Merge pull request #711 from at88mph/private-harbor-fix

Private harbor fix

deployment/helm/science-portal/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.13
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.8"
+appVersion: "0.3.0"
 
 dependencies:
   - name: "redis"

deployment/helm/science-portal/README.md

@@ -57,6 +57,16 @@ deployment:
     # The Resource ID of the Service that contains the URL of the Skaha service in the IVOA Registry
     skahaResourceID: ivo://example.org/skaha
 
+    # Array of tab labels from left to right.  There are two supported tabs currently: Public (Standard) and Private (Advanced)
+    # Recommended is Standard and Advanced, but you do you.
+    # Example:
+    #
+    # tabLabels:
+    #   - Standard
+    #   - Advanced
+    #
+    tabLabels: []
+
     # The logo in the top left.  No link associated, just the image.  This can be relative, or absolute.
     # Default is the SRCNet Logo.
     # logoURL: /science-portal/images/SRCNetLogo.png

deployment/helm/science-portal/config/org.opencadc.science-portal.properties

@@ -3,6 +3,12 @@ org.opencadc.science-portal.sessions.standard = vos://cadc.nrc.ca~vospace/CADC/s
 org.opencadc.science-portal.logoURL = {{ .Values.deployment.sciencePortal.logoURL }}
 org.opencadc.science-portal.themeName = {{ .Values.deployment.sciencePortal.themeName | default "src" }}
 
+{{- if empty .Values.deployment.sciencePortal.tabLabels }}
+  {{ required ".Values.deployment.sciencePortal.tabLabels is missing or empty" .Values.deployment.sciencePortal.tabLabels }}
+{{- else }}
+  org.opencadc.science-portal.tabLabels = {{ .Values.deployment.sciencePortal.tabLabels | join "," }}
+{{- end }}
+
 {{- with .Values.deployment.sciencePortal.oidc }}
 org.opencadc.science-portal.oidc.clientID = {{ .clientID }}
 

deployment/helm/science-portal/values.yaml

@@ -11,7 +11,7 @@ skaha:
 deployment:
   hostname: example.host.com    # Change this!
   sciencePortal:
-    image: images.opencadc.org/platform/science-portal:0.2.8
+    image: images.opencadc.org/platform/science-portal:0.3.0
     imagePullPolicy: Always
 
     # Optionally set the DEBUG port.

deployment/helm/skaha/CHANGELOG.md

@@ -1,4 +1,7 @@
-# CHANGELOG for Skaha User Session API (Chart 0.8.0)
+# CHANGELOG for Skaha User Session API (Chart 0.9.0)
+
+## 2024.10.23 (0.9.0)
+- Add `x-skaha-registry-auth` request header support to set Harbor CLI secret (or other Image Registry secret)
 
 ## 2024.10.18 (0.8.0)
 - Allow setting nodeAffinity values for proper scheduling.

deployment/helm/skaha/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.1
+version: 0.9.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.22.0"
+appVersion: "0.23.0"
 
 dependencies:
   - name: "redis"

deployment/helm/skaha/desktop-template/start-software-sh.template

@@ -18,10 +18,10 @@ get_resource_options() {
     else
       resources=`curl -s -L -k --header "x-auth-token-skaha: ${TOKEN}" https://(HOST)/skaha/(SKAHA_API_VERSION)/context`
     fi   
-     core_default=`echo $resources | jq .defaultCores`
-     core_options=`echo $resources | jq .availableCores[] | tr '\n' ' '`
-     ram_default=`echo $resources | jq .defaultRAM`
-     ram_options=`echo $resources | jq .availableRAM[] | tr '\n' ' '`
+     core_default=`echo $resources | jq .cores.default`
+     core_options=`echo $resources | jq .cores.options[] | tr '\n' ' '`
+     ram_default=`echo $resources | jq .memoryGB.default`
+     ram_options=`echo $resources | jq .memoryGB.options[] | tr '\n' ' '`
 }
 
 get_cores() {
@@ -89,7 +89,7 @@ prompt_user() {
             if [ -z "${TOKEN}" ]; then
               handle_error "[skaha] No credentials to call back to Skaha with."
             else
-              app_id=`curl -s -L -k --header "x-auth-token-skaha: ${TOKEN}" -d "image=(IMAGE_ID)" --data-urlencode "param=(NAME)" https://(HOST)/skaha/(SKAHA_API_VERSION)/session/${VNC_PW}/app`
+              app_id=`curl -s -L -k "x-auth-token-skaha: ${TOKEN}" -d "image=(IMAGE_ID)" --data-urlencode "param=(NAME)" https://(HOST)/skaha/(SKAHA_API_VERSION)/session/${VNC_PW}/app`
             fi 
             break
         elif [[ ${yn} == "y" || ${yn} == "Y" ]]; then
@@ -101,7 +101,7 @@ prompt_user() {
             if [ -z "${TOKEN}" ]; then
               handle_error "[skaha] No credentials to call back to Skaha with."              
             else
-              app_id=`curl -s -L -k --header "x-auth-token-skaha: ${TOKEN}" -d "cores=${cores}" -d "ram=$ram" -d "image=(IMAGE_ID)" --data-urlencode "param=(NAME)" https://(HOST)/skaha/(SKAHA_API_VERSION)/session/${VNC_PW}/app`
+              app_id=`curl -s -L -k "x-auth-token-skaha: ${TOKEN}" -d "cores=${cores}" -d "ram=$ram" -d "image=(IMAGE_ID)" --data-urlencode "param=(NAME)" https://(HOST)/skaha/(SKAHA_API_VERSION)/session/${VNC_PW}/app`
             fi   
             break
         else 

deployment/helm/skaha/init-users-groups-config/init-users-groups.sh

@@ -15,7 +15,9 @@ IFS='\n'
 if [[ -z "${REDIS_URL}" ]]; then
     echo "Required argument REDIS_URL is missing."
     exit 1
-fi
+else
+    echo "Using REDIS_URL: ${REDIS_URL}"
+fi  
 
 TARGET_PASSWD_FILE="/etc-passwd/passwd"
 TARGET_GROUP_FILE="/etc-group/group"
@@ -25,8 +27,8 @@ cat /etc-passwd/passwd-orig > "${TARGET_PASSWD_FILE}"
 cat /etc-group/group-orig > "${TARGET_GROUP_FILE}"
 
 # Append Science Platform users
-redis-cli -u ${REDIS_URL} --raw smembers "users:posix" >> "${TARGET_PASSWD_FILE}"
-redis-cli -u ${REDIS_URL} --raw smembers "groups:posix" >> "${TARGET_GROUP_FILE}"
+redis-cli -u "${REDIS_URL}" --raw smembers "users:posix" >> "${TARGET_PASSWD_FILE}"
+redis-cli -u "${REDIS_URL}" --raw smembers "groups:posix" >> "${TARGET_GROUP_FILE}"
 
 # restore $IFS
 IFS=$SAVEIFS

deployment/helm/skaha/launch-scripts/build-menu.sh

@@ -228,7 +228,7 @@ build_menu_item () {
 echo "[skaha] Start building menu."
 init
 create_merged_applications_menu
-curl_out=$(curl -s -k --header "x-auth-token-skaha:${TOKEN}" "https://${HOST}/skaha/${SKAHA_API_VERSION}/image?type=desktop-app")
+curl_out=$(curl -s -k --header "x-auth-token-skaha: ${TOKEN}" "https://${HOST}/skaha/${SKAHA_API_VERSION}/image?type=desktop-app")
 if [[ $(echo ${curl_out} | jq '[.[] | .id | length] | add') == 0 ]]; then
   echo "[skaha] no desktop-app"
   echo "${curl_out}"

deployment/helm/skaha/skaha-config/launch-carta.yaml

@@ -26,6 +26,8 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       restartPolicy: OnFailure
+      imagePullSecrets:
+        - name: ${software.imagesecret}
       {{ template "skaha.job.nodeAffinity" . }}
       securityContext:
         {{ template "skaha.job.securityContext" . }}

deployment/helm/skaha/skaha-config/launch-contributed.yaml

@@ -26,6 +26,8 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       restartPolicy: OnFailure
+      imagePullSecrets:
+        - name: ${software.imagesecret}
       {{ template "skaha.job.nodeAffinity" . }}
       securityContext:
         {{ template "skaha.job.securityContext" . }}

deployment/helm/skaha/skaha-config/launch-desktop-app.yaml

@@ -26,6 +26,8 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       restartPolicy: OnFailure
+      imagePullSecrets:
+        - name: ${software.imagesecret}
       {{ template "skaha.job.nodeAffinity" . }}
       securityContext:
         {{ template "skaha.job.securityContext" . }}

deployment/helm/skaha/skaha-config/launch-desktop.yaml

@@ -26,6 +26,8 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       restartPolicy: OnFailure
+      imagePullSecrets:
+        - name: ${software.imagesecret}
       {{ template "skaha.job.nodeAffinity" . }}
       securityContext:
         {{ template "skaha.job.securityContext" . }}

deployment/helm/skaha/skaha-config/launch-headless.yaml

@@ -27,6 +27,8 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       restartPolicy: Never
+      imagePullSecrets:
+        - name: ${software.imagesecret}
       {{ template "skaha.job.nodeAffinity" . }}
       hostname: "${software.hostname}"
       initContainers:

deployment/helm/skaha/skaha-config/launch-notebook.yaml

@@ -26,6 +26,8 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       restartPolicy: OnFailure
+      imagePullSecrets:
+        - name: ${software.imagesecret}
       {{ template "skaha.job.nodeAffinity" . }}
       securityContext:
         {{ template "skaha.job.securityContext" . }}

deployment/helm/skaha/templates/skaha-config-configmap.yaml

@@ -10,6 +10,6 @@ data:
   {{ base $path }}: |
   {{- tpl ($.Files.Get $path) $currContext | nindent 4 }}
 {{ end }}
-{{ ($.Files.Glob "skaha-config/*.properties").AsConfig | indent 2 }}
+{{ ($.Files.Glob "skaha-config/*.json").AsConfig | indent 2 }}
 {{- include "utils.extraConfig" (dict "extraConfigData" .Values.deployment.skaha.extraConfigData) -}}
 {{- (.Files.Glob "image-cache/*").AsConfig | nindent 2 }}

deployment/helm/skaha/values.yaml

@@ -17,7 +17,7 @@ skahaWorkload:
 deployment:
   hostname: myhost.example.com  # Change this!
   skaha:
-    image: images.opencadc.org/platform/skaha:0.22.0
+    image: images.opencadc.org/platform/skaha:0.23.0
     imagePullPolicy: Always
 
     # Cron string for the image caching cron job schedule. Defaults to every minute.

image-cache/README.md

@@ -0,0 +1,7 @@
+# Redis cache client for Image Listings
+
+This builds a simple image with some formatting tools to support the image caching feature in Skaha.  This image acts as a client
+to a running Redis cache.  See the [cache-images.sh script](https://github.com/opencadc/science-platform/blob/main/deployment/helm/skaha/image-cache/cache-images.sh) in
+Skaha, which is run from _within_ this Image.
+
+See also the [`CronJob` and initialization `Job`](https://github.com/opencadc/science-platform/blob/main/deployment/helm/skaha/templates/image-caching-cronjob.yaml) on how this image is used from a Skaha deployment.

image-cache/VERSION

@@ -0,0 +1,6 @@
+## deployable containers have a semantic and build tag
+# version tag: major.minor.patch
+# build version tag: timestamp
+VER=0.1.0
+TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
+unset VER

skaha/VERSION

@@ -1,6 +1,6 @@
 ## deployable containers have a semantic and build tag
 # version tag: major.minor.patch
 # build version tag: timestamp
-VER=0.22.0
+VER=0.23.0
 TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
 unset VER

skaha/src/intTest/java/org/opencadc/skaha/DesktopAppLifecycleTest.java

@@ -68,19 +68,12 @@
 package org.opencadc.skaha;
 
 import ca.nrc.cadc.auth.AuthMethod;
-import ca.nrc.cadc.net.HttpGet;
 import ca.nrc.cadc.reg.Standards;
 import ca.nrc.cadc.reg.client.RegistryClient;
 import ca.nrc.cadc.util.Log4jInit;
-import com.google.gson.Gson;
-import com.google.gson.reflect.TypeToken;
-import java.io.ByteArrayOutputStream;
-import java.lang.reflect.Type;
 import java.net.URL;
 import java.security.PrivilegedExceptionAction;
-import java.util.ArrayList;
 import java.util.List;
-import java.util.concurrent.TimeUnit;
 import javax.security.auth.Subject;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
@@ -122,11 +115,12 @@ public DesktopAppLifecycleTest() {
     public void testCreateDeleteDesktopApp() throws Exception {
         Subject.doAs(userSubject, (PrivilegedExceptionAction<Void>) () -> {
             // ensure that there is no active session
-            initialize();
+            SessionUtil.initializeCleanup(this.sessionURL);
 
             // create desktop session
             final String desktopSessionID = SessionUtil.createSession(this.sessionURL, "inttest" + SessionAction.SESSION_TYPE_DESKTOP,
-                                                                      SessionUtil.getImageOfType(SessionAction.SESSION_TYPE_DESKTOP).getId());
+                                                                      SessionUtil.getImageOfType(SessionAction.SESSION_TYPE_DESKTOP).getId(),
+                                                                      SessionAction.SESSION_TYPE_DESKTOP);
 
             final Session desktopSession = SessionUtil.waitForSession(this.sessionURL, desktopSessionID, Session.STATUS_RUNNING);
             SessionUtil.verifySession(desktopSession, SessionAction.SESSION_TYPE_DESKTOP, "inttest" + SessionAction.SESSION_TYPE_DESKTOP);
@@ -175,21 +169,4 @@ public void testCreateDeleteDesktopApp() throws Exception {
             return null;
         });
     }
-
-    private void initialize() throws Exception {
-        List<Session> sessions = SessionUtil.getSessions(this.sessionURL);
-        for (Session session : sessions) {
-            if (session.getType().equals(SessionAction.TYPE_DESKTOP_APP)) {
-                // delete desktop-app
-                String sessionID = session.getId();
-                final URL desktopAppURL = new URL(sessionURL.toString() + "/" + sessionID + "/app");
-                SessionUtil.deleteDesktopApplicationSession(desktopAppURL, session.getAppId());
-            } else {
-                // delete session
-                SessionUtil.deleteSession(sessionURL, session.getId());
-            }
-        }
-        sessions = SessionUtil.getSessions(this.sessionURL);
-        Assert.assertEquals("zero sessions #1", 0, sessions.size());
-    }
 }