Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rafal/ai video remoteaiworker pr rebase fixed tests #3198

Draft
wants to merge 73 commits into
base: ai-video
Choose a base branch
from
Draft

Rafal/ai video remoteaiworker pr rebase fixed tests #3198

wants to merge 73 commits into from
+6,257 −2,302

Conversation

leszko
Copy link
Contributor

@leszko leszko commented Oct 3, 2024

No description provided.

ad-astra-video and others added 30 commits September 5, 2024 08:50
@ad-astra-video
grpc updates for remote ai worker
502568a
@ad-astra-video
update starter to add aiworker and split aiModels processing to orche…
b81ed3d 
…strator and aiworker
@ad-astra-video
add ai_worker core with small update to ModelConstraint to add capacity
7a82100
@ad-astra-video
move functions to core/ai_worker.go
ec3fb04
@ad-astra-video
add ai_worker server changes
e712c13
@ad-astra-video
make T2I, I2I and Upscale backwards compatible
1057ece
@ad-astra-video
add additional ai worker metrics
f79f0af
@ad-astra-video
add AI max size of response from worker
2ffef3e
@ad-astra-video
fix auto price modelid overwritten when price updated
5680321
@ad-astra-video
fix core/ai_worker.go for tests
0290dd0
@ad-astra-video
add ai worker tests
ce3bac4
@ad-astra-video
updates for typos
b5f562a
@ad-astra-video
dont let remote workers connect if incompatible version (lower than o…
aa54b8d 
…rch)
@ad-astra-video
remove separate capacity from remote ai worker. capacity per model on…
4bde68f 
… capabilities is used
@ad-astra-video
add err check and rename addl data field for server/ai_worker.go
f6ba022
@ad-astra-video
add server/ai_worker tests and update to core/ai_tests.go
65b2948
@ad-astra-video
update interfaces in stubs for server package tests
4a092d9
@ad-astra-video
fix serverGetOrchInfo api to add capabilities for ai-video
e025643
@ad-astra-video
add more tests, small updates to server/ai_worker.go
db4f297
@ad-astra-video
update core/ai.go ReserveAICapability to check for 0 capacity and upd…
e75dab4 
…ate related test
@ad-astra-video
revert remote ai worker saving input to disk and change to bytes pass…
a5ba007 
…through. small update to aiResults endpoint and related test update
@ad-astra-video
fix err check on handleAIRequest
64889d8
@ad-astra-video
fix lock/unlock capabilities for ai capabilities changes and fix remo…
6db747e 
…ving ai capabilities
@ad-astra-video
fix typo in log line
9cda839
@ad-astra-video
update to make Segment Anything 2 compatible with remote ai worker an…
9a46d4d 
…d update tests
@ad-astra-video
fix image-to-video
08c82c3
@ad-astra-video
delete image-to-video result file
6854eae
@ad-astra-video
fix segment-anything-2 capability lookup
9cf5737
@ad-astra-video
increase max response size to 3GB
5311e38
@ad-astra-video
fix AIResults to receive something other than worker.ImageResponse
78cd031
leszko and others added 26 commits October 2, 2024 10:40
@leszko
Enable tests in CI
835e681
@leszko
Merge branch 'ai-video' into rafal/ai-video-fix-unit-tests
c3e5b39
@leszko
Revert changes in selection.go
5907466
@leszko
Skip failing tests
9e967b9
@leszko
Skip failing tests
2808bb0
@leszko
Skip failing tests
82b6661
@leszko
Update testcontainers dependency
f75b64f
@leszko
Merge branch 'ai-video' into rafal/ai-video-fix-unit-tests
d7cc59c
@leszko
Fix goleak error in tests
c3721dd
@leszko
Fix goleak error in tests
e972e8c
@leszko
Merge branch 'ai-video' into rafal/ai-video-fix-unit-tests
89d2961
@leszko
Remove lint
d526b18
@leszko
Merge remote-tracking branch 'origin/rafal/ai-video-fix-unit-tests' i…
0f83bbd 
…nto rafal/ai-video-fix-unit-tests
@ad-astra-video
rebase fixes, add LLM pipeline, updates to handle SSE responses from …
139f034 
…worker
@ad-astra-video
remove test not finished and fix dlDur for multipart responses
c21aaa8
@ad-astra-video
Merge remote-tracking branch 'official/ai-video' into HEAD
0b4f855
@ad-astra-video
fix test variables
74061a8
@ad-astra-video
update test and move multipart/mixed parsing to function
54fd7e2
@ad-astra-video
add test for ExtensionByType
82fa6cc
@leszko
Removed test for deprecated segData.Profiles field + fix mediaserver_…
26ab5d2 
…test.go
@leszko
Re-enable lint
8a08f88
@leszko
Change golint to revive
12f86e4
@leszko
Update test.yaml
c9d133a
@leszko
golangci-lint
7ad48f7
@leszko
Fix lint errors
cb4f93b
@leszko
Merge branch 'rafal/ai-video-fix-unit-tests' into rafal/ai-video-remo…
d705b5a 
…teaiworker-pr-rebase-fixed-tests
@leszko leszko changed the base branch from master to ai-video October 3, 2024 12:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 3, 2024
View reviewed changes
server/ai_http.go

authType := r.Header.Get("Authorization")
if protoVerAIWorker != authType {
glog.Error("Invalid auth type ", authType)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by HTTP request headers
Loading
flows to a logging call.

Copilot Autofix AI 21 days ago

To fix the problem, we should avoid logging the sensitive authType value directly. Instead, we can log a generic message indicating an invalid authorization type without including the actual value. This approach maintains the functionality of logging errors while protecting sensitive information.

  • Modify the logging statement on line 533 to remove the authType value.
  • Ensure that the log message still provides useful information for debugging without exposing sensitive data.
Suggested changeset 1
server/ai_http.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server/ai_http.go b/server/ai_http.go
--- a/server/ai_http.go
+++ b/server/ai_http.go
@@ -532,3 +532,3 @@
 		if protoVerAIWorker != authType {
-			glog.Error("Invalid auth type ", authType)
+			glog.Error("Invalid auth type")
 			http.Error(w, "Unauthorized", http.StatusUnauthorized)
EOF
@@ -532,3 +532,3 @@
if protoVerAIWorker != authType {
glog.Error("Invalid auth type ", authType)
glog.Error("Invalid auth type")
http.Error(w, "Unauthorized", http.StatusUnauthorized)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
server/ai_worker.go
}

func runAIWorker(n *core.LivepeerNode, orchAddr string, capacity int, caps *net.Capabilities) error {
tlsConfig := &tls.Config{InsecureSkipVerify: true}

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.

Copilot Autofix AI 21 days ago

To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves removing the InsecureSkipVerify: true setting and properly configuring the TLS settings to use valid certificates.

  1. Remove InsecureSkipVerify: true: This setting should be removed from the tls.Config initialization.
  2. Load system CA certificates: Use the system's CA certificates to verify the server's certificate.
  3. Handle errors appropriately: Ensure that any errors related to TLS configuration are properly handled.
Suggested changeset 1
server/ai_worker.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server/ai_worker.go b/server/ai_worker.go
--- a/server/ai_worker.go
+++ b/server/ai_worker.go
@@ -96,7 +96,12 @@
 func runAIWorker(n *core.LivepeerNode, orchAddr string, capacity int, caps *net.Capabilities) error {
-	tlsConfig := &tls.Config{InsecureSkipVerify: true}
+	tlsConfig := &tls.Config{}
+	creds, err := credentials.NewClientTLSFromFile("/path/to/ca-certificates.crt", "")
+	if err != nil {
+		glog.Error("Failed to load CA certificates: ", err)
+		return err
+	}
 	conn, err := grpc.Dial(orchAddr,
-		grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)))
+		grpc.WithTransportCredentials(creds))
 	if err != nil {
-		glog.Error("Did not connect AI worker to orchesrator: ", err)
+		glog.Error("Did not connect AI worker to orchestrator: ", err)
 		return err
@@ -130,3 +135,3 @@
 
-	httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
+	httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{}}}
 	var wg sync.WaitGroup
EOF
@@ -96,7 +96,12 @@
func runAIWorker(n *core.LivepeerNode, orchAddr string, capacity int, caps *net.Capabilities) error {
tlsConfig := &tls.Config{InsecureSkipVerify: true}
tlsConfig := &tls.Config{}
creds, err := credentials.NewClientTLSFromFile("/path/to/ca-certificates.crt", "")
if err != nil {
glog.Error("Failed to load CA certificates: ", err)
return err
}
conn, err := grpc.Dial(orchAddr,
grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)))
grpc.WithTransportCredentials(creds))
if err != nil {
glog.Error("Did not connect AI worker to orchesrator: ", err)
glog.Error("Did not connect AI worker to orchestrator: ", err)
return err
@@ -130,3 +135,3 @@

httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{}}}
var wg sync.WaitGroup
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
server/ai_worker.go
}
}()

httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.

Copilot Autofix AI 21 days ago

To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves setting up proper TLS configuration with valid certificates. The best way to fix this without changing existing functionality is to remove the InsecureSkipVerify: true setting and ensure that the application uses valid certificates for TLS communication.

  1. Remove the InsecureSkipVerify: true setting: This will enforce the default behavior of verifying the server's certificate chain and host name.
  2. Ensure valid certificates are used: This might involve configuring the application to use a certificate authority (CA) or providing the necessary certificates.
Suggested changeset 1
server/ai_worker.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server/ai_worker.go b/server/ai_worker.go
--- a/server/ai_worker.go
+++ b/server/ai_worker.go
@@ -130,3 +130,3 @@
 
-	httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
+	httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{}}}
 	var wg sync.WaitGroup
EOF
@@ -130,3 +130,3 @@

httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{}}}
var wg sync.WaitGroup
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rickstaa rickstaa Awaiting requested review from rickstaa rickstaa will be requested when the pull request is marked ready for review rickstaa is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leszko @ad-astra-video