Use lightspeed-stack authz regex#172
Use lightspeed-stack authz regex#172openshift-merge-bot[bot] merged 1 commit intorh-ecosystem-edge:mainfrom
Conversation
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: omertuc The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
WalkthroughUpdates base image and submodule pointer, adds a Makefile target to delete conversations, implements delete mode in scripts/query.sh with HTTP DELETE, adjusts auth role rules in dev env, and removes an explicit data_collector block from template.yaml. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant U as User
participant M as Makefile
participant Q as scripts/query.sh
participant API as Assisted Chat API
U->>M: make delete
M->>Q: DELETE_MODE=true ./scripts/query.sh
Q->>Q: List conversations (no "New conversation")
Q->>U: Prompt: "Select conversation to delete"
U-->>Q: Select conversation
Q->>U: Confirm deletion (y/N)
alt confirmed
Q->>API: HTTP DELETE /v1/conversations/{id}\nAuthorization: Bearer <token>
API-->>Q: 2xx with body
Q->>U: Print success and exit
else canceled or non-2xx
Q->>U: Print cancel or error with response body
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
|
lightspeed-core/lightspeed-stack#483 merged, let's do the update... |
7373c06 to
98571ae
Compare
Bump to lightspeed-core/lightspeed-stack#483 Also include changes from rh-ecosystem-edge#171 so we only have one bump PR
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
scripts/query.sh (1)
36-60: Model selection read pipeline is broken (pre-existing).The process substitution is attached to the variable assignment, not to read, so read won’t consume fzf output.
Apply:
- IFS=$'\t' < <(jq -r ' + IFS=$'\t' read -r model_name model_provider < <(jq -r ' # Get all models .models[] @@ - | "\($model_name | . + (" " * (40 - length)))\($type_label)\t\($model_name)\t\($provider)" - ' <<<"$models_json" | fzf --delimiter='\t' --with-nth=1 --accept-nth=2,3 --header="Model Name Type") read -r model_name model_provider + | "\($model_name | . + (" " * (40 - length)))\($type_label)\t\($model_name)\t\($provider)"' \ + <<<"$models_json" | fzf --delimiter=$'\t' --with-nth=1 --accept-nth=2,3 --header="Model Name Type")
🧹 Nitpick comments (5)
Containerfile.assisted-chat (1)
7-7: Trim image size after microdnf install.Clean package caches in the same layer.
Apply:
-RUN microdnf install -y patch +RUN microdnf install -y patch && microdnf clean all && rm -rf /var/cache/dnf /var/cache/yumtemplate-params.dev.env (1)
9-9: Regex rule looks correct; consider case-insensitive anchor.To avoid case issues and enforce full-string match, prefer a start anchor and (?i).
Apply:
-AUTHN_ROLE_RULES='[{"jsonpath":"$.realm_access.roles[*]","operator":"contains","value":"redhat:employees","roles":["redhat_employee"]},{"jsonpath":"$.email","operator":"match","value":".*@redhat\\\\.com$","roles":["redhat_employee"]}]' +AUTHN_ROLE_RULES='[{"jsonpath":"$.realm_access.roles[*]","operator":"contains","value":"redhat:employees","roles":["redhat_employee"]},{"jsonpath":"$.email","operator":"match","value":"(?i)^[^@]+@redhat\\\\.com$","roles":["redhat_employee"]}]'scripts/query.sh (2)
205-211: Dynamic prompt: small UX touch.Optionally add --height/--reverse/--border for consistency with other fzf uses.
217-237: DELETE flow is correct; add a tiny robustness check.Validate the UUID before sending the request to avoid accidental deletes on malformed selections.
Apply:
- CONVERSATION_ID=$(echo "$selected" | cut -c1-36 | xargs) + CONVERSATION_ID=$(echo "$selected" | cut -c1-36 | xargs) + if ! [[ "$CONVERSATION_ID" =~ ^[0-9a-fA-F-]{36}$ ]]; then + echo "Invalid conversation ID: $CONVERSATION_ID" + exit 1 + fiMakefile (1)
97-100: New delete target: LGTM.Consider parity targets for int/stage, mirroring query-{int,stage}.
Apply:
delete: ## Delete a conversation from assisted-chat services @echo "Deleting conversation from assisted-chat services..." DELETE_MODE=true ./scripts/query.sh + +delete-int: ## Delete a conversation (integration environment) + @echo "Deleting conversation from assisted-chat services (integration)..." + QUERY_ENV=int DELETE_MODE=true ./scripts/query.sh + +delete-stage: ## Delete a conversation (stage environment) + @echo "Deleting conversation from assisted-chat services (stage)..." + QUERY_ENV=stage DELETE_MODE=true ./scripts/query.sh
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (6)
Containerfile.assisted-chat(1 hunks)Makefile(2 hunks)lightspeed-stack(1 hunks)scripts/query.sh(3 hunks)template-params.dev.env(1 hunks)template.yaml(0 hunks)
💤 Files with no reviewable changes (1)
- template.yaml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Red Hat Konflux / assisted-chat-saas-main-on-pull-request
- GitHub Check: Red Hat Konflux / assisted-chat-test-image-saas-main-on-pull-request
🔇 Additional comments (5)
lightspeed-stack (1)
1-1: LGTM: submodule bump to lightspeed-stack be56d50 verified.
Pointer-only update; Containerfile comments include the short SHA and CI will build the intended commit.Containerfile.assisted-chat (1)
2-3: Base image bump looks good; verify alignment with lightspeed-stack commit and patch applicability.Please confirm the digest matches the dev tag comment (be56d50) and contains the new authz-regex support from lightspeed-stack, and that the downstream patch still applies cleanly against this image.
scripts/query.sh (3)
5-7: DELETE_MODE flag: LGTM.
169-176: Graceful no-data behavior in delete mode: LGTM.
179-181: Hiding “New conversation” in delete mode: LGTM.
| feedback_storage: "${STORAGE_MOUNT_PATH}/feedback" | ||
| transcripts_enabled: ${LIGHTSPEED_TRANSCRIPTS_ENABLED} | ||
| transcripts_storage: "${STORAGE_MOUNT_PATH}/transcripts" | ||
| data_collector: |
There was a problem hiding this comment.
Hmm not sure, it doesn't exist anymore, not sure what replaced it
| ASSISTED_CHAT_DEFAULT_MODEL=gemini/gemini-2.0-flash | ||
| LIGHTSSPEED_STACK_POSTGRES_SSL_MODE=disable | ||
| AUTHN_ROLE_RULES='[{"jsonpath":"$.realm_access.roles[*]","operator":"contains","value":"redhat:employees","roles":["redhat_employee"]}]' | ||
| AUTHN_ROLE_RULES='[{"jsonpath":"$.realm_access.roles[*]","operator":"contains","value":"redhat:employees","roles":["redhat_employee"]},{"jsonpath":"$.email","operator":"match","value":".*@redhat\\\\.com$","roles":["redhat_employee"]}]' |
There was a problem hiding this comment.
Can't hurt. Let's keep both to minimize potential damage, then we can remove later
b0dd95d
into
rh-ecosystem-edge:main
Bump to lightspeed-core/lightspeed-stack#483
Draft until that PR actually merges
Also include the changes from #171 so that we only have one bump PR
Summary by CodeRabbit
New Features
Configuration
Chores