From 2ef95aa835d488cf38358dcc7972fe129224fe4a Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Thu, 24 Apr 2025 15:29:15 +0200 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(backend)=20update=20BaseEgre?= =?UTF-8?q?ss=20to=20use=20custom=20session=20from=20livekit-api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactor BaseEgress class to leverage latest livekit-api client's custom session support. Simplifies code by using built-in capability to disable SSL verification in development environments instead of previous workaround. --- docs/installation.md | 1 - .../core/recording/worker/factories.py | 2 -- src/backend/core/recording/worker/services.py | 35 ++++++++++++------- .../tests/recording/worker/test_factories.py | 3 -- .../tests/recording/worker/test_services.py | 1 - src/backend/meet/settings.py | 6 ++-- .../dev-keycloak/values.meet.yaml.gotmpl | 1 - src/helm/env.d/dev/values.meet.yaml.gotmpl | 1 - 8 files changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/installation.md b/docs/installation.md index 4366de84..57c34c39 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -308,7 +308,6 @@ These are the environmental options available on meet backend. | ALLOW_UNREGISTERED_ROOMS | Allow usage of unregistered rooms | true | | RECORDING_ENABLE | record meeting option | false | | RECORDING_OUTPUT_FOLDER | folder to store meetings | recordings | -| RECORDING_VERIFY_SSL | verify ssl for recording storage | true | | RECORDING_WORKER_CLASSES | worker classes for recording | {"screen_recording": "core.recording.worker.services.VideoCompositeEgressService","transcript": "core.recording.worker.services.AudioCompositeEgressService"} | | RECORDING_EVENT_PARSER_CLASS | storage event engine for recording | core.recording.event.parsers.MinioParser | | RECORDING_ENABLE_STORAGE_EVENT_AUTH | enable storage event authorization | true | diff --git a/src/backend/core/recording/worker/factories.py b/src/backend/core/recording/worker/factories.py index 73bebba9..33f0957c 100644 --- a/src/backend/core/recording/worker/factories.py +++ b/src/backend/core/recording/worker/factories.py @@ -17,7 +17,6 @@ class WorkerServiceConfig: output_folder: str server_configurations: Dict[str, Any] - verify_ssl: Optional[bool] bucket_args: Optional[dict] @classmethod @@ -29,7 +28,6 @@ class WorkerServiceConfig: return cls( output_folder=settings.RECORDING_OUTPUT_FOLDER, server_configurations=settings.LIVEKIT_CONFIGURATION, - verify_ssl=settings.RECORDING_VERIFY_SSL, bucket_args={ "endpoint": settings.AWS_S3_ENDPOINT_URL, "access_key": settings.AWS_S3_ACCESS_KEY_ID, diff --git a/src/backend/core/recording/worker/services.py b/src/backend/core/recording/worker/services.py index 66c3f617..6a40bee1 100644 --- a/src/backend/core/recording/worker/services.py +++ b/src/backend/core/recording/worker/services.py @@ -2,10 +2,11 @@ # pylint: disable=no-member +from django.conf import settings + import aiohttp from asgiref.sync import async_to_sync from livekit import api as livekit_api -from livekit.api.egress_service import EgressService from ..enums import FileExtension from .exceptions import WorkerConnectionError, WorkerResponseError @@ -29,21 +30,29 @@ class BaseEgressService: async def _handle_request(self, request, method_name: str): """Handle making a request to the LiveKit API and returns the response.""" - # Use HTTP connector for local development with Tilt, - # where cluster communications are unsecure - connector = aiohttp.TCPConnector(ssl=self._config.verify_ssl) + custom_session = None + if not settings.LIVEKIT_VERIFY_SSL: + connector = aiohttp.TCPConnector(ssl=False) + custom_session = aiohttp.ClientSession(connector=connector) - async with aiohttp.ClientSession(connector=connector) as session: - client = EgressService(session, **self._config.server_configurations) - method = getattr(client, method_name) - try: - response = await method(request) - except livekit_api.TwirpError as e: - raise WorkerConnectionError( - f"LiveKit client connection error, {e.message}." - ) from e + lkapi = livekit_api.LiveKitAPI( + session=custom_session, **self._config.server_configurations + ) + # ruff: noqa: SLF001 + # pylint: disable=protected-access + method = getattr(lkapi._egress, method_name) + + try: + response = await method(request) return response + except livekit_api.TwirpError as e: + raise WorkerConnectionError( + f"LiveKit client connection error, {e.message}." + ) from e + + finally: + await lkapi.aclose() def stop(self, worker_id: str) -> str: """Stop an ongoing egress worker. diff --git a/src/backend/core/tests/recording/worker/test_factories.py b/src/backend/core/tests/recording/worker/test_factories.py index f2c7537b..2bd448d2 100644 --- a/src/backend/core/tests/recording/worker/test_factories.py +++ b/src/backend/core/tests/recording/worker/test_factories.py @@ -32,7 +32,6 @@ def test_settings(): mocked_settings = { "RECORDING_OUTPUT_FOLDER": "/test/output", "LIVEKIT_CONFIGURATION": {"server": "test.example.com"}, - "RECORDING_VERIFY_SSL": True, "AWS_S3_ENDPOINT_URL": "https://s3.test.com", "AWS_S3_ACCESS_KEY_ID": "test_key", "AWS_S3_SECRET_ACCESS_KEY": "test_secret", @@ -56,7 +55,6 @@ def test_config_initialization(default_config): """Test that WorkerServiceConfig is properly initialized from settings""" assert default_config.output_folder == "/test/output" assert default_config.server_configurations == {"server": "test.example.com"} - assert default_config.verify_ssl is True assert default_config.bucket_args == { "endpoint": "https://s3.test.com", "access_key": "test_key", @@ -76,7 +74,6 @@ def test_config_immutability(default_config): @override_settings( RECORDING_OUTPUT_FOLDER="/test/output", LIVEKIT_CONFIGURATION={"server": "test.example.com"}, - RECORDING_VERIFY_SSL=True, AWS_S3_ENDPOINT_URL="https://s3.test.com", AWS_S3_ACCESS_KEY_ID="test_key", AWS_S3_SECRET_ACCESS_KEY="test_secret", diff --git a/src/backend/core/tests/recording/worker/test_services.py b/src/backend/core/tests/recording/worker/test_services.py index 72381a3a..ffd9eb18 100644 --- a/src/backend/core/tests/recording/worker/test_services.py +++ b/src/backend/core/tests/recording/worker/test_services.py @@ -28,7 +28,6 @@ def config(): "api_key": "test_key", "api_secret": "test_secret", }, - verify_ssl=True, bucket_args={ "endpoint": "https://s3.test.com", "access_key": "test_key", diff --git a/src/backend/meet/settings.py b/src/backend/meet/settings.py index 23f0e7e7..2eca2219 100755 --- a/src/backend/meet/settings.py +++ b/src/backend/meet/settings.py @@ -446,6 +446,9 @@ class Base(Configuration): ), "url": values.Value(environ_name="LIVEKIT_API_URL", environ_prefix=None), } + LIVEKIT_VERIFY_SSL = values.BooleanValue( + True, environ_name="LIVEKIT_VERIFY_SSL", environ_prefix=None + ) RESOURCE_DEFAULT_ACCESS_LEVEL = values.Value( "public", environ_name="RESOURCE_DEFAULT_ACCESS_LEVEL", environ_prefix=None ) @@ -460,9 +463,6 @@ class Base(Configuration): RECORDING_OUTPUT_FOLDER = values.Value( "recordings", environ_name="RECORDING_OUTPUT_FOLDER", environ_prefix=None ) - RECORDING_VERIFY_SSL = values.BooleanValue( - True, environ_name="RECORDING_VERIFY_SSL", environ_prefix=None - ) RECORDING_WORKER_CLASSES = values.DictValue( { "screen_recording": "core.recording.worker.services.VideoCompositeEgressService", diff --git a/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl b/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl index 49f80700..63afa26e 100644 --- a/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl @@ -61,7 +61,6 @@ backend: AWS_STORAGE_BUCKET_NAME: meet-media-storage AWS_S3_REGION_NAME: local RECORDING_ENABLE: True - RECORDING_VERIFY_SSL: True RECORDING_STORAGE_EVENT_ENABLE: True RECORDING_STORAGE_EVENT_TOKEN: password SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/ diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl index 0b835949..5b551704 100644 --- a/src/helm/env.d/dev/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl @@ -83,7 +83,6 @@ backend: AWS_STORAGE_BUCKET_NAME: meet-media-storage AWS_S3_REGION_NAME: local RECORDING_ENABLE: True - RECORDING_VERIFY_SSL: True RECORDING_STORAGE_EVENT_ENABLE: True RECORDING_STORAGE_EVENT_TOKEN: password SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/