[DRAFT / DO NOT MERGE] Aap 58797 chatbot auth tests

roles/chatbot/defaults/main.yml

@@ -42,6 +42,11 @@ _chatbot_mcp_lightspeed_image_version: "{{ lookup('env', 'DEFAULT_CHATBOT_MCP_LI
 chatbot_config_secret_name: ''
 # ========================================
 
+# ----------------------------------------
+# Configuration for the Chatbot API Key
+# ----------------------------------------
+chatbot_api_key_secret_name: 'chatbot-api-key'
+# ========================================
 
 # ----------------------------------------
 # Configuration for underlying service

roles/chatbot/tasks/handle_chatbot_api_key_secret.yml

@@ -0,0 +1,33 @@
+---
+- name: Set the composed Chatbot API Key Secret name.
+  set_fact:
+    _chatbot_api_key_secret_name: "{{ ansible_operator_meta.name }}-{{ chatbot_api_key_secret_name }}"
+
+- name: Check for existing Chatbot API Key Secret
+  set_fact:
+    _chatbot_api_key_secret: "{{ query('kubernetes.core.k8s', kind='Secret', namespace=ansible_operator_meta.namespace, resource_name=_chatbot_api_key_secret_name) }}"
+
+- name: Create Chatbot API Key Secret
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'secrets/chatbot_api_key_secret.yaml.j2') }}"
+  no_log: "{{ no_log }}"
+  when:
+    - _chatbot_api_key_secret | length == 0
+
+- name: Read Chatbot API Key
+  kubernetes.core.k8s_info:
+    kind: Secret
+    namespace: '{{ ansible_operator_meta.namespace }}'
+    name: '{{ _chatbot_api_key_secret_name }}'
+  register: _generated_chatbot_api_key
+  no_log: "{{ no_log }}"
+  when:
+    - _chatbot_api_key_secret | length == 0
+
+- name: Set Chatbot API Key
+  ansible.builtin.set_fact:
+    chatbot_api_key: '{{ _generated_chatbot_api_key["resources"][0]["data"]["api_key"] | b64decode }}'
+  no_log: "{{ no_log }}"
+  when:
+    - _chatbot_api_key_secret | length == 0

roles/chatbot/tasks/main.yml

@@ -14,6 +14,9 @@
   - name: Read AnsibleAIConnect's Chatbot secret
     ansible.builtin.include_tasks: read_chatbot_configuration_secret.yml
 
+  - name: Read AnsibleAIConnect's Chatbot API Key
+    ansible.builtin.include_tasks: handle_chatbot_api_key_secret.yml
+
   - name: Clean up old Chatbot PVC before upgrade
     ansible.builtin.include_tasks: upgrade_chatbot.yml
 

roles/chatbot/templates/chatbot.configmap_lightspeed_stack_config.yaml.j2

@@ -31,6 +31,10 @@ data:
       transcripts_enabled: false
     customization:
       system_prompt_path: /.llama/distributions/ansible-chatbot/system-prompts/default.txt
+    authentication:
+      module: "api-key-token"
+      api_key_config:
+        api_key: ${env.CHATBOT_API_KEY}
 {% if _aap_gateway_url is defined or _aap_controller_url is defined %}
     mcp_servers:
 {% if _aap_gateway_url is defined and _aap_controller_url is defined %}

roles/chatbot/templates/chatbot.deployment.yaml.j2

@@ -106,6 +106,13 @@ spec:
             value: /.llama/data
           - name: EMBEDDING_MODEL
             value: ./embeddings_model
+          - name: CHATBOT_API_KEY
+            value: {{ chatbot_api_key }}
+{#            value: 'test-api-key-1'#}
+{#            valueFrom:#}
+{#              secretKeyRef:#}
+{#                name: "{{ ansible_operator_meta.name }}-{{ chatbot_api_key_secret_name }}"#}
+{#                key: api_key#}
           - name: PROVIDER_TOKEN
             value: {{ chatbot_token }}
           - name: PROVIDER_URL

roles/chatbot/templates/secrets/chatbot_api_key_secret.yaml.j2

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: '{{ ansible_operator_meta.name }}-{{ chatbot_api_key_secret_name }}'
+  namespace: '{{ ansible_operator_meta.namespace }}'
+  labels:
+    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
+    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
+    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+stringData:
+  api_key: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'

roles/model/defaults/main.yml

@@ -49,6 +49,11 @@ auth_config_secret_name: ''
 model_config_secret_name: ''
 # ========================================
 
+# ----------------------------------------
+# Configuration for the Chatbot API Key
+# ----------------------------------------
+chatbot_api_key_secret_name: 'chatbot-api-key'
+# ========================================
 
 # ----------------------------------------
 # Configuration for underlying service

roles/model/tasks/update_status.yml

@@ -18,6 +18,7 @@
       chatbotImage: ""
       chatbotVersion: ""
       chatbotConfigurationSecret: ""
+      chatbotAuthenticationSecret: ""
 
 # ============================================
 # Retrieve and update AnsibleAIConnect status
@@ -102,6 +103,7 @@
           chatbotImage: "{{ _chatbot_image }}"
           chatbotVersion: "{{ chatbot_instance_version.stdout | trim }}"
           chatbotConfigurationSecret: "{{ chatbot_config_secret_name }}"
+          chatbotAuthenticationSecret: "{{ chatbot_api_key_secret_name }}"
   when:
     - chatbot_api_pod_name is defined
     - chatbot_api_pod_name | length

roles/model/templates/model.deployment.yaml.j2

@@ -204,6 +204,12 @@ spec:
             secretKeyRef:
               name: "{{ __model_pipeline_secret_name }}"
               key: config
+        - name: CHATBOT_API_KEY
+{#          value: "test-api-key-1"#}
+          valueFrom:
+            secretKeyRef:
+              name: "{{ ansible_operator_meta.name }}-{{ chatbot_api_key_secret_name }}"
+              key: api_key
 {% if chatbot_config is defined %}
         - name: CHATBOT_DEFAULT_PROVIDER
           value: {{ chatbot_llm_provider_type }}