         self, request: StopRunRequest, context: grpc.ServicerContext
     ) -> StopRunResponse:
         """Stop a given run ID."""
-        log(INFO, "ExecServicer.StopRun")
+        log(INFO, "ControlServicer.StopRun")
         state = self.linkstate_factory.state()
 
         # Retrieve run ID and run
@@ -240,11 +288,11 @@ class ExecServicer(exec_pb2_grpc.ExecServicer):
         self, request: GetLoginDetailsRequest, context: grpc.ServicerContext
     ) -> GetLoginDetailsResponse:
         """Start login."""
-        log(INFO, "ExecServicer.GetLoginDetails")
+        log(INFO, "ControlServicer.GetLoginDetails")
         if self.auth_plugin is None:
             context.abort(
                 grpc.StatusCode.UNIMPLEMENTED,
-                "ExecServicer initialized without user authentication",
+                NO_USER_AUTH_MESSAGE,
             )
             raise grpc.RpcError()  # This line is unreachable
 
@@ -267,11 +315,11 @@ class ExecServicer(exec_pb2_grpc.ExecServicer):
         self, request: GetAuthTokensRequest, context: grpc.ServicerContext
     ) -> GetAuthTokensResponse:
         """Get auth token."""
-        log(INFO, "ExecServicer.GetAuthTokens")
+        log(INFO, "ControlServicer.GetAuthTokens")
         if self.auth_plugin is None:
             context.abort(
                 grpc.StatusCode.UNIMPLEMENTED,
-                "ExecServicer initialized without user authentication",
+                NO_USER_AUTH_MESSAGE,
             )
             raise grpc.RpcError()  # This line is unreachable
 

flwr/{superexec/exec_user_auth_interceptor.py → superlink/servicer/control/control_user_auth_interceptor.py}

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ==============================================================================
-"""Flower Exec API interceptor."""
+"""Flower Control API interceptor."""
 
 
 import contextvars
@@ -20,9 +20,9 @@ from typing import Any, Callable, Union
 
 import grpc
 
-from flwr.common.auth_plugin import ExecAuthPlugin, ExecAuthzPlugin
+from flwr.common.auth_plugin import ControlAuthPlugin, ControlAuthzPlugin
 from flwr.common.typing import AccountInfo
-from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
+from flwr.proto.control_pb2 import (  # pylint: disable=E0611
     GetAuthTokensRequest,
     GetAuthTokensResponse,
     GetLoginDetailsRequest,
@@ -50,13 +50,13 @@ shared_account_info: contextvars.ContextVar[AccountInfo] = contextvars.ContextVa
 )
 
 
-class ExecUserAuthInterceptor(grpc.ServerInterceptor):  # type: ignore
-    """Exec API interceptor for user authentication."""
+class ControlUserAuthInterceptor(grpc.ServerInterceptor):  # type: ignore
+    """Control API interceptor for user authentication."""
 
     def __init__(
         self,
-        auth_plugin: ExecAuthPlugin,
-        authz_plugin: ExecAuthzPlugin,
+        auth_plugin: ControlAuthPlugin,
+        authz_plugin: ControlAuthzPlugin,
     ):
         self.auth_plugin = auth_plugin
         self.authz_plugin = authz_plugin
@@ -72,8 +72,12 @@ class ExecUserAuthInterceptor(grpc.ServerInterceptor):  # type: ignore
         by validating auth metadata sent by the user. Continue RPC call if user is
         authenticated, else, terminate RPC call by setting context to abort.
         """
+        # Only apply to Control service
+        if not handler_call_details.method.startswith("/flwr.proto.Control/"):
+            return continuation(handler_call_details)
+
         # One of the method handlers in
-        # `flwr.superexec.exec_servicer.ExecServicer`
+        # `flwr.superlink.servicer.control.ControlServicer`
         method_handler: grpc.RpcMethodHandler = continuation(handler_call_details)
         return self._generic_auth_unary_method_handler(method_handler)
 
@@ -108,7 +112,9 @@ class ExecUserAuthInterceptor(grpc.ServerInterceptor):  # type: ignore
                 # Check if the user is authorized
                 if not self.authz_plugin.verify_user_authorization(account_info):
                     context.abort(
-                        grpc.StatusCode.PERMISSION_DENIED, "User not authorized"
+                        grpc.StatusCode.PERMISSION_DENIED,
+                        "❗️ User not authorized. "
+                        "Please contact the SuperLink administrator.",
                     )
                     raise grpc.RpcError()
                 return call(request, context)  # type: ignore
@@ -127,7 +133,9 @@ class ExecUserAuthInterceptor(grpc.ServerInterceptor):  # type: ignore
                 # Check if the user is authorized
                 if not self.authz_plugin.verify_user_authorization(account_info):
                     context.abort(
-                        grpc.StatusCode.PERMISSION_DENIED, "User not authorized"
+                        grpc.StatusCode.PERMISSION_DENIED,
+                        "❗️ User not authorized. "
+                        "Please contact the SuperLink administrator.",
                     )
                     raise grpc.RpcError()
 

flwr/supernode/cli/flower_supernode.py

@@ -40,8 +40,8 @@ from flwr.common.constant import (
     TRANSPORT_TYPE_REST,
 )
 from flwr.common.exit import ExitCode, flwr_exit
-from flwr.common.exit_handlers import register_exit_handlers
 from flwr.common.logger import log
+from flwr.supercore.grpc_health import add_args_health
 from flwr.supernode.start_client_internal import start_client_internal
 
 
@@ -66,12 +66,6 @@ def flower_supernode() -> None:
 
     log(DEBUG, "Isolation mode: %s", args.isolation)
 
-    # Register handlers for graceful shutdown
-    register_exit_handlers(
-        event_type=EventType.RUN_SUPERNODE_LEAVE,
-        exit_message="SuperNode terminated gracefully.",
-    )
-
     start_client_internal(
         server_address=args.superlink,
         transport=args.transport,
@@ -86,6 +80,7 @@ def flower_supernode() -> None:
         flwr_path=args.flwr_dir,
         isolation=args.isolation,
         clientappio_api_address=args.clientappio_api_address,
+        health_server_address=args.health_server_address,
     )
 
 
@@ -125,6 +120,7 @@ def _parse_args_run_supernode() -> argparse.ArgumentParser:
         help="ClientAppIo API (gRPC) server address (IPv4, IPv6, or a domain name). "
         f"By default, it is set to {CLIENTAPPIO_API_DEFAULT_SERVER_ADDRESS}.",
     )
+    add_args_health(parser)
 
     return parser
 

flwr/supernode/cli/flwr_clientapp.py

@@ -19,9 +19,13 @@ import argparse
 from logging import DEBUG, INFO
 
 from flwr.common.args import add_args_flwr_app_common
-from flwr.common.constant import CLIENTAPPIO_API_DEFAULT_CLIENT_ADDRESS
+from flwr.common.constant import CLIENTAPPIO_API_DEFAULT_CLIENT_ADDRESS, ExecPluginType
 from flwr.common.exit import ExitCode, flwr_exit
 from flwr.common.logger import log
+from flwr.proto.clientappio_pb2_grpc import ClientAppIoStub
+from flwr.supercore.superexec.plugin import ClientAppExecPlugin
+from flwr.supercore.superexec.run_superexec import run_with_deprecation_warning
+from flwr.supercore.utils import mask_string
 from flwr.supernode.runtime.run_clientapp import run_clientapp
 
 
@@ -34,17 +38,30 @@ def flwr_clientapp() -> None:
             "flwr-clientapp does not support TLS yet.",
         )
 
+    # Disallow long-running `flwr-clientapp` processes
+    if args.token is None:
+        run_with_deprecation_warning(
+            cmd="flwr-clientapp",
+            plugin_type=ExecPluginType.CLIENT_APP,
+            plugin_class=ClientAppExecPlugin,
+            stub_class=ClientAppIoStub,
+            appio_api_address=args.clientappio_api_address,
+            flwr_dir=args.flwr_dir,
+            parent_pid=args.parent_pid,
+            warn_run_once=args.run_once,
+        )
+        return
+
     log(INFO, "Start `flwr-clientapp` process")
     log(
         DEBUG,
         "`flwr-clientapp` will attempt to connect to SuperNode's "
         "ClientAppIo API at %s with token %s",
         args.clientappio_api_address,
-        args.token,
+        mask_string(args.token) if args.token else "None",
     )
     run_clientapp(
         clientappio_api_address=args.clientappio_api_address,
-        run_once=(args.token is not None),
         token=args.token,
         flwr_dir=args.flwr_dir,
         certificates=None,
@@ -64,18 +81,5 @@ def _parse_args_run_flwr_clientapp() -> argparse.ArgumentParser:
         help="Address of SuperNode's ClientAppIo API (IPv4, IPv6, or a domain name)."
         f"By default, it is set to {CLIENTAPPIO_API_DEFAULT_CLIENT_ADDRESS}.",
     )
-    parser.add_argument(
-        "--token",
-        type=int,
-        required=False,
-        help="Unique token generated by SuperNode for each ClientApp execution",
-    )
-    parser.add_argument(
-        "--parent-pid",
-        type=int,
-        default=None,
-        help="The PID of the parent process. When set, the process will terminate "
-        "when the parent process exits.",
-    )
     add_args_flwr_app_common(parser=parser)
     return parser

flwr/supernode/nodestate/in_memory_nodestate.py

@@ -51,8 +51,9 @@ class InMemoryNodeState(NodeState):  # pylint: disable=too-many-instance-attribu
         # Store run ID to Context mapping
         self.ctx_store: dict[int, Context] = {}
         self.lock_ctx_store = Lock()
-        # Store run ID to token mapping
+        # Store run ID to token mapping and token to run ID mapping
         self.token_store: dict[int, str] = {}
+        self.token_to_run_id: dict[str, int] = {}
         self.lock_token_store = Lock()
 
     def set_node_id(self, node_id: Optional[int]) -> None:
@@ -170,13 +171,14 @@ class InMemoryNodeState(NodeState):  # pylint: disable=too-many-instance-attribu
             ret -= set(self.token_store.keys())
             return list(ret)
 
-    def create_token(self, run_id: int) -> str:
+    def create_token(self, run_id: int) -> Optional[str]:
         """Create a token for the given run ID."""
         token = secrets.token_hex(FLWR_APP_TOKEN_LENGTH)  # Generate a random token
         with self.lock_token_store:
             if run_id in self.token_store:
-                raise ValueError("Token already created for this run ID")
+                return None  # Token already created for this run ID
             self.token_store[run_id] = token
+            self.token_to_run_id[token] = run_id
         return token
 
     def verify_token(self, run_id: int, token: str) -> bool:
@@ -187,4 +189,11 @@ class InMemoryNodeState(NodeState):  # pylint: disable=too-many-instance-attribu
     def delete_token(self, run_id: int) -> None:
         """Delete the token for the given run ID."""
         with self.lock_token_store:
-            self.token_store.pop(run_id, None)
+            token = self.token_store.pop(run_id, None)
+            if token is not None:
+                self.token_to_run_id.pop(token, None)
+
+    def get_run_id_by_token(self, token: str) -> Optional[int]:
+        """Get the run ID associated with a given token."""
+        with self.lock_token_store:
+            return self.token_to_run_id.get(token)

flwr/supernode/nodestate/nodestate.py

@@ -15,15 +15,16 @@
 """Abstract base class NodeState."""
 
 
-from abc import ABC, abstractmethod
+from abc import abstractmethod
 from collections.abc import Sequence
 from typing import Optional
 
 from flwr.common import Context, Message
 from flwr.common.typing import Run
+from flwr.supercore.corestate import CoreState
 
 
-class NodeState(ABC):
+class NodeState(CoreState):
     """Abstract base class for node state."""
 
     @abstractmethod
@@ -168,45 +169,3 @@ class NodeState(ABC):
         Sequence[int]
             Sequence of run IDs with pending messages.
         """
-
-    @abstractmethod
-    def create_token(self, run_id: int) -> str:
-        """Create a token for the given run ID.
-
-        Parameters
-        ----------
-        run_id : int
-            The ID of the run for which to create a token.
-
-        Returns
-        -------
-        str
-            A unique token associated with the run ID.
-        """
-
-    @abstractmethod
-    def verify_token(self, run_id: int, token: str) -> bool:
-        """Verify a token for the given run ID.
-
-        Parameters
-        ----------
-        run_id : int
-            The ID of the run for which to verify the token.
-        token : str
-            The token to verify.
-
-        Returns
-        -------
-        bool
-            True if the token is valid for the run ID, False otherwise.
-        """
-
-    @abstractmethod
-    def delete_token(self, run_id: int) -> None:
-        """Delete the token for the given run ID.
-
-        Parameters
-        ----------
-        run_id : int
-            The ID of the run for which to delete the token.
-        """