Merge branch 'dev' into tauquir/enclave-prototype

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.8.7-beta.10
+current_version = 0.8.7-beta.13
 tag = False
 tag_name = {new_version}
 commit = True

.github/workflows/cd-syft-dev.yml

@@ -84,7 +84,7 @@ jobs:
           echo "GRID_VERSION=$(python packages/grid/VERSION)" >> $GITHUB_OUTPUT
 
       - name: Build and push `syft` image to registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages
           file: ./packages/grid/syft-client/syft.Dockerfile
@@ -95,7 +95,7 @@ jobs:
             ${{ secrets.ACR_SERVER }}/openmined/syft-client:${{ steps.grid.outputs.GRID_VERSION }}
 
       - name: Build and push `grid-backend` image to registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages
           file: ./packages/grid/backend/backend.dockerfile
@@ -107,7 +107,7 @@ jobs:
             ${{ secrets.ACR_SERVER }}/openmined/grid-backend:${{ steps.grid.outputs.GRID_VERSION }}
 
       - name: Build and push `grid-frontend` image to registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/grid/frontend
           file: ./packages/grid/frontend/frontend.dockerfile
@@ -119,7 +119,7 @@ jobs:
           target: grid-ui-development
 
       - name: Build and push `grid-seaweedfs` image to registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/grid/seaweedfs
           file: ./packages/grid/seaweedfs/seaweedfs.dockerfile
@@ -130,7 +130,7 @@ jobs:
             ${{ secrets.ACR_SERVER }}/openmined/grid-seaweedfs:${{ steps.grid.outputs.GRID_VERSION }}
 
       - name: Build and push `grid-enclave-attestation` image to registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/grid/enclave/attestation
           file: ./packages/grid/enclave/attestation/attestation.dockerfile

.github/workflows/cd-syft.yml

@@ -112,7 +112,8 @@ jobs:
         run: |
           sudo apt update -y
           sudo apt install software-properties-common -y
-          sudo apt install gcc -y
+          sudo apt install gcc curl -y
+          sudo apt-get install python3-dev -y
 
       - name: Setup Python on arm64
         if: ${{ endsWith(matrix.runner, '-arm64') }}
@@ -185,7 +186,7 @@ jobs:
 
       - name: Build and push `grid-backend` image to DockerHub
         id: grid-backend-build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages
           file: ./packages/grid/backend/backend.dockerfile
@@ -203,7 +204,7 @@ jobs:
 
       - name: Build and push `grid-frontend` image to DockerHub
         id: grid-frontend-build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/grid/frontend
           file: ./packages/grid/frontend/frontend.dockerfile
@@ -221,7 +222,7 @@ jobs:
 
       - name: Build and push `grid-seaweedfs` image to DockerHub
         id: grid-seaweedfs-build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/grid/seaweedfs
           file: ./packages/grid/seaweedfs/seaweedfs.dockerfile
@@ -241,7 +242,7 @@ jobs:
       - name: Build and push `grid-enclave-attestation` image to DockerHub
         if: ${{ endsWith(matrix.runner, '-x64') }}
         id: grid-enclave-attestation-build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/grid/enclave/attestation
           file: ./packages/grid/enclave/attestation/attestation.dockerfile
@@ -259,7 +260,7 @@ jobs:
 
       - name: Build and push `syft` image to registry
         id: syft-build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./packages/
           file: ./packages/grid/syft-client/syft.Dockerfile

VERSION

@@ -1,5 +1,5 @@
 # Mono Repo Global Version
-__version__ = "0.8.7-beta.10"
+__version__ = "0.8.7-beta.13"
 # elsewhere we can call this file: `python VERSION` and simply take the stdout
 
 # stdlib

docs/requirements.txt

@@ -11,3 +11,4 @@ sphinx-autoapi==1.8.4
 sphinx-code-include==1.1.1
 sphinx-copybutton==0.4.0
 sphinx-panels==0.6.0
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability

notebooks/api/0.8/02-review-code-and-approve.ipynb

@@ -290,6 +290,21 @@
     "print(op.policy_code)"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Policies provided by Syft are available before approving the code,\n",
+    "# Custom policies are only safe to use once the code is approved.\n",
+    "\n",
+    "assert func.output_policy is not None\n",
+    "assert func.input_policy is not None\n",
+    "\n",
+    "func.output_policy"
+   ]
+  },
   {
    "cell_type": "markdown",
    "metadata": {},

notebooks/api/0.8/05-custom-policy.ipynb

@@ -297,14 +297,6 @@
     "                if kwarg_value.is_err():\n",
     "                    return Err(kwarg_value.err())\n",
     "                code_inputs[var_name] = kwarg_value.ok()\n",
-    "\n",
-    "        elif context.node.node_type == NodeType.ENCLAVE:\n",
-    "            dict_object = action_service.get(context=root_context, uid=code_item_id)\n",
-    "            if dict_object.is_err():\n",
-    "                return Err(dict_object.err())\n",
-    "            for value in dict_object.ok().syft_action_data.values():\n",
-    "                code_inputs.update(value)\n",
-    "\n",
     "        else:\n",
     "            raise Exception(\n",
     "                f\"Invalid Node Type for Code Submission:{context.node.node_type}\"\n",
@@ -328,11 +320,6 @@
     "                verify_key=context.node.signing_key.verify_key,\n",
     "            )\n",
     "            allowed_inputs = allowed_inputs.get(node_identity, {})\n",
-    "        elif context.node.node_type == NodeType.ENCLAVE:\n",
-    "            base_dict = {}\n",
-    "            for key in allowed_inputs.values():\n",
-    "                base_dict.update(key)\n",
-    "            allowed_inputs = base_dict\n",
     "        else:\n",
     "            raise Exception(\n",
     "                f\"Invalid Node Type for Code Submission:{context.node.node_type}\"\n",
@@ -403,11 +390,6 @@
     "            verify_key=context.node.signing_key.verify_key,\n",
     "        )\n",
     "        allowed_inputs = allowed_inputs.get(node_identity, {})\n",
-    "    elif context.node.node_type == NodeType.ENCLAVE:\n",
-    "        base_dict = {}\n",
-    "        for key in allowed_inputs.values():\n",
-    "            base_dict.update(key)\n",
-    "        allowed_inputs = base_dict\n",
     "    else:\n",
     "        raise Exception(\n",
     "            f\"Invalid Node Type for Code Submission:{context.node.node_type}\"\n",
@@ -508,6 +490,18 @@
    "cell_type": "code",
    "execution_count": null,
    "id": "23",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Custom policies need to be approved before they can be viewed and used\n",
+    "assert func.input_policy is None\n",
+    "assert func.output_policy is None"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "24",
    "metadata": {
     "tags": []
    },
@@ -520,7 +514,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "24",
+   "id": "25",
    "metadata": {},
    "outputs": [],
    "source": [
@@ -530,7 +524,18 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "25",
+   "id": "26",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "assert func.input_policy is not None\n",
+    "assert func.output_policy is not None"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "27",
    "metadata": {
     "tags": []
    },
@@ -543,7 +548,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "26",
+   "id": "28",
    "metadata": {},
    "outputs": [],
    "source": [
@@ -554,7 +559,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "27",
+   "id": "29",
    "metadata": {
     "tags": []
    },
@@ -566,7 +571,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "28",
+   "id": "30",
    "metadata": {
     "tags": []
    },
@@ -578,7 +583,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "29",
+   "id": "31",
    "metadata": {
     "tags": []
    },
@@ -594,7 +599,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "30",
+   "id": "32",
    "metadata": {
     "tags": []
    },

notebooks/api/0.8/11-container-images-k8s.ipynb

@@ -246,12 +246,14 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "# syft absolute\n",
+    "from syft.util.util import get_latest_tag\n",
+    "\n",
     "registry = os.getenv(\"SYFT_BASE_IMAGE_REGISTRY\", \"docker.io\")\n",
     "repo = \"openmined/grid-backend\"\n",
     "\n",
     "if \"k3d\" in registry:\n",
-    "    res = requests.get(url=f\"http://{registry}/v2/{repo}/tags/list\")\n",
-    "    tag = res.json()[\"tags\"][0]\n",
+    "    tag = get_latest_tag(registry, repo)\n",
     "else:\n",
     "    tag = sy.__version__"
    ]

notebooks/scenarios/bigquery/.gitignore

@@ -0,0 +1 @@
+service_account.json