chore: remove the use of RenkuUserServer2

This only removes the large class from the new sessions endpoints that
talk to the new amalthea.

Author: olevski

components/renku_data_services/notebooks/api/amalthea_patches/git_proxy.py

@@ -6,48 +6,53 @@
 
 from kubernetes import client
 
+from renku_data_services.base_models.core import AnonymousAPIUser, AuthenticatedAPIUser
 from renku_data_services.notebooks.api.amalthea_patches.utils import get_certificates_volume_mounts
+from renku_data_services.notebooks.api.classes.repository import GitProvider, Repository
+from renku_data_services.notebooks.config import _NotebooksConfig
 
 if TYPE_CHECKING:
     # NOTE: If these are directly imported then you get circular imports.
     from renku_data_services.notebooks.api.classes.server import UserServer
 
 
-async def main_container(server: "UserServer") -> client.V1Container | None:
+async def main_container(
+    user: AnonymousAPIUser | AuthenticatedAPIUser,
+    config: _NotebooksConfig,
+    repositories: list[Repository],
+    git_providers: list[GitProvider],
+) -> client.V1Container | None:
     """The patch that adds the git proxy container to a session statefulset."""
-    repositories = await server.repositories()
-    if not server.user.is_authenticated or not repositories:
+    if not user.is_authenticated or not repositories or user.access_token is None or user.refresh_token is None:
         return None
 
     etc_cert_volume_mount = get_certificates_volume_mounts(
-        server.config,
+        config,
         custom_certs=False,
         etc_certs=True,
         read_only_etc_certs=True,
     )
 
     prefix = "GIT_PROXY_"
-    git_providers = await server.git_providers()
-    repositories = await server.repositories()
     env = [
-        client.V1EnvVar(name=f"{prefix}PORT", value=str(server.config.sessions.git_proxy.port)),
-        client.V1EnvVar(name=f"{prefix}HEALTH_PORT", value=str(server.config.sessions.git_proxy.health_port)),
+        client.V1EnvVar(name=f"{prefix}PORT", value=str(config.sessions.git_proxy.port)),
+        client.V1EnvVar(name=f"{prefix}HEALTH_PORT", value=str(config.sessions.git_proxy.health_port)),
         client.V1EnvVar(
             name=f"{prefix}ANONYMOUS_SESSION",
-            value="false" if server.user.is_authenticated else "true",
+            value="false" if user.is_authenticated else "true",
         ),
-        client.V1EnvVar(name=f"{prefix}RENKU_ACCESS_TOKEN", value=str(server.user.access_token)),
-        client.V1EnvVar(name=f"{prefix}RENKU_REFRESH_TOKEN", value=str(server.user.refresh_token)),
-        client.V1EnvVar(name=f"{prefix}RENKU_REALM", value=server.config.keycloak_realm),
+        client.V1EnvVar(name=f"{prefix}RENKU_ACCESS_TOKEN", value=str(user.access_token)),
+        client.V1EnvVar(name=f"{prefix}RENKU_REFRESH_TOKEN", value=str(user.refresh_token)),
+        client.V1EnvVar(name=f"{prefix}RENKU_REALM", value=config.keycloak_realm),
         client.V1EnvVar(
             name=f"{prefix}RENKU_CLIENT_ID",
-            value=str(server.config.sessions.git_proxy.renku_client_id),
+            value=str(config.sessions.git_proxy.renku_client_id),
         ),
         client.V1EnvVar(
             name=f"{prefix}RENKU_CLIENT_SECRET",
-            value=str(server.config.sessions.git_proxy.renku_client_secret),
+            value=str(config.sessions.git_proxy.renku_client_secret),
         ),
-        client.V1EnvVar(name=f"{prefix}RENKU_URL", value="https://" + server.config.sessions.ingress.host),
+        client.V1EnvVar(name=f"{prefix}RENKU_URL", value="https://" + config.sessions.ingress.host),
         client.V1EnvVar(
             name=f"{prefix}REPOSITORIES",
             value=json.dumps([asdict(repo) for repo in repositories]),
@@ -60,7 +65,7 @@ async def main_container(server: "UserServer") -> client.V1Container | None:
         ),
     ]
     container = client.V1Container(
-        image=server.config.sessions.git_proxy.image,
+        image=config.sessions.git_proxy.image,
         security_context={
             "fsGroup": 100,
             "runAsGroup": 1000,
@@ -73,14 +78,14 @@ async def main_container(server: "UserServer") -> client.V1Container | None:
         liveness_probe={
             "httpGet": {
                 "path": "/health",
-                "port": server.config.sessions.git_proxy.health_port,
+                "port": config.sessions.git_proxy.health_port,
             },
             "initialDelaySeconds": 3,
         },
         readiness_probe={
             "httpGet": {
                 "path": "/health",
-                "port": server.config.sessions.git_proxy.health_port,
+                "port": config.sessions.git_proxy.health_port,
             },
             "initialDelaySeconds": 3,
         },
@@ -98,7 +103,8 @@ async def main(server: "UserServer") -> list[dict[str, Any]]:
     if not server.user.is_authenticated or not repositories:
         return []
 
-    container = await main_container(server)
+    git_providers = await server.git_providers()
+    container = await main_container(server.user, server.config, repositories, git_providers)
     if not container:
         return []
 

components/renku_data_services/notebooks/api/amalthea_patches/init_containers.py

@@ -3,72 +3,78 @@
 import json
 import os
 from dataclasses import asdict
-from pathlib import Path
+from pathlib import Path, PurePosixPath
 from typing import TYPE_CHECKING, Any
 
 from kubernetes import client
 
+from renku_data_services.base_models.core import AnonymousAPIUser, AuthenticatedAPIUser
 from renku_data_services.notebooks.api.amalthea_patches.utils import get_certificates_volume_mounts
+from renku_data_services.notebooks.api.classes.repository import GitProvider, Repository
 from renku_data_services.notebooks.config import _NotebooksConfig
 
 if TYPE_CHECKING:
     # NOTE: If these are directly imported then you get circular imports.
     from renku_data_services.notebooks.api.classes.server import UserServer
 
 
-async def git_clone_container_v2(server: "UserServer") -> dict[str, Any] | None:
+async def git_clone_container_v2(
+    user: AuthenticatedAPIUser | AnonymousAPIUser,
+    config: _NotebooksConfig,
+    repositories: list[Repository],
+    git_providers: list[GitProvider],
+    workspace_mount_path: PurePosixPath,
+    work_dir: PurePosixPath,
+    lfs_auto_fetch: bool = False,
+) -> dict[str, Any] | None:
     """Returns the specification for the container that clones the user's repositories for new operator."""
     amalthea_session_work_volume: str = "amalthea-volume"
-    repositories = await server.repositories()
     if not repositories:
         return None
 
     etc_cert_volume_mount = get_certificates_volume_mounts(
-        server.config,
+        config,
         custom_certs=False,
         etc_certs=True,
         read_only_etc_certs=True,
     )
 
-    user_is_anonymous = not server.user.is_authenticated
+    user_is_anonymous = isinstance(user, AnonymousAPIUser)
     prefix = "GIT_CLONE_"
     env = [
-        {
-            "name": f"{prefix}WORKSPACE_MOUNT_PATH",
-            "value": server.workspace_mount_path.as_posix(),
-        },
+        {"name": f"{prefix}WORKSPACE_MOUNT_PATH", "value": workspace_mount_path.as_posix()},
         {
             "name": f"{prefix}MOUNT_PATH",
-            "value": server.work_dir.as_posix(),
+            "value": work_dir.as_posix(),
         },
         {
             "name": f"{prefix}LFS_AUTO_FETCH",
-            "value": "1" if server.server_options.lfs_auto_fetch else "0",
+            "value": "1" if lfs_auto_fetch else "0",
         },
         {
             "name": f"{prefix}USER__USERNAME",
-            "value": server.user.email,
+            "value": user.email,
         },
         {
             "name": f"{prefix}USER__RENKU_TOKEN",
-            "value": str(server.user.access_token),
+            "value": str(user.access_token),
         },
         {"name": f"{prefix}IS_GIT_PROXY_ENABLED", "value": "0" if user_is_anonymous else "1"},
         {
             "name": f"{prefix}SENTRY__ENABLED",
-            "value": str(server.config.sessions.git_clone.sentry.enabled).lower(),
+            "value": str(config.sessions.git_clone.sentry.enabled).lower(),
         },
         {
             "name": f"{prefix}SENTRY__DSN",
-            "value": server.config.sessions.git_clone.sentry.dsn,
+            "value": config.sessions.git_clone.sentry.dsn,
         },
         {
             "name": f"{prefix}SENTRY__ENVIRONMENT",
-            "value": server.config.sessions.git_clone.sentry.env,
+            "value": config.sessions.git_clone.sentry.env,
         },
         {
             "name": f"{prefix}SENTRY__SAMPLE_RATE",
-            "value": str(server.config.sessions.git_clone.sentry.sample_rate),
+            "value": str(config.sessions.git_clone.sentry.sample_rate),
         },
         {"name": "SENTRY_RELEASE", "value": os.environ.get("SENTRY_RELEASE")},
         {
@@ -80,10 +86,10 @@ async def git_clone_container_v2(server: "UserServer") -> dict[str, Any] | None:
             "value": str(Path(etc_cert_volume_mount[0]["mountPath"]) / "ca-certificates.crt"),
         },
     ]
-    if server.user.is_authenticated:
-        if server.user.email:
+    if user.is_authenticated:
+        if user.email:
             env.append(
-                {"name": f"{prefix}USER__EMAIL", "value": server.user.email},
+                {"name": f"{prefix}USER__EMAIL", "value": user.email},
             )
         full_name = server.user.get_full_name()
         if full_name:
@@ -105,7 +111,8 @@ async def git_clone_container_v2(server: "UserServer") -> dict[str, Any] | None:
         )
 
     # Set up git providers
-    required_git_providers = await server.required_git_providers()
+    required_provider_ids: set[str] = set(r.provider for r in repositories if r.provider)
+    required_git_providers = [p for p in git_providers if p.id in required_provider_ids]
     for idx, provider in enumerate(required_git_providers):
         obj_env = f"{prefix}GIT_PROVIDERS_{idx}_"
         data = dict(id=provider.id, access_token_url=provider.access_token_url)
@@ -117,7 +124,7 @@ async def git_clone_container_v2(server: "UserServer") -> dict[str, Any] | None:
         )
 
     return {
-        "image": server.config.sessions.git_clone.image,
+        "image": config.sessions.git_clone.image,
         "name": "git-clone",
         "resources": {
             "requests": {
@@ -134,7 +141,7 @@ async def git_clone_container_v2(server: "UserServer") -> dict[str, Any] | None:
         },
         "volumeMounts": [
             {
-                "mountPath": server.workspace_mount_path.as_posix(),
+                "mountPath": workspace_mount_path.as_posix(),
                 "name": amalthea_session_work_volume,
             },
             *etc_cert_volume_mount,

components/renku_data_services/notebooks/blueprints.py

@@ -798,13 +798,11 @@ async def _handler(
             image = environment.container_image
             default_resource_class = await self.rp_repo.get_default_resource_class()
             if default_resource_class.id is None:
-                raise errors.ProgrammingError(message="The default reosurce class has to have an ID", quiet=True)
+                raise errors.ProgrammingError(message="The default resource class has to have an ID", quiet=True)
             resource_class_id = body.resource_class_id or default_resource_class.id
-            parsed_server_options = await self.nb_config.crc_validator.validate_class_storage(
-                user, resource_class_id, body.disk_storage
-            )
+            await self.nb_config.crc_validator.validate_class_storage(user, resource_class_id, body.disk_storage)
             work_dir = environment.working_directory
-            user_secrets: K8sUserSecrets | None = None
+            # user_secrets: K8sUserSecrets | None = None
             # if body.user_secrets:
             #     user_secrets = K8sUserSecrets(
             #         name=server_name,
@@ -847,33 +845,13 @@ async def _handler(
                         quiet=True,
                     )
                 cloud_storage[csr_id] = csr
-            # repositories = [Repository(i.url, branch=i.branch, commit_sha=i.commit_sha) for i in body.repositories]
             repositories = [Repository(url=i) for i in project.repositories]
             secrets_to_create: list[V1Secret] = []
-            server = Renku2UserServer(
-                user=user,
-                image=image,
-                project_id=str(launcher.project_id),
-                launcher_id=body.launcher_id,
-                server_name=server_name,
-                server_options=parsed_server_options,
-                environment_variables={},
-                user_secrets=user_secrets,
-                cloudstorage=[i for i in cloud_storage.values()],
-                k8s_client=self.nb_config.k8s_v2_client,
-                workspace_mount_path=work_dir,
-                work_dir=work_dir,
-                repositories=repositories,
-                config=self.nb_config,
-                using_default_image=self.nb_config.sessions.default_image == image,
-                is_image_private=False,
-                internal_gitlab_user=internal_gitlab_user,
-            )
-            # Generate the cloud storage secrets
+            # Generate the cloud starge secrets
             data_sources: list[DataSource] = []
             for ics, cs in enumerate(cloud_storage.values()):
                 secret_name = f"{server_name}-ds-{ics}"
-                secrets_to_create.append(cs.secret(secret_name, server.k8s_client.preferred_namespace))
+                secrets_to_create.append(cs.secret(secret_name, self.nb_config.k8s_client.preferred_namespace))
                 data_sources.append(
                     DataSource(mountPath=cs.mount_folder, secretRef=SecretRefWhole(name=secret_name, adopt=True))
                 )
@@ -890,17 +868,26 @@ async def _handler(
                         ),
                     )
                 )
-            git_clone = await init_containers.git_clone_container_v2(server)
+            git_providers = await self.nb_config.git_provider_helper.get_providers(user)
+            git_clone = await init_containers.git_clone_container_v2(
+                user,
+                self.nb_config,
+                repositories,
+                git_providers,
+                launcher.environment.mount_directory,
+                launcher.environment.working_directory,
+            )
             if git_clone is not None:
                 session_init_containers.append(InitContainer.model_validate(git_clone))
             extra_containers: list[ExtraContainer] = []
-            git_proxy_container = await git_proxy.main_container(server)
+            git_proxy_container = await git_proxy.main_container(user, self.nb_config, repositories, git_providers)
             if git_proxy_container is not None:
                 extra_containers.append(
                     ExtraContainer.model_validate(self.nb_config.k8s_v2_client.sanitize(git_proxy_container))
                 )
 
-            parsed_server_url = urlparse(server.server_url)
+            base_server_url = self.nb_config.sessions.ingress.base_url(server_name)
+            base_server_path = self.nb_config.sessions.ingress.base_path(server_name)
             annotations: dict[str, str] = {
                 "renku.io/project_id": str(launcher.project_id),
                 "renku.io/launcher_id": body.launcher_id,
@@ -913,7 +900,7 @@ async def _handler(
                     hibernated=False,
                     session=Session(
                         image=image,
-                        urlPath=parsed_server_url.path,
+                        urlPath=base_server_path,
                         port=environment.port,
                         storage=Storage(
                             className=self.nb_config.sessions.storage.pvs_storage_class,
@@ -929,8 +916,8 @@ async def _handler(
                         args=environment.args,
                         shmSize="1G",
                         env=[
-                            SessionEnvItem(name="RENKU_BASE_URL_PATH", value=parsed_server_url.path),
-                            SessionEnvItem(name="RENKU_BASE_URL", value=server.server_url),
+                            SessionEnvItem(name="RENKU_BASE_URL_PATH", value=base_server_url),
+                            SessionEnvItem(name="RENKU_BASE_URL", value=base_server_path),
                         ],
                     ),
                     ingress=Ingress(
@@ -966,7 +953,7 @@ async def _handler(
                     dataSources=data_sources,
                 ),
             )
-            parsed_proxy_url = urlparse(urljoin(server.server_url + "/", "oauth2"))
+            parsed_proxy_url = urlparse(urljoin(base_server_url + "/", "oauth2"))
             secret_data = {}
             if isinstance(user, AuthenticatedAPIUser):
                 secret_data["auth"] = dumps(
@@ -976,8 +963,8 @@ async def _handler(
                         "oidc_issuer_url": self.nb_config.sessions.oidc.issuer_url,
                         "session_cookie_minimal": True,
                         "skip_provider_button": True,
-                        "redirect_url": urljoin(server.server_url + "/", "oauth2/callback"),
-                        "cookie_path": parsed_server_url.path,
+                        "redirect_url": urljoin(base_server_url + "/", "oauth2/callback"),
+                        "cookie_path": base_server_path,
                         "proxy_prefix": parsed_proxy_url.path,
                         "authenticated_emails_file": "/authorized_emails/authorized_emails",
                         "client_secret": self.nb_config.sessions.oidc.client_secret,

components/renku_data_services/notebooks/config/dynamic.py

@@ -6,6 +6,7 @@
 from enum import Enum
 from io import StringIO
 from typing import Any, ClassVar, Optional, Self, Union
+from urllib.parse import urlunparse
 
 import yaml
 
@@ -257,6 +258,13 @@ def from_env(cls) -> Self:
             annotations=yaml.safe_load(StringIO(os.environ.get("NB_SESSIONS__INGRESS__ANNOTATIONS", "{}"))),
         )
 
+    def base_path(self, server_name: str) -> str:
+        return f"/sessions/{server_name}"
+
+    def base_url(self, server_name: str) -> str:
+        scheme = "https" if self.tls_secret else "http"
+        return urlunparse((scheme, self.host, self.base_path(server_name), None, None, None))
+
 
 @dataclass
 class _GenericCullingConfig: