feat(sessions): add allowlist for interactive session images (#582)

[mdonadoni]

Closes #569

[codecov]

Codecov Report

Attention: Patch coverage is 74.46809% with 12 lines in your changes are missing coverage. Please review.

Project coverage is 73.38%. Comparing base (13d1c5d) to head (4f0fc6c).

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #582      +/-   ##
==========================================
- Coverage   73.39%   73.38%   -0.01%     
==========================================
  Files          15       15              
  Lines        1372     1413      +41     
==========================================
+ Hits         1007     1037      +30     
- Misses        365      376      +11     

Files	Coverage Δ
reana_workflow_controller/k8s.py	88.03% <ø> (-0.11%)	⬇️
...eana_workflow_controller/rest/workflows_session.py	72.72% <ø> (ø)
reana_workflow_controller/workflow_run_manager.py	81.11% <89.65%> (+1.40%)	⬆️
reana_workflow_controller/config.py	85.48% <50.00%> (-14.52%)	⬇️

[mdonadoni]

This works well also with reana-client, but there is currently no way to see which images are allowed directly from the CLI.
Should I implement a new command in reana-client, or do we want to use reana-client info?

Finally, the list of allowed images is now returned by /config, which is an endpoint that does not require the user to be authenticated, as it's supposed to return the configuration of the web UI. Do we want to create a new authenticated endpoint just to serve the configuration of interactive sessions? Or maybe should we use /info?
Note that /config seems to be only used in the UI, while /info only by reana-client.

[tiborsimko]

Can we amend this to be ready for situations where the configuration is empty?

For example, some site may want to prevent opening of notebooks altogether by configuring:

interactive_sessions:
  environments:
    jupyter:
      recommended:
      allow_custom: false

This currently leads to a traceback when starting reana-workflow-controller:

Traceback (most recent call last):
  File "/code/./reana_workflow_controller/app.py", line 17, in <module>
    app = create_app()
  File "/code/./reana_workflow_controller/factory.py", line 49, in create_app
    app.config.from_object("reana_workflow_controller.config")
  File "/usr/local/lib/python3.8/dist-packages/flask/config.py", line 227, in from_object
    obj = import_string(obj)
  File "/usr/local/lib/python3.8/dist-packages/werkzeug/utils.py", line 595, in import_string
    __import__(import_name)
  File "/code/./reana_workflow_controller/config.py", line 180, in <module>
    REANA_INTERACTIVE_SESSIONS_RECOMMENDED_IMAGES = {
  File "/code/./reana_workflow_controller/config.py", line 181, in <dictcomp>
    type_: {recommended["image"] for recommended in config["recommended"]}
TypeError: 'NoneType' object is not iterable

This means that the REANA would be basically down if people misconfigure the recommended images section.

Can you make the YAML value detection more robust to prevent these cases? E.g. we could use something like config.get("recommended", []) and such. We should also assume that "image" part might be misconfigured.

[mdonadoni]

Done, it should now be more robust in case of missing recommended images, missing allow_custom, both here and in reana-ui