KASM Integration Documentation
KASM is a cloud desktop/workspace platform that provides students with browser-accessible Ubuntu development environments. In this system, KASM is hosted at https://kasm.opencodingsociety.com and is integrated with the Flask backend so that workspace accounts are automatically provisioned and managed alongside the main user database.
How KASM Fits Into the System
When a student registers through the Flask API, their account is created in the application database and a corresponding KASM workspace account is created via the KASM REST API. This means students get a cloud Ubuntu environment automatically — no manual setup required on the instructor side.
The Spring backend tracks a kasmServerNeeded boolean flag per user (on the Person entity), which signals whether that user should receive a KASM workspace during provisioning.
Student registers (Flask)
↓
Flask creates DB user
↓
KasmUser.post() called
↓
KASM API → create workspace account
↓
(optional) KasmUser.post_groups() → assign to class group
Configuration
KASM credentials are set via environment variables read in flask-tracking/init.py:
| Variable |
Description |
KASM_SERVER |
Base URL of the KASM server (default: https://kasm.opencodingsociety.com) |
KASM_API_KEY |
API key for authenticating with KASM |
KASM_API_KEY_SECRET |
Secret for the API key |
Key Files
Flask KASM Model (model/kasm.py)
Two classes handle KASM operations:
KasmUtils — low-level API wrapper
Static methods that map directly to KASM API endpoints:
get_config() — reads and validates credentials from environment
authenticate(config) — verifies credentials against the KASM server
get_users(config) — lists all KASM users
get_user_id(users, uid) — finds a user by username
create_user() — creates a new workspace account
update_user_password() — resets a user's password
update_user_name() — updates display name fields
get_user_details() — fetches user info from KASM
delete_user() — removes a workspace account
update_user_group() — assigns a user to a KASM group
get_groups() — lists all KASM groups
KasmUser — high-level lifecycle interface
Wraps KasmUtils into idempotent operations tied to the application's user model:
post() — creates the KASM user if they don't exist; updates credentials if they do
post_groups() — assigns the user to one or more KASM groups (used to organize by class/section)
delete() — removes the user from KASM
Flask Routes
| Method |
Route |
Description |
GET |
/kasm_users |
Renders the admin UI showing all KASM users |
DELETE |
/delete_user/<user_id> |
Removes a user from KASM |
All KASM user deletions and updates are captured by the log filtering rules in tracking-database-automator/filter.py (patterns /delete_user/ and /update_user/) so they appear in the security audit logs.
KASM Group Assignment
After creating a user, KasmUser.post_groups() can assign them to a KASM group. Groups map to classes or sections (e.g., APCSP, CSA), giving instructors a way to apply workspace policies or resource limits per cohort.
Monitoring & Audit Trail
The tracking-database-automator captures all KASM-related activity:
- Any
DELETE /delete_user/... or PUT /update_user/... request hitting Flask is filtered as a security-relevant event and written to logs/important/
- This gives an audit trail of all KASM account changes alongside the rest of the system's security log
KASM Integration Documentation
KASM is a cloud desktop/workspace platform that provides students with browser-accessible Ubuntu development environments. In this system, KASM is hosted at
https://kasm.opencodingsociety.comand is integrated with the Flask backend so that workspace accounts are automatically provisioned and managed alongside the main user database.How KASM Fits Into the System
When a student registers through the Flask API, their account is created in the application database and a corresponding KASM workspace account is created via the KASM REST API. This means students get a cloud Ubuntu environment automatically — no manual setup required on the instructor side.
The Spring backend tracks a
kasmServerNeededboolean flag per user (on thePersonentity), which signals whether that user should receive a KASM workspace during provisioning.Configuration
KASM credentials are set via environment variables read in flask-tracking/init.py:
KASM_SERVERhttps://kasm.opencodingsociety.com)KASM_API_KEYKASM_API_KEY_SECRETKey Files
kasmServerNeededflag on the user entityFlask KASM Model (
model/kasm.py)Two classes handle KASM operations:
KasmUtils— low-level API wrapperStatic methods that map directly to KASM API endpoints:
get_config()— reads and validates credentials from environmentauthenticate(config)— verifies credentials against the KASM serverget_users(config)— lists all KASM usersget_user_id(users, uid)— finds a user by usernamecreate_user()— creates a new workspace accountupdate_user_password()— resets a user's passwordupdate_user_name()— updates display name fieldsget_user_details()— fetches user info from KASMdelete_user()— removes a workspace accountupdate_user_group()— assigns a user to a KASM groupget_groups()— lists all KASM groupsKasmUser— high-level lifecycle interfaceWraps
KasmUtilsinto idempotent operations tied to the application's user model:post()— creates the KASM user if they don't exist; updates credentials if they dopost_groups()— assigns the user to one or more KASM groups (used to organize by class/section)delete()— removes the user from KASMFlask Routes
GET/kasm_usersDELETE/delete_user/<user_id>All KASM user deletions and updates are captured by the log filtering rules in tracking-database-automator/filter.py (patterns
/delete_user/and/update_user/) so they appear in the security audit logs.KASM Group Assignment
After creating a user,
KasmUser.post_groups()can assign them to a KASM group. Groups map to classes or sections (e.g., APCSP, CSA), giving instructors a way to apply workspace policies or resource limits per cohort.Monitoring & Audit Trail
The tracking-database-automator captures all KASM-related activity:
DELETE /delete_user/...orPUT /update_user/...request hitting Flask is filtered as a security-relevant event and written tologs/important/