Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade conda-store to 2024.11.2 #2815

Merged
merged 17 commits into from
Jan 10, 2025
Merged

Upgrade conda-store to 2024.11.2 #2815

merged 17 commits into from
Jan 10, 2025

Conversation

marcelovilla
Copy link
Member

@marcelovilla marcelovilla commented Nov 1, 2024

Reference Issues or PRs

Closes #2523
Closes #2543

What does this implement/fix?

Put a x in the boxes that apply

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds a feature)
  • Breaking change (fix or feature that would cause existing features not to work as expected)
  • Documentation Update
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no API changes)
  • Build related changes
  • Other (please describe):

Testing

  • Did you test the pull request locally?
  • Did you add new tests?

How to test this PR?

Deploy Nebari off of this branch and make sure to use the jupyterlab docker image built from #2815 (comment). You can use the following tag:

default_images:
  jupyterhub: quay.io/nebari/nebari-jupyterhub:bump-conda-store
  jupyterlab: quay.io/nebari/nebari-jupyterlab:bump-conda-store

Furthermore, if you're deploying on an ARM architecture (e.g. M1 mac), you'll need to specify another conda-store image tag (as there's not one tagged with 2024.11.2). This is the corresponding ARM image for that version:

conda_store:
  image: quay.io/quansight/conda-store-server
  image_tag: sha-f8875ca

Then, follow the conda-store related steps in our testing checklist:

- [ ] [Log into conda-store and create](https://www.nebari.dev/docs/tutorials/creating-new-environments)
- [ ] a conda environment in a shared namespace and,
- [ ] a conda environment in your personal namespace

Furthermore, make sure the JupyterLab conda-store extension is working.

Any other comments?

@marcelovilla marcelovilla marked this pull request as ready for review November 12, 2024 17:43
@marcelovilla
Copy link
Member Author

For context, conda-store's internal API was privatized on conda-incubator/conda-store#820. To configure conda-store in Nebari, we're still relying on an internal object:

Initially, I tried vendoring the schema to avoid depending on an internal private object that does not guarantee backwards compatibility, but I ran into the following issue when trying to log in to conda-store in a local Nebari deployment:

Traceback (most recent call last):
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/errors.py", line 165, in __call__
    await self.app(scope, receive, _send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/base.py", line 185, in __call__
    with collapse_excgroups():
         ^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/contextlib.py", line 158, in __exit__
    self.gen.throw(value)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/_utils.py", line 82, in collapse_excgroups
    raise exc
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/base.py", line 187, in __call__
    response = await self.dispatch_func(request, call_next)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda-store-server/conda_store_server/_internal/server/app.py", line 263, in conda_store_middleware
    response = await call_next(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/base.py", line 163, in call_next
    raise app_exc
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/base.py", line 149, in coro
    await self.app(scope, receive_or_disconnect, send_no_error)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/sessions.py", line 85, in __call__
    await self.app(scope, receive, send_wrapper)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/cors.py", line 85, in __call__
    await self.app(scope, receive, send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/middleware/exceptions.py", line 62, in __call__
    await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
    raise exc
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
    await app(scope, receive, sender)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/routing.py", line 715, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/routing.py", line 735, in app
    await route.handle(scope, receive, send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/routing.py", line 288, in handle
    await self.app(scope, receive, send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/routing.py", line 76, in app
    await wrap_app_handling_exceptions(app, request)(scope, receive, send)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
    raise exc
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
    await app(scope, receive, sender)
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/starlette/routing.py", line 73, in app
    response = await f(request)
               ^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/fastapi/routing.py", line 301, in app
    raw_response = await run_endpoint_function(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/fastapi/routing.py", line 212, in run_endpoint_function
    return await dependant.call(**values)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda-store-server/conda_store_server/server/auth.py", line 547, in post_login_method
    authentication_token = await self.authenticate(request)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/etc/conda-store/conda_store_config.py", line 448, in authenticate
    return AuthenticationToken(
           ^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/pydantic/main.py", line 339, in __init__
    values, fields_set, validation_error = validate_model(__pydantic_self__.__class__, data)
                                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/pydantic/main.py", line 1074, in validate_model
    v_, errors_ = field.validate(value, values, loc=field.alias, cls=cls_)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/conda-store-server/lib/python3.12/site-packages/pydantic/fields.py", line 857, in validate
    raise ConfigError(
pydantic.errors.ConfigError: field "role_bindings" not yet prepared so type is still a ForwardRef, you might need to call AuthenticationToken.update_forward_refs().

After trying to look into it and try to solve the issue, I realized that if conda-store is publicly exposing their RBACAuthorizationBackend class, its public methods should not rely on a private schema.

We're currently depending on importing the schema (amongst other things) because we need to pass it on:

entity = schema.AuthenticationToken(
primary_namespace=username, role_bindings={}
)
self.log.info(f"entity: {entity}")
entity_bindings = self.authorization.get_entity_bindings(entity)

@marcelovilla marcelovilla marked this pull request as draft November 20, 2024 13:51
@marcelovilla
Copy link
Member Author

I'm marking this PR as a draft because we're hitting conda-incubator/conda-store#899 when upgrading conda-store to 2024.10.1. It seems a fix has already been merged conda-incubator/conda-store#932 so we'll wait for the next conda-store release and upgrade to that version instead.

@viniciusdc
Copy link
Contributor

viniciusdc commented Nov 28, 2024

I can have a look at why the roles are missing in the tests, change the docker images during deployment based on nebari-dev/nebari-docker-images#187 image tag

@marcelovilla marcelovilla changed the title Upgrade conda-store to 2024.10.1 Upgrade conda-store to 2024.11.2 Dec 17, 2024
@marcelovilla
Copy link
Member Author

@viniciusdc and I met last week to debug why tests were failing previously. Turns out they were failing because new namespaces that were supposed to be automatically created were not being persisted and, thus, conda-store could not get them. This was solve by adding an explicit db.commit() to make sure they were being persisted in the database.

I'm not sure, however, if using conda_store_server.api to create namespaces is the correct approach to use their API. It relies on passing a db object, which seems something an end user shouldn't be concerned with. It seems that we could rather use the CondaStoreAPI class.

Thanks for all the help Vini!

@dcmcand dcmcand merged commit 694d91b into main Jan 10, 2025
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done 💪🏾
Development

Successfully merging this pull request may close these issues.

Test Nebari with latest conda-store version [ENH] - Upgrade to conda-store 2024.10.1
3 participants