flwr 1.22.0__py3-none-any.whl → 1.24.0__py3-none-any.whl

flwr/proto/transport_pb2_grpc.py

@@ -1,9 +1,29 @@
 # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
 """Client and server classes corresponding to protobuf-defined services."""
 import grpc
+import warnings
 
 from flwr.proto import transport_pb2 as flwr_dot_proto_dot_transport__pb2
 
+GRPC_GENERATED_VERSION = '1.70.0'
+GRPC_VERSION = grpc.__version__
+_version_not_supported = False
+
+try:
+    from grpc._utilities import first_version_is_lower
+    _version_not_supported = first_version_is_lower(GRPC_VERSION, GRPC_GENERATED_VERSION)
+except ImportError:
+    _version_not_supported = True
+
+if _version_not_supported:
+    raise RuntimeError(
+        f'The grpc package installed is at version {GRPC_VERSION},'
+        + f' but the generated code in flwr/proto/transport_pb2_grpc.py depends on'
+        + f' grpcio>={GRPC_GENERATED_VERSION}.'
+        + f' Please upgrade your grpc module to grpcio>={GRPC_GENERATED_VERSION}'
+        + f' or downgrade your generated code using grpcio-tools<={GRPC_VERSION}.'
+    )
+
 
 class FlowerServiceStub(object):
     """Missing associated documentation comment in .proto file."""
@@ -18,7 +38,7 @@ class FlowerServiceStub(object):
                 '/flwr.proto.FlowerService/Join',
                 request_serializer=flwr_dot_proto_dot_transport__pb2.ClientMessage.SerializeToString,
                 response_deserializer=flwr_dot_proto_dot_transport__pb2.ServerMessage.FromString,
-                )
+                _registered_method=True)
 
 
 class FlowerServiceServicer(object):
@@ -42,6 +62,7 @@ def add_FlowerServiceServicer_to_server(servicer, server):
     generic_handler = grpc.method_handlers_generic_handler(
             'flwr.proto.FlowerService', rpc_method_handlers)
     server.add_generic_rpc_handlers((generic_handler,))
+    server.add_registered_method_handlers('flwr.proto.FlowerService', rpc_method_handlers)
 
 
  # This class is part of an EXPERIMENTAL API.
@@ -59,8 +80,18 @@ class FlowerService(object):
             wait_for_ready=None,
             timeout=None,
             metadata=None):
-        return grpc.experimental.stream_stream(request_iterator, target, '/flwr.proto.FlowerService/Join',
+        return grpc.experimental.stream_stream(
+            request_iterator,
+            target,
+            '/flwr.proto.FlowerService/Join',
             flwr_dot_proto_dot_transport__pb2.ClientMessage.SerializeToString,
             flwr_dot_proto_dot_transport__pb2.ServerMessage.FromString,
-            options, channel_credentials,
-            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)

flwr/proto/transport_pb2_grpc.pyi

@@ -1,25 +1,55 @@
 """
 @generated by mypy-protobuf.  Do not edit manually!
 isort:skip_file
+Copyright 2020 Flower Labs GmbH. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+==============================================================================
 """
+
 import abc
+import collections.abc
 import flwr.proto.transport_pb2
 import grpc
+import grpc.aio
 import typing
 
+_T = typing.TypeVar("_T")
+
+class _MaybeAsyncIterator(collections.abc.AsyncIterator[_T], collections.abc.Iterator[_T], metaclass=abc.ABCMeta): ...
+
+class _ServicerContext(grpc.ServicerContext, grpc.aio.ServicerContext):  # type: ignore[misc, type-arg]
+    ...
+
 class FlowerServiceStub:
-    def __init__(self, channel: grpc.Channel) -> None: ...
+    def __init__(self, channel: typing.Union[grpc.Channel, grpc.aio.Channel]) -> None: ...
     Join: grpc.StreamStreamMultiCallable[
         flwr.proto.transport_pb2.ClientMessage,
-        flwr.proto.transport_pb2.ServerMessage]
+        flwr.proto.transport_pb2.ServerMessage,
+    ]
 
+class FlowerServiceAsyncStub:
+    Join: grpc.aio.StreamStreamMultiCallable[
+        flwr.proto.transport_pb2.ClientMessage,
+        flwr.proto.transport_pb2.ServerMessage,
+    ]
 
 class FlowerServiceServicer(metaclass=abc.ABCMeta):
     @abc.abstractmethod
-    def Join(self,
-        request_iterator: typing.Iterator[flwr.proto.transport_pb2.ClientMessage],
-        context: grpc.ServicerContext,
-    ) -> typing.Iterator[flwr.proto.transport_pb2.ServerMessage]: ...
-
+    def Join(
+        self,
+        request_iterator: _MaybeAsyncIterator[flwr.proto.transport_pb2.ClientMessage],
+        context: _ServicerContext,
+    ) -> typing.Union[collections.abc.Iterator[flwr.proto.transport_pb2.ServerMessage], collections.abc.AsyncIterator[flwr.proto.transport_pb2.ServerMessage]]: ...
 
-def add_FlowerServiceServicer_to_server(servicer: FlowerServiceServicer, server: grpc.Server) -> None: ...
+def add_FlowerServiceServicer_to_server(servicer: FlowerServiceServicer, server: typing.Union[grpc.Server, grpc.aio.Server]) -> None: ...

flwr/server/app.py

@@ -16,30 +16,26 @@
 
 
 import argparse
-import csv
 import importlib.util
 import os
 import subprocess
 import sys
 import threading
-from collections.abc import Sequence
-from logging import DEBUG, INFO, WARN
+from collections.abc import Callable, Sequence
+from logging import INFO, WARN
 from pathlib import Path
 from time import sleep
-from typing import Any, Callable, Optional, TypeVar
+from typing import TypeVar, cast
 
 import grpc
 import yaml
-from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.serialization import load_ssh_public_key
 
 from flwr.common import GRPC_MAX_MESSAGE_LENGTH, EventType, event
 from flwr.common.address import parse_address
 from flwr.common.args import try_obtain_server_certificates
-from flwr.common.auth_plugin import ControlAuthPlugin, ControlAuthzPlugin
 from flwr.common.config import get_flwr_dir
 from flwr.common.constant import (
-    AUTH_TYPE_YAML_KEY,
+    AUTHN_TYPE_YAML_KEY,
     AUTHZ_TYPE_YAML_KEY,
     CLIENT_OCTET,
     CONTROL_API_DEFAULT_SERVER_ADDRESS,
@@ -53,6 +49,8 @@ from flwr.common.constant import (
     TRANSPORT_TYPE_GRPC_ADAPTER,
     TRANSPORT_TYPE_GRPC_RERE,
     TRANSPORT_TYPE_REST,
+    AuthnType,
+    AuthzType,
     EventLogWriterType,
     ExecPluginType,
 )
@@ -60,39 +58,47 @@ from flwr.common.event_log_plugin import EventLogWriterPlugin
 from flwr.common.exit import ExitCode, flwr_exit, register_signal_handlers
 from flwr.common.grpc import generic_create_grpc_server
 from flwr.common.logger import log
-from flwr.common.secure_aggregation.crypto.symmetric_encryption import (
-    public_key_to_bytes,
-)
+from flwr.common.version import package_version
 from flwr.proto.fleet_pb2_grpc import (  # pylint: disable=E0611
     add_FleetServicer_to_server,
 )
 from flwr.proto.grpcadapter_pb2_grpc import add_GrpcAdapterServicer_to_server
 from flwr.server.fleet_event_log_interceptor import FleetEventLogInterceptor
+from flwr.supercore.constant import FLWR_IN_MEMORY_DB_NAME
 from flwr.supercore.ffs import FfsFactory
 from flwr.supercore.grpc_health import add_args_health, run_health_server_grpc_no_tls
 from flwr.supercore.object_store import ObjectStoreFactory
 from flwr.superlink.artifact_provider import ArtifactProvider
+from flwr.superlink.auth_plugin import (
+    ControlAuthnPlugin,
+    ControlAuthzPlugin,
+    NoOpControlAuthnPlugin,
+    NoOpControlAuthzPlugin,
+)
+from flwr.superlink.federation import FederationManager, NoOpFederationManager
 from flwr.superlink.servicer.control import run_control_api_grpc
 
 from .superlink.fleet.grpc_adapter.grpc_adapter_servicer import GrpcAdapterServicer
 from .superlink.fleet.grpc_rere.fleet_servicer import FleetServicer
-from .superlink.fleet.grpc_rere.server_interceptor import AuthenticateServerInterceptor
+from .superlink.fleet.grpc_rere.node_auth_server_interceptor import (
+    NodeAuthServerInterceptor,
+)
 from .superlink.linkstate import LinkStateFactory
 from .superlink.serverappio.serverappio_grpc import run_serverappio_api_grpc
 from .superlink.simulation.simulationio_grpc import run_simulationio_api_grpc
 
-DATABASE = ":flwr-in-memory-state:"
 BASE_DIR = get_flwr_dir() / "superlink" / "ffs"
-P = TypeVar("P", ControlAuthPlugin, ControlAuthzPlugin)
+P = TypeVar("P", ControlAuthnPlugin, ControlAuthzPlugin)
 
 
 try:
     from flwr.ee import (
         add_ee_args_superlink,
-        get_control_auth_plugins,
-        get_control_authz_plugins,
+        get_control_authn_ee_plugins,
+        get_control_authz_ee_plugins,
         get_control_event_log_writer_plugins,
         get_ee_artifact_provider,
+        get_ee_federation_manager,
         get_fleet_event_log_writer_plugins,
     )
 except ImportError:
@@ -101,14 +107,6 @@ except ImportError:
     def add_ee_args_superlink(parser: argparse.ArgumentParser) -> None:
         """Add EE-specific arguments to the parser."""
 
-    def get_control_auth_plugins() -> dict[str, type[ControlAuthPlugin]]:
-        """Return all Control API authentication plugins."""
-        raise NotImplementedError("No authentication plugins are currently supported.")
-
-    def get_control_authz_plugins() -> dict[str, type[ControlAuthzPlugin]]:
-        """Return all Control API authorization plugins."""
-        raise NotImplementedError("No authorization plugins are currently supported.")
-
     def get_control_event_log_writer_plugins() -> dict[str, type[EventLogWriterPlugin]]:
         """Return all Control API event log writer plugins."""
         raise NotImplementedError(
@@ -125,6 +123,39 @@ except ImportError:
             "No event log writer plugins are currently supported."
         )
 
+    def get_control_authn_ee_plugins() -> dict[str, type[ControlAuthnPlugin]]:
+        """Return all Control API authentication plugins for EE."""
+        return {}
+
+    def get_control_authz_ee_plugins() -> dict[str, type[ControlAuthzPlugin]]:
+        """Return all Control API authorization plugins for EE."""
+        return {}
+
+    # pylint: disable-next=unused-argument
+    def get_ee_federation_manager(config_path: str) -> FederationManager:
+        """Return the EE FederationManager."""
+        raise NotImplementedError("No federation manager is currently supported.")
+
+
+def get_control_authn_plugins() -> dict[str, type[ControlAuthnPlugin]]:
+    """Return all Control API authentication plugins."""
+    ee_dict: dict[str, type[ControlAuthnPlugin]] = get_control_authn_ee_plugins()
+    return ee_dict | {AuthnType.NOOP: NoOpControlAuthnPlugin}
+
+
+def get_control_authz_plugins() -> dict[str, type[ControlAuthzPlugin]]:
+    """Return all Control API authorization plugins."""
+    ee_dict: dict[str, type[ControlAuthzPlugin]] = get_control_authz_ee_plugins()
+    return ee_dict | {AuthzType.NOOP: NoOpControlAuthzPlugin}
+
+
+def get_federation_manager(config_path: str | None = None) -> FederationManager:
+    """Return the FederationManager."""
+    if config_path is None:
+        return NoOpFederationManager()
+    federation_manager: FederationManager = get_ee_federation_manager(config_path)
+    return federation_manager
+
 
 # pylint: disable=too-many-branches, too-many-locals, too-many-statements
 def run_superlink() -> None:
@@ -189,18 +220,24 @@ def run_superlink() -> None:
     # Obtain certificates
     certificates = try_obtain_server_certificates(args)
 
-    # Disable the user auth TLS check if args.disable_oidc_tls_cert_verification is
+    # Disable the account auth TLS check if args.disable_oidc_tls_cert_verification is
     # provided
     verify_tls_cert = not getattr(args, "disable_oidc_tls_cert_verification", None)
 
-    auth_plugin: Optional[ControlAuthPlugin] = None
-    authz_plugin: Optional[ControlAuthzPlugin] = None
-    event_log_plugin: Optional[EventLogWriterPlugin] = None
-    # Load the auth plugin if the args.user_auth_config is provided
+    authn_plugin: ControlAuthnPlugin | None = None
+    authz_plugin: ControlAuthzPlugin | None = None
+    event_log_plugin: EventLogWriterPlugin | None = None
+    # Load the auth plugin if the args.account_auth_config is provided
     if cfg_path := getattr(args, "user_auth_config", None):
-        auth_plugin, authz_plugin = _try_obtain_control_auth_plugins(
-            Path(cfg_path), verify_tls_cert
+        log(
+            WARN,
+            "The `--user-auth-config` flag is deprecated and will be removed in a "
+            "future release. Please use `--account-auth-config` instead.",
         )
+        args.account_auth_config = cfg_path
+    cfg_path = getattr(args, "account_auth_config", None)
+    authn_plugin, authz_plugin = _load_control_auth_plugins(cfg_path, verify_tls_cert)
+    if cfg_path is not None:
         # Enable event logging if the args.enable_event_log is True
         if args.enable_event_log:
             event_log_plugin = _try_obtain_control_event_log_writer_plugin()
@@ -211,15 +248,69 @@ def run_superlink() -> None:
         log(WARN, "The `--artifact-provider-config` flag is highly experimental.")
         artifact_provider = get_ee_artifact_provider(cfg_path)
 
+    # Check for incompatible args with SuperNode authentication
+    enable_supernode_auth: bool = args.enable_supernode_auth
+    if enable_supernode_auth:
+        if args.insecure:
+            url_v = f"https://flower.ai/docs/framework/v{package_version}/en/"
+            page = "how-to-authenticate-supernodes.html"
+            flwr_exit(
+                ExitCode.SUPERLINK_INVALID_ARGS,
+                "The `--enable-supernode-auth` flag requires encrypted TLS "
+                "communications. Please provide TLS certificates using the "
+                "`--ssl-certfile`, `--ssl-keyfile` and `--ssl-ca-certfile` "
+                "arguments to your SuperLink. Please refer to the Flower "
+                f"documentation for more information: {url_v}{page}",
+            )
+        if args.fleet_api_type != TRANSPORT_TYPE_GRPC_RERE:
+            flwr_exit(
+                ExitCode.SUPERLINK_INVALID_ARGS,
+                "The `--enable-supernode-auth` flag is only supported "
+                "with the gRPC-rere Fleet API transport. Please set "
+                f"`--fleet-api-type` to `{TRANSPORT_TYPE_GRPC_RERE}`.",
+            )
+        if args.simulation:
+            log(
+                WARN,
+                "SuperNode authentication is not applicable with the simulation, "
+                "runtime as no SuperNodes can connect to this SuperLink. "
+                "Proceeding...",
+            )
+    # If supernode authentication is disabled, warn users
+    else:
+        log(
+            WARN,
+            "SuperNode authentication is disabled. The SuperLink will accept "
+            "connections from any SuperNode.",
+        )
+
+    if args.auth_list_public_keys:
+        url_v = f"https://flower.ai/docs/framework/v{package_version}/en/"
+        page = "how-to-authenticate-supernodes.html"
+        flwr_exit(
+            ExitCode.SUPERLINK_INVALID_ARGS,
+            "The `--auth-list-public-keys` "
+            "argument is no longer supported. To enable SuperNode authentication,  "
+            "use the `--enable-supernode-auth` flag and use the Flower CLI to register "
+            "SuperNodes by supplying their public keys. Please refer"
+            f" to the Flower documentation for more information: {url_v}{page}",
+        )
+
+    # Load Federation Manager
+    fed_config_path = getattr(args, "federations_config", None)
+    federation_manager = get_federation_manager(fed_config_path)
+
+    # Initialize ObjectStoreFactory
+    objectstore_factory = ObjectStoreFactory(args.database)
+
     # Initialize StateFactory
-    state_factory = LinkStateFactory(args.database)
+    state_factory = LinkStateFactory(
+        args.database, federation_manager, objectstore_factory
+    )
 
     # Initialize FfsFactory
     ffs_factory = FfsFactory(args.storage_dir)
 
-    # Initialize ObjectStoreFactory
-    objectstore_factory = ObjectStoreFactory()
-
     # Start Control API
     is_simulation = args.simulation
     control_server: grpc.Server = run_control_api_grpc(
@@ -229,7 +320,7 @@ def run_superlink() -> None:
         objectstore_factory=objectstore_factory,
         certificates=certificates,
         is_simulation=is_simulation,
-        auth_plugin=auth_plugin,
+        authn_plugin=authn_plugin,
         authz_plugin=authz_plugin,
         event_log_plugin=event_log_plugin,
         artifact_provider=artifact_provider,
@@ -306,22 +397,8 @@ def run_superlink() -> None:
             fleet_thread.start()
             bckg_threads.append(fleet_thread)
         elif args.fleet_api_type == TRANSPORT_TYPE_GRPC_RERE:
-            node_public_keys = _try_load_public_keys_node_authentication(args)
-            auto_auth = True
-            if node_public_keys is not None:
-                auto_auth = False
-                state = state_factory.state()
-                state.clear_supernode_auth_keys()
-                state.store_node_public_keys(node_public_keys)
-                log(
-                    INFO,
-                    "Node authentication enabled with %d known public keys",
-                    len(node_public_keys),
-                )
-            else:
-                log(DEBUG, "Automatic node authentication enabled")
 
-            interceptors = [AuthenticateServerInterceptor(state_factory, auto_auth)]
+            interceptors = [NodeAuthServerInterceptor(state_factory)]
             if getattr(args, "enable_event_log", None):
                 fleet_log_plugin = _try_obtain_fleet_event_log_writer_plugin()
                 if fleet_log_plugin is not None:
@@ -333,6 +410,7 @@ def run_superlink() -> None:
                 state_factory=state_factory,
                 ffs_factory=ffs_factory,
                 objectstore_factory=objectstore_factory,
+                enable_supernode_auth=enable_supernode_auth,
                 certificates=certificates,
                 interceptors=interceptors,
             )
@@ -400,55 +478,21 @@ def _format_address(address: str) -> tuple[str, str, int]:
     return (f"[{host}]:{port}" if is_v6 else f"{host}:{port}", host, port)
 
 
-def _try_load_public_keys_node_authentication(
-    args: argparse.Namespace,
-) -> Optional[set[bytes]]:
-    """Return a set of node public keys."""
-    if args.auth_superlink_private_key or args.auth_superlink_public_key:
-        log(
-            WARN,
-            "The `--auth-superlink-private-key` and `--auth-superlink-public-key` "
-            "arguments are deprecated and will be removed in a future release. Node "
-            "authentication no longer requires these arguments.",
-        )
-
-    if not args.auth_list_public_keys:
-        return None
-
-    node_keys_file_path = Path(args.auth_list_public_keys)
-    if not node_keys_file_path.exists():
-        sys.exit(
-            "The provided path to the known public keys CSV file does not exist: "
-            f"{node_keys_file_path}. "
-            "Please provide the CSV file path containing known public keys "
-            "to '--auth-list-public-keys'."
-        )
-
-    node_public_keys: set[bytes] = set()
-
-    with open(node_keys_file_path, newline="", encoding="utf-8") as csvfile:
-        reader = csv.reader(csvfile)
-        for row in reader:
-            for element in row:
-                public_key = load_ssh_public_key(element.encode())
-                if isinstance(public_key, ec.EllipticCurvePublicKey):
-                    node_public_keys.add(public_key_to_bytes(public_key))
-                else:
-                    sys.exit(
-                        "Error: Unable to parse the public keys in the CSV "
-                        "file. Please ensure that the CSV file path points to a valid "
-                        "known SSH public keys files and try again."
-                    )
-    return node_public_keys
-
-
-def _try_obtain_control_auth_plugins(
-    config_path: Path, verify_tls_cert: bool
-) -> tuple[ControlAuthPlugin, ControlAuthzPlugin]:
+def _load_control_auth_plugins(
+    config_path: str | None, verify_tls_cert: bool
+) -> tuple[ControlAuthnPlugin, ControlAuthzPlugin]:
     """Obtain Control API authentication and authorization plugins."""
+    # Load NoOp plugins if no config path is provided
+    if config_path is None:
+        config_path = ""
+        config = {
+            "authentication": {AUTHN_TYPE_YAML_KEY: AuthnType.NOOP},
+            "authorization": {AUTHZ_TYPE_YAML_KEY: AuthzType.NOOP},
+        }
     # Load YAML file
-    with config_path.open("r", encoding="utf-8") as file:
-        config: dict[str, Any] = yaml.safe_load(file)
+    else:
+        with Path(config_path).open("r", encoding="utf-8") as file:
+            config = yaml.safe_load(file)
 
     def _load_plugin(
         section: str, yaml_key: str, loader: Callable[[], dict[str, type[P]]]
@@ -458,9 +502,7 @@ def _try_obtain_control_auth_plugins(
         try:
             plugins: dict[str, type[P]] = loader()
             plugin_cls: type[P] = plugins[auth_plugin_name]
-            return plugin_cls(
-                user_auth_config_path=config_path, verify_tls_cert=verify_tls_cert
-            )
+            return plugin_cls(Path(cast(str, config_path)), verify_tls_cert)
         except KeyError:
             if auth_plugin_name:
                 sys.exit(
@@ -468,14 +510,22 @@ def _try_obtain_control_auth_plugins(
                     f"Please provide a valid {section} type in the configuration."
                 )
             sys.exit(f"No {section} type is provided in the configuration.")
-        except NotImplementedError:
-            sys.exit(f"No {section} plugins are currently supported.")
+
+    # Warn deprecated auth_type key
+    if authn_type := config["authentication"].pop("auth_type", None):
+        log(
+            WARN,
+            "The `auth_type` key in the authentication configuration is deprecated. "
+            "Use `%s` instead.",
+            AUTHN_TYPE_YAML_KEY,
+        )
+        config["authentication"][AUTHN_TYPE_YAML_KEY] = authn_type
 
     # Load authentication plugin
-    auth_plugin = _load_plugin(
+    authn_plugin = _load_plugin(
         section="authentication",
-        yaml_key=AUTH_TYPE_YAML_KEY,
-        loader=get_control_auth_plugins,
+        yaml_key=AUTHN_TYPE_YAML_KEY,
+        loader=get_control_authn_plugins,
     )
 
     # Load authorization plugin
@@ -485,10 +535,10 @@ def _try_obtain_control_auth_plugins(
         loader=get_control_authz_plugins,
     )
 
-    return auth_plugin, authz_plugin
+    return authn_plugin, authz_plugin
 
 
-def _try_obtain_control_event_log_writer_plugin() -> Optional[EventLogWriterPlugin]:
+def _try_obtain_control_event_log_writer_plugin() -> EventLogWriterPlugin | None:
     """Return an instance of the event log writer plugin."""
     try:
         all_plugins: dict[str, type[EventLogWriterPlugin]] = (
@@ -502,7 +552,7 @@ def _try_obtain_control_event_log_writer_plugin() -> Optional[EventLogWriterPlug
         sys.exit("No event log writer plugins are currently supported.")
 
 
-def _try_obtain_fleet_event_log_writer_plugin() -> Optional[EventLogWriterPlugin]:
+def _try_obtain_fleet_event_log_writer_plugin() -> EventLogWriterPlugin | None:
     """Return an instance of the Fleet Servicer event log writer plugin."""
     try:
         all_plugins: dict[str, type[EventLogWriterPlugin]] = (
@@ -521,8 +571,9 @@ def _run_fleet_api_grpc_rere(  # pylint: disable=R0913, R0917
     state_factory: LinkStateFactory,
     ffs_factory: FfsFactory,
     objectstore_factory: ObjectStoreFactory,
-    certificates: Optional[tuple[bytes, bytes, bytes]],
-    interceptors: Optional[Sequence[grpc.ServerInterceptor]] = None,
+    enable_supernode_auth: bool,
+    certificates: tuple[bytes, bytes, bytes] | None,
+    interceptors: Sequence[grpc.ServerInterceptor] | None = None,
 ) -> grpc.Server:
     """Run Fleet API (gRPC, request-response)."""
     # Create Fleet API gRPC server
@@ -530,6 +581,7 @@ def _run_fleet_api_grpc_rere(  # pylint: disable=R0913, R0917
         state_factory=state_factory,
         ffs_factory=ffs_factory,
         objectstore_factory=objectstore_factory,
+        enable_supernode_auth=enable_supernode_auth,
     )
     fleet_add_servicer_to_server_fn = add_FleetServicer_to_server
     fleet_grpc_server = generic_create_grpc_server(
@@ -548,12 +600,13 @@ def _run_fleet_api_grpc_rere(  # pylint: disable=R0913, R0917
     return fleet_grpc_server
 
 
+# pylint: disable=R0913, R0917
 def _run_fleet_api_grpc_adapter(
     address: str,
     state_factory: LinkStateFactory,
     ffs_factory: FfsFactory,
     objectstore_factory: ObjectStoreFactory,
-    certificates: Optional[tuple[bytes, bytes, bytes]],
+    certificates: tuple[bytes, bytes, bytes] | None,
 ) -> grpc.Server:
     """Run Fleet API (GrpcAdapter)."""
     # Create Fleet API gRPC server
@@ -561,6 +614,7 @@ def _run_fleet_api_grpc_adapter(
         state_factory=state_factory,
         ffs_factory=ffs_factory,
         objectstore_factory=objectstore_factory,
+        enable_supernode_auth=False,
     )
     fleet_add_servicer_to_server_fn = add_GrpcAdapterServicer_to_server
     fleet_grpc_server = generic_create_grpc_server(
@@ -585,8 +639,8 @@ def _run_fleet_api_grpc_adapter(
 def _run_fleet_api_rest(
     host: str,
     port: int,
-    ssl_keyfile: Optional[str],
-    ssl_certfile: Optional[str],
+    ssl_keyfile: str | None,
+    ssl_certfile: str | None,
     state_factory: LinkStateFactory,
     ffs_factory: FfsFactory,
     objectstore_factory: ObjectStoreFactory,
@@ -691,11 +745,9 @@ def _add_args_common(parser: argparse.ArgumentParser) -> None:
     parser.add_argument(
         "--database",
         help="A string representing the path to the database "
-        "file that will be opened. Note that passing ':memory:' "
-        "will open a connection to a database that is in RAM, "
-        "instead of on disk. If nothing is provided, "
+        "file that will be opened. If nothing is provided, "
         "Flower will just create a state in memory.",
-        default=DATABASE,
+        default=FLWR_IN_MEMORY_DB_NAME,
     )
     parser.add_argument(
         "--storage-dir",
@@ -705,18 +757,12 @@ def _add_args_common(parser: argparse.ArgumentParser) -> None:
     parser.add_argument(
         "--auth-list-public-keys",
         type=str,
-        help="A CSV file (as a path str) containing a list of known public "
-        "keys to enable authentication.",
-    )
-    parser.add_argument(
-        "--auth-superlink-private-key",
-        type=str,
         help="This argument is deprecated and will be removed in a future release.",
     )
     parser.add_argument(
-        "--auth-superlink-public-key",
-        type=str,
-        help="This argument is deprecated and will be removed in a future release.",
+        "--enable-supernode-auth",
+        action="store_true",
+        help="Enable supernode authentication.",
     )
 
 

flwr/server/client_manager.py

@@ -19,7 +19,6 @@ import random
 import threading
 from abc import ABC, abstractmethod
 from logging import INFO
-from typing import Optional
 
 from flwr.common.logger import log
 
@@ -80,8 +79,8 @@ class ClientManager(ABC):
     def sample(
         self,
         num_clients: int,
-        min_num_clients: Optional[int] = None,
-        criterion: Optional[Criterion] = None,
+        min_num_clients: int | None = None,
+        criterion: Criterion | None = None,
     ) -> list[ClientProxy]:
         """Sample a number of Flower ClientProxy instances."""
 
@@ -179,8 +178,8 @@ class SimpleClientManager(ClientManager):
     def sample(
         self,
         num_clients: int,
-        min_num_clients: Optional[int] = None,
-        criterion: Optional[Criterion] = None,
+        min_num_clients: int | None = None,
+        criterion: Criterion | None = None,
     ) -> list[ClientProxy]:
         """Sample a number of Flower ClientProxy instances."""
         # Block until at least num_clients are connected.