Merge pull request #51 from abcdesktopio/dev

Dev

Author: alexandredevely

.github/workflows/main.yml

@@ -24,7 +24,8 @@ jobs:
           # this is the target build image
           # debian_bookworm -> debian and bookworm
           # alpine_latest -> alpine and latest
-          distribs: [ debian_bookworm, alpine_latest ]
+          # distribs: [ debian_bookworm, alpine_latest ]
+          distribs: [ alpine_latest ]
     runs-on: ${{ matrix.platform-runs }} 
 
     steps:
@@ -100,7 +101,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        distribs: [ debian_bookworm, alpine_latest ]
+        # distribs: [ debian_bookworm, alpine_latest ]
+        distribs: [ alpine_latest ]
     steps:
       - name: Login to Docker Hub
         uses: docker/login-action@v3

Dockerfile.debian

@@ -1,6 +1,6 @@
 FROM python:3
 
-LABEL org.opencontainers.image.description abcdesktop.pyos
+LABEL org.opencontainers.image.description=abcdesktop.pyos
 
 # upgrade
 RUN apt-get update && apt-get upgrade -y && apt-get clean  && rm -rf /var/lib/apt/lists/*
@@ -55,7 +55,7 @@ RUN mkdir -p /usr/share/geolite2 && \
 
 COPY --from=ghcr.io/abcdesktopio/ntlm_auth:debian_bookworm /dist/*.deb /tmp
 RUN apt-get update && \
-    apt-get install -y  --no-install-recommends /tmp/*.deb && \
+    apt-get install -y --allow-downgrades /tmp/*.deb && \
     apt-get clean  && \
     rm -rf /var/lib/apt/lists/* 
 RUN echo /usr/lib/x86_64-linux-gnu/samba >> /etc/ld.so.conf.d/x86_64-linux-gnu.conf && /usr/sbin/ldconfig

controllers/composer_controller.py

@@ -195,7 +195,7 @@ def removecontainer(self):
     def listcontainer(self):
         self.logger.debug('')
         (auth, user ) = self.validate_env()
-        result = oc.od.composer.listContainerApp(auth, user)
+        result = oc.od.composer.listContainerApps(auth, user)
         return Results.success(result=result)
 
     @cherrypy.expose

controllers/manager_controller.py

@@ -426,7 +426,7 @@ def handle_image_POST( self, json_images ):
             raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request')
         return json_put
 
-    def handle_image_DELETE( self, image ):
+    def handle_image_DELETE( self, image:str )->str:
         self.logger.debug('')
 
         # image can be an sha_id or an repotag
@@ -447,7 +447,7 @@ def handle_image_DELETE( self, image ):
         cherrypy.response.status = 404
         return "Not found"
 
-    def handle_image_PATCH( self, image=None, json_images=None ):
+    def handle_image_PATCH( self, image:str=None, json_images=None ):
         self.logger.debug('')
         # image can be an sha_id or an repotag
         # it is always a str type
@@ -502,7 +502,7 @@ def handle_desktop_GET( self, args ):
         desktop_name = args[0]
         if not isinstance( desktop_name, str):
             raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request')
-
+        
         if len(args)==1:
             # get information for a desktop
             # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773
@@ -513,11 +513,28 @@ def handle_desktop_GET( self, args ):
             if args[1]=="resources_usage":
                 # specify desktop
                 if len(args)==2 :
-                    # list container for a desktop
+                    # resources_usage for a desktop
                     # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/resources_usage
                     resource = oc.od.composer.get_desktop_resources_usage(desktop_name)
                     return resource
 
+            if args[1]=="pod":
+                # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/pod/pod_id/resources_usage
+                 if len(args)==4 and args[3]=="resources_usage":
+                    #
+                    # args[0] -> desktop_name
+                    # args[1] -> pod
+                    # args[2] -> pod_name or pod_id
+                    # args[3] -> resources_usage
+                    # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/pod/pod_id/resources_usage
+                    pod_name = args[2]
+                    if not isinstance( pod_name, str):
+                        raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request')
+                    self.logger.debug(f'get pod resources usage for {desktop_name} {pod_name}')
+                    resource = oc.od.composer.get_pod_resources_usage(desktop_name=desktop_name, pod_name=pod_name)
+                    return resource
+                    # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container/container_id/resources_usage
+                
             if args[1]=="container":
                 # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container
                 # specify desktop
@@ -535,6 +552,24 @@ def handle_desktop_GET( self, args ):
                     # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container/container_id
                     container = oc.od.composer.describe_container( desktop_name, container=container_id )
                     return container
+                
+                if len(args)==4 and args[3]=="resources_usage":
+                    #
+                    # args[0] -> desktop_name
+                    # args[1] -> container
+                    # args[2] -> container_name or container_id
+                    # args[3] -> resources_usage
+                    # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container/container_id/resources_usage
+                    container_name = args[2]
+                    if not isinstance( container_name, str):
+                        raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request')
+                    self.logger.debug(f'get ephemeralcontainer resources usage for {desktop_name} {container_name}')
+                    # get ephemeralcontainer resources usage
+                    # /API/manager/desktop
+                    # /hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container/container_id/resources_usage
+                    resource = oc.od.composer.get_container_resources_usage(desktop_name=desktop_name, container_name=container_name)
+                    return resource
+                    # /API/manager/desktop/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container/container_id/resources_usage
 
         raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request')
 
@@ -548,19 +583,19 @@ def handle_desktop_DELETE( self, args ):
         desktop_name = args[0]
         if not isinstance( desktop_name, str):
             raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request')
+                                    
         if len(args)==1:
             # delete a desktop
             # DELETE /API/manager/desktops/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773
             delete_desktop = oc.od.composer.remove_desktop_byname(desktop_name)
             return delete_desktop
 
         # use a specify desktop
-        if len(args)==3 and args[1]=="container":
+        if len(args)==3 and args[1] in [ "container", "pod" ] :
             # delete a container for a desktop
             # /API/manager/desktops/hermes-8a49ca1a-fcc6-4b7b-960f-5a27debd4773/container/7f77381f778b1214c780762185a2a345ed00cfd1022f18cbd37902af041aff40
             container_id = args[2]
-            oc.od.composer.stop_container_byname( desktop_name, container=container_id )
-            oc.od.composer.remove_container_byname( desktop_name, container=container_id )
+            stopped_container = oc.od.composer.stop_container_byname( desktop_name, container=container_id )
             return container_id
         raise cherrypy.HTTPError(status=400, message='Invalid parameters Bad Request') 
 

group

@@ -47,8 +47,9 @@ input:x:107:
 sgx:x:108:
 kvm:x:109:
 render:x:110:
-balloon:x:4096:
+_ssh:x:111:
+rdma:x:112:
+polkitd:x:999:
 nogroup:x:65534:
-render:x:110:
 ssh:x:4095:
 {{ gid }}:x:{{ gidNumber }}:{{ uid }}

gshadow

@@ -1,4 +1,4 @@
-root:*::
+   root:*::
 daemon:*::
 bin:*::
 sys:*::
@@ -47,4 +47,6 @@ input:!::
 sgx:!::
 kvm:!::
 render:!::
+polkitd:!::
+rdma:!::
 {{ gid }}:!::{{ uid }}

oc/od/composer.py

@@ -30,6 +30,8 @@
 import oc.od.desktop
 import oc.od.services
 import oc.od.tracking
+
+# type need for garbage collector
 from kubernetes.client.models.v1_pod_list import V1PodList
 from kubernetes.client.rest import ApiException
 
@@ -203,37 +205,65 @@ def runwebhook( c, messageinfo=None ):
 def remove_desktop_byname( desktop_name:str ):
     myOrchestrator = selectOrchestrator()
     (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
     return removedesktop( authinfo, userinfo )
 
-def stop_container_byname( desktop_name:str, container ):
+def stop_container_byname( desktop_name:str, container:str )->bool:
     myOrchestrator = selectOrchestrator()  
     (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
-    return myOrchestrator.stopContainerApp( authinfo, userinfo, container )
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
+    return myOrchestrator.stopContainerApp( authinfo, userinfo, desktop_name, container )
 
 def list_container_byname( desktop_name:str ):
     myOrchestrator = selectOrchestrator()    
-    (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
-    return myOrchestrator.listContainerApp(authinfo, userinfo)
+    (authinfo, userinfo, myDesktop) = myOrchestrator.find_userinfo_authinfo_desktop_by_desktop_name( name=desktop_name )
+    if not isinstance( myDesktop, oc.od.desktop.ODDesktop) :
+        raise ODError( status=404, message='desktop not found')
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
+    return myOrchestrator.listContainerApps(authinfo, userinfo, myDesktop, services.apps )
 
 def describe_desktop_byname( desktop_name:str ):
     myOrchestrator = selectOrchestrator()    
-    pod = myOrchestrator.describe_desktop_byname( desktop_name )
-    return pod
+    myPod = myOrchestrator.describe_desktop_byname( desktop_name )
+    if not isinstance( myPod, dict ):
+        raise ODError( status=404, message='desktop not found')
+    return myPod
 
 def describe_container_byname( desktop_name:str , container_id:str ):
     myOrchestrator = selectOrchestrator()    
     container = myOrchestrator.describe_container( desktop_name, container_id )
     return container
 
-def remove_container_byname(desktop_name: str, container_id:str):
+def remove_container_byname(desktop_name:str, container:str):
     myOrchestrator = selectOrchestrator()    
     (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
-    return myOrchestrator.removeContainerApp(authinfo,userinfo,container_id=container_id)
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
+    return myOrchestrator.removeContainerApp(authinfo,userinfo,desktop_name,container)
+
+def get_pod_resources_usage(desktop_name:str, pod_name:str):
+    myOrchestrator = selectOrchestrator()    
+    (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
+    return myOrchestrator.get_pod_resources_usage(authinfo,userinfo,pod_name=pod_name)
+
+def get_container_resources_usage(desktop_name:str, container_name:str):
+    myOrchestrator = selectOrchestrator()
+    (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
+    return myOrchestrator.get_container_resources_usage( authinfo, userinfo, container_name=container_name)
 
 def get_desktop_resources_usage(desktop_name:str):
     myOrchestrator = selectOrchestrator()    
     (authinfo, userinfo) = myOrchestrator.find_userinfo_authinfo_by_desktop_name( name=desktop_name )
-    return myOrchestrator.getdesktop_resources_usage(authinfo,userinfo )
+    if not isinstance( authinfo, AuthInfo) or not isinstance( userinfo, AuthUser) :
+        raise ODError( status=404, message='desktop not found')
+    return myOrchestrator.getdesktop_resources_usage(authinfo,userinfo)
 
 
 def fakednsquery( userid ):
@@ -378,7 +408,7 @@ def finddesktop( authinfo, userinfo  ):
     return myDesktop
 
 
-def prepareressources( authinfo, userinfo ):
+def prepareressources( authinfo: AuthInfo, userinfo: AuthUser ):
     """prepareressources for user from authinfo
         call Orchestrator.prepareressources
 
@@ -390,7 +420,7 @@ def prepareressources( authinfo, userinfo ):
     myOrchestrator.prepareressources( authinfo=authinfo, userinfo=userinfo )
 
 
-def stopContainerApp(auth, user, podname, containerid):
+def stopContainerApp(authinfo: AuthInfo, userinfo: AuthUser, podname:str, containerid:str):
     """stop container application if the container belongs to the user 
     Args:
         authinfo (AuthInfo): authentification data
@@ -406,15 +436,15 @@ def stopContainerApp(auth, user, podname, containerid):
     logger.info('stopcontainer' )
     # new Orchestrator Object
     myOrchestrator = selectOrchestrator()   
-    myDesktop = myOrchestrator.findDesktopByUser( auth, user )
+    myDesktop = myOrchestrator.findDesktopByUser( authinfo, userinfo )
     if not isinstance( myDesktop, oc.od.desktop.ODDesktop):
        raise ODError(status=404,message='stopcontainer::findDesktopByUser not found')
 
-    if not myOrchestrator.isPodBelongToUser( auth, user, podname ):
-        services.fail2ban.fail_login( user.userid )
+    if not myOrchestrator.isPodBelongToUser( authinfo, userinfo, podname ):
+        services.fail2ban.fail_login( userinfo.userid )
         raise ODError( status=401, message='stopcontainer::invalid user')
 
-    result = myOrchestrator.stopContainerApp( auth, user, podname, containerid )
+    result = myOrchestrator.stopContainerApp( authinfo, userinfo, podname, containerid )
     return result
 
 
@@ -468,7 +498,7 @@ def getldifsecretuserinfo( authinfo, userinfo ):
     secretuserinfo = myOrchestrator.getldifsecretuserinfo( authinfo, userinfo )
     return secretuserinfo
 
-def listContainerApp(authinfo, userinfo):
+def listContainerApps(authinfo, userinfo):
     # new Orchestrator Object
     myOrchestrator = selectOrchestrator()   
     myDesktop = myOrchestrator.findDesktopByUser( authinfo, userinfo )     

oc/od/error.py

@@ -16,6 +16,7 @@
 
 class ODError(Exception):
     def __init__(self, status:int=500, message:str=None ):
+        self.status = status
         super().__init__(message)
 
 class ODResourceNotFound(ODError):