def pre_delete_labs(sender, instance, using, **kwargs):
kc = keylib.keycloak_init()
keylib.keycloak_delete_client(kc, instance.keycloak_client_id)
scope_id = keylib.keycloak_get_client_scope_id(kc, instance.keycloak_client_id+'-scope')
keylib.keycloak_delete_client_scope(kc, scope_id)
l = ProjectLog(project=instance.project, module='LA', headline='Lab Session',
description='Lab Session {name} has been removed'.format(name=instance.name))
l.save()
def create_user_settings(user):
kc = keylib.keycloak_init()
token, refresh_token, token_url, public_key = keylib.keycloak_token_exchange_studio(kc, user)
user_settings = dict()
user_settings['access_token'] = token
user_settings['refresh_token'] = refresh_token
user_settings['public_key'] = public_key
user_settings['keycloak_url'] = settings.KC_ADMIN_URL.replace('/auth', '')
user_settings['studio_url'] = 'https://'+settings.DOMAIN
return json.dumps(user_settings)
def delete_project_resources(project):
retval = r.get(settings.CHART_CONTROLLER_URL + '/delete?release={}'.format(str(project.slug)))
if retval:
# Delete Keycloak project client
kc = keylib.keycloak_init()
keylib.keycloak_delete_client(kc, project.slug)
scope_id = keylib.keycloak_get_client_scope_id(kc, project.slug+'-scope')
keylib.keycloak_delete_client_scope(kc, scope_id)
return True
return False
def pre_delete_deployment(sender, instance, using, **kwargs):
model = instance.model
model.status = 'CR'
model.save()
# Uninstall resources
# chart = instance.helmchart
# chart.delete()
# Clean up in Keycloak
print('Cleaning up in Keycloak...')
kc = keylib.keycloak_init()
keylib.keycloak_delete_client(kc, instance.release)
scope_id = keylib.keycloak_get_client_scope_id(kc,
instance.release + '-scope')
keylib.keycloak_delete_client_scope(kc, scope_id)
print('Done.')
def delete_session_resources(session):
print("trying to delete {}".format(session.slug))
parameters = {'release': str(session.slug)}
retval = r.get(settings.CHART_CONTROLLER_URL + '/delete', parameters)
kc = keylib.keycloak_init()
keylib.keycloak_delete_client(kc, str(session.slug))
scope_id = keylib.keycloak_get_client_scope_id(kc, str(session.slug)+'-scope')
keylib.keycloak_delete_client_scope(kc, scope_id)
if retval:
print('delete success!')
return True
print('delete failed!?')
return False
def predict(request, id, project):
template = 'deploy/predict.html'
is_authorized = False
if request.user.is_authenticated and request.user and project is not None:
proj_obj = Project.objects.get(slug=project)
if proj_obj.owner == request.user:
is_authorized = True
print('Authorized: {}'.format(is_authorized))
project = proj_obj
deployment = DeploymentInstance.objects.get(id=id)
model = deployment.model
if request.method == 'POST': # and is_authorized:
form = PredictForm(request.POST, request.FILES)
if form.is_valid():
import requests
import json
predict_url = 'https://{}{}{}/'.format(
deployment.endpoint, deployment.path,
deployment.deployment.path_predict)
# print(predict_url)
# Get user token
# from rest_framework.authtoken.models import Token
# token = Token.objects.get_or_create(user=request.user)
kc = keylib.keycloak_init()
token, refresh_token, token_url, public_key = keylib.keycloak_token_exchange_studio(
kc, request.user.username)
print('requesting: ' + predict_url)
res = requests.post(predict_url,
files=form.files,
headers={'Authorization': 'Token ' + token})
print(res.text)
try:
prediction = json.loads(res.text)
prediction = json.dumps(prediction, indent=4)
if len(prediction) > 3000:
prediction = '{} ...(truncated remaining {} characters/'.format(
prediction[0:300], len(prediction))
except:
prediction = res.text
else:
form = PredictForm()
return render(request, template, locals())
def pre_save_deployment(sender, instance, using, **kwargs):
model = instance.model
if model.status == 'DP':
raise Exception('Model already deployed.')
model_file = model.uid
model_bucket = 'models'
deployment_name = slugify(model.name)
deployment_version = slugify(model.version)
deployment_endpoint = '{}-{}.{}'.format(model.name, model.version,
settings.DOMAIN)
deployment_endpoint = settings.DOMAIN
deployment_path = '/{}/serve/{}/{}/'.format(model.project.slug,
slugify(model.name),
slugify(model.version))
instance.endpoint = deployment_endpoint
instance.path = deployment_path
context = instance.deployment
context_image = context.image
project = model.project
project_slug = project.slug
minio_keys = get_minio_keys(project)
decrypted_key = minio_keys['project_key']
decrypted_secret = minio_keys['project_secret']
minio_access_key = decrypted_key
minio_secret_key = decrypted_secret
minio_host = project_slug + '-minio:9000'
global_domain = settings.DOMAIN
HOST = settings.DOMAIN
RELEASE_NAME = slugify(
str(project_slug) + '-' + str(deployment_name) + '-' +
str(deployment_version))
burl = os.path.join('https://', HOST)
eurl = os.path.join(deployment_endpoint, deployment_path)
URL = burl + eurl
instance.appname = instance.model.project.slug + '-' + slugify(
instance.model.name) + '-' + slugify(instance.model.version)
# Create Keycloak client corresponding to this deployment
print(URL)
print(RELEASE_NAME)
print(instance.created_by.username)
client_id, client_secret = keylib.keycloak_setup_base_client(
URL, RELEASE_NAME, instance.created_by.username, ['owner'], ['owner'])
skip_tls = 0
if not settings.OIDC_VERIFY_SSL:
skip_tls = 1
print("WARNING: Skipping TLS verify.")
# Default is that access is private.
rules = """resources:
- uri: /*
roles:
- {}:owner
""".format(client_id)
access_rules = {"gatekeeper.rules": rules}
if 'access' in instance.params:
print(instance.params['access'])
if instance.params['access'] == 'public':
# No rule means open to anyone.
print("Public endpoint")
access_rules = {"gatekeeper.rules": "public"}
del instance.params['access']
print(instance.params)
parameters = {
'release': RELEASE_NAME,
'chart': 'deploy',
'namespace': settings.NAMESPACE,
'appname': instance.appname,
'replicas': '1',
'global.domain': global_domain,
'project.slug': project_slug,
'deployment.version': deployment_version,
'deployment.name': deployment_name,
'deployment.endpoint': deployment_endpoint,
'deployment.path': deployment_path,
'context.image': context_image,
'model.bucket': model_bucket,
'model.file': model_file,
'minio.host': minio_host,
'minio.secret_key': minio_secret_key,
'minio.access_key': minio_access_key,
'gatekeeper.realm': settings.KC_REALM,
'gatekeeper.client_secret': client_secret,
'gatekeeper.client_id': client_id,
'gatekeeper.auth_endpoint': settings.OIDC_OP_REALM_AUTH,
'gatekeeper.skip_tls': str(skip_tls)
}
parameters.update(instance.params)
parameters.update(access_rules)
print('creating chart')
helmchart = HelmResource(name=RELEASE_NAME,
namespace='Default',
chart='deploy',
params=parameters,
username=instance.created_by.username)
helmchart.save()
instance.helmchart = helmchart
if helmchart.status == 'Failed':
# If fail, clean up in Keycloak
kc = keylib.keycloak_init()
keylib.keycloak_delete_client(kc, RELEASE_NAME)
scope_id = keylib.keycloak_get_client_scope_id(kc,
RELEASE_NAME + '-scope')
keylib.keycloak_delete_client_scope(kc, scope_id)
raise Exception('Failed to launch deploy job.')
else:
instance.release = RELEASE_NAME
model.status = 'DP'
model.save()