diff --git a/common-contract/MANIFEST b/common-contract/MANIFEST index 47fd9cd..5341b05 100644 --- a/common-contract/MANIFEST +++ b/common-contract/MANIFEST @@ -22,3 +22,9 @@ pdo/contracts/jupyter/groups.py pdo/contracts/jupyter/keys.py pdo/contracts/jupyter/services.py pdo/contracts/jupyter/utility.py +scripts/gs_stop.sh +scripts/gs_start.sh +scripts/gs_status.sh +scripts/ss_stop.sh +scripts/ss_start.sh +scripts/ss_status.sh diff --git a/common-contract/MANIFEST.in b/common-contract/MANIFEST.in index 3ce81a9..10f0726 100644 --- a/common-contract/MANIFEST.in +++ b/common-contract/MANIFEST.in @@ -1,4 +1,2 @@ -recursive-include ../build/example-contract *.b64 recursive-include etc *.toml -recursive-include context *.toml -recursive-include scripts *.psh +recursive-include scripts *.psh *.sh diff --git a/common-contract/etc/guardian_service.toml b/common-contract/etc/guardian_service.toml new file mode 100644 index 0000000..c315b92 --- /dev/null +++ b/common-contract/etc/guardian_service.toml @@ -0,0 +1,72 @@ +# Copyright 2023 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# -------------------------------------------------- +# GuardianService -- general information about the guardian service +# -------------------------------------------------- +[GuardianService] +# Identity is a string used to identify the service in log files +Identity = "${identity}" +HttpPort = 7900 +Host = "${host}" + +## Operations is the name of a python module that defines capability handlers +## Operations = 'pdo.common.operations' + +# -------------------------------------------------- +# StorageService -- information about passing kv stores +# -------------------------------------------------- +[StorageService] +URL = "http://${host}:7901" +KeyValueStore = "${data}/guardian_service.mdb" +BlockStore = "${data}/guardian_service.mdb" +Identity = "${identity}" +HttpPort = 7901 +Host = "${host}" +GarbageCollectionInterval = 0 +MaxDuration = 0 + +# -------------------------------------------------- +# Keys -- configuration for retrieving service keys +# -------------------------------------------------- +[Key] +SearchPath = [ ".", "./keys", "${keys}" ] +FileName = "${identity}_private.pem" + +# -------------------------------------------------- +# Logging -- configuration of service logging +# -------------------------------------------------- +[Logging] +LogLevel = "INFO" +LogFile = "${logs}/${identity}.log" + +# -------------------------------------------------- +# Data -- names for the various databases +# -------------------------------------------------- +[Data] +EndpointRegistry = "${data}/endpoints.db" +CapabilityKeyStore = "${data}/keystore.db" + +# -------------------------------------------------- +# TokenIssuer -- configuration for TI verification +# -------------------------------------------------- +[TokenIssuer] +LedgerKey = "" +CodeHash = "" +ContractIDs = [] + +# -------------------------------------------------- +# TokenObject -- configuration for TO verification +# -------------------------------------------------- +[TokenObject] diff --git a/common-contract/pdo/contracts/guardian/plugins/__init__.py b/common-contract/pdo/contracts/guardian/plugins/__init__.py new file mode 100644 index 0000000..29b1fd9 --- /dev/null +++ b/common-contract/pdo/contracts/guardian/plugins/__init__.py @@ -0,0 +1,15 @@ +# Copyright 2022 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +__all__ = [ 'guardian_service', ] diff --git a/inference-contract/pdo/inference/plugins/inference_guardian.py b/common-contract/pdo/contracts/guardian/plugins/guardian_service.py similarity index 94% rename from inference-contract/pdo/inference/plugins/inference_guardian.py rename to common-contract/pdo/contracts/guardian/plugins/guardian_service.py index 3ff7131..a29e944 100644 --- a/inference-contract/pdo/inference/plugins/inference_guardian.py +++ b/common-contract/pdo/contracts/guardian/plugins/guardian_service.py @@ -14,8 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -""" -inference guardian plugins +""" This file contains functions that can be used to implement most external guardian service +interactions. It provides the minimal set of operations required for the token-guardian protocol. """ import json @@ -36,9 +36,6 @@ 'op_add_endpoint', 'cmd_provision_token_issuer', 'cmd_provision_token_object', - 'do_inference_guardian', - 'do_inference_guardian_service', - 'load_commands', ] ## ----------------------------------------------------------------- @@ -258,7 +255,6 @@ def invoke(cls, state, context, provisioning_package, url=None, **kwargs) : cls.display('provisioned token object for guardian {}'.format(url)) return json.loads(to_package) - ## ----------------------------------------------------------------- ## Create the generic, shell independent version of the aggregate command ## ----------------------------------------------------------------- @@ -269,18 +265,18 @@ def invoke(cls, state, context, provisioning_package, url=None, **kwargs) : op_add_endpoint, ] -do_inference_guardian_service = pcontract.create_shell_command('inference_guardian_service', __operations__) +do_guardian_service_ops = pcontract.create_shell_command('guardian_service_ops', __operations__) __commands__ = [ cmd_provision_token_issuer, cmd_provision_token_object, ] -do_inference_guardian = pcommand.create_shell_command('inference_guardian', __commands__) +do_guardian_service = pcommand.create_shell_command('guardian_service', __commands__) ## ----------------------------------------------------------------- ## Enable binding of the shell independent version to a pdo-shell command ## ----------------------------------------------------------------- def load_commands(cmdclass) : - pshell.bind_shell_command(cmdclass, 'inference_guardian', do_inference_guardian) - pshell.bind_shell_command(cmdclass, 'inference_guardian_service', do_inference_guardian_service) + pshell.bind_shell_command(cmdclass, 'guardian_service_ops', do_guardian_service_ops) + pshell.bind_shell_command(cmdclass, 'guardian_service', do_guardian_service) diff --git a/common-contract/pdo/contracts/guardian/scripts/__init__.py b/common-contract/pdo/contracts/guardian/scripts/__init__.py new file mode 100644 index 0000000..78986b7 --- /dev/null +++ b/common-contract/pdo/contracts/guardian/scripts/__init__.py @@ -0,0 +1,15 @@ +# Copyright 2024 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +__all__ = [ 'guardianCLI' ] diff --git a/common-contract/pdo/contracts/resources/__init__.py b/common-contract/pdo/contracts/resources/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/common-contract/pdo/contracts/resources/resources.py b/common-contract/pdo/contracts/resources/resources.py new file mode 100644 index 0000000..38deac1 --- /dev/null +++ b/common-contract/pdo/contracts/resources/resources.py @@ -0,0 +1,18 @@ +# Copyright 2023 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import pdo.client.builder.installer as pinstaller + +def install_common_resources() : + pinstaller.install_plugin_resources('pdo.common.resources', 'common') diff --git a/inference-contract/scripts/gs_start.sh b/common-contract/scripts/gs_start.sh similarity index 93% rename from inference-contract/scripts/gs_start.sh rename to common-contract/scripts/gs_start.sh index 2acd24a..5b5f43a 100755 --- a/inference-contract/scripts/gs_start.sh +++ b/common-contract/scripts/gs_start.sh @@ -85,6 +85,11 @@ until $(${F_SERVICE_CMD} $@ --test 2> /dev/null > /dev/null) ; do sleep 1 tries=$((tries+1)) if [ $tries = $max_tries ] ; then + if [ "${F_OUTPUTDIR}" != "" ] ; then + echo "guardian service failed to start, check logs:" + cat $EFILE + cat $OFILE + fi die guardian service failed to start fi done diff --git a/inference-contract/scripts/gs_status.sh b/common-contract/scripts/gs_status.sh similarity index 100% rename from inference-contract/scripts/gs_status.sh rename to common-contract/scripts/gs_status.sh diff --git a/inference-contract/scripts/gs_stop.sh b/common-contract/scripts/gs_stop.sh similarity index 100% rename from inference-contract/scripts/gs_stop.sh rename to common-contract/scripts/gs_stop.sh diff --git a/inference-contract/scripts/ss_start.sh b/common-contract/scripts/ss_start.sh similarity index 100% rename from inference-contract/scripts/ss_start.sh rename to common-contract/scripts/ss_start.sh diff --git a/inference-contract/scripts/ss_status.sh b/common-contract/scripts/ss_status.sh similarity index 100% rename from inference-contract/scripts/ss_status.sh rename to common-contract/scripts/ss_status.sh diff --git a/inference-contract/scripts/ss_stop.sh b/common-contract/scripts/ss_stop.sh similarity index 100% rename from inference-contract/scripts/ss_stop.sh rename to common-contract/scripts/ss_stop.sh diff --git a/common-contract/setup.py b/common-contract/setup.py index 3c39d0c..6ce4fdf 100644 --- a/common-contract/setup.py +++ b/common-contract/setup.py @@ -76,11 +76,21 @@ url=author_url, package_dir = { 'pdo' : 'pdo', + f'pdo.{contract_family}.resources.etc' : 'etc', + f'pdo.{contract_family}.resources.scripts' : 'scripts', }, packages = [ 'pdo', f'pdo.{contract_family}', f'pdo.{contract_family}.jupyter', + f'pdo.{contract_family}.guardian', + f'pdo.{contract_family}.guardian.common', + f'pdo.{contract_family}.guardian.plugins', + f'pdo.{contract_family}.guardian.scripts', + f'pdo.{contract_family}.guardian.wsgi', + f'pdo.{contract_family}.resources', + f'pdo.{contract_family}.resources.etc', + f'pdo.{contract_family}.resources.scripts', ], include_package_data=True, install_requires = [ @@ -93,5 +103,8 @@ 'pdo-sservice>=' + pdo_client_version, ], entry_points = { + 'console_scripts' : [ + 'guardian_service=pdo.contracts.guardian.scripts.guardianCLI:Main', + ] } ) diff --git a/inference-contract/MANIFEST b/inference-contract/MANIFEST index b6fc362..a2ba860 100644 --- a/inference-contract/MANIFEST +++ b/inference-contract/MANIFEST @@ -9,7 +9,6 @@ MANIFEST.in ./pdo/inference/operations/__init__.py ./pdo/inference/plugins/inference_token_object.py ./pdo/inference/plugins/__init__.py -./pdo/inference/plugins/inference_guardian.py ./pdo/inference/__init__.py ./pdo/inference/resources/resources.py ./pdo/inference/resources/__init__.py @@ -19,9 +18,6 @@ MANIFEST.in ./pdo/inference/scripts/__init__.py ./pdo/inference/scripts/scripts.py ./pdo/inference/jupyter.py -./scripts/gs_stop.sh -./scripts/gs_start.sh -./scripts/gs_status.sh ./context/tokens.toml ./etc/inference.toml ./etc/guardian_service.toml \ No newline at end of file diff --git a/inference-contract/MANIFEST.in b/inference-contract/MANIFEST.in index 451308c..f9e419d 100644 --- a/inference-contract/MANIFEST.in +++ b/inference-contract/MANIFEST.in @@ -1,4 +1,4 @@ recursive-include ../build/inference-contract *.b64 recursive-include etc *.toml recursive-include context *.toml -recursive-include scripts *.sh +recursive-include scripts *.sh *.psh diff --git a/inference-contract/context/tokens.toml b/inference-contract/context/tokens.toml index 87a080f..30df354 100644 --- a/inference-contract/context/tokens.toml +++ b/inference-contract/context/tokens.toml @@ -30,7 +30,7 @@ source = "${ContractFamily.Exchange.vetting.source}" asset_type_context = "@{..asset_type}" [token.${token}.guardian] -module = "pdo.inference.plugins.inference_guardian" +module = "pdo.contracts.guardian.plugins.guardian_service" url = "${url}" identity = "${..token_issuer.identity}" token_issuer_context = "@{..token_issuer}" diff --git a/inference-contract/pdo/inference/jupyter.py b/inference-contract/pdo/inference/jupyter.py index c514160..7eb3bc2 100644 --- a/inference-contract/pdo/inference/jupyter.py +++ b/inference-contract/pdo/inference/jupyter.py @@ -23,7 +23,7 @@ # set up the context # ----------------------------------------------------------------- guardian_context = jp_common.ContextTemplate('guardian', { - 'module' : 'pdo.inference.plugins.inference_guardian', + 'module' : 'pdo.contracts.guardian.plugins.guardian_service', 'identity' : '${..token_issuer.identity}', 'token_issuer_context' : '@{..token_issuer}', 'service_only' : True, diff --git a/inference-contract/pdo/inference/plugins/__init__.py b/inference-contract/pdo/inference/plugins/__init__.py index 56c065a..62c5ba0 100644 --- a/inference-contract/pdo/inference/plugins/__init__.py +++ b/inference-contract/pdo/inference/plugins/__init__.py @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -__all__ = [ 'inference_guardian', 'inference_token_object'] +__all__ = [ 'inference_token_object'] diff --git a/inference-contract/pdo/inference/scripts/scripts.py b/inference-contract/pdo/inference/scripts/scripts.py index 76514e6..dcd732e 100644 --- a/inference-contract/pdo/inference/scripts/scripts.py +++ b/inference-contract/pdo/inference/scripts/scripts.py @@ -27,5 +27,4 @@ def inference_token() : # ----------------------------------------------------------------- # ----------------------------------------------------------------- def inference_guardian() : - run_shell_command('do_inference_guardian', 'pdo.inference.plugins.inference_guardian') - + run_shell_command('do_guardian_service', 'pdo.contracts.guardian.plugins.guardian_service') diff --git a/inference-contract/setup.py b/inference-contract/setup.py index dbfcf9f..0a7cc2c 100644 --- a/inference-contract/setup.py +++ b/inference-contract/setup.py @@ -61,7 +61,6 @@ 'pdo.inference.resources.etc' : 'etc', 'pdo.inference.resources.context' : 'context', 'pdo.inference.resources.contracts' : '../build/inference-contract', - 'pdo.inference.resources.scripts' : 'scripts', }, packages = [ 'pdo', @@ -75,7 +74,6 @@ 'pdo.inference.resources.etc', 'pdo.inference.resources.context', 'pdo.inference.resources.contracts', - 'pdo.inference.resources.scripts', ], include_package_data=True, # add everything from requirements.txt here diff --git a/inference-contract/test/script_test.sh b/inference-contract/test/script_test.sh index 77004a4..f077823 100755 --- a/inference-contract/test/script_test.sh +++ b/inference-contract/test/script_test.sh @@ -40,6 +40,8 @@ fi # ----------------------------------------------------------------- # Process command line arguments # ----------------------------------------------------------------- +COMMON_CONTRACT_ROOT=${PDO_HOME}/contracts/contracts + SCRIPTDIR="$(dirname $(readlink --canonicalize ${BASH_SOURCE}))" SOURCE_ROOT="$(realpath ${SCRIPTDIR}/..)" @@ -139,8 +141,8 @@ function cleanup { done yell "shutdown guardian and storage service" - ${PDO_HOME}/contracts/inference/scripts/gs_stop.sh - ${PDO_HOME}/contracts/inference/scripts/ss_stop.sh + ${COMMON_CONTRACT_ROOT}/scripts/gs_stop.sh + ${COMMON_CONTRACT_ROOT}/scripts/ss_stop.sh } trap cleanup EXIT @@ -148,7 +150,7 @@ trap cleanup EXIT # ----------------------------------------------------------------- # Start the guardian service and the storage service # ----------------------------------------------------------------- -try ${PDO_HOME}/contracts/inference/scripts/ss_start.sh -c -o ${PDO_HOME}/logs -- \ +try ${COMMON_CONTRACT_ROOT}/scripts/ss_start.sh -c -o ${PDO_HOME}/logs -- \ --loglevel debug \ --config guardian_service.toml \ --config-dir ${PDO_HOME}/etc/contracts \ @@ -156,7 +158,7 @@ try ${PDO_HOME}/contracts/inference/scripts/ss_start.sh -c -o ${PDO_HOME}/logs - sleep 3 -try ${PDO_HOME}/contracts/inference/scripts/gs_start.sh -c -o ${PDO_HOME}/logs -- \ +try ${COMMON_CONTRACT_ROOT}/scripts/gs_start.sh -c -o ${PDO_HOME}/logs -- \ --loglevel debug \ --config guardian_service.toml \ --config-dir ${PDO_HOME}/etc/contracts \