♻️(backend) update BaseEgress to use custom session from livekit-api

Refactor BaseEgress class to leverage latest livekit-api client's custom
session support. Simplifies code by using built-in capability to disable SSL
verification in development environments instead of previous workaround.

docs/installation.md

@@ -308,7 +308,6 @@ These are the environmental options available on meet backend.
 | ALLOW_UNREGISTERED_ROOMS                        | Allow usage of unregistered rooms        | true                                                                                                                                                          |
 | RECORDING_ENABLE                                | record meeting option                    | false                                                                                                                                                         |
 | RECORDING_OUTPUT_FOLDER                         | folder to store meetings                 | recordings                                                                                                                                                    |
-| RECORDING_VERIFY_SSL                            | verify ssl for recording storage         | true                                                                                                                                                          |
 | RECORDING_WORKER_CLASSES                        | worker classes for recording             | {"screen_recording": "core.recording.worker.services.VideoCompositeEgressService","transcript": "core.recording.worker.services.AudioCompositeEgressService"} |
 | RECORDING_EVENT_PARSER_CLASS                    | storage event engine for recording       | core.recording.event.parsers.MinioParser                                                                                                                      |
 | RECORDING_ENABLE_STORAGE_EVENT_AUTH             | enable storage event authorization       | true                                                                                                                                                          |

src/backend/core/recording/worker/factories.py

@@ -17,7 +17,6 @@ class WorkerServiceConfig:
 
     output_folder: str
     server_configurations: Dict[str, Any]
-    verify_ssl: Optional[bool]
     bucket_args: Optional[dict]
 
     @classmethod
@@ -29,7 +28,6 @@ class WorkerServiceConfig:
         return cls(
             output_folder=settings.RECORDING_OUTPUT_FOLDER,
             server_configurations=settings.LIVEKIT_CONFIGURATION,
-            verify_ssl=settings.RECORDING_VERIFY_SSL,
             bucket_args={
                 "endpoint": settings.AWS_S3_ENDPOINT_URL,
                 "access_key": settings.AWS_S3_ACCESS_KEY_ID,

src/backend/core/recording/worker/services.py

@@ -2,10 +2,11 @@
 
 # pylint: disable=no-member
 
+from django.conf import settings
+
 import aiohttp
 from asgiref.sync import async_to_sync
 from livekit import api as livekit_api
-from livekit.api.egress_service import EgressService
 
 from ..enums import FileExtension
 from .exceptions import WorkerConnectionError, WorkerResponseError
@@ -29,21 +30,29 @@ class BaseEgressService:
     async def _handle_request(self, request, method_name: str):
         """Handle making a request to the LiveKit API and returns the response."""
 
-        # Use HTTP connector for local development with Tilt,
-        # where cluster communications are unsecure
-        connector = aiohttp.TCPConnector(ssl=self._config.verify_ssl)
+        custom_session = None
+        if not settings.LIVEKIT_VERIFY_SSL:
+            connector = aiohttp.TCPConnector(ssl=False)
+            custom_session = aiohttp.ClientSession(connector=connector)
 
-        async with aiohttp.ClientSession(connector=connector) as session:
-            client = EgressService(session, **self._config.server_configurations)
-            method = getattr(client, method_name)
-            try:
-                response = await method(request)
-            except livekit_api.TwirpError as e:
-                raise WorkerConnectionError(
-                    f"LiveKit client connection error, {e.message}."
-                ) from e
+        lkapi = livekit_api.LiveKitAPI(
+            session=custom_session, **self._config.server_configurations
+        )
 
+        # ruff: noqa: SLF001
+        # pylint: disable=protected-access
+        method = getattr(lkapi._egress, method_name)
+
+        try:
+            response = await method(request)
             return response
+        except livekit_api.TwirpError as e:
+            raise WorkerConnectionError(
+                f"LiveKit client connection error, {e.message}."
+            ) from e
+
+        finally:
+            await lkapi.aclose()
 
     def stop(self, worker_id: str) -> str:
         """Stop an ongoing egress worker.

src/backend/core/tests/recording/worker/test_factories.py

@@ -32,7 +32,6 @@ def test_settings():
     mocked_settings = {
         "RECORDING_OUTPUT_FOLDER": "/test/output",
         "LIVEKIT_CONFIGURATION": {"server": "test.example.com"},
-        "RECORDING_VERIFY_SSL": True,
         "AWS_S3_ENDPOINT_URL": "https://s3.test.com",
         "AWS_S3_ACCESS_KEY_ID": "test_key",
         "AWS_S3_SECRET_ACCESS_KEY": "test_secret",
@@ -56,7 +55,6 @@ def test_config_initialization(default_config):
     """Test that WorkerServiceConfig is properly initialized from settings"""
     assert default_config.output_folder == "/test/output"
     assert default_config.server_configurations == {"server": "test.example.com"}
-    assert default_config.verify_ssl is True
     assert default_config.bucket_args == {
         "endpoint": "https://s3.test.com",
         "access_key": "test_key",
@@ -76,7 +74,6 @@ def test_config_immutability(default_config):
 @override_settings(
     RECORDING_OUTPUT_FOLDER="/test/output",
     LIVEKIT_CONFIGURATION={"server": "test.example.com"},
-    RECORDING_VERIFY_SSL=True,
     AWS_S3_ENDPOINT_URL="https://s3.test.com",
     AWS_S3_ACCESS_KEY_ID="test_key",
     AWS_S3_SECRET_ACCESS_KEY="test_secret",

src/backend/core/tests/recording/worker/test_services.py

@@ -28,7 +28,6 @@ def config():
             "api_key": "test_key",
             "api_secret": "test_secret",
         },
-        verify_ssl=True,
         bucket_args={
             "endpoint": "https://s3.test.com",
             "access_key": "test_key",

src/backend/meet/settings.py

@@ -446,6 +446,9 @@ class Base(Configuration):
         ),
         "url": values.Value(environ_name="LIVEKIT_API_URL", environ_prefix=None),
     }
+    LIVEKIT_VERIFY_SSL = values.BooleanValue(
+        True, environ_name="LIVEKIT_VERIFY_SSL", environ_prefix=None
+    )
     RESOURCE_DEFAULT_ACCESS_LEVEL = values.Value(
         "public", environ_name="RESOURCE_DEFAULT_ACCESS_LEVEL", environ_prefix=None
     )
@@ -460,9 +463,6 @@ class Base(Configuration):
     RECORDING_OUTPUT_FOLDER = values.Value(
         "recordings", environ_name="RECORDING_OUTPUT_FOLDER", environ_prefix=None
     )
-    RECORDING_VERIFY_SSL = values.BooleanValue(
-        True, environ_name="RECORDING_VERIFY_SSL", environ_prefix=None
-    )
     RECORDING_WORKER_CLASSES = values.DictValue(
         {
             "screen_recording": "core.recording.worker.services.VideoCompositeEgressService",

src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl

@@ -61,7 +61,6 @@ backend:
     AWS_STORAGE_BUCKET_NAME: meet-media-storage
     AWS_S3_REGION_NAME: local
     RECORDING_ENABLE: True
-    RECORDING_VERIFY_SSL: True
     RECORDING_STORAGE_EVENT_ENABLE: True
     RECORDING_STORAGE_EVENT_TOKEN: password
     SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/

src/helm/env.d/dev/values.meet.yaml.gotmpl

@@ -83,7 +83,6 @@ backend:
     AWS_STORAGE_BUCKET_NAME: meet-media-storage
     AWS_S3_REGION_NAME: local
     RECORDING_ENABLE: True
-    RECORDING_VERIFY_SSL: True
     RECORDING_STORAGE_EVENT_ENABLE: True
     RECORDING_STORAGE_EVENT_TOKEN: password
     SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/