vantage6 5.0.0a34__py3-none-any.whl → 5.0.0a36__py3-none-any.whl

vantage6/cli/template/auth_config.j2

@@ -0,0 +1,230 @@
+# for more options on the deployment of this chart, see:
+# https://artifacthub.io/packages/helm/bitnami/keycloak
+keycloak:
+
+  # for development, use a local PostgreSQL instance.
+  {% if keycloak.production %}
+  postgresql:
+    enabled: false
+
+  # TODO v5+ set these variables from the CLI
+  externalDatabase:
+    host: "sql.example.vantage6.ai"
+    port: 5432
+    username: my-username
+    password: my-secret-password
+    database: my-keycloak-database
+    schema: public
+    existingSecretHostKey: my-secret-contains-the-host
+    existingSecretPortKey: my-secret-contains-the-port
+    existingSecretUsernameKey: my-secret-contains-the-username
+    existingSecretPasswordKey: my-secret-contains-the-password
+    existingSecretDatabaseKey: my-secret-contains-the-database
+
+  # TODO v5+ set secrets in CLI
+  auth:
+    # Set the username and password for the Keycloak admin. This user is created when
+    # the service is initialized.
+    adminUser: {{ keycloak.adminUser | default('admin') }}
+    existingSecret: secret-containing-admin-password
+    passwordSecretKey: key-to-admin-password-in-secret
+    # For a development environment, you can set the admin user and password directly.
+    # adminPassword: admin
+
+  # for production, TLS should be enabled for internal Keycloak communication
+  # TODO v5+ we should test if this works when we have CLI commands (#1923)
+  production: true
+  tls:
+    enabled: true
+    autoGenerated: true
+  {% else %}
+  postgresql:
+    enabled: true
+    auth:
+      postgresPassword: postgres
+      password: keycloak
+      database: keycloak
+
+  # for production, use an external PostgreSQL instance. This requires setting up config
+  # as follows. Be sure to set postgres.enabled to false just above here.
+  # externalDatabase:
+  #   host: "sql.example.vantage6.ai"
+  #   port: 5432
+  #   username: my-username
+  #   password: my-secret-password
+  #   database: my-keycloak-database
+  #   schema: public
+  #   # or alternatively, use secrets for all of the above formatted as:
+  #   existingSecretHostKey: my-secret-contains-the-host
+  #   existingSecretPortKey: my-secret-contains-the-port
+  #   existingSecretUsernameKey: my-secret-contains-the-username
+  #   existingSecretPasswordKey: my-secret-contains-the-password
+  #   existingSecretDatabaseKey: my-secret-contains-the-database
+
+  auth:
+    # for development environment, set a dummy password for the admin user.
+    adminUser: admin
+    adminPassword: admin
+    # for production, the password should be stored in a secret. Below you should then
+    # give the name of the secret and the key to where the password is within the
+    # secret.
+    # existingSecret: secret-containing-admin-password
+    # passwordSecretKey: key-to-admin-password-in-secret
+
+  # if you want to switch to production, you should set the following settings to true.
+  production: false
+  tls:
+    enabled: false
+    autoGenerated: false
+  {% endif %}
+
+  # ensure that the auth pod has enough resources to run. The default values are enough
+  # in most cases, but for a larger environment, you might need to increase the limits.
+  resources:
+    limits:
+      memory: 2Gi
+      cpu: 1000m
+    requests:
+      memory: 1Gi
+      cpu: 500m
+
+  # The following configuration is run via the CLI when the Keycloak service is
+  # initialized. It creates a number of users, roles and secrets that are required for
+  # vantage6 to work properly.
+  keycloakConfigCli:
+    enabled: true
+    configuration:
+      # Keycloak realm configuration. For all options, see
+      # https://www.keycloak.org/docs-api/latest/rest-api/index.html#RealmRepresentation
+      realm:
+        # Keycloak realm name
+        realm: {{ keycloak.realm | default('vantage6') }}
+        enabled: true
+
+        # access token lifespan in seconds
+        accessTokenLifespan: {{ keycloak.accessTokenLifespan | default(300) }}
+
+        # sso session idle timeout in seconds. This is the time before the refresh token
+        # expires. With default settings, this value controls the time before the
+        # refresh token expires. Note that if setting this to >3600, you also need to
+        # set ssoSessionMaxLifespan and/or clientSessionIdleTimeout and/or
+        # clientSessionMaxLifespan to higher values to effectively lengthen the session.
+        ssoSessionIdleTimeout: {{ keycloak.ssoSessionIdleTimeout | default(1800) }}
+
+        # password policy configuration. If you prefer not to have a
+        passwordPolicy: "length(8) and upperCase(1) and lowerCase(1) and digits(1) and specialChars(1)"
+
+        # do not allow users to edit their username - this would lead to problems with
+        # syncing the user between keycloak and vantage6 server/store. This setting
+        # should always be set to false.
+        editUsernameAllowed: false
+
+        {% if keycloak.production %}
+        # required actions for users. By setting defaultAction to true for configuring
+        # OTP, the user will be prompted to configure OTP (for two-factor
+        # authentication) on first login.
+        requiredActions:
+          - alias: CONFIGURE_TOTP
+            name: Configure OTP
+            providerId: CONFIGURE_TOTP
+            enabled: true
+            defaultAction: true
+            priority: 10
+        {% else %}
+        # If you want to require users to use two-factor authentication on first login,
+        # enable the settings below.
+        # requiredActions:
+        #  - alias: CONFIGURE_TOTP
+        #    name: Configure OTP
+        #    providerId: CONFIGURE_TOTP
+        #    enabled: true
+        #    defaultAction: true
+        #    priority: 10
+        {% endif %}
+
+        # users to be created in the realm. This initializes the realm with a default
+        # admin user. It also initializes the service account for the backend admin
+        # client to give it the necessary permissions to manage the realm.
+        # TODO v5+ configure secrets where necessary
+        users:
+          # create the vantage6 admin user. The name of this user should also be present
+          # in the vantage6 server and store configuration - it is the user that will be
+          # assigned admin permissions on initial startup.
+          - username: {{ keycloak.adminUser | default('admin') }}
+            enabled: true
+            credentials:
+              - type: password
+                value: {{ keycloak.adminPassword | default('Admin123!') }}
+            requiredActions:
+              {% if keycloak.production %}
+              - CONFIGURE_TOTP
+              - UPDATE_PASSWORD
+              {% else %}
+              # enable configure OTP only if you want to use two-factor authentication
+              # - CONFIGURE_TOTP
+              - UPDATE_PASSWORD
+              {% endif %}
+          # create a service account user for the backend admin client. The
+          # serviceAccountClientId should match the value set in the client section
+          # below. The vantage6 server and store will use this user to create new
+          # accounts for users and nodes in keycloak - that is why it gets assigned some
+          # realm-management permissions.
+          - username: service-account-backend-admin-client
+            enabled: true
+            serviceAccountClientId: backend-admin-client
+            clientRoles:
+              realm-management:
+                - view-users
+                - manage-users
+                - view-clients
+                - manage-clients
+                - create-client
+
+        # clients to be created in the realm. This initializes the realm with a default
+        # public client and a backend admin client. The public client is used by users
+        # to authenticate in the browser. Either the UI or the Python client will
+        # redirect to this client.
+        clients:
+          - clientId: public_client
+            publicClient: true
+            # redirect URIs are the URIs that keycloak is allowed to redirect to after
+            # authentication. This should be set to the UI URL, and to the Keyloak
+            # service on port 7681. The latter is needed for authentication from outside
+            # the browser - if e.g. the Python client authenticates, it will open a
+            # browser window to authenticate that redirects to the Keycloak service on
+            # port 7681.
+            {% if keycloak.redirectUris %}
+            redirectUris:
+              {% for uri in keycloak.redirectUris %}
+              - "{{ uri }}/*"
+              {% endfor %}
+            {% else %}
+            redirectUris:
+              # allow logging in via a local UI
+              - "http://localhost:7600/*"
+              # allow logging in via the Python client (which spins up a local server
+              # on port 7681)
+              - "http://localhost:7681/*"
+            {% endif %}
+            # By setting webOrigins to "+", we allow the same origins as redirectUris.
+            webOrigins:
+              - "+"
+            # The public client is only for users, not for nodes. Therefore, map a
+            # constant claim to indicate the that the client is a user.
+            protocolMappers:
+              - name: vantage6_client_type
+                protocol: openid-connect
+                protocolMapper: oidc-hardcoded-claim-mapper
+                consentRequired: false
+                config:
+                  claim.name: vantage6_client_type
+                  claim.value: user
+                  access.token.claim: true
+          # create a client that will allow the backend to manage users and clients in
+          # keycloak.
+          - clientId: backend-admin-client
+            publicClient: false
+            # TODO v5+ configure secrets where necessary
+            secret: myadminclientsecret
+            serviceAccountsEnabled: true
+            standardFlowEnabled: false

vantage6/cli/template/node_config.j2

@@ -1,33 +1,336 @@
-api_path: {{ api_path }}
-encryption:
-  enabled: false
-  private_key: null
-logging:
-  backup_count: 5
-  datefmt: '%Y-%m-%d %H:%M:%S'
-  file: {{ logging["file"] }}
-  format: '%(asctime)s - %(name)-14s - %(levelname)-8s - %(message)s'
-  level: DEBUG
-  max_size: 1024
-  use_console: true
-  loggers:
-  - level: warning
-    name: urllib3
-  - level: warning
-    name: requests
-  - level: warning
-    name: engineio.client
-  - level: warning
-    name: docker.utils.config
-  - level: warning
-    name: docker.auth
-  - level: warning
-    name: kubernetes.client.rest
-node_proxy_port: {{ node_proxy_port }}
-port: {{ port }}
-server_url: {{ server_url }}
-task_dir: {{ task_dir}}
-dev:
-  task_dir_extension: {{ task_dir_extension }}
-task_namespace: {{ task_namespace }}
-{{- user_provided_config -}}
+# override the chart name
+nameOverride: {{ nameOverride | default('vantage6-node') }}
+# Optional, by default the Release.Namespace is used
+# namespace: vantage6-node
+node:
+
+  # Set to false to prevent creation of node secrets (useful when secrets are managed
+  # externally)
+  createSecrets: {{ node.createSecrets | default(true) }}
+
+  name: {{ node.name | default('put-your-node-name-here') }}
+  apiKey: {{ node.apiKey | default('put-your-api-key-here') }}
+
+  # Keycloak configuration
+  keycloakUrl: {{ node.keycloakUrl | default('http://vantage6-auth-keycloak.vantage6.svc.cluster.local') }}
+  keycloakRealm: {{ node.keycloakRealm | default('vantage6') }}
+
+  # TODO v5+ set the url/port directly on node-configmap.yaml using \{\{ .Release.Name \}\}-vantage6-server-service
+  {% if node.server is defined %}
+  server:
+    url: {{ node.server.url | default('http://vantage6-server-vantage6-server-service') }}
+    port: {{ node.server.port | default(7601) }}
+    path: {{ node.server.path | default('/server') }}
+  {% else %}
+  server:
+    url: http://vantage6-server-vantage6-server-service
+    port: 7601
+    path: /server
+  {% endif %}
+
+
+  image: {{ node.image | default('harbor2.vantage6.ai/infrastructure/node:latest') }}
+
+  # Namespace in which the task kubernetes resources are created. This must be a
+  # namespace where the node has access to create pods.
+  taskNamespace: {{ node.taskNamespace | default('vantage6-tasks') }}
+
+  # Kubernetes node name, used for local persistent volumes
+  k8sNodeName: {{ node.k8sNodeName | default('docker-desktop') }}
+
+  logging:
+    # Controls the logging output level. Could be one of the following
+    # levels: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET
+    level: {{ node.logging.level | default('INFO') }}
+
+    # Location to the log file
+    file: {{ node.logging.file | default('node.log') }}
+
+    # Size in kb of a single log file
+    max_size: {{ node.logging.max_size | default(1024) }}
+    use_console: {{ node.logging.use_console | default(true) }}
+
+    # Date format for the log file
+    datefmt: "{{ node.logging.datefmt | default('%Y-%m-%d %H:%M:%S') }}"
+
+    # Format for the log file
+    format: "{{ node.logging.format | default('%(asctime)s - %(name)-14s - %(levelname)-8s - %(message)s') }}"
+
+    # Maximum number of log files to keep. Log files are rotated when the size of the
+    # current log file exceeds `max_size`.
+    backup_count: {{ node.logging.backup_count | default(5) }}
+
+    # Loggers to include in the log file
+    loggers:
+    {% if node.logging.loggers is defined %}
+    {% for logger in node.logging.loggers %}
+    - level: {{ logger.level }}
+      name: {{ logger.name }}
+    {% endfor %}
+    {% endif %}
+    {% if node.logging.loggers is not defined %}
+    - level: warning
+      name: urllib3
+    - level: warning
+      name: socketIO-client
+    - level: warning
+      name: socketio.server
+    - level: warning
+      name: engineio.server
+    - level: warning
+      name: sqlalchemy.engine
+    {% endif %}
+
+  {% if node.encryption is defined %}
+  encryption:
+    # Whether encryption is enabled or not. This should be the same as the `encrypted`
+    # setting of the collaboration to which this node belongs.
+    enabled: {{ node.encryption.enabled | default(false) }}
+
+    # Location to the private key file. Required if encryption is enabled.
+    {% if node.encryption.enabled | default(false) %}
+    private_key: {{ node.encryption.private_key | default('/path/to/private_key.pem') }}
+    {% else %}
+    # private_key: /path/to/private_key.pem
+    {% endif %}
+  {% else %}
+  encryption:
+    # Whether encryption is enabled or not. This should be the same as the `encrypted`
+    # setting of the collaboration to which this node belongs.
+    enabled: false
+
+    # Location to the private key file. Required if encryption is enabled.
+    # private_key: /path/to/private_key.pem
+  {% endif %}
+
+  # Port for the node proxy to run on
+  proxyPort: {{ node.proxyPort | default(7654) }}
+
+  # Storage settings on host of the node machine. This defines where the database is
+  # stored as well as the task directory (which will contain the input/output of the
+  # tasks).
+  persistence:
+    tasks:
+      {% if node.persistence is defined and node.persistence.tasks is defined %}
+      storageClass: {{ node.persistence.tasks.storageClass | default('local-storage') }}
+      size: {{ node.persistence.tasks.size | default('10Gi') }}
+      hostPath: {{ node.persistence.tasks.hostPath | default('/path/to/where/task/files/are/stored') }}
+      {% else %}
+      storageClass: local-storage
+      size: 10Gi
+      hostPath: /path/to/where/task/files/are/stored
+      {% endif %}
+    database:
+      {% if node.persistence is defined and node.persistence.database is defined %}
+      storageClass: {{ node.persistence.database.storageClass | default('local-storage') }}
+      size: {{ node.persistence.database.size | default('5Gi') }}
+      {% else %}
+      storageClass: local-storage
+      size: 5Gi
+      {% endif %}
+
+
+  # It is also possible not to specify the details of the service-based databases
+  # here. The node will then automatically detect the databases in the environment
+  # variables. This allows parent charts to specify the databases in their own
+  # values.yaml file or define them runtime using the CLI.
+  #
+  # In this case, the node expects the following environment variables to be set:
+  #
+  # DATABASE_LABELS: comma-separated list of database labels
+  # DATABASE_[LABEL]_URI: URI of the database
+  # DATABASE_[LABEL]_TYPE: type of the database
+  #
+  # Optionally, you can also specify additional environment variables for each
+  # database by setting the DATABASE_[LABEL]_SOME_OTHER_KEY variable.
+  #
+  # DATABASE_[LABEL]_SOME_OTHER_KEY: some_other_value
+  #
+  # It is recommended to do this through Kubernetes secrets. If you specify the
+  # details here, secrets will be used. File-based databases are automatically made
+  # available to your node.
+  {% if node.databases is defined %}
+  databases:
+    {% if node.databases.fileBased is defined %}
+    fileBased:
+    {% for db in node.databases.fileBased %}
+    - name: {{ db.name }}
+      uri: {{ db.uri }}
+      type: {{ db.type }}
+      volumePath: {{ db.volumePath }}
+      originalName: {{ db.originalName }}
+    {% endfor %}
+    {% endif %}
+    {% if node.databases.serviceBased is defined %}
+    serviceBased:
+    {% for db in node.databases.serviceBased %}
+    - name: {{ db.name }}
+      uri: {{ db.uri }}
+      type: {{ db.type }}
+      env:
+        {% for key, value in db.env.items() %}
+        {{ key }}: {{ value }}
+        {% endfor %}
+    {% endfor %}
+    {% endif %}
+  {% else %}
+  databases: []
+  {% endif %}
+
+  # Whether or not your node shares some configuration (e.g. which images are
+  # allowed to run on your node) with the central server. This can be useful
+  # for other organizations in your collaboration to understand why a task
+  # is not completed. Obviously, no sensitive data is shared. Default true
+  share_config: {{ node.share_config | default(true) }}
+
+  # Whether or not to share algorithm logs with the server. Otherwise they will
+  # only be displayed as part of the node logs. Default is true.
+  # NOTE: It's recommented to set this to false when using sensitive data
+  share_algorithm_logs: {{ node.share_algorithm_logs | default(true) }}
+
+  # Define who is allowed to run which algorithms on this node.
+  {% if node.policies is defined %}
+  policies:
+    # Control which algorithm images are allowed to run on this node. This is
+    # expected to be a valid regular expression. If you don't specify this, all algorithm
+    # images are allowed to run on this node (unless other policies restrict this).
+    {% if node.policies.allowed_algorithms is defined %}
+    allowed_algorithms:
+      {% for algo in node.policies.allowed_algorithms %}
+      - {{ algo }}
+      {% endfor %}
+    {% else %}
+    # allowed_algorithms:
+    #   - ^harbor2\.vantage6\.ai/[a-zA-Z]+/[a-zA-Z]+
+    #   - ^myalgorithm\.ai/some-algorithm
+    {% endif %}
+
+    # It is also possible to allow all algorithms from particular algorithm stores. Set
+    # these stores here. They may be strings or regular expressions. If you don't specify
+    # this, algorithms from any store are allowed (unless other policies prevent this).
+    {% if node.policies.allowed_algorithm_stores is defined %}
+    allowed_algorithm_stores:
+      {% for store in node.policies.allowed_algorithm_stores %}
+      - {{ store }}
+      {% endfor %}
+    {% else %}
+    # allowed_algorithm_stores:
+    #   # allow all algorithms from the vantage6 community store
+    #   - https://store.cotopaxi.vantage6.ai
+    #   # allow any store that is a subdomain of vantage6.ai
+    #   - ^https://[a-z]+\.vantage6\.ai$
+    {% endif %}
+
+    # If you define both `allowed_algorithm_stores` and `allowed_algorithms`, you can
+    # choose to only allow algorithms that both policies allow, or you can allow
+    # algorithms that either of them allows. By default, only algorithms that are given
+    # in *both* the `allowed_algorithms` and `allowed_algorithm_stores` are allowed by
+    # setting this to the default value `false`.
+    allow_either_whitelist_or_store: {{ node.policies.allow_either_whitelist_or_store | default(false) }}
+
+    # Define which users are allowed to run algorithms on your node by their ID
+    {% if node.policies.allowed_users is defined %}
+    allowed_users:
+      {% for user in node.policies.allowed_users %}
+      - {{ user }}
+      {% endfor %}
+    {% else %}
+    # allowed_users:
+    #   - 2
+    {% endif %}
+
+    # Define which organizations are allowed to run images on your node by
+    # their ID or name
+    {% if node.policies.allowed_organizations is defined %}
+    allowed_organizations:
+      {% for org in node.policies.allowed_organizations %}
+      - {{ org }}
+      {% endfor %}
+    {% else %}
+    # allowed_organizations:
+    #   - 6
+    #   - root
+    {% endif %}
+
+    # Set to true to always require that the algorithm image is successfully pulled. This
+    # ensures that no potentially outdated local images are used if internet connection
+    # is not available. This option should be set to false if you are testing with local
+    # algorithm images. Default value is true.
+    require_algorithm_pull: {{ node.policies.require_algorithm_pull | default(true) }}
+  {% else %}
+  policies:
+    # Control which algorithm images are allowed to run on this node. This is
+    # expected to be a valid regular expression. If you don't specify this, all algorithm
+    # images are allowed to run on this node (unless other policies restrict this).
+    # allowed_algorithms:
+    #   - ^harbor2\.vantage6\.ai/[a-zA-Z]+/[a-zA-Z]+
+    #   - ^myalgorithm\.ai/some-algorithm
+
+    # It is also possible to allow all algorithms from particular algorithm stores. Set
+    # these stores here. They may be strings or regular expressions. If you don't specify
+    # this, algorithms from any store are allowed (unless other policies prevent this).
+    # allowed_algorithm_stores:
+    #   # allow all algorithms from the vantage6 community store
+    #   - https://store.cotopaxi.vantage6.ai
+    #   # allow any store that is a subdomain of vantage6.ai
+    #   - ^https://[a-z]+\.vantage6\.ai$
+
+    # If you define both `allowed_algorithm_stores` and `allowed_algorithms`, you can
+    # choose to only allow algorithms that both policies allow, or you can allow
+    # algorithms that either of them allows. By default, only algorithms that are given
+    # in *both* the `allowed_algorithms` and `allowed_algorithm_stores` are allowed by
+    # setting this to the default value `false`.
+    # allow_either_whitelist_or_store: false
+
+    # Define which users are allowed to run algorithms on your node by their ID
+    # allowed_users:
+    #   - 2
+    # Define which organizations are allowed to run images on your node by
+    # their ID or name
+    # allowed_organizations:
+    #   - 6
+    #   - root
+
+    # Set to true to always require that the algorithm image is successfully pulled. This
+    # ensures that no potentially outdated local images are used if internet connection
+    # is not available. This option should be set to false if you are testing with local
+    # algorithm images. Default value is true.
+    require_algorithm_pull: true
+  {% endif %}
+
+  # Prometheus settings, for sending system metadata to the server.
+  {% if node.prometheus is defined %}
+  prometheus:
+    # Whether or not to enable Prometheus reporting. Default is false.
+    enabled: {{ node.prometheus.enabled | default(false) }}
+
+    # Interval (in seconds) at which the node sends system metadata to the server.
+    # This should align with the Prometheus scrape_interval to avoid stale data.
+    report_interval_seconds: {{ node.prometheus.report_interval_seconds | default(45) }}
+  {% else %}
+  prometheus:
+    # Whether or not to enable Prometheus reporting. Default is false.
+    enabled: false
+
+    # Interval (in seconds) at which the node sends system metadata to the server.
+    # This should align with the Prometheus scrape_interval to avoid stale data.
+    # report_interval_seconds: 45
+  {% endif %}
+
+  {% if node.debug is defined %}
+  # Debug settings
+  debug:
+    # Set to `true` to enable print debug messages from Flask/socketio.
+    socketio: {{ node.debug.socketio | default(false) }}
+
+    # Set to `true` to set the Flask app used for proxy service into debug mode.
+    proxy_server: {{ node.debug.proxy_server | default(false) }}
+  {% endif %}
+
+  {% if node.dev is defined %}
+  dev:
+    # Set extension for the task directory. In the development environment, the task
+    # directory is mounted as a volume. If multiple nodes are then running on the same
+    # machine, this extension is added to the task directory to avoid conflicts.
+    task_dir_extension: {{ node.dev.task_dir_extension }}
+  {% endif %}

vantage6/cli/template/node_config_nonk8s.j2

@@ -0,0 +1,33 @@
+api_path: {{ api_path }}
+encryption:
+  enabled: false
+  private_key: null
+logging:
+  backup_count: 5
+  datefmt: '%Y-%m-%d %H:%M:%S'
+  file: {{ logging["file"] }}
+  format: '%(asctime)s - %(name)-14s - %(levelname)-8s - %(message)s'
+  level: DEBUG
+  max_size: 1024
+  use_console: true
+  loggers:
+  - level: warning
+    name: urllib3
+  - level: warning
+    name: requests
+  - level: warning
+    name: engineio.client
+  - level: warning
+    name: docker.utils.config
+  - level: warning
+    name: docker.auth
+  - level: warning
+    name: kubernetes.client.rest
+node_proxy_port: {{ node_proxy_port }}
+port: {{ port }}
+server_url: {{ server_url }}
+task_dir: {{ task_dir}}
+dev:
+  task_dir_extension: {{ task_dir_extension }}
+task_namespace: {{ task_namespace }}
+{{- user_provided_config -}}

vantage6/cli/test/common/diagnostic_runner.py

@@ -1,11 +1,13 @@
 import json
-
 from typing import Any
+
 from rich.console import Console
 from rich.table import Table
 
+from vantage6.common import debug, info
+
 from vantage6.client import UserClient
-from vantage6.common import info, debug
+
 from vantage6.cli.globals import DIAGNOSTICS_IMAGE
 
 
@@ -62,7 +64,7 @@ class DiagnosticRunner:
                 set(self.organization_ids).intersection(online_orgs)
             )
 
-        info(f"Running diagnostics to {len(self.organization_ids)} " "organization(s)")
+        info(f"Running diagnostics to {len(self.organization_ids)} organization(s)")
         info(f"  organizations: {self.organization_ids}")
         info(f"  collaboration: {self.collaboration_id}")
 

vantage6/cli/use/namespace.py

@@ -2,9 +2,10 @@ import click
 import questionary
 from kubernetes import client, config
 
+from vantage6.common import error
+
 from vantage6.cli.config import CliConfig
 from vantage6.cli.utils import switch_context_and_namespace
-from vantage6.common import error
 
 
 @click.command()

vantage6/cli/utils.py

@@ -32,8 +32,6 @@ def check_config_name_allowed(name: str) -> None:
             f"Name '{name}' is not allowed. Please use only the following "
             "characters: a-zA-Z0-9_.-"
         )
-        # FIXME: FM, 2023-01-03: I dont think this is a good side effect. This
-        # should be handled by the caller.
         exit(1)