InseeFrLab · fcomte · Nov 15, 2022 · Nov 3, 2022
diff --git a/docs/region-configuration.md b/docs/region-configuration.md
@@ -45,6 +45,7 @@ Users can work on Onyxia as a User or as a Group to which they belong. Each user
 | --------------------- | ------- | ------------------------------------------------------------------ | ---- |
 | `type` | | Type of the platform on which services are launched. Only Kubernetes is supported, Marathon has been removed. | "KUBERNETES" |
 | `singleNamespace` | true | When true, all users share the same namespace on the service provider. This configuration can be used if a project work on its own Onyxia region. | |
+| `userNamespace` | true | When true, all users have a namespace for his work. This configuration can be used if you don't allow user to have their own space to work and only use project space | |
 | `namespacePrefix` | "user-" | User have a personal namespace like namespacePrefix + userId (should only be used when not singleNamespace but not the case) | |
 | `groupNamespacePrefix` | "projet-" | User in a group groupId can access the namespace groupeNamespacePrefix + groupId. This prefix is also used for vault group directory. | |
 | `usernamePrefix` | | If set, the Kubernetes user corresponding to the Onyxia user is named usernamePrefix + userId on impersonation mode, otherwise it is identified only as userId | "user-" |

diff --git a/...pi/src/main/java/fr/insee/onyxia/api/controller/exception/NamespaceNotFoundException.java b/...pi/src/main/java/fr/insee/onyxia/api/controller/exception/NamespaceNotFoundException.java
@@ -0,0 +1,11 @@
+package fr.insee.onyxia.api.controller.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(value = HttpStatus.NOT_FOUND)
+public class NamespaceNotFoundException extends RuntimeException{
+	public NamespaceNotFoundException() {
+		super("Namespace not found");
+	}
+}
diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/services/impl/HelmAppsService.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/services/impl/HelmAppsService.java
@@ -4,6 +4,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import fr.insee.onyxia.api.configuration.kubernetes.HelmClientProvider;
 import fr.insee.onyxia.api.configuration.kubernetes.KubernetesClientProvider;
+import fr.insee.onyxia.api.controller.exception.NamespaceNotFoundException;
 import fr.insee.onyxia.api.services.AppsService;
 import fr.insee.onyxia.api.services.control.AdmissionControllerHelm;
 import fr.insee.onyxia.api.services.control.commons.UrlGenerator;
@@ -146,6 +147,9 @@ public CompletableFuture<ServicesListing> getUserServices(Region region, Project
             LOGGER.debug("STUB : group listing is currently not supported on helm");
             return CompletableFuture.completedFuture(new ServicesListing());
         }
+        if (StringUtils.isEmpty(project.getNamespace())) {
+            throw new NamespaceNotFoundException();
+        }
         List<HelmLs> installedCharts = null;
         try {
             installedCharts = Arrays.asList(getHelmInstallService().listChartInstall(getHelmConfiguration(region, user), project.getNamespace()));

diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/services/impl/kubernetes/KubernetesService.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/services/impl/kubernetes/KubernetesService.java
@@ -1,6 +1,7 @@
 package fr.insee.onyxia.api.services.impl.kubernetes;
 
 import fr.insee.onyxia.api.configuration.kubernetes.KubernetesClientProvider;
+import fr.insee.onyxia.api.controller.exception.NamespaceNotFoundException;
 import fr.insee.onyxia.model.User;
 import fr.insee.onyxia.model.project.Project;
 import fr.insee.onyxia.model.region.Region;
@@ -11,6 +12,8 @@
 import io.fabric8.kubernetes.api.model.rbac.SubjectBuilder;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.KubernetesClientException;
+
+import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -34,6 +37,9 @@ public String determineNamespaceAndCreateIfNeeded(Region region, Project project
         if (region.getServices().isSingleNamespace()) {
             return getCurrentNamespace(region);
         }
+        if (StringUtils.isEmpty(project.getNamespace())) {
+            throw new NamespaceNotFoundException();
+        }
         KubernetesService.Owner owner = new KubernetesService.Owner();
         if (project.getGroup() != null) {
             owner.setId(project.getGroup());

diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java
@@ -55,13 +55,15 @@ private Project getUserProject(Region region, OnyxiaUser user ) {
         }
         else {
             userProject.setId(region.getServices().getNamespacePrefix()+user.getUser().getIdep());
-            userProject.setGroup(null);
             userProject.setVaultTopDir(user.getUser().getIdep());
+            userProject.setGroup(null);
+            userProject.setName(user.getUser().getIdep()+" personal project");
             if(region.getData()!=null && region.getData().getS3()!=null){
                 userProject.setBucket(region.getData().getS3().getBucketPrefix()+user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim()));
             }
-            userProject.setNamespace(region.getServices().getNamespacePrefix()+user.getUser().getIdep());
-            userProject.setName(user.getUser().getIdep()+" personal project");
+            if (region.getServices().isUserNamespace()) {
+                userProject.setNamespace(region.getServices().getNamespacePrefix()+user.getUser().getIdep());
+            }
         }
         return userProject;
     }

diff --git a/onyxia-model/src/main/java/fr/insee/onyxia/model/project/Project.java b/onyxia-model/src/main/java/fr/insee/onyxia/model/project/Project.java
@@ -1,12 +1,21 @@
 package fr.insee.onyxia.model.project;
 
-public class Project {
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@Schema(description = "")
 
+public class Project {
+    @Schema(description = "")
     private String id;
+    @Schema(description = "If not null, this project belong to this group name.")
     private String group;
+    @Schema(description = "If not null, this project have this bucket")
     private String bucket;
+    @Schema(description = "If not null, this project have this deployment environment.")
     private String namespace;
+    @Schema(description = "This project have this name")
     private String name;
+    @Schema(description = "This project have this vault top dir")
     private String vaultTopDir;
 
     public String getId() {

diff --git a/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java b/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java
@@ -158,6 +158,7 @@ public static enum AuthenticationMode {
 
 	private Service.ServiceType type;
 	private boolean singleNamespace = true;
+	private boolean userNamespace = true;
 	private String namespacePrefix = "user-";
 	private String groupNamespacePrefix = "projet-";
 	private String usernamePrefix;
@@ -315,6 +316,14 @@ public void setSingleNamespace(boolean singleNamespace) {
 	    this.singleNamespace = singleNamespace;
 	}
 
+	public boolean isUserNamespace() {
+	    return userNamespace;
+	}
+
+	public void setUserNamespace(boolean userNamespace) {
+	    this.userNamespace = userNamespace;
+	}
+
 	public Service.ServiceType getType() {
 	    return type;
 	}