From 4f1601b43c6976462b030d1ce062fdcbb43c0065 Mon Sep 17 00:00:00 2001 From: MoritzWeber Date: Wed, 11 Dec 2024 14:27:58 +0100 Subject: [PATCH] feat: Add internal endpoints for sessions and expose backend The internal endpoints can be received via the API for inter-session communication. A new network route is available between sessions and the backend. This enables sessions to use the backend API. Two new pre-defined variables were added: - `CAPELLACOLLAB_API_BASE_URL` - `CAPELLACOLLAB_SESSION_REQUESTER_USER_ID` --- .../capellacollab/configuration/app/models.py | 10 +++++++++ backend/capellacollab/sessions/models.py | 7 +++++++ backend/capellacollab/sessions/util.py | 2 ++ docs/docs/admin/tools/configuration.md | 12 +++++++++++ helm/config/backend.yaml | 3 +++ .../backend/backend.networkpolicy.yaml | 21 +++++++++++++++++++ 6 files changed, 55 insertions(+) create mode 100644 helm/templates/backend/backend.networkpolicy.yaml diff --git a/backend/capellacollab/configuration/app/models.py b/backend/capellacollab/configuration/app/models.py index 52368d893..c9f518898 100644 --- a/backend/capellacollab/configuration/app/models.py +++ b/backend/capellacollab/configuration/app/models.py @@ -191,6 +191,16 @@ class K8sConfig(BaseConfig): description="The name of the IngressClass to use.", examples=["traefik", "nginx"], ) + management_portal_namespace: str = pydantic.Field( + default="collab-manager", + description="The namespace where the management portal is deployed in.", + examples=["collab-manager"], + ) + release_name: str = pydantic.Field( + default="dev", + description="The release name of the Helm chart", + examples=["dev", "prod", "test123"], + ) class GeneralConfig(BaseConfig): diff --git a/backend/capellacollab/sessions/models.py b/backend/capellacollab/sessions/models.py index 3dedb1a62..ac1c4d31a 100644 --- a/backend/capellacollab/sessions/models.py +++ b/backend/capellacollab/sessions/models.py @@ -42,6 +42,7 @@ class SessionEnvironment(t.TypedDict): CAPELLACOLLAB_SESSION_TOKEN: str CAPELLACOLLAB_SESSION_ID: str CAPELLACOLLAB_SESSION_REQUESTER_USERNAME: str + CAPELLACOLLAB_SESSION_REQUESTER_USER_ID: int CAPELLACOLLAB_SESSION_CONNECTION_METHOD_TYPE: str CAPELLACOLLAB_SESSION_CONTAINER_PORT: str @@ -51,6 +52,7 @@ class SessionEnvironment(t.TypedDict): CAPELLACOLLAB_SESSIONS_BASE_PATH: str CAPELLACOLLAB_ORIGIN_BASE_URL: str + CAPELLACOLLAB_API_BASE_URL: str class SessionProvisioningRequest(core_pydantic.BaseModel): @@ -131,6 +133,11 @@ class Session(core_pydantic.BaseModel): connection_method_id: str connection_method: tools_models.ToolSessionConnectionMethod | None = None + @property + def internal_endpoint(self) -> str: + """Internal DNS endpoint of the session for inter-session communication.""" + return f"{self.id}.{config.k8s.namespace}.svc.cluster.local" + shared_with: list[SessionSharing] = pydantic.Field(default=[]) project: projects_models.SimpleProject | None = pydantic.Field( diff --git a/backend/capellacollab/sessions/util.py b/backend/capellacollab/sessions/util.py index cecc61e5e..ef6075be8 100644 --- a/backend/capellacollab/sessions/util.py +++ b/backend/capellacollab/sessions/util.py @@ -67,6 +67,7 @@ def get_environment( ), "CAPELLACOLLAB_SESSION_ID": session_id, "CAPELLACOLLAB_SESSION_REQUESTER_USERNAME": user.name, + "CAPELLACOLLAB_SESSION_REQUESTER_USER_ID": user.id, "CAPELLACOLLAB_SESSIONS_BASE_PATH": f"/session/{session_id}", "CAPELLACOLLAB_SESSION_CONNECTION_METHOD_TYPE": connection_method.type, "CAPELLACOLLAB_ORIGIN_BASE_URL": f"{config.general.scheme}://{config.general.host}:{config.general.port}", @@ -74,6 +75,7 @@ def get_environment( "CAPELLACOLLAB_SESSIONS_HOST": config.general.host, "CAPELLACOLLAB_SESSIONS_PORT": str(config.general.port), "CAPELLACOLLAB_SESSION_CONTAINER_PORT": str(container_port), + "CAPELLACOLLAB_API_BASE_URL": f"http://{config.k8s.release_name}-backend.{config.k8s.management_portal_namespace}.svc.cluster.local/api", } diff --git a/docs/docs/admin/tools/configuration.md b/docs/docs/admin/tools/configuration.md index e8ec735f4..c119fd11c 100644 --- a/docs/docs/admin/tools/configuration.md +++ b/docs/docs/admin/tools/configuration.md @@ -90,6 +90,11 @@ variables can be used by the tool: `janedoe` The username of the user who has requested the session. + + `CAPELLACOLLAB_SESSION_REQUESTER_USER_ID` + `123` + The ID of the user who has requested the session. + `CAPELLACOLLAB_SESSION_CONTAINER_PORT` `8080` @@ -167,6 +172,13 @@ variables can be used by the tool: The tool has to set the `Content-Security-Policy` header to `frame-ancestors self {CAPELLACOLLAB_ORIGIN_HOST}`. Otherwise, the session viewer can't be used with the tool! + + `CAPELLACOLLAB_API_BASE_URL` + `http://dev-backend.collab-manager.svc.cluster.local:/api` + + The API URL of the Collaboration Manager. The URL is only available from the session itself. + + `WORKSPACE_DIR` `/workspace` diff --git a/helm/config/backend.yaml b/helm/config/backend.yaml index a64d3f603..a334bd9dc 100644 --- a/helm/config/backend.yaml +++ b/helm/config/backend.yaml @@ -11,6 +11,9 @@ docker: k8s: namespace: {{ .Values.backend.k8sSessionNamespace }} + managementPortalNamespace: {{ .Release.Namespace }} + releaseName: {{ .Release.Name }} + {{- if .Values.cluster.namespaces.sessions.ingressClassName }} ingressClassName: {{ .Values.cluster.namespaces.sessions.ingressClassName }} {{- end }} diff --git a/helm/templates/backend/backend.networkpolicy.yaml b/helm/templates/backend/backend.networkpolicy.yaml new file mode 100644 index 000000000..a91d027b5 --- /dev/null +++ b/helm/templates/backend/backend.networkpolicy.yaml @@ -0,0 +1,21 @@ +# SPDX-FileCopyrightText: Copyright DB InfraGO AG and contributors +# SPDX-License-Identifier: Apache-2.0 + +{{ if .Values.loki.enabled }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-from-{{- .Values.backend.k8sSessionNamespace -}}-to-backend + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + id: {{ .Release.Name }}-service-backend + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Values.backend.k8sSessionNamespace }} + policyTypes: + - Ingress +{{ end }}