skypilot-nightly 1.0.0.dev20250318__py3-none-any.whl → 1.0.0.dev20250320__py3-none-any.whl

sky/__init__.py

@@ -5,7 +5,7 @@ from typing import Optional
 import urllib.request
 
 # Replaced with the current commit when building the wheels.
-_SKYPILOT_COMMIT_SHA = '587ea1ec71d64d4994bdead5166f1ee3cb31d10f'
+_SKYPILOT_COMMIT_SHA = 'a480f342522afcd17a3b30a20086f28333ddb7b5'
 
 
 def _get_git_commit():
@@ -35,7 +35,7 @@ def _get_git_commit():
 
 
 __commit__ = _get_git_commit()
-__version__ = '1.0.0.dev20250318'
+__version__ = '1.0.0.dev20250320'
 __root_dir__ = os.path.dirname(os.path.abspath(__file__))
 
 

sky/adaptors/cloudflare.py

@@ -149,6 +149,10 @@ def create_endpoint():
 
 
 def check_credentials() -> Tuple[bool, Optional[str]]:
+    return check_storage_credentials()
+
+
+def check_storage_credentials() -> Tuple[bool, Optional[str]]:
     """Checks if the user has access credentials to Cloudflare R2.
 
     Returns:

sky/check.py

@@ -1,8 +1,9 @@
 """Credential checks: check cloud credentials and enable clouds."""
+import enum
 import os
 import traceback
 from types import ModuleType
-from typing import Dict, Iterable, List, Optional, Tuple, Union
+from typing import Dict, Iterable, List, Optional, Set, Tuple, Union
 
 import click
 import colorama
@@ -20,44 +21,91 @@ CHECK_MARK_EMOJI = '\U00002714'  # Heavy check mark unicode
 PARTY_POPPER_EMOJI = '\U0001F389'  # Party popper unicode
 
 
-def check(
+# Declaring CloudCapability as a subclass of str
+# allows it to be JSON serializable.
+class CloudCapability(str, enum.Enum):
+    # Compute capability.
+    COMPUTE = 'compute'
+    # Storage capability.
+    STORAGE = 'storage'
+
+
+ALL_CAPABILITIES = [CloudCapability.COMPUTE, CloudCapability.STORAGE]
+
+
+def check_capabilities(
     quiet: bool = False,
     verbose: bool = False,
     clouds: Optional[Iterable[str]] = None,
-) -> List[str]:
+    capabilities: Optional[List[CloudCapability]] = None,
+) -> Dict[str, List[CloudCapability]]:
     echo = (lambda *_args, **_kwargs: None
            ) if quiet else lambda *args, **kwargs: click.echo(
                *args, **kwargs, color=True)
     echo('Checking credentials to enable clouds for SkyPilot.')
-    enabled_clouds = []
-    disabled_clouds = []
+    if capabilities is None:
+        capabilities = ALL_CAPABILITIES
+    assert capabilities is not None
+    enabled_clouds: Dict[str, List[CloudCapability]] = {}
+    disabled_clouds: Dict[str, List[CloudCapability]] = {}
+
+    def check_credentials(
+            cloud: Union[sky_clouds.Cloud, ModuleType],
+            capability: CloudCapability) -> Tuple[bool, Optional[str]]:
+        if capability == CloudCapability.COMPUTE:
+            return cloud.check_credentials()
+        elif capability == CloudCapability.STORAGE:
+            return cloud.check_storage_credentials()
+        else:
+            raise ValueError(f'Invalid capability: {capability}')
+
+    def get_cached_state(capability: CloudCapability) -> List[sky_clouds.Cloud]:
+        if capability == CloudCapability.COMPUTE:
+            return global_user_state.get_cached_enabled_clouds()
+        elif capability == CloudCapability.STORAGE:
+            return global_user_state.get_cached_enabled_storage_clouds()
+        else:
+            raise ValueError(f'Invalid capability: {capability}')
+
+    def set_cached_state(clouds: List[str],
+                         capability: CloudCapability) -> None:
+        if capability == CloudCapability.COMPUTE:
+            global_user_state.set_enabled_clouds(clouds)
+        elif capability == CloudCapability.STORAGE:
+            global_user_state.set_enabled_storage_clouds(clouds)
+        else:
+            raise ValueError(f'Invalid capability: {capability}')
 
     def check_one_cloud(
             cloud_tuple: Tuple[str, Union[sky_clouds.Cloud,
                                           ModuleType]]) -> None:
         cloud_repr, cloud = cloud_tuple
-        with rich_utils.safe_status(f'Checking {cloud_repr}...'):
-            try:
-                ok, reason = cloud.check_credentials()
-            except Exception:  # pylint: disable=broad-except
-                # Catch all exceptions to prevent a single cloud from blocking
-                # the check for other clouds.
-                ok, reason = False, traceback.format_exc()
-        status_msg = 'enabled' if ok else 'disabled'
-        styles = {'fg': 'green', 'bold': False} if ok else {'dim': True}
-        echo('  ' + click.style(f'{cloud_repr}: {status_msg}', **styles) +
-             ' ' * 30)
-        if ok:
-            enabled_clouds.append(cloud_repr)
-            if verbose and cloud is not cloudflare:
-                activated_account = cloud.get_active_user_identity_str()
-                if activated_account is not None:
-                    echo(f'    Activated account: {activated_account}')
-            if reason is not None:
-                echo(f'    Hint: {reason}')
-        else:
-            disabled_clouds.append(cloud_repr)
-            echo(f'    Reason: {reason}')
+        assert capabilities is not None
+        for capability in capabilities:
+            with rich_utils.safe_status(f'Checking {cloud_repr}...'):
+                try:
+                    ok, reason = check_credentials(cloud, capability)
+                except exceptions.NotSupportedError:
+                    continue
+                except Exception:  # pylint: disable=broad-except
+                    # Catch all exceptions to prevent a single cloud
+                    # from blocking the check for other clouds.
+                    ok, reason = False, traceback.format_exc()
+            status_msg = ('enabled' if ok else 'disabled')
+            styles = {'fg': 'green', 'bold': False} if ok else {'dim': True}
+            echo('  ' + click.style(f'{cloud_repr}: {status_msg}', **styles) +
+                 ' ' * 30)
+            if ok:
+                enabled_clouds.setdefault(cloud_repr, []).append(capability)
+                if verbose and cloud is not cloudflare:
+                    activated_account = cloud.get_active_user_identity_str()
+                    if activated_account is not None:
+                        echo(f'    Activated account: {activated_account}')
+                if reason is not None:
+                    echo(f'    Hint: {reason}')
+            else:
+                disabled_clouds.setdefault(cloud_repr, []).append(capability)
+                echo(f'    Reason: {reason}')
 
     def get_cloud_tuple(
             cloud_name: str) -> Tuple[str, Union[sky_clouds.Cloud, ModuleType]]:
@@ -99,33 +147,37 @@ def check(
     for cloud_tuple in sorted(clouds_to_check):
         check_one_cloud(cloud_tuple)
 
-    # Cloudflare is not a real cloud in registry.CLOUD_REGISTRY, and should
-    # not be inserted into the DB (otherwise `sky launch` and other code would
-    # error out when it's trying to look it up in the registry).
-    enabled_clouds_set = {
-        cloud for cloud in enabled_clouds if not cloud.startswith('Cloudflare')
-    }
-    disabled_clouds_set = {
-        cloud for cloud in disabled_clouds if not cloud.startswith('Cloudflare')
-    }
-    config_allowed_clouds_set = {
-        cloud for cloud in config_allowed_cloud_names
-        if not cloud.startswith('Cloudflare')
-    }
-    previously_enabled_clouds_set = {
-        repr(cloud) for cloud in global_user_state.get_cached_enabled_clouds()
-    }
-
     # Determine the set of enabled clouds: (previously enabled clouds + newly
     # enabled clouds - newly disabled clouds) intersected with
     # config_allowed_clouds, if specified in config.yaml.
     # This means that if a cloud is already enabled and is not included in
     # allowed_clouds in config.yaml, it will be disabled.
-    all_enabled_clouds = (config_allowed_clouds_set & (
-        (previously_enabled_clouds_set | enabled_clouds_set) -
-        disabled_clouds_set))
-    global_user_state.set_enabled_clouds(list(all_enabled_clouds))
-
+    all_enabled_clouds: Set[str] = set()
+    for capability in capabilities:
+        # Cloudflare is not a real cloud in registry.CLOUD_REGISTRY, and should
+        # not be inserted into the DB (otherwise `sky launch` and other code
+        # would error out when it's trying to look it up in the registry).
+        enabled_clouds_set = {
+            cloud for cloud, capabilities in enabled_clouds.items()
+            if capability in capabilities and not cloud.startswith('Cloudflare')
+        }
+        disabled_clouds_set = {
+            cloud for cloud, capabilities in disabled_clouds.items()
+            if capability in capabilities and not cloud.startswith('Cloudflare')
+        }
+        config_allowed_clouds_set = {
+            cloud for cloud in config_allowed_cloud_names
+            if not cloud.startswith('Cloudflare')
+        }
+        previously_enabled_clouds_set = {
+            repr(cloud) for cloud in get_cached_state(capability)
+        }
+        enabled_clouds_for_capability = (config_allowed_clouds_set & (
+            (previously_enabled_clouds_set | enabled_clouds_set) -
+            disabled_clouds_set))
+        set_cached_state(list(enabled_clouds_for_capability), capability)
+        all_enabled_clouds = all_enabled_clouds.union(
+            enabled_clouds_for_capability)
     disallowed_clouds_hint = None
     if disallowed_cloud_names:
         disallowed_clouds_hint = (
@@ -160,8 +212,7 @@ def check(
         # Pretty print for UX.
         if not quiet:
             enabled_clouds_str = '\n  ' + '\n  '.join([
-                _format_enabled_cloud(cloud)
-                for cloud in sorted(all_enabled_clouds)
+                _format_enabled_cloud(cloud) for cloud in sorted(enabled_clouds)
             ])
             echo(f'\n{colorama.Fore.GREEN}{PARTY_POPPER_EMOJI} '
                  f'Enabled clouds {PARTY_POPPER_EMOJI}'
@@ -169,6 +220,23 @@ def check(
     return enabled_clouds
 
 
+# 'sky check' command and associated '/check' server endpoint
+# only checks compute capability for backward compatibility.
+# This necessitates setting default capability to CloudCapability.COMPUTE.
+def check(
+    quiet: bool = False,
+    verbose: bool = False,
+    clouds: Optional[Iterable[str]] = None,
+    capability: CloudCapability = CloudCapability.COMPUTE,
+) -> List[str]:
+    clouds_with_capability = []
+    enabled_clouds = check_capabilities(quiet, verbose, clouds, [capability])
+    for cloud, capabilities in enabled_clouds.items():
+        if capability in capabilities:
+            clouds_with_capability.append(cloud)
+    return clouds_with_capability
+
+
 def get_cached_enabled_clouds_or_refresh(
         raise_if_no_cloud_access: bool = False) -> List[sky_clouds.Cloud]:
     """Returns cached enabled clouds and if no cloud is enabled, refresh.
@@ -186,7 +254,7 @@ def get_cached_enabled_clouds_or_refresh(
     cached_enabled_clouds = global_user_state.get_cached_enabled_clouds()
     if not cached_enabled_clouds:
         try:
-            check(quiet=True)
+            check(quiet=True, capability=CloudCapability.COMPUTE)
         except SystemExit:
             # If no cloud is enabled, check() will raise SystemExit.
             # Here we catch it and raise the exception later only if
@@ -201,6 +269,41 @@ def get_cached_enabled_clouds_or_refresh(
     return cached_enabled_clouds
 
 
+def get_cached_enabled_storage_clouds_or_refresh(
+        raise_if_no_cloud_access: bool = False) -> List[sky_clouds.Cloud]:
+    """Returns cached enabled storage clouds and if no cloud is enabled,
+    refresh.
+
+    This function will perform a refresh if no public cloud is enabled.
+
+    Args:
+        raise_if_no_cloud_access: if True, raise an exception if no public
+            cloud is enabled.
+
+    Raises:
+        exceptions.NoCloudAccessError: if no public cloud is enabled and
+            raise_if_no_cloud_access is set to True.
+    """
+    cached_enabled_storage_clouds = (
+        global_user_state.get_cached_enabled_storage_clouds())
+    if not cached_enabled_storage_clouds:
+        try:
+            check(quiet=True, capability=CloudCapability.STORAGE)
+        except SystemExit:
+            # If no cloud is enabled, check() will raise SystemExit.
+            # Here we catch it and raise the exception later only if
+            # raise_if_no_cloud_access is set to True.
+            pass
+        cached_enabled_storage_clouds = (
+            global_user_state.get_cached_enabled_storage_clouds())
+    if raise_if_no_cloud_access and not cached_enabled_storage_clouds:
+        with ux_utils.print_exception_no_traceback():
+            raise exceptions.NoCloudAccessError(
+                'Cloud access is not set up. Run: '
+                f'{colorama.Style.BRIGHT}sky check{colorama.Style.RESET_ALL}')
+    return cached_enabled_storage_clouds
+
+
 def get_cloud_credential_file_mounts(
         excluded_clouds: Optional[Iterable[sky_clouds.Cloud]]
 ) -> Dict[str, str]:
@@ -226,7 +329,7 @@ def get_cloud_credential_file_mounts(
     # Currently, get_cached_enabled_clouds_or_refresh() does not support r2 as
     # only clouds with computing instances are marked as enabled by skypilot.
     # This will be removed when cloudflare/r2 is added as a 'cloud'.
-    r2_is_enabled, _ = cloudflare.check_credentials()
+    r2_is_enabled, _ = cloudflare.check_storage_credentials()
     if r2_is_enabled:
         r2_credential_mounts = cloudflare.get_credential_file_mounts()
         file_mounts.update(r2_credential_mounts)

sky/clouds/aws.py

@@ -666,6 +666,11 @@ class AWS(clouds.Cloud):
                 f'{common_utils.format_exception(e, use_bracket=True)}')
         return True, hints
 
+    @classmethod
+    def check_storage_credentials(cls) -> Tuple[bool, Optional[str]]:
+        # TODO(seungjin): Check if the user has access to S3.
+        return cls.check_credentials()
+
     @classmethod
     def _current_identity_type(cls) -> Optional[AWSIdentityType]:
         stdout = cls._aws_configure_list()

sky/clouds/azure.py

@@ -574,6 +574,11 @@ class Azure(clouds.Cloud):
         return service_catalog.instance_type_exists(instance_type,
                                                     clouds='azure')
 
+    @classmethod
+    def check_storage_credentials(cls) -> Tuple[bool, Optional[str]]:
+        # TODO(seungjin): Check if the user has access to Azure Blob Storage.
+        return cls.check_credentials()
+
     @classmethod
     @annotations.lru_cache(scope='global',
                            maxsize=1)  # Cache since getting identity is slow.

sky/clouds/cloud.py

@@ -443,6 +443,18 @@ class Cloud:
         """
         raise NotImplementedError
 
+    @classmethod
+    def check_storage_credentials(cls) -> Tuple[bool, Optional[str]]:
+        """Checks if the user has access credentials to this cloud's storage.
+
+        Returns a boolean of whether the user can access this cloud's storage,
+        and a string describing the reason if the user cannot access.
+        """
+        # A given cloud does not support storage
+        # unless it overrides this method.
+        raise exceptions.NotSupportedError(
+            f'{cls._REPR} does not support storage.')
+
     # TODO(zhwu): Make the return type immutable.
     @classmethod
     def get_user_identities(cls) -> Optional[List[List[str]]]:

sky/clouds/gcp.py

@@ -124,6 +124,7 @@ def _run_output(cmd):
 
 
 def is_api_disabled(endpoint: str, project_id: str) -> bool:
+    # requires serviceusage.services.list
     proc = subprocess.run((f'gcloud services list --project {project_id} '
                            f' | grep {endpoint}.googleapis.com'),
                           check=False,
@@ -719,6 +720,28 @@ class GCP(clouds.Cloud):
 
     @classmethod
     def check_credentials(cls) -> Tuple[bool, Optional[str]]:
+        """Checks if the user has compute access credentials to this cloud."""
+        return cls._check_credentials(  # Check APIs.
+            [
+                ('compute', 'Compute Engine'),
+                ('cloudresourcemanager', 'Cloud Resource Manager'),
+                ('iam', 'Identity and Access Management (IAM)'),
+                ('tpu', 'Cloud TPU'),  # Keep as final element.
+            ],
+            gcp_utils.get_minimal_compute_permissions())
+
+    @classmethod
+    def check_storage_credentials(cls) -> Tuple[bool, Optional[str]]:
+        """Checks if the user has compute access credentials to this cloud."""
+        return cls._check_credentials(  # Check APIs.
+            [
+                ('storage', 'Cloud Storage'),
+            ], gcp_utils.get_minimal_storage_permissions())
+
+    @classmethod
+    def _check_credentials(
+            cls, apis: List[Tuple[str, str]],
+            gcp_minimal_permissions: List[str]) -> Tuple[bool, Optional[str]]:
         """Checks if the user has access credentials to this cloud."""
         try:
             # pylint: disable=import-outside-toplevel,unused-import
@@ -783,13 +806,37 @@ class GCP(clouds.Cloud):
                 f'{cls._INDENT_PREFIX}Details: '
                 f'{common_utils.format_exception(e, use_bracket=True)}')
 
-        # Check APIs.
-        apis = (
-            ('compute', 'Compute Engine'),
-            ('cloudresourcemanager', 'Cloud Resource Manager'),
-            ('iam', 'Identity and Access Management (IAM)'),
-            ('tpu', 'Cloud TPU'),  # Keep as final element.
-        )
+        # pylint: disable=import-outside-toplevel,unused-import
+        import google.auth
+
+        # This takes user's credential info from "~/.config/gcloud/application_default_credentials.json".  # pylint: disable=line-too-long
+        credentials, project = google.auth.default()
+        crm = gcp.build('cloudresourcemanager',
+                        'v1',
+                        credentials=credentials,
+                        cache_discovery=False)
+        permissions = {'permissions': gcp_minimal_permissions}
+        request = crm.projects().testIamPermissions(resource=project,
+                                                    body=permissions)
+        try:
+            ret_permissions = request.execute().get('permissions', [])
+        except gcp.gcp_auth_refresh_error_exception() as e:
+            return False, common_utils.format_exception(e, use_bracket=True)
+
+        diffs = set(gcp_minimal_permissions).difference(set(ret_permissions))
+        if diffs:
+            identity_str = identity[0] if identity else None
+            return False, (
+                'The following permissions are not enabled for the current '
+                f'GCP identity ({identity_str}):\n    '
+                f'{diffs}\n    '
+                'For more details, visit: https://docs.skypilot.co/en/latest/cloud-setup/cloud-permissions/gcp.html')  # pylint: disable=line-too-long
+
+        # This code must be executed after the iam check above,
+        # as the check below for api enablement itself needs:
+        # - serviceusage.services.enable
+        # - serviceusage.services.list
+        # iam permissions.
         enabled_api = False
         for endpoint, display_name in apis:
             if is_api_disabled(endpoint, project_id):
@@ -801,6 +848,7 @@ class GCP(clouds.Cloud):
                     suffix = ' (free of charge)'
                 print(f'\nEnabling {display_name} API{suffix}...')
                 t1 = time.time()
+                # requires serviceusage.services.enable
                 proc = subprocess.run(
                     f'gcloud services enable {endpoint}.googleapis.com '
                     f'--project {project_id}',
@@ -830,32 +878,6 @@ class GCP(clouds.Cloud):
                   'effect. If any SkyPilot commands/calls failed, retry after '
                   'some time.')
 
-        # pylint: disable=import-outside-toplevel,unused-import
-        import google.auth
-
-        # This takes user's credential info from "~/.config/gcloud/application_default_credentials.json".  # pylint: disable=line-too-long
-        credentials, project = google.auth.default()
-        crm = gcp.build('cloudresourcemanager',
-                        'v1',
-                        credentials=credentials,
-                        cache_discovery=False)
-        gcp_minimal_permissions = gcp_utils.get_minimal_permissions()
-        permissions = {'permissions': gcp_minimal_permissions}
-        request = crm.projects().testIamPermissions(resource=project,
-                                                    body=permissions)
-        try:
-            ret_permissions = request.execute().get('permissions', [])
-        except gcp.gcp_auth_refresh_error_exception() as e:
-            return False, common_utils.format_exception(e, use_bracket=True)
-
-        diffs = set(gcp_minimal_permissions).difference(set(ret_permissions))
-        if diffs:
-            identity_str = identity[0] if identity else None
-            return False, (
-                'The following permissions are not enabled for the current '
-                f'GCP identity ({identity_str}):\n    '
-                f'{diffs}\n    '
-                'For more details, visit: https://docs.skypilot.co/en/latest/cloud-setup/cloud-permissions/gcp.html')  # pylint: disable=line-too-long
         return True, None
 
     def get_credential_file_mounts(self) -> Dict[str, str]:

sky/clouds/ibm.py

@@ -433,6 +433,11 @@ class IBM(clouds.Cloud):
         except Exception as e:
             return (False, f'{str(e)}' + help_str)
 
+    @classmethod
+    def check_storage_credentials(cls) -> Tuple[bool, Optional[str]]:
+        # TODO(seungjin): Check if the user has access to IBM COS.
+        return cls.check_credentials()
+
     def get_credential_file_mounts(self) -> Dict[str, str]:
         """Returns a {remote:local} credential path mapping
          written to the cluster's file_mounts segment

sky/clouds/oci.py

@@ -456,6 +456,11 @@ class OCI(clouds.Cloud):
                 f'{cls._INDENT_PREFIX}Error details: '
                 f'{common_utils.format_exception(e, use_bracket=True)}')
 
+    @classmethod
+    def check_storage_credentials(cls) -> Tuple[bool, Optional[str]]:
+        # TODO(seungjin): Check if the user has access to OCI Object Storage.
+        return cls.check_credentials()
+
     @classmethod
     def check_disk_tier(
             cls, instance_type: Optional[str],

sky/clouds/utils/gcp_utils.py

@@ -167,7 +167,7 @@ def _list_reservations_for_instance_type(
     return [GCPReservation.from_dict(r) for r in json.loads(stdout)]
 
 
-def get_minimal_permissions() -> List[str]:
+def get_minimal_compute_permissions() -> List[str]:
     permissions = copy.copy(constants.VM_MINIMAL_PERMISSIONS)
     if skypilot_config.get_nested(('gcp', 'vpc_name'), None) is None:
         # If custom VPC is not specified, permissions to modify network are
@@ -179,4 +179,14 @@ def get_minimal_permissions() -> List[str]:
             skypilot_config.get_nested(('gcp', 'specific_reservations'), [])):
         permissions += constants.RESERVATION_PERMISSIONS
 
+    permissions += constants.GCP_MINIMAL_PERMISSIONS
+
+    return permissions
+
+
+def get_minimal_storage_permissions() -> List[str]:
+    permissions = copy.copy(constants.STORAGE_MINIMAL_PERMISSIONS)
+
+    permissions += constants.GCP_MINIMAL_PERMISSIONS
+
     return permissions

sky/core.py

@@ -1134,7 +1134,9 @@ def local_down() -> None:
         # Run sky check
         with rich_utils.safe_status(
                 ux_utils.spinner_message('Running sky check...')):
-            sky_check.check(clouds=['kubernetes'], quiet=True)
+            sky_check.check(clouds=['kubernetes'],
+                            quiet=True,
+                            capability=sky_check.CloudCapability.COMPUTE)
         logger.info(
             ux_utils.finishing_message('Local cluster removed.',
                                        log_path=log_path,

sky/data/storage.py

@@ -82,20 +82,17 @@ def get_cached_enabled_storage_clouds_or_refresh(
         raise_if_no_cloud_access: bool = False) -> List[str]:
     # This is a temporary solution until https://github.com/skypilot-org/skypilot/issues/1943 # pylint: disable=line-too-long
     # is resolved by implementing separate 'enabled_storage_clouds'
-    enabled_clouds = sky_check.get_cached_enabled_clouds_or_refresh()
+    enabled_clouds = sky_check.get_cached_enabled_storage_clouds_or_refresh()
     enabled_clouds = [str(cloud) for cloud in enabled_clouds]
 
-    enabled_storage_clouds = [
-        cloud for cloud in enabled_clouds if cloud in STORE_ENABLED_CLOUDS
-    ]
-    r2_is_enabled, _ = cloudflare.check_credentials()
+    r2_is_enabled, _ = cloudflare.check_storage_credentials()
     if r2_is_enabled:
-        enabled_storage_clouds.append(cloudflare.NAME)
-    if raise_if_no_cloud_access and not enabled_storage_clouds:
+        enabled_clouds.append(cloudflare.NAME)
+    if raise_if_no_cloud_access and not enabled_clouds:
         raise exceptions.NoCloudAccessError(
             'No cloud access available for storage. '
             'Please check your cloud credentials.')
-    return enabled_storage_clouds
+    return enabled_clouds
 
 
 def _is_storage_cloud_enabled(cloud_name: str,
@@ -105,7 +102,8 @@ def _is_storage_cloud_enabled(cloud_name: str,
         return True
     if try_fix_with_sky_check:
         # TODO(zhwu): Only check the specified cloud to speed up.
-        sky_check.check(quiet=True)
+        sky_check.check(quiet=True,
+                        capability=sky_check.CloudCapability.STORAGE)
         return _is_storage_cloud_enabled(cloud_name,
                                          try_fix_with_sky_check=False)
     return False

sky/execution.py

@@ -529,6 +529,11 @@ def launch(
             ]
             skip_unnecessary_provisioning = True
 
+    # Attach to setup if the cluster is a controller, so that user can
+    # see the setup logs when inspecting the launch process to know
+    # excatly what the job is waiting for.
+    detach_setup = controller_utils.Controllers.from_name(cluster_name) is None
+
     return _execute(
         entrypoint=entrypoint,
         dryrun=dryrun,
@@ -540,7 +545,7 @@ def launch(
         optimize_target=optimize_target,
         stages=stages,
         cluster_name=cluster_name,
-        detach_setup=True,
+        detach_setup=detach_setup,
         detach_run=True,
         idle_minutes_to_autostop=idle_minutes_to_autostop,
         no_setup=no_setup,

sky/global_user_state.py

@@ -31,6 +31,7 @@ if typing.TYPE_CHECKING:
 logger = sky_logging.init_logger(__name__)
 
 _ENABLED_CLOUDS_KEY = 'enabled_clouds'
+_ENABLED_STORAGE_CLOUDS_KEY = 'enabled_storage_clouds'
 
 _DB_PATH = os.path.expanduser('~/.sky/state.db')
 pathlib.Path(_DB_PATH).parents[0].mkdir(parents=True, exist_ok=True)
@@ -817,12 +818,41 @@ def get_cached_enabled_clouds() -> List['clouds.Cloud']:
     return enabled_clouds
 
 
+def get_cached_enabled_storage_clouds() -> List['clouds.Cloud']:
+    rows = _DB.cursor.execute('SELECT value FROM config WHERE key = ?',
+                              (_ENABLED_STORAGE_CLOUDS_KEY,))
+    ret = []
+    for (value,) in rows:
+        ret = json.loads(value)
+        break
+    enabled_clouds: List['clouds.Cloud'] = []
+    for c in ret:
+        try:
+            cloud = registry.CLOUD_REGISTRY.from_str(c)
+        except ValueError:
+            # Handle the case for the clouds whose support has been removed from
+            # SkyPilot, e.g., 'local' was a cloud in the past and may be stored
+            # in the database for users before #3037. We should ignore removed
+            # clouds and continue.
+            continue
+        if cloud is not None:
+            enabled_clouds.append(cloud)
+    return enabled_clouds
+
+
 def set_enabled_clouds(enabled_clouds: List[str]) -> None:
     _DB.cursor.execute('INSERT OR REPLACE INTO config VALUES (?, ?)',
                        (_ENABLED_CLOUDS_KEY, json.dumps(enabled_clouds)))
     _DB.conn.commit()
 
 
+def set_enabled_storage_clouds(enabled_storage_clouds: List[str]) -> None:
+    _DB.cursor.execute(
+        'INSERT OR REPLACE INTO config VALUES (?, ?)',
+        (_ENABLED_STORAGE_CLOUDS_KEY, json.dumps(enabled_storage_clouds)))
+    _DB.conn.commit()
+
+
 def add_or_update_storage(storage_name: str,
                           storage_handle: 'Storage.StorageMetadata',
                           storage_status: status_lib.StorageStatus):