✨ adding docker-api-proxy service ⚠️

.env-devel

@@ -83,6 +83,12 @@ DIRECTOR_REGISTRY_CACHING=True
 DIRECTOR_SERVICES_CUSTOM_CONSTRAINTS=null
 DIRECTOR_TRACING=null
 
+DOCKER_API_PROXY_HOST=docker-api-proxy
+DOCKER_API_PROXY_PASSWORD=null
+DOCKER_API_PROXY_PORT=8888
+DOCKER_API_PROXY_SECURE=False
+DOCKER_API_PROXY_USER=null
+
 EFS_USER_ID=8006
 EFS_USER_NAME=efs
 EFS_GROUP_ID=8106

.github/workflows/ci-testing-deploy.yml

@@ -77,6 +77,7 @@ jobs:
       migration: ${{ steps.filter.outputs.migration }}
       payments: ${{ steps.filter.outputs.payments }}
       dynamic-scheduler: ${{ steps.filter.outputs.dynamic-scheduler }}
+      docker-api-proxy: ${{ steps.filter.outputs.docker-api-proxy }}
       resource-usage-tracker: ${{ steps.filter.outputs.resource-usage-tracker }}
       static-webserver: ${{ steps.filter.outputs.static-webserver }}
       storage: ${{ steps.filter.outputs.storage }}
@@ -233,6 +234,9 @@ jobs:
                 - 'services/docker-compose*'
                 - 'scripts/mypy/*'
                 - 'mypy.ini'
+            docker-api-proxy:
+                - 'packages/**'
+                - 'services/docker-api-proxy/**'
             resource-usage-tracker:
               - 'packages/**'
               - 'services/resource-usage-tracker/**'
@@ -2190,6 +2194,71 @@ jobs:
         with:
           flags: integrationtests #optional
 
+
+  integration-test-docker-api-proxy:
+    needs: [changes, build-test-images]
+    if: ${{ needs.changes.outputs.anything-py == 'true' || needs.changes.outputs.docker-api-proxy == 'true' || github.event_name == 'push'}}
+    timeout-minutes: 30 # if this timeout gets too small, then split the tests
+    name: "[int] docker-api-proxy"
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        python: ["3.11"]
+        os: [ubuntu-22.04]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v4
+      - name: setup docker buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+      - name: setup python environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python }}
+      - name: expose github runtime for buildx
+        uses: crazy-max/ghaction-github-runtime@v3
+      # FIXME: Workaround for https://github.com/actions/download-artifact/issues/249
+      - name: download docker images with retry
+        uses: Wandalen/wretry.action@master
+        with:
+          action: actions/download-artifact@v4
+          with: |
+            name: docker-buildx-images-${{ runner.os }}-${{ github.sha }}-backend
+            path: /${{ runner.temp }}/build
+          attempt_limit: 5
+          attempt_delay: 1000
+      - name: load docker images
+        run: make load-images local-src=/${{ runner.temp }}/build
+      - name: install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "0.5.x"
+          enable-cache: false
+          cache-dependency-glob: "**/docker-api-proxy/requirements/ci.txt"
+      - name: show system version
+        run: ./ci/helpers/show_system_versions.bash
+      - name: install
+        run: ./ci/github/integration-testing/docker-api-proxy.bash install
+      - name: test
+        run: ./ci/github/integration-testing/docker-api-proxy.bash test
+      - name: upload failed tests logs
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ github.job }}_docker_logs
+          path: ./services/docker-api-proxy/test_failures
+      - name: cleanup
+        if: ${{ !cancelled() }}
+        run: ./ci/github/integration-testing/docker-api-proxy.bash clean_up
+      - uses: codecov/codecov-action@v5
+        if: ${{ !cancelled() }}
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: integrationtests #optional
+
   integration-test-simcore-sdk:
     needs: [changes, build-test-images]
     if: ${{ needs.changes.outputs.anything-py == 'true' || needs.changes.outputs.simcore-sdk == 'true' || github.event_name == 'push' }}
@@ -2262,6 +2331,7 @@ jobs:
         integration-test-director-v2-01,
         integration-test-director-v2-02,
         integration-test-dynamic-sidecar,
+        integration-test-docker-api-proxy,
         integration-test-simcore-sdk,
         integration-test-webserver-01,
         integration-test-webserver-02,

Makefile

@@ -47,6 +47,7 @@ SERVICES_NAMES_TO_BUILD := \
 	payments \
 	resource-usage-tracker \
 	dynamic-scheduler \
+	docker-api-proxy \
   service-integration \
   static-webserver \
   storage \

ci/github/integration-testing/docker-api-proxy.bash

@@ -0,0 +1,40 @@
+#!/bin/bash
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/
+set -o errexit  # abort on nonzero exitstatus
+set -o nounset  # abort on unbound variable
+set -o pipefail # don't hide errors within pipes
+IFS=$'\n\t'
+
+install() {
+  make devenv
+  # shellcheck source=/dev/null
+  source .venv/bin/activate
+  pushd services/docker-api-proxy
+  make install-ci
+  popd
+  uv pip list
+  make info-images
+}
+
+test() {
+  # shellcheck source=/dev/null
+  source .venv/bin/activate
+  pushd services/docker-api-proxy
+  make test-ci-integration
+  popd
+}
+
+clean_up() {
+  docker images
+  make down
+}
+
+# Check if the function exists (bash specific)
+if declare -f "$1" >/dev/null; then
+  # call arguments verbatim
+  "$@"
+else
+  # Show a helpful error
+  echo "'$1' is not a known function name" >&2
+  exit 1
+fi

packages/pytest-simcore/src/pytest_simcore/docker_api_proxy.py

@@ -0,0 +1,52 @@
+import logging
+
+import pytest
+from aiohttp import ClientSession, ClientTimeout
+from pydantic import TypeAdapter
+from settings_library.docker_api_proxy import DockerApiProxysettings
+from tenacity import before_sleep_log, retry, stop_after_delay, wait_fixed
+
+from .helpers.docker import get_service_published_port
+from .helpers.host import get_localhost_ip
+from .helpers.typing_env import EnvVarsDict
+
+_logger = logging.getLogger(__name__)
+
+
+@retry(
+    wait=wait_fixed(1),
+    stop=stop_after_delay(10),
+    before_sleep=before_sleep_log(_logger, logging.INFO),
+    reraise=True,
+)
+async def _wait_till_docker_api_proxy_is_responsive(
+    settings: DockerApiProxysettings,
+) -> None:
+    async with ClientSession(timeout=ClientTimeout(1, 1, 1, 1, 1)) as client:
+        response = await client.get(f"{settings.base_url}/version")
+        assert response.status == 200, await response.text()
+
+
+@pytest.fixture
+async def docker_api_proxy_settings(
+    docker_stack: dict, env_vars_for_docker_compose: EnvVarsDict
+) -> DockerApiProxysettings:
+    """Returns the settings of a redis service that is up and responsive"""
+
+    prefix = env_vars_for_docker_compose["SWARM_STACK_NAME"]
+    assert f"{prefix}_docker-api-proxy" in docker_stack["services"]
+
+    published_port = get_service_published_port(
+        "docker-api-proxy", int(env_vars_for_docker_compose["DOCKER_API_PROXY_PORT"])
+    )
+
+    settings = TypeAdapter(DockerApiProxysettings).validate_python(
+        {
+            "DOCKER_API_PROXY_HOST": get_localhost_ip(),
+            "DOCKER_API_PROXY_PORT": published_port,
+        }
+    )
+
+    await _wait_till_docker_api_proxy_is_responsive(settings)
+
+    return settings

packages/pytest-simcore/src/pytest_simcore/simcore_services.py

@@ -52,10 +52,12 @@
     "invitations": "/",
     "payments": "/",
     "resource-usage-tracker": "/",
+    "docker-api-proxy": "/version",
 }
 AIOHTTP_BASED_SERVICE_PORT: int = 8080
 FASTAPI_BASED_SERVICE_PORT: int = 8000
 DASK_SCHEDULER_SERVICE_PORT: int = 8787
+DOCKER_API_PROXY_SERVICE_PORT: int = 8888
 
 _SERVICE_NAME_REPLACEMENTS: dict[str, str] = {
     "dynamic-scheduler": "dynamic-schdlr",
@@ -133,6 +135,7 @@ def services_endpoint(
                 AIOHTTP_BASED_SERVICE_PORT,
                 FASTAPI_BASED_SERVICE_PORT,
                 DASK_SCHEDULER_SERVICE_PORT,
+                DOCKER_API_PROXY_SERVICE_PORT,
             ]
             endpoint = URL(
                 f"http://{get_localhost_ip()}:{get_service_published_port(full_service_name, target_ports)}"

packages/service-library/src/servicelib/docker_utils.py

@@ -1,17 +1,23 @@
+import asyncio
 import logging
-from collections.abc import Awaitable, Callable
-from contextlib import AsyncExitStack
+from collections.abc import AsyncIterator, Awaitable, Callable
+from contextlib import AsyncExitStack, asynccontextmanager
 from dataclasses import dataclass
 from datetime import datetime
 from functools import cached_property
-from typing import Any, Final, Literal
+from typing import Any, AsyncContextManager, Final, Literal
 
 import aiodocker
+import aiohttp
 import arrow
+import tenacity
+from aiohttp import ClientSession
+from fastapi import FastAPI
 from models_library.docker import DockerGenericTag
 from models_library.generated_models.docker_rest_api import ProgressDetail
 from models_library.utils.change_case import snake_to_camel
 from pydantic import BaseModel, ByteSize, ConfigDict, TypeAdapter, ValidationError
+from settings_library.docker_api_proxy import DockerApiProxysettings
 from settings_library.docker_registry import RegistrySettings
 from yarl import URL
 
@@ -281,3 +287,70 @@ async def pull_image(
                 f"pulling {image_short_name}: {pull_progress}...",
                 logging.DEBUG,
             )
+
+
+def get_lifespan_remote_docker_client(
+    docker_api_proxy_settings_property_name: str,
+) -> Callable[[FastAPI], AsyncContextManager[None]]:
+    """Ensures `setup` and `teardown` for the remote docker client.
+
+    Arguments:
+        docker_api_proxy_settings_property_name -- if the name is `PROP_NAME`
+        then it should be accessible as `app.state.settings.PROP_NAME`
+
+    Returns:
+        docker client lifespan manager
+    """
+
+    @asynccontextmanager
+    async def _(app: FastAPI) -> AsyncIterator[None]:
+        settings: DockerApiProxysettings = getattr(
+            app.state.settings, docker_api_proxy_settings_property_name
+        )
+
+        session: ClientSession | None = None
+        if settings.DOCKER_API_PROXY_USER and settings.DOCKER_API_PROXY_PASSWORD:
+            session = ClientSession(
+                auth=aiohttp.BasicAuth(
+                    login=settings.DOCKER_API_PROXY_USER,
+                    password=settings.DOCKER_API_PROXY_PASSWORD.get_secret_value(),
+                )
+            )
+
+        async with AsyncExitStack() as exit_stack:
+            if settings.DOCKER_API_PROXY_USER and settings.DOCKER_API_PROXY_PASSWORD:
+                await exit_stack.enter_async_context(
+                    ClientSession(
+                        auth=aiohttp.BasicAuth(
+                            login=settings.DOCKER_API_PROXY_USER,
+                            password=settings.DOCKER_API_PROXY_PASSWORD.get_secret_value(),
+                        )
+                    )
+                )
+
+            client = await exit_stack.enter_async_context(
+                aiodocker.Docker(url=settings.base_url, session=session)
+            )
+
+            app.state.remote_docker_client = client
+
+            await wait_till_docker_api_proxy_is_responsive(app)
+
+            yield
+
+    return _
+
+
+@tenacity.retry(
+    wait=tenacity.wait_fixed(5),
+    stop=tenacity.stop_after_delay(60),
+    before_sleep=tenacity.before_sleep_log(_logger, logging.INFO),
+    reraise=True,
+)
+async def wait_till_docker_api_proxy_is_responsive(app: FastAPI) -> None:
+    await asyncio.wait_for(get_remote_docker_client(app).version(), timeout=5)
+
+
+def get_remote_docker_client(app: FastAPI) -> aiodocker.Docker:
+    assert isinstance(app.state.remote_docker_client, aiodocker.Docker)  # nosec
+    return app.state.remote_docker_client

packages/service-library/src/servicelib/fastapi/lifespan_utils.py

@@ -0,0 +1,24 @@
+from collections.abc import AsyncGenerator, Callable
+from contextlib import AsyncExitStack, asynccontextmanager
+from typing import AsyncContextManager, TypeAlias
+
+from fastapi import FastAPI
+
+LifespanContextManager: TypeAlias = Callable[[FastAPI], AsyncContextManager[None]]
+
+
+def combine_lfiespan_context_managers(
+    *context_managers: LifespanContextManager,
+) -> LifespanContextManager:
+    """the first entry has its `setup` called first and its `teardown` called last
+    With `setup` and `teardown` referring to the code before and after the `yield`
+    """
+
+    @asynccontextmanager
+    async def _(app: FastAPI) -> AsyncGenerator[None, None]:
+        async with AsyncExitStack() as stack:
+            for context_manager in context_managers:
+                await stack.enter_async_context(context_manager(app))
+            yield
+
+    return _

packages/service-library/tests/fastapi/test_lifespan_utils.py

@@ -0,0 +1,42 @@
+from collections.abc import AsyncIterator
+from contextlib import asynccontextmanager
+
+import pytest
+from asgi_lifespan import LifespanManager
+from fastapi import FastAPI
+from servicelib.fastapi.lifespan_utils import combine_lfiespan_context_managers
+
+
+async def test_multiple_lifespan_managers(capsys: pytest.CaptureFixture):
+    @asynccontextmanager
+    async def database_lifespan(_: FastAPI) -> AsyncIterator[None]:
+        print("setup DB")
+        yield
+        print("shutdown  DB")
+
+    @asynccontextmanager
+    async def cache_lifespan(_: FastAPI) -> AsyncIterator[None]:
+        print("setup CACHE")
+        yield
+        print("shutdown CACHE")
+
+    app = FastAPI(
+        lifespan=combine_lfiespan_context_managers(database_lifespan, cache_lifespan)
+    )
+
+    capsys.readouterr()
+
+    async with LifespanManager(app):
+        messages = capsys.readouterr().out
+
+        assert "setup DB" in messages
+        assert "setup CACHE" in messages
+        assert "shutdown  DB" not in messages
+        assert "shutdown CACHE" not in messages
+
+    messages = capsys.readouterr().out
+
+    assert "setup DB" not in messages
+    assert "setup CACHE" not in messages
+    assert "shutdown  DB" in messages
+    assert "shutdown CACHE" in messages