From 5ded974216a44a2bf234a5f1744605bd29f7574e Mon Sep 17 00:00:00 2001
From: Graham Dumpleton <Graham.Dumpleton@gmail.com>
Date: Wed, 19 Jul 2023 18:26:37 +1000
Subject: [PATCH] Add ability to override sessions cookie domain in training
 portal definition.

---
 .../01-crds-trainingportal.yaml               |  5 +++
 .../01-crds-workshopenvironment.yaml          |  5 +++
 .../pkg/cmd/cluster_portal_create_cmd.go      | 36 +++++++++++++++----
 session-manager/handlers/trainingportal.py    | 13 +++++--
 session-manager/handlers/workshopsession.py   |  9 ++++-
 .../apps/workshops/manager/environments.py    |  1 +
 6 files changed, 60 insertions(+), 9 deletions(-)

diff --git a/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-trainingportal.yaml b/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-trainingportal.yaml
index a7f2a7dd..b84aa6c1 100644
--- a/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-trainingportal.yaml
+++ b/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-trainingportal.yaml
@@ -136,6 +136,11 @@ spec:
                               type: string
                             namespace:
                               type: string
+                    cookies:
+                      type: object
+                      properties:
+                        domain:
+                          type: string
                     registration:
                         type: object
                         properties:
diff --git a/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-workshopenvironment.yaml b/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-workshopenvironment.yaml
index 7af3884f..50ccb26b 100644
--- a/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-workshopenvironment.yaml
+++ b/carvel-packages/training-platform/bundle/config/11-session-manager/01-crds-workshopenvironment.yaml
@@ -135,6 +135,11 @@ spec:
                   properties:
                     name:
                       type: string
+                cookies:
+                  type: object
+                  properties:
+                    domain:
+                      type: string
             status:
               type: object
               x-kubernetes-preserve-unknown-fields: true
diff --git a/client-programs/pkg/cmd/cluster_portal_create_cmd.go b/client-programs/pkg/cmd/cluster_portal_create_cmd.go
index eb735445..df4be678 100644
--- a/client-programs/pkg/cmd/cluster_portal_create_cmd.go
+++ b/client-programs/pkg/cmd/cluster_portal_create_cmd.go
@@ -15,10 +15,12 @@ import (
 )
 
 type ClusterConfigViewOptions struct {
-	Kubeconfig string
-	Portal     string
-	Capacity   uint
-	Password   string
+	Kubeconfig   string
+	Portal       string
+	Capacity     uint
+	Password     string
+	ThemeName    string
+	CookieDomain string
 }
 
 func (o *ClusterConfigViewOptions) Run(isPasswordSet bool) error {
@@ -40,7 +42,7 @@ func (o *ClusterConfigViewOptions) Run(isPasswordSet bool) error {
 
 	// Update the training portal, creating it if necessary.
 
-	err = createTrainingPortal(dynamicClient, o.Portal, o.Capacity, o.Password, isPasswordSet)
+	err = createTrainingPortal(dynamicClient, o.Portal, o.Capacity, o.Password, isPasswordSet, o.ThemeName, o.CookieDomain)
 
 	if err != nil {
 		return err
@@ -88,11 +90,23 @@ func (p *ProjectInfo) NewClusterPortalCreateCmd() *cobra.Command {
 		"",
 		"override password for training portal access",
 	)
+	c.Flags().StringVar(
+		&o.ThemeName,
+		"theme-name",
+		"",
+		"override theme used by training portal and workshops",
+	)
+	c.Flags().StringVar(
+		&o.CookieDomain,
+		"cookie-domain",
+		"",
+		"override cookie domain used by training portal and workshops",
+	)
 
 	return c
 }
 
-func createTrainingPortal(client dynamic.Interface, portal string, capacity uint, password string, isPasswordSet bool) error {
+func createTrainingPortal(client dynamic.Interface, portal string, capacity uint, password string, isPasswordSet bool, themeName string, cookieDomain string) error {
 	trainingPortalClient := client.Resource(trainingPortalResource)
 
 	_, err := trainingPortalClient.Get(context.TODO(), portal, metav1.GetOptions{})
@@ -142,6 +156,16 @@ func createTrainingPortal(client dynamic.Interface, portal string, capacity uint
 						Reserved: 0,
 					},
 				},
+				"theme": struct {
+					Name string `json:"name"`
+				}{
+					Name: themeName,
+				},
+				"cookies": struct {
+					Domain string `json:"domain"`
+				}{
+					Domain: cookieDomain,
+				},
 			},
 			"workshops": []interface{}{},
 		},
diff --git a/session-manager/handlers/trainingportal.py b/session-manager/handlers/trainingportal.py
index 9f5e759c..e03a87df 100644
--- a/session-manager/handlers/trainingportal.py
+++ b/session-manager/handlers/trainingportal.py
@@ -111,9 +111,18 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
     portal_index = xget(spec, "portal.index", "")
     portal_logo = xget(spec, "portal.logo", "")
 
-    theme_name = xget(spec, "portal.theme.name", "default-website-theme")
+    theme_name = xget(spec, "portal.theme.name")
+
+    if not theme_name:
+        theme_name = "default-website-theme"
+
     frame_ancestors = ",".join(xget(spec, "portal.theme.frame.ancestors", []))
 
+    cookie_domain = xget(spec, "portal.cookies.domain")
+
+    if not cookie_domain:
+        cookie_domain = SESSION_COOKIE_DOMAIN
+
     registration_type = xget(spec, "portal.registration.type", "one-step")
     enable_registration = str(xget(spec, "portal.registration.enabled", True)).lower()
 
@@ -658,7 +667,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
                                 },
                                 {
                                     "name": "SESSION_COOKIE_DOMAIN",
-                                    "value": SESSION_COOKIE_DOMAIN,
+                                    "value": cookie_domain,
                                 },
                                 {
                                     "name": "REGISTRATION_TYPE",
diff --git a/session-manager/handlers/workshopsession.py b/session-manager/handlers/workshopsession.py
index 0e564dac..3cb51c84 100644
--- a/session-manager/handlers/workshopsession.py
+++ b/session-manager/handlers/workshopsession.py
@@ -550,6 +550,13 @@ def workshop_session_create(name, meta, uid, spec, status, patch, logger, retry,
 
     session_hostname = f"{session_namespace}.{INGRESS_DOMAIN}"
 
+    # Calculate session cookie domain to use.
+
+    cookie_domain = environment_instance.obj["spec"].get("cookies", {}).get("domain")
+
+    if not cookie_domain:
+        cookie_domain = SESSION_COOKIE_DOMAIN
+
     # Calculate role, security policy and quota details for primary namespace.
 
     role = "admin"
@@ -1451,7 +1458,7 @@ def resolve_security_policy(name):
                                 {"name": "INGRESS_PROTOCOL", "value": INGRESS_PROTOCOL},
                                 {
                                     "name": "SESSION_COOKIE_DOMAIN",
-                                    "value": SESSION_COOKIE_DOMAIN,
+                                    "value": cookie_domain,
                                 },
                                 {
                                     "name": "IMAGE_REPOSITORY",
diff --git a/training-portal/src/project/apps/workshops/manager/environments.py b/training-portal/src/project/apps/workshops/manager/environments.py
index 1db412ea..2789c8e0 100644
--- a/training-portal/src/project/apps/workshops/manager/environments.py
+++ b/training-portal/src/project/apps/workshops/manager/environments.py
@@ -467,6 +467,7 @@ def process_workshop_environment(portal, workshop, position):
             "environment": {"objects": [], "secrets": []},
             "registry": environment.registry or None,
             "theme": {"name": settings.THEME_NAME},
+            "cookies": {"domain": settings.SESSION_COOKIE_DOMAIN},
         },
     }