feat: Add internal endpoints for sessions and expose backend

backend/capellacollab/configuration/app/models.py

@@ -191,6 +191,16 @@ class K8sConfig(BaseConfig):
         description="The name of the IngressClass to use.",
         examples=["traefik", "nginx"],
     )
+    management_portal_namespace: str = pydantic.Field(
+        default="collab-manager",
+        description="The namespace where the management portal is deployed in.",
+        examples=["collab-manager"],
+    )
+    release_name: str = pydantic.Field(
+        default="dev",
+        description="The release name of the Helm chart",
+        examples=["dev", "prod", "test123"],
+    )
 
 
 class GeneralConfig(BaseConfig):

backend/capellacollab/sessions/models.py

@@ -42,6 +42,7 @@ class SessionEnvironment(t.TypedDict):
     CAPELLACOLLAB_SESSION_TOKEN: str
     CAPELLACOLLAB_SESSION_ID: str
     CAPELLACOLLAB_SESSION_REQUESTER_USERNAME: str
+    CAPELLACOLLAB_SESSION_REQUESTER_USER_ID: int
     CAPELLACOLLAB_SESSION_CONNECTION_METHOD_TYPE: str
     CAPELLACOLLAB_SESSION_CONTAINER_PORT: str
 
@@ -51,6 +52,7 @@ class SessionEnvironment(t.TypedDict):
     CAPELLACOLLAB_SESSIONS_BASE_PATH: str
 
     CAPELLACOLLAB_ORIGIN_BASE_URL: str
+    CAPELLACOLLAB_API_BASE_URL: str
 
 
 class SessionProvisioningRequest(core_pydantic.BaseModel):
@@ -131,6 +133,12 @@ class Session(core_pydantic.BaseModel):
     connection_method_id: str
     connection_method: tools_models.ToolSessionConnectionMethod | None = None
 
+    @pydantic.computed_field  # type: ignore[misc]
+    @property
+    def internal_endpoint(self) -> str:
+        """Internal DNS endpoint of the session for inter-session communication."""
+        return f"{self.id}.{config.k8s.namespace}.svc.cluster.local"
+
     shared_with: list[SessionSharing] = pydantic.Field(default=[])
 
     project: projects_models.SimpleProject | None = pydantic.Field(

backend/capellacollab/sessions/util.py

@@ -67,13 +67,15 @@ def get_environment(
         ),
         "CAPELLACOLLAB_SESSION_ID": session_id,
         "CAPELLACOLLAB_SESSION_REQUESTER_USERNAME": user.name,
+        "CAPELLACOLLAB_SESSION_REQUESTER_USER_ID": user.id,
         "CAPELLACOLLAB_SESSIONS_BASE_PATH": f"/session/{session_id}",
         "CAPELLACOLLAB_SESSION_CONNECTION_METHOD_TYPE": connection_method.type,
         "CAPELLACOLLAB_ORIGIN_BASE_URL": f"{config.general.scheme}://{config.general.host}:{config.general.port}",
         "CAPELLACOLLAB_SESSIONS_SCHEME": config.general.scheme,
         "CAPELLACOLLAB_SESSIONS_HOST": config.general.host,
         "CAPELLACOLLAB_SESSIONS_PORT": str(config.general.port),
         "CAPELLACOLLAB_SESSION_CONTAINER_PORT": str(container_port),
+        "CAPELLACOLLAB_API_BASE_URL": f"http://{config.k8s.release_name}-backend.{config.k8s.management_portal_namespace}.svc.cluster.local/api",
     }
 
 

docs/docs/admin/tools/configuration.md

@@ -90,6 +90,11 @@ variables can be used by the tool:
         <td>`janedoe`</td>
         <td>The username of the user who has requested the session.</td>
     </tr>
+    <tr>
+        <td>`CAPELLACOLLAB_SESSION_REQUESTER_USER_ID`</td>
+        <td>`123`</td>
+        <td>The ID of the user who has requested the session.</td>
+    </tr>
     <tr>
         <td>`CAPELLACOLLAB_SESSION_CONTAINER_PORT`</td>
         <td>`8080`</td>
@@ -167,6 +172,13 @@ variables can be used by the tool:
             The tool has to set the `Content-Security-Policy` header to `frame-ancestors self {CAPELLACOLLAB_ORIGIN_HOST}`. Otherwise, the session viewer can't be used with the tool!
         </td>
     </tr>
+    <tr>
+        <td>`CAPELLACOLLAB_API_BASE_URL`</td>
+        <td>`http://dev-backend.collab-manager.svc.cluster.local:/api`</td>
+        <td>
+            The API URL of the Collaboration Manager. The URL is only available from the session itself.
+        </td>
+    </tr>
     <tr>
         <td>`WORKSPACE_DIR`</td>
         <td>`/workspace`</td>

frontend/src/storybook/session.ts

@@ -32,6 +32,8 @@ export const mockPersistentSession: Readonly<Session> = {
   state: SessionState.Running,
   owner: mockUser,
   connection_method: { ...mockHttpConnectionMethod, name: 'Xpra' },
+  internal_endpoint:
+    'vfurvsrldxfwwsqdiqvnufonh.collab-sessions.svc.cluster.local',
   warnings: [],
   connection_method_id: 'default',
   shared_with: [],

helm/config/backend.yaml

@@ -11,6 +11,9 @@ docker:
 
 k8s:
   namespace: {{ .Values.backend.k8sSessionNamespace }}
+  managementPortalNamespace: {{ .Release.Namespace }}
+  releaseName: {{ .Release.Name }}
+
   {{- if .Values.cluster.namespaces.sessions.ingressClassName }}
   ingressClassName: {{ .Values.cluster.namespaces.sessions.ingressClassName }}
   {{- end }}

helm/templates/backend/backend.networkpolicy.yaml

@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: Copyright DB InfraGO AG and contributors
+# SPDX-License-Identifier: Apache-2.0
+
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-from-{{- .Values.backend.k8sSessionNamespace -}}-to-backend
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      id: {{ .Release.Name }}-deployment-backend
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Values.backend.k8sSessionNamespace }}
+  policyTypes:
+    - Ingress