Enable TLS by default (#1012)

* Enable TLS by default Signed-off-by: Shah, Karan <[email protected]> * Spurious package removal in dockerfile Signed-off-by: Shah, Karan <[email protected]> * Fetch fqdn via openfl util func Signed-off-by: Shah, Karan <[email protected]> * [WIP] Set localhost fqdn for github actions Signed-off-by: Shah, Karan <[email protected]> * formatting break from PR #1008 fixed Signed-off-by: Shah, Karan <[email protected]> * Set localhost fqdn for impacted tests Signed-off-by: Shah, Karan <[email protected]> * localhost fqdn for dockerization test Signed-off-by: Shah, Karan <[email protected]> --------- Signed-off-by: Shah, Karan <[email protected]>
securefederatedai · Aug 6, 2024 · f9596a3 · f9596a3
1 parent 1a6f87d
commit f9596a3
Show file tree

Hide file tree

Showing 16 changed files with 41 additions and 17 deletions.
diff --git a/.github/workflows/dockerization.yml b/.github/workflows/dockerization.yml
@@ -10,6 +10,10 @@ on:
 permissions:
   contents: read
 
+env:
+  # A workaround for long FQDN names provided by GitHub actions.
+  FQDN: "localhost"
+
 jobs:
   build:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/double_ws_export.yml b/.github/workflows/double_ws_export.yml
@@ -10,6 +10,10 @@ on:
 permissions:
   contents: read
 
+env:
+  # A workaround for long FQDN names provided by GitHub actions.
+  FQDN: "localhost"
+
 jobs:
   build:
     runs-on: 'ubuntu-latest'

diff --git a/.github/workflows/gandlf.yml b/.github/workflows/gandlf.yml
@@ -10,6 +10,10 @@ on:
 permissions:
   contents: read
 
+env:
+  # A workaround for long FQDN names provided by GitHub actions.
+  FQDN: "localhost"
+
 jobs:
   build:
 

diff --git a/.github/workflows/pki.yml b/.github/workflows/pki.yml
@@ -10,6 +10,10 @@ on:
 permissions:
   contents: read
 
+env:
+  # A workaround for long FQDN names provided by GitHub actions.
+  FQDN: "localhost"
+
 jobs:
   test_insecure_client:
 

diff --git a/.github/workflows/straggler-handling.yml b/.github/workflows/straggler-handling.yml
@@ -10,6 +10,10 @@ on:
 permissions:
   contents: read
 
+env:
+  # A workaround for long FQDN names provided by GitHub actions.
+  FQDN: "localhost"
+
 jobs:
   build:
     strategy:

diff --git a/.github/workflows/taskrunner.yml b/.github/workflows/taskrunner.yml
@@ -10,6 +10,10 @@ on:
 permissions:
   contents: read
 
+env:
+  # A workaround for long FQDN names provided by GitHub actions.
+  FQDN: "localhost"
+
 jobs:
   build:
     strategy:

diff --git a/openfl-docker/Dockerfile.base b/openfl-docker/Dockerfile.base
@@ -104,8 +104,8 @@ WORKDIR /openfl
 COPY . .
 
 # Install OpenFL
-RUN pip install --no-cache-dir install --upgrade pip setuptools
-RUN pip install --no-cache-dir .
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
+    pip install --no-cache-dir .
 
 WORKDIR /thirdparty
 RUN if [ "$INSTALL_SOURCES" = "yes" ]; then \

diff --git a/openfl/experimental/transport/grpc/aggregator_client.py b/openfl/experimental/transport/grpc/aggregator_client.py
@@ -107,11 +107,11 @@ def __init__(
         self,
         agg_addr,
         agg_port,
-        tls,
         disable_client_auth,
         root_certificate,
         certificate,
         private_key,
+        tls=True,
         aggregator_uuid=None,
         federation_uuid=None,
         single_col_cert_common_name=None,

diff --git a/openfl/federated/task/fl_model.py b/openfl/federated/task/fl_model.py
@@ -87,7 +87,7 @@ def __getattribute__(self, attr):
             "train_batches",
             "validate",
             "validate_task",
-            "train_task"
+            "train_task",
         ]:
             return self.runner.__getattribute__(attr)
         return super().__getattribute__(attr)

diff --git a/openfl/transport/grpc/aggregator_client.py b/openfl/transport/grpc/aggregator_client.py
@@ -106,11 +106,11 @@ def __init__(
         self,
         agg_addr,
         agg_port,
-        tls,
         disable_client_auth,
         root_certificate,
         certificate,
         private_key,
+        tls=True,
         aggregator_uuid=None,
         federation_uuid=None,
         single_col_cert_common_name=None,

diff --git a/tests/github/dockerization_test.py b/tests/github/dockerization_test.py
@@ -14,7 +14,7 @@
 from tests.github.utils import start_aggregator_container
 from tests.github.utils import start_collaborator_container
 from tests.github.utils import create_signed_cert_for_collaborator
-
+from openfl.utilities.utils import getfqdn_env
 
 if __name__ == '__main__':
     # 1. Create the workspace
@@ -36,7 +36,7 @@
 
     # If an aggregator container will run on another machine
     # a relevant FQDN should be provided
-    fqdn = socket.getfqdn()
+    fqdn = getfqdn_env()
     # Build base image
     check_call([
         'docker', 'build', '-t', base_image_tag, '-f', 'openfl-docker/Dockerfile.base', '.'

diff --git a/tests/github/experimental/workspace/test_experimental_agg_based_workflow.py b/tests/github/experimental/workspace/test_experimental_agg_based_workflow.py
@@ -12,7 +12,7 @@
 from tests.github.experimental.workspace.utils import create_collaborator
 from tests.github.experimental.workspace.utils import create_certified_workspace
 from tests.github.experimental.workspace.utils import certify_aggregator
-
+from openfl.utilities.utils import getfqdn_env
 
 if __name__ == '__main__':
     # Test the pipeline
@@ -32,7 +32,7 @@
     args = parser.parse_args()
     fed_workspace = args.fed_workspace
     archive_name = f'{fed_workspace}.zip'
-    fqdn = socket.getfqdn()
+    fqdn = getfqdn_env()
     template = args.template
     custom_template = args.custom_template
     rounds_to_train = args.rounds_to_train

diff --git a/tests/github/pki_wrong_cn.py b/tests/github/pki_wrong_cn.py
@@ -11,7 +11,7 @@
 
 import openfl
 import openfl.native as fx
-
+from openfl.utilities.utils import getfqdn_env
 
 def prepare_workspace():
     subprocess.check_call(['fx', 'workspace', 'certify'])
@@ -78,7 +78,7 @@ def start_aggregator():
         '--template', 'keras_cnn_mnist'
     ])
     os.chdir(prefix)
-    fqdn = socket.getfqdn()
+    fqdn = getfqdn_env()
     prepare_workspace()
     agg = start_aggregator()
     try:

diff --git a/tests/github/test_double_ws_export.py b/tests/github/test_double_ws_export.py
@@ -12,7 +12,7 @@
 import psutil
 
 from tests.github.utils import create_certified_workspace, certify_aggregator, create_collaborator
-
+from openfl.utilities.utils import getfqdn_env
 
 if __name__ == '__main__':
     # Test the pipeline
@@ -33,7 +33,7 @@
     args = parser.parse_args()
     fed_workspace = args.fed_workspace
     archive_name = f'{fed_workspace}.zip'
-    fqdn = socket.getfqdn()
+    fqdn = getfqdn_env()
     template = args.template
     rounds_to_train = args.rounds_to_train
     col1 = args.col1

diff --git a/tests/github/test_gandlf.py b/tests/github/test_gandlf.py
@@ -12,7 +12,7 @@
 from concurrent.futures import ProcessPoolExecutor
 
 from tests.github.utils import create_collaborator, certify_aggregator
-
+from openfl.utilities.utils import getfqdn_env
 
 def exec(command, directory):
     os.chdir(directory)
@@ -35,7 +35,7 @@ def exec(command, directory):
     args = parser.parse_args()
     fed_workspace = args.fed_workspace
     archive_name = f'{fed_workspace}.zip'
-    fqdn = socket.getfqdn()
+    fqdn = getfqdn_env()
     template = args.template
     rounds_to_train = args.rounds_to_train
     col1, col2 = args.col1, args.col2

diff --git a/tests/github/test_hello_federation.py b/tests/github/test_hello_federation.py
@@ -11,7 +11,7 @@
 
 from openfl.utilities.utils import rmtree
 from tests.github.utils import create_collaborator, create_certified_workspace, certify_aggregator
-
+from openfl.utilities.utils import getfqdn_env
 
 if __name__ == '__main__':
     # Test the pipeline
@@ -34,7 +34,7 @@
     args = parser.parse_args()
     fed_workspace = args.fed_workspace
     archive_name = f'{fed_workspace}.zip'
-    fqdn = socket.getfqdn()
+    fqdn = getfqdn_env()
     template = args.template
     rounds_to_train = args.rounds_to_train
     col1, col2 = args.col1, args.col2