[VERY EARLY DRAFT - DO NOT MERGE] AAP integration

Signed-off-by: Djebran Lezzoum <ldjebran@gmail.com>

ansible_ai_connect/ai/api/versions/v1/urls.py

@@ -12,8 +12,11 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
+from ansible_base.resource_registry.urls import urlpatterns as resource_api_urls
 from django.urls import include, path
 
+from ansible_ai_connect.healthcheck.views import WisdomServiceLivenessProbeView
+
 from .ai import urls as ai_urls
 from .telemetry import urls as telemetry_urls
 from .users import urls as me_urls
@@ -24,4 +27,6 @@
     path("me/", include(me_urls)),
     path("telemetry/", include(telemetry_urls)),
     path("wca/", include(wca_urls)),
+    path("check/", WisdomServiceLivenessProbeView.as_view(), name="health_check"),
+    path("", include(resource_api_urls)),
 ]

ansible_ai_connect/ai/api/views.py

@@ -98,7 +98,7 @@
 )
 from ansible_ai_connect.users.models import User
 
-from ...main.permissions import IsRHInternalUser, IsTestUser
+from ...main.permissions import IsAAPUser, IsRHInternalUser, IsTestUser
 from ...users.throttling import EndpointRateThrottle
 from ..feature_flags import FeatureFlags
 from .data.data_model import ContentMatchPayloadData, ContentMatchResponseDto
@@ -984,7 +984,7 @@ class ChatEndpointThrottle(EndpointRateThrottle):
     permission_classes = [
         permissions.IsAuthenticated,
         IsAuthenticatedOrTokenHasScope,
-        IsRHInternalUser | IsTestUser,
+        IsRHInternalUser | IsTestUser | IsAAPUser,
     ]
     required_scopes = ["read", "write"]
     schema1_event = schema1.ChatBotOperationalEvent

ansible_ai_connect/ai/resource_api.py

@@ -0,0 +1,35 @@
+from ansible_base.resource_registry.registry import (
+    ResourceConfig,
+    ServiceAPIConfig,
+    SharedResource,
+)
+from ansible_base.resource_registry.shared_types import UserType
+from ansible_base.resource_registry.utils.resource_type_processor import (
+    ResourceTypeProcessor,
+)
+from django.contrib.auth import get_user_model
+
+
+class UserProcessor(ResourceTypeProcessor):
+    def pre_serialize_additional(self):
+        # These fields aren't supported in app, so we'll set them to blank
+        setattr(self.instance, "external_auth_provider", None)
+        setattr(self.instance, "external_auth_uid", None)
+        setattr(self.instance, "organizations", [])
+        setattr(self.instance, "organizations_administered", [])
+
+        return self.instance
+
+
+class APIConfig(ServiceAPIConfig):
+    custom_resource_processors = {"shared.user": UserProcessor}
+    service_type = "lightspeed"
+
+
+RESOURCE_LIST = [
+    ResourceConfig(
+        get_user_model(),
+        shared_resource=SharedResource(serializer=UserType, is_provider=False),
+        name_field="username",
+    ),
+]

ansible_ai_connect/main/permissions.py

@@ -11,6 +11,7 @@
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
+from django.conf import settings
 from rest_framework.permissions import BasePermission
 
 
@@ -38,3 +39,16 @@ class IsTestUser(BasePermission):
     def has_permission(self, request, view):
         user = request.user
         return user.is_authenticated and user.groups.filter(name="test").exists()
+
+
+class IsAAPUser(BasePermission):
+    """
+    Allow access only to authenticated users when on-prem
+    """
+
+    code = "permission_denied_user_not_on_prem"
+    message = "The user is not an on-prem User"
+
+    def has_permission(self, request, view):
+        user = request.user
+        return user.is_authenticated and settings.DEPLOYMENT_MODE == "onprem"

ansible_ai_connect/main/settings/base.py

@@ -74,6 +74,8 @@
     "ansible_ai_connect.healthcheck",
     "oauth2_provider",
     "import_export",
+    "ansible_base.resource_registry",
+    "ansible_base.jwt_consumer",
 ]
 
 MIDDLEWARE = [
@@ -262,6 +264,7 @@ def is_ssl_enabled(value: str) -> bool:
     "DEFAULT_AUTHENTICATION_CLASSES": [
         "oauth2_provider.contrib.rest_framework.OAuth2Authentication",
         "rest_framework.authentication.SessionAuthentication",
+        "ansible_base.jwt_consumer.common.auth.JWTAuthentication",
     ],
     "DEFAULT_PERMISSION_CLASSES": ["rest_framework.permissions.IsAuthenticated"],
     "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
@@ -276,6 +279,9 @@ def is_ssl_enabled(value: str) -> bool:
 
 API_VERSION = "1.0.0"
 
+ANSIBLE_BASE_ORGANIZATION_MODEL = "ansible_ai_connect.organizations.models.Organization"
+ANSIBLE_BASE_RESOURCE_CONFIG_MODULE = "ansible_ai_connect.ai.resource_api"
+
 # Current RHSSOAuthentication implementation is incompatible with tech preview terms partial
 if not ANSIBLE_AI_ENABLE_TECH_PREVIEW:
     REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"].insert(

ansible_ai_connect/users/models.py

@@ -62,11 +62,11 @@ class User(ExportModelOperationsMixin("user"), AbstractUser):
     )
     rh_user_is_org_admin = models.BooleanField(default=False)
     rh_internal = models.BooleanField(default=False)
-    external_username = models.CharField(default="", null=False)
-    name = models.CharField(default=None, null=True)
-    given_name = models.CharField(default=None, null=True)
-    family_name = models.CharField(default=None, null=True)
-    email = models.CharField(default=None, null=True)
+    external_username = models.CharField(default="", null=False, max_length=150)
+    name = models.CharField(default=None, null=True, max_length=150)
+    given_name = models.CharField(default=None, null=True, max_length=150)
+    family_name = models.CharField(default=None, null=True, max_length=150)
+    email = models.CharField(default=None, null=True, max_length=150)
     email_verified = models.BooleanField(default=False, null=True)
 
     @property

requirements-aarch64.txt

@@ -433,7 +433,7 @@ social-auth-core==4.5.4
     #   social-auth-app-django
 sqlalchemy==2.0.29
     # via langchain
-sqlparse==0.5.0
+sqlparse==0.5.2
     # via
     #   -r requirements.in
     #   django
@@ -490,3 +490,4 @@ yamllint==1.35.1
     # via ansible-lint
 yarl==1.17.2
     # via aiohttp
+django-ansible-base @ git+https://github.com/ansible/django-ansible-base@devel#egg=django-ansible-base[jwt_consumer,resource-registry]

requirements-x86_64.txt

@@ -433,7 +433,7 @@ social-auth-core==4.5.4
     #   social-auth-app-django
 sqlalchemy==2.0.29
     # via langchain
-sqlparse==0.5.0
+sqlparse==0.5.2
     # via
     #   -r requirements.in
     #   django
@@ -490,3 +490,4 @@ yamllint==1.35.1
     # via ansible-lint
 yarl==1.17.2
     # via aiohttp
+django-ansible-base @ git+https://github.com/ansible/django-ansible-base@devel#egg=django-ansible-base[jwt_consumer,resource-registry]

requirements.in

@@ -59,7 +59,7 @@ requests==2.32.0
 segment-analytics-python==2.2.2
 # pin sqlparse on 0.5.0 to address GHSA-2m57-hf25-phgg
 # Remove once a Django>4.2.11 is released with an updated dep on sqlparse
-sqlparse==0.5.0
+sqlparse==0.5.2
 social-auth-app-django==5.4.1
 social-auth-core==4.5.4
 slack-sdk==3.31.0
@@ -69,3 +69,4 @@ uwsgi==2.0.22
 uwsgi-readiness-check==0.2.0
 django-allow-cidr==0.6.0
 django-csp==3.7
+django-ansible-base @ git+https://github.com/ansible/django-ansible-base@devel#egg=django-ansible-base[jwt_consumer,resource-registry]

tools/docker-compose/compose.yaml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   django:
     user: "1000"
-    image: localhost/docker-compose_django:latest
+    image: ansible_wisdom:latest
     build:
       context: $PWD
       dockerfile: wisdom-service.Containerfile
@@ -14,12 +14,12 @@ services:
       - $PWD/ari/kb:/etc/ari/kb:Z
       - $PWD/tools/scripts:/etc/wisdom/scripts:Z
     ports:
-      - "8000:8000"
+      - "7080:8000"
     expose:
-      - "8000"
+      - "7080"
       - "8001-8011" # django-prometheus
     environment:
-      - DJANGO_SETTINGS_MODULE=ansible_ai_connect.main.settings.development
+      - DJANGO_SETTINGS_MODULE=ansible_ai_connect.main.settings.aap
       - DJANGO_LOG_LEVEL=${DJANGO_LOG_LEVEL}
       - ANSIBLE_AI_DATABASE_NAME=wisdom
       - ANSIBLE_AI_DATABASE_USER=wisdom
@@ -80,6 +80,7 @@ services:
       - /etc/wisdom/scripts/launch-wisdom.sh
     networks:
       - dbnet
+      - service-mesh
   db:
     image: docker.io/library/postgres:15-alpine
     environment:
@@ -119,3 +120,5 @@ services:
 
 networks:
   dbnet:
+  service-mesh:
+    name: service-mesh