Merge pull request #784 from at88mph/session-bypass-fix

Session host bypass fix

deployment/helm/README.md

@@ -320,6 +320,11 @@ deployment:
       maxCount: "3"  # Max number of sessions per user.
       minEphemeralStorage: "20Gi"   # The initial requested amount of ephemeral (local) storage.  Does NOT apply to Desktop sessions.
       maxEphemeralStorage: "200Gi"  # The maximum amount of ephemeral (local) storage to allow a Session to extend to.  Does NOT apply to Desktop sessions.
+      
+      # Optionally setup a separate host for User Sessions for Skaha to redirect to.  The HTTPS scheme is assumed.  Defaults to the Skaha hostname (.Values.deployment.hostname).
+      # Example:
+      #   hostname: myhost.example.org
+      hostname: sessions.example.org
 
       # When set to 'true' this flag will enable GPU node scheduling.  Don't forget to declare any related GPU configurations, if appropriate, in the nodeAffinity below!
       # gpuEnabled: false

skaha/build.gradle

@@ -35,6 +35,10 @@ tasks.withType(Copy).configureEach {
 dependencies {
     providedCompile 'javax.servlet:javax.servlet-api:[3.1.0,)'
 
+    // https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5
+    // Used to assemble URIs programmatically
+    implementation 'org.apache.httpcomponents.client5:httpclient5:5.4.1'
+
     implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.2'
     implementation 'com.google.code.gson:gson:2.8.9'
     implementation 'commons-io:commons-io:[2.14.0,3.0.0)'

skaha/src/main/java/org/opencadc/skaha/K8SUtil.java

@@ -76,8 +76,8 @@ public class K8SUtil {
 
     private static final Logger log = Logger.getLogger(K8SUtil.class);
 
-    public static String getHostName() {
-        return System.getenv("skaha.hostname");
+    public static String getSessionsHostName() {
+        return System.getenv("SKAHA_SESSIONS_HOSTNAME");
     }
 
     public static String getWorkloadNamespace() {

skaha/src/main/java/org/opencadc/skaha/SkahaAction.java

@@ -128,7 +128,6 @@ public abstract class SkahaAction extends RestAction {
     protected boolean adminUser = false;
     protected boolean headlessUser = false;
     protected boolean priorityHeadlessUser = false;
-    protected String server;
     protected String homedir;
     protected String scratchdir;
     protected String skahaTld;
@@ -145,7 +144,6 @@ public abstract class SkahaAction extends RestAction {
     protected String callbackSupplementalGroups = null;
 
     public SkahaAction() {
-        server = K8SUtil.getHostName();
         homedir = K8SUtil.getHomeDir();
         skahaTld = K8SUtil.getSkahaTld();
         gpuEnabled = K8SUtil.isGpuEnabled();
@@ -163,7 +161,7 @@ public SkahaAction() {
 
         final String configuredPosixMapperResourceID = K8SUtil.getPosixMapperResourceId();
 
-        log.debug("skaha.hostname=" + server);
+        log.debug("skaha.hostname=" + K8SUtil.getSessionsHostName());
         log.debug("skaha.homedir=" + homedir);
         log.debug("SKAHA_TLD=" + skahaTld);
         log.debug("skaha.scratchdir=" + scratchdir);

skaha/src/main/java/org/opencadc/skaha/session/PostAction.java

@@ -605,7 +605,7 @@ public void createSession(
                 .withParameter(PostAction.SKAHA_SESSIONNAME, name.toLowerCase())
                 .withParameter(PostAction.SKAHA_SESSIONEXPIRY, K8SUtil.getSessionExpiry())
                 .withParameter(PostAction.SKAHA_JOBNAME, jobName)
-                .withParameter(PostAction.SKAHA_HOSTNAME, K8SUtil.getHostName())
+                .withParameter(PostAction.SKAHA_HOSTNAME, K8SUtil.getSessionsHostName())
                 .withParameter(PostAction.SKAHA_USERID, getUsername())
                 .withParameter(PostAction.SKAHA_POSIXID, Integer.toString(this.posixPrincipal.getUidNumber()))
                 .withParameter(PostAction.SKAHA_SESSIONTYPE, type)
@@ -662,7 +662,8 @@ public void createSession(
             byte[] ingressBytes = Files.readAllBytes(Paths.get(ingressPath));
             String ingressString = new String(ingressBytes, StandardCharsets.UTF_8);
             ingressString = SessionJobBuilder.setConfigValue(ingressString, SKAHA_SESSIONID, sessionID);
-            ingressString = SessionJobBuilder.setConfigValue(ingressString, SKAHA_HOSTNAME, K8SUtil.getHostName());
+            ingressString =
+                    SessionJobBuilder.setConfigValue(ingressString, SKAHA_HOSTNAME, K8SUtil.getSessionsHostName());
             jsonLaunchFile = super.stageFile(ingressString);
             launchCmd = KubectlCommandBuilder.command("create")
                     .namespace(k8sNamespace)
@@ -796,7 +797,7 @@ public void attachDesktopApp(
                 .withParameter(PostAction.SKAHA_SESSIONID, this.sessionID)
                 .withParameter(PostAction.SKAHA_SESSIONEXPIRY, K8SUtil.getSessionExpiry())
                 .withParameter(PostAction.SKAHA_SESSIONTYPE, SessionAction.TYPE_DESKTOP_APP)
-                .withParameter(PostAction.SKAHA_HOSTNAME, K8SUtil.getHostName())
+                .withParameter(PostAction.SKAHA_HOSTNAME, K8SUtil.getSessionsHostName())
                 .withParameter(PostAction.SKAHA_USERID, getUsername())
                 .withParameter(PostAction.SKAHA_POSIXID, Integer.toString(this.posixPrincipal.getUidNumber()))
                 .withParameter(PostAction.SOFTWARE_IMAGEID, image)

skaha/src/main/java/org/opencadc/skaha/session/SessionAction.java

@@ -112,30 +112,6 @@ public SessionAction() {
         super();
     }
 
-    public static String getVNCURL(String host, String sessionID) {
-        // vnc.html does not...
-        return "https://" + host + "/session/desktop/" + sessionID + "/?password=" + sessionID
-                + "&path=session/desktop/" + sessionID + "/";
-    }
-
-    public static String getCartaURL(String host, String sessionID, boolean altSocketUrl) {
-        String url = "https://" + host + "/session/carta/http/" + sessionID + "/";
-        if (altSocketUrl) {
-            url = url + "?socketUrl=wss://" + host + "/session/carta/ws/" + sessionID + "/";
-        }
-        return url;
-    }
-
-    public static String getNotebookURL(String host, String sessionID, String userid, String skahaTLD) {
-        return String.format(
-                "https://%s/session/notebook/%s/lab/tree/%s/home/%s?token=%s",
-                host, sessionID, skahaTLD.replaceAll("/", ""), userid, sessionID);
-    }
-
-    public static String getContributedURL(String host, String sessionID) {
-        return "https://" + host + "/session/contrib/" + sessionID + "/";
-    }
-
     protected void initRequest() throws Exception {
         super.initRequest();
 

skaha/src/main/java/org/opencadc/skaha/session/SessionDAO.java

@@ -75,7 +75,7 @@ public static Session getSession(String forUserID, String sessionID, final Strin
         throw new ResourceNotFoundException("session " + sessionID + " not found");
     }
 
-    protected static List<Session> getSessions(String forUserID, String sessionID, final String topLevelDirectory)
+    static List<Session> getSessions(String forUserID, String sessionID, final String topLevelDirectory)
             throws Exception {
         String k8sNamespace = K8SUtil.getWorkloadNamespace();
         String[] sessionsCMD = SessionDAO.getSessionsCMD(k8sNamespace, forUserID, sessionID);
@@ -93,7 +93,7 @@ protected static List<Session> getSessions(String forUserID, String sessionID, f
 
             String[] lines = sessionList.split("\n");
             for (String line : lines) {
-                Session session = SessionDAO.constructSession(line, topLevelDirectory);
+                Session session = SessionDAO.constructSession(K8SUtil.getSessionsHostName(), line, topLevelDirectory);
                 if (forUserID != null) {
                     // get expiry time
                     String uid = getUID(line);
@@ -325,7 +325,8 @@ private static Map<String, String> getJobExpiryTimes(String k8sNamespace, String
         return jobExpiryTimes;
     }
 
-    static Session constructSession(String k8sOutput, final String topLevelDirectory) throws IOException {
+    static Session constructSession(String sessionHostName, String k8sOutput, final String topLevelDirectory)
+            throws Exception {
         LOGGER.debug("line: " + k8sOutput);
         final List<CustomColumns> allColumns = Arrays.asList(CustomColumns.values());
 
@@ -341,22 +342,22 @@ static Session constructSession(String k8sOutput, final String topLevelDirectory
         final String status = (deletionTimestamp != null && !NONE.equals(deletionTimestamp))
                 ? Session.STATUS_TERMINATING
                 : parts[allColumns.indexOf(CustomColumns.STATUS)];
-        final String host = K8SUtil.getHostName();
         final String connectURL;
 
         if (SessionAction.SESSION_TYPE_DESKTOP.equals(type)) {
-            connectURL = SessionAction.getVNCURL(host, id);
+            connectURL = SessionURLBuilder.vncSession(sessionHostName, id).build();
         } else if (SessionAction.SESSION_TYPE_CARTA.equals(type)) {
-            if (image.endsWith(":1.4")) {
-                // support alt web socket path for 1.4 carta
-                connectURL = SessionAction.getCartaURL(host, id, true);
-            } else {
-                connectURL = SessionAction.getCartaURL(host, id, false);
-            }
+            connectURL = SessionURLBuilder.cartaSession(sessionHostName, id)
+                    .withAlternateSocket(image.endsWith(":1.4"))
+                    .build();
         } else if (SessionAction.SESSION_TYPE_NOTEBOOK.equals(type)) {
-            connectURL = SessionAction.getNotebookURL(host, id, userid, topLevelDirectory);
+            connectURL = SessionURLBuilder.notebookSession(sessionHostName, id)
+                    .withTopLevelDirectory(topLevelDirectory)
+                    .withUserName(userid)
+                    .build();
         } else if (SessionAction.SESSION_TYPE_CONTRIB.equals(type)) {
-            connectURL = SessionAction.getContributedURL(host, id);
+            connectURL =
+                    SessionURLBuilder.contributedSession(sessionHostName, id).build();
         } else {
             connectURL = "not-applicable";
         }