ITISFoundation · GitHK · Nov 15, 2023 · Nov 9, 2023 · Nov 9, 2023 · Nov 9, 2023
@@ -266,7 +266,7 @@ async def email_confirmation(code: str):
         },
     },
 )
-async def list_api_keys(code: str):
+async def list_api_keys():
     """lists display names of API keys by this user"""
 
 

@@ -6,7 +6,10 @@ class ApiKey(BaseModel):
     api_secret: SecretStr
 
 
-class ApiKeyInDB(ApiKey):
+class ApiKeyInDB(BaseModel):
+    api_key: str
+    api_secret: str
+
     id_: int = Field(0, alias="id")
     display_name: str
     user_id: int

@@ -1580,6 +1580,7 @@
       "Profile": {
         "title": "Profile",
         "required": [
+          "id",
           "login",
           "role"
         ],
@@ -1595,6 +1596,12 @@
             "type": "string",
             "example": "Maxwell"
           },
+          "id": {
+            "title": "Id",
+            "exclusiveMinimum": true,
+            "type": "integer",
+            "minimum": 0
+          },
           "login": {
             "title": "Login",
             "type": "string",
@@ -1614,6 +1621,7 @@
           }
         },
         "example": {
+          "id": "20",
           "first_name": "James",
           "last_name": "Maxwell",
           "login": "[email protected]",

@@ -22,6 +22,7 @@
 import yaml
 from aiopg.sa.connection import SAConnection
 from fastapi import FastAPI
+from models_library.api_schemas_api_server.api_keys import ApiKeyInDB
 from pydantic import PositiveInt
 from pytest_simcore.helpers.rawdata_fakers import (
     random_api_key,
@@ -36,7 +37,6 @@
 from simcore_postgres_database.models.users import users
 from simcore_service_api_server.core.application import init_app
 from simcore_service_api_server.core.settings import PostgresSettings
-from simcore_service_api_server.models.domain.api_keys import ApiKeyInDB
 
 ## POSTGRES -----
 
@@ -269,5 +269,5 @@ async def auth(
 ) -> httpx.BasicAuth:
     """overrides auth and uses access to real repositories instead of mocks"""
     async for key in create_fake_api_keys(1):
-        return httpx.BasicAuth(key.api_key, key.api_secret.get_secret_value())
-    assert False, "Did not generate authentication"
+        return httpx.BasicAuth(key.api_key, key.api_secret)
+    pytest.fail("Did not generate authentication")
@@ -13,13 +13,13 @@
 from faker import Faker
 from fastapi import status
 from fastapi.encoders import jsonable_encoder
+from models_library.api_schemas_api_server.api_keys import ApiKeyInDB
 from models_library.api_schemas_webserver.wallets import WalletGetWithAvailableCredits
 from models_library.generics import Envelope
 from models_library.users import UserID
 from models_library.wallets import WalletStatus
 from pydantic import PositiveInt
 from simcore_service_api_server._meta import API_VTAG
-from simcore_service_api_server.models.domain.api_keys import ApiKeyInDB
 
 
 async def test_product_webserver(
@@ -70,7 +70,7 @@ def _check_key_product_compatibility(request: httpx.Request, **kwargs):
         key = keys[wallet_id]
         response = await client.get(
             f"{API_VTAG}/wallets/{wallet_id}",
-            auth=httpx.BasicAuth(key.api_key, key.api_secret.get_secret_value()),
+            auth=httpx.BasicAuth(key.api_key, key.api_secret),
         )
         assert response.status_code == status.HTTP_200_OK
     assert wallet_get_mock.call_count == len(keys)
@@ -104,7 +104,7 @@ def _get_service_side_effect(request: httpx.Request, **kwargs):
     for key in keys:
         response = await client.get(
             f"{API_VTAG}/solvers/simcore/services/comp/isolve/releases/2.0.24",
-            auth=httpx.BasicAuth(key.api_key, key.api_secret.get_secret_value()),
+            auth=httpx.BasicAuth(key.api_key, key.api_secret),
         )
 
     assert respx_mock.call_count == len(keys)
@@ -17,6 +17,7 @@
 from ..api.errors.validation_error import http422_error_handler
 from ..meta import API_VERSION, API_VTAG, PROJECT_NAME, SUMMARY
 from ..modules import (
+    api_keys_manager,
     catalog,
     comp_scheduler,
     dask_clients_pool,
@@ -166,6 +167,7 @@ def init_app(settings: AppSettings | None = None) -> FastAPI:
 
     if dynamic_scheduler_enabled:
         dynamic_sidecar.setup(app)
+        api_keys_manager.setup(app)
 
     if (
         settings.DIRECTOR_V2_COMPUTATIONAL_BACKEND.COMPUTATIONAL_BACKEND_DASK_CLIENT_ENABLED

@@ -0,0 +1,106 @@
+from uuid import uuid5
+
+from fastapi import FastAPI
+from models_library.api_schemas_webserver import WEBSERVER_RPC_NAMESPACE
+from models_library.api_schemas_webserver.auth import ApiKeyCreate, ApiKeyGet
+from models_library.products import ProductName
+from models_library.projects_nodes_io import NodeID
+from models_library.rabbitmq_basic_types import RPCMethodName
+from models_library.users import UserID
+from pydantic import parse_obj_as
+from servicelib.rabbitmq import RabbitMQRPCClient
+
+from ..utils.distributed_identifer import BaseDistributedIdentifierManager
+from .rabbitmq import get_rabbitmq_rpc_client
+
+
+class APIKeysManager(BaseDistributedIdentifierManager[str, ApiKeyGet]):
+    def __init__(self, app: FastAPI) -> None:
+        self.GET_OR_CREATE_INJECTS_IDENTIFIER = True
+        self.app = app
+
+    @property
+    def rpc_client(self) -> RabbitMQRPCClient:
+        return get_rabbitmq_rpc_client(self.app)
+
+    # pylint:disable=arguments-differ
+
+    async def get(
+        self, identifier: str, product_name: ProductName, user_id: UserID
+    ) -> ApiKeyGet | None:
+        result = await self.rpc_client.request(
+            WEBSERVER_RPC_NAMESPACE,
+            parse_obj_as(RPCMethodName, "api_key_get"),
+            product_name=product_name,
+            user_id=user_id,
+            name=identifier,
+        )
+        return parse_obj_as(ApiKeyGet | None, result)
+
+    async def create(
+        self, identifier: str, product_name: ProductName, user_id: UserID
+    ) -> tuple[str, ApiKeyGet]:
+        result = await self.rpc_client.request(
+            WEBSERVER_RPC_NAMESPACE,
+            parse_obj_as(RPCMethodName, "create_api_keys"),
+            product_name=product_name,
+            user_id=user_id,
+            new=ApiKeyCreate(display_name=identifier, expiration=None),
+        )
+        return identifier, ApiKeyGet.parse_obj(result)
+
+    async def destroy(
+        self, identifier: str, product_name: ProductName, user_id: UserID
+    ) -> None:
+        await self.rpc_client.request(
+            WEBSERVER_RPC_NAMESPACE,
+            parse_obj_as(RPCMethodName, "delete_api_keys"),
+            product_name=product_name,
+            user_id=user_id,
+            name=identifier,
+        )
+
+
+async def get_or_create_api_key(
+    app: FastAPI, *, product_name: ProductName, user_id: UserID, node_id: NodeID
+) -> ApiKeyGet:
+    api_keys_manager = _get_api_keys_manager(app)
+    display_name = _get_api_key_name(node_id)
+
+    key_data: ApiKeyGet | None = await api_keys_manager.get(
+        identifier=display_name, product_name=product_name, user_id=user_id
+    )
+    if key_data is None:
+        _, key_data = await api_keys_manager.create(
+            identifier=display_name, product_name=product_name, user_id=user_id
+        )
+
+    return key_data
+
+
+async def safe_remove(
+    app: FastAPI, *, node_id: NodeID, product_name: ProductName, user_id: UserID
+) -> None:
+    api_keys_manager = _get_api_keys_manager(app)
+    display_name = _get_api_key_name(node_id)
+
+    await api_keys_manager.remove(
+        identifier=display_name, product_name=product_name, user_id=user_id
+    )
+
+
+def _get_api_key_name(node_id: NodeID) -> str:
+    obfuscated_node_id = uuid5(node_id, f"{node_id}")
+    return f"_auto_{obfuscated_node_id}"
+
+
+def _get_api_keys_manager(app: FastAPI) -> APIKeysManager:
+    api_keys_manager: APIKeysManager = app.state.api_keys_manager
+    return api_keys_manager
+
+
+def setup(app: FastAPI) -> None:
+    async def on_startup() -> None:
+        app.state.api_keys_manager = APIKeysManager(app)
+
+    app.add_event_handler("startup", on_startup)
@@ -28,6 +28,7 @@
 
 from ...core.dynamic_services_settings.egress_proxy import EgressProxySettings
 from ...modules.osparc_variables_substitutions import (
+    resolve_and_substitute_service_lifetime_variables_in_specs,
     resolve_and_substitute_session_variables_in_model,
     resolve_and_substitute_session_variables_in_specs,
     substitute_vendor_secrets_in_model,
@@ -376,11 +377,19 @@ async def assemble_spec(  # pylint: disable=too-many-arguments # noqa: PLR0913
         app=app,
         specs=service_spec,
         user_id=user_id,
+        safe=True,
+        product_name=product_name,
+        project_id=project_id,
+        node_id=node_id,
+    )
+    service_spec = await resolve_and_substitute_service_lifetime_variables_in_specs(
+        app=app,
+        specs=service_spec,
         # NOTE: at this point all OsparcIdentifiers have to be replaced
         # an error will be raised otherwise
-        safe=False,
+        safe=True,
         product_name=product_name,
-        project_id=project_id,
+        user_id=user_id,
         node_id=node_id,
     )
-Original file line number
+Diff line change
@@ Expand Up / @@ -266,7 +266,7 @@ async def email_confirmation(code: str): @@
             },
         },
     )
-    async def list_api_keys(code: str):
+    async def list_api_keys():
         """lists display names of API keys by this user"""
@@ Expand Down @@