diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml index 780fdc2ad..2943c2cd5 100644 --- a/deploy/tasks/buildah-oci-ta.yaml +++ b/deploy/tasks/buildah-oci-ta.yaml @@ -135,55 +135,55 @@ spec: description: The buildah image to use. type: string default: quay.io/konflux-ci/buildah-task:latest@sha256:5cbd487022fb7ac476cbfdea25513b810f7e343ec48f89dc6a4e8c3c39fa37a2 - - name: DOMAIN_PROXY + - name: ENABLE_DOMAIN_PROXY description: Determines if domain proxy will be used when hermetic mode is enabled. type: string default: "false" - - name: BYTE_BUFFER_SIZE + - name: DOMAIN_PROXY_BYTE_BUFFER_SIZE description: The byte buffer size to use for the domain proxy. type: string default: 32768 - - name: DOMAIN_SOCKET + - name: DOMAIN_PROXY_DOMAIN_SOCKET description: The domain socket to use for the domain proxy. type: string default: /tmp/domain-socket.sock - - name: CONNECTION_TIMEOUT + - name: DOMAIN_PROXY_CONNECTION_TIMEOUT description: The connection timeout in milliseconds to use for the domain proxy. type: string default: 10000 - - name: IDLE_TIMEOUT + - name: DOMAIN_PROXY_IDLE_TIMEOUT description: The idle timeout in milliseconds to use for the domain proxy. type: string default: 30000 - - name: PROXY_TARGET_WHITELIST + - name: DOMAIN_PROXY_TARGET_WHITELIST description: Comma separated whitelist of target hosts for the domain proxy. type: string default: "" - - name: INTERNAL_PROXY + - name: DOMAIN_PROXY_ENABLE_INTERNAL_PROXY description: Determines if internal proxy will be used when domain proxy is enabled. type: string default: "false" - - name: INTERNAL_PROXY_HOST + - name: DOMAIN_PROXY_INTERNAL_PROXY_HOST description: Host of proxy used internally by the domain proxy. type: string default: "" - - name: INTERNAL_PROXY_PORT + - name: DOMAIN_PROXY_INTERNAL_PROXY_PORT description: Port of proxy used internally by the domain proxy. type: string default: "" - - name: INTERNAL_PROXY_USER + - name: DOMAIN_PROXY_INTERNAL_PROXY_USER description: User of proxy used internally by the domain proxy. type: string default: "" - - name: INTERNAL_PROXY_PASSWORD + - name: DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD description: Password of proxy used internally by the domain proxy. type: string default: "" - - name: INTERNAL_NON_PROXY_HOSTS + - name: DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS description: Comma separated list of target hosts that bypass the proxy used internally by the domain proxy. type: string default: "" - - name: SERVER_HTTP_PORT + - name: DOMAIN_PROXY_HTTP_PORT description: The HTTP port to use for the domain proxy. type: string default: 8080 @@ -272,32 +272,32 @@ spec: value: $(params.YUM_REPOS_D_SRC) - name: YUM_REPOS_D_TARGET value: $(params.YUM_REPOS_D_TARGET) - - name: DOMAIN_PROXY - value: $(params.DOMAIN_PROXY) - - name: BYTE_BUFFER_SIZE - value: $(params.BYTE_BUFFER_SIZE) - - name: DOMAIN_SOCKET - value: $(params.DOMAIN_SOCKET) - - name: CONNECTION_TIMEOUT - value: $(params.CONNECTION_TIMEOUT) - - name: IDLE_TIMEOUT - value: $(params.IDLE_TIMEOUT) - - name: PROXY_TARGET_WHITELIST - value: $(params.PROXY_TARGET_WHITELIST) - - name: INTERNAL_PROXY - value: $(params.INTERNAL_PROXY) - - name: INTERNAL_PROXY_HOST - value: $(params.INTERNAL_PROXY_HOST) - - name: INTERNAL_PROXY_PORT - value: $(params.INTERNAL_PROXY_PORT) - - name: INTERNAL_PROXY_USER - value: $(params.INTERNAL_PROXY_USER) - - name: INTERNAL_PROXY_PASSWORD - value: $(params.INTERNAL_PROXY_PASSWORD) - - name: INTERNAL_NON_PROXY_HOSTS - value: $(params.INTERNAL_NON_PROXY_HOSTS) - - name: SERVER_HTTP_PORT - value: $(params.SERVER_HTTP_PORT) + - name: ENABLE_DOMAIN_PROXY + value: $(params.ENABLE_DOMAIN_PROXY) + - name: DOMAIN_PROXY_BYTE_BUFFER_SIZE + value: $(params.DOMAIN_PROXY_BYTE_BUFFER_SIZE) + - name: DOMAIN_PROXY_DOMAIN_SOCKET + value: $(params.DOMAIN_PROXY_DOMAIN_SOCKET) + - name: DOMAIN_PROXY_CONNECTION_TIMEOUT + value: $(params.DOMAIN_PROXY_CONNECTION_TIMEOUT) + - name: DOMAIN_PROXY_IDLE_TIMEOUT + value: $(params.DOMAIN_PROXY_IDLE_TIMEOUT) + - name: DOMAIN_PROXY_TARGET_WHITELIST + value: $(params.DOMAIN_PROXY_TARGET_WHITELIST) + - name: DOMAIN_PROXY_ENABLE_INTERNAL_PROXY + value: $(params.DOMAIN_PROXY_ENABLE_INTERNAL_PROXY) + - name: DOMAIN_PROXY_INTERNAL_PROXY_HOST + value: $(params.DOMAIN_PROXY_INTERNAL_PROXY_HOST) + - name: DOMAIN_PROXY_INTERNAL_PROXY_PORT + value: $(params.DOMAIN_PROXY_INTERNAL_PROXY_PORT) + - name: DOMAIN_PROXY_INTERNAL_PROXY_USER + value: $(params.DOMAIN_PROXY_INTERNAL_PROXY_USER) + - name: DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD + value: $(params.DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD) + - name: DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS + value: $(params.DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS) + - name: DOMAIN_PROXY_HTTP_PORT + value: $(params.DOMAIN_PROXY_HTTP_PORT) volumeMounts: - mountPath: /shared name: shared diff --git a/pkg/domainproxy/client/client.go b/pkg/domainproxy/client/client.go index 3cd48f8f5..09fea0ddd 100644 --- a/pkg/domainproxy/client/client.go +++ b/pkg/domainproxy/client/client.go @@ -10,10 +10,10 @@ import ( ) const ( - Localhost = "localhost" - ServerHttpPortKey = "SERVER_HTTP_PORT" - DefaultServerHttpPort = 8080 - HttpToDomainSocket = "HTTP <-> Domain Socket" + Localhost = "localhost" + HttpPortKey = "DOMAIN_PROXY_HTTP_PORT" + DefaultHttpPort = 8080 + HttpToDomainSocket = "HTTP <-> Domain Socket" ) var logger = NewLogger("Domain Proxy Client") @@ -21,7 +21,7 @@ var common = NewCommon(logger) type DomainProxyClient struct { sharedParams SharedParams - serverHttpPort int + httpPort int httpConnectionCounter atomic.Uint64 listener net.Listener shutdownContext context.Context @@ -32,7 +32,7 @@ func NewDomainProxyClient() *DomainProxyClient { shutdownContext, initiateShutdown := context.WithCancel(context.Background()) return &DomainProxyClient{ sharedParams: common.NewSharedParams(), - serverHttpPort: getServerHttpPort(), + httpPort: getHttpPort(), shutdownContext: shutdownContext, initiateShutdown: initiateShutdown, } @@ -41,7 +41,7 @@ func NewDomainProxyClient() *DomainProxyClient { func (dpc *DomainProxyClient) Start(ready chan<- bool) { logger.Println("Starting domain proxy client...") var err error - dpc.listener, err = net.Listen(TCP, fmt.Sprintf("%s:%d", Localhost, dpc.serverHttpPort)) + dpc.listener, err = net.Listen(TCP, fmt.Sprintf("%s:%d", Localhost, dpc.httpPort)) if err != nil { logger.Fatalf("Failed to start HTTP server: %v", err) } @@ -49,7 +49,7 @@ func (dpc *DomainProxyClient) Start(ready chan<- bool) { } func (dpc *DomainProxyClient) startClient(ready chan<- bool) { - logger.Printf("HTTP server listening on port %d", dpc.serverHttpPort) + logger.Printf("HTTP server listening on port %d", dpc.httpPort) ready <- true for { select { @@ -110,6 +110,6 @@ func (dpc *DomainProxyClient) Stop() { } } -func getServerHttpPort() int { - return common.GetIntEnvVariable(ServerHttpPortKey, DefaultServerHttpPort) +func getHttpPort() int { + return common.GetIntEnvVariable(HttpPortKey, DefaultHttpPort) } diff --git a/pkg/domainproxy/common/common.go b/pkg/domainproxy/common/common.go index 89b453891..758a91d24 100644 --- a/pkg/domainproxy/common/common.go +++ b/pkg/domainproxy/common/common.go @@ -13,13 +13,13 @@ import ( ) const ( - ByteBufferSizeKey = "BYTE_BUFFER_SIZE" + ByteBufferSizeKey = "DOMAIN_PROXY_BYTE_BUFFER_SIZE" DefaultByteBufferSize = 32768 - DomainSocketKey = "DOMAIN_SOCKET" + DomainSocketKey = "DOMAIN_PROXY_DOMAIN_SOCKET" DefaultDomainSocket = "/tmp/domain-socket.sock" - ConnectionTimeoutKey = "CONNECTION_TIMEOUT" + ConnectionTimeoutKey = "DOMAIN_PROXY_CONNECTION_TIMEOUT" DefaultConnectionTimeout = 10000 * time.Millisecond - IdleTimeoutKey = "IDLE_TIMEOUT" + IdleTimeoutKey = "DOMAIN_PROXY_IDLE_TIMEOUT" DefaultIdleTimeout = 30000 * time.Millisecond TCP = "tcp" UNIX = "unix" diff --git a/pkg/domainproxy/integration/domainproxy_test.go b/pkg/domainproxy/integration/domainproxy_test.go index 3f182c904..d5bed4958 100644 --- a/pkg/domainproxy/integration/domainproxy_test.go +++ b/pkg/domainproxy/integration/domainproxy_test.go @@ -142,8 +142,8 @@ func stopInternalProxyServer(t *testing.T, internalProxyServer *http.Server) { func commonTestBehaviour(t *testing.T, qualifier string) { // Set env variables t.Setenv(DomainSocketKey, getRandomDomainSocket()) - t.Setenv(ServerHttpPortKey, DomainProxyPort) - t.Setenv(ProxyTargetWhitelistKey, "127.0.0.1,foo.bar") + t.Setenv(HttpPortKey, DomainProxyPort) + t.Setenv(TargetWhitelistKey, "127.0.0.1,foo.bar") // Start services domainProxyServer, domainProxyClient := startDomainProxy() defer stopDomainProxy(domainProxyServer, domainProxyClient) @@ -304,7 +304,7 @@ func commonInternalProxyTestBehaviour(t *testing.T, qualifier string, onRequestF // Start internal proxy internalProxyServer := startInternalProxyServer(t, onRequestFunction, onConnectFunction) // Set env variables - t.Setenv(InternalProxyKey, "true") + t.Setenv(EnableInternalProxyKey, "true") t.Setenv(InternalProxyHostKey, Localhost) t.Setenv(InternalProxyPortKey, InternalProxyPort) t.Setenv(InternalNonProxyHostsKey, "example.com") diff --git a/pkg/domainproxy/server/server.go b/pkg/domainproxy/server/server.go index 4890a176a..cc7d498d5 100644 --- a/pkg/domainproxy/server/server.go +++ b/pkg/domainproxy/server/server.go @@ -18,19 +18,19 @@ import ( const ( HttpPort = 80 HttpsPort = 443 - ProxyTargetWhitelistKey = "PROXY_TARGET_WHITELIST" - DefaultProxyTargetWhitelist = "localhost,repo.maven.apache.org,repository.jboss.org,packages.confluent.io,jitpack.io,repo.gradle.org,plugins.gradle.org" - InternalProxyKey = "INTERNAL_PROXY" - DefaultInternalProxy = false - InternalProxyHostKey = "INTERNAL_PROXY_HOST" + TargetWhitelistKey = "DOMAIN_PROXY_TARGET_WHITELIST" + DefaultTargetWhitelist = "neverssl.com,repo1.maven.org,localhost,repo.maven.apache.org,repository.jboss.org,packages.confluent.io,jitpack.io,repo.gradle.org,plugins.gradle.org" + EnableInternalProxyKey = "DOMAIN_PROXY_ENABLE_INTERNAL_PROXY" + DefaultEnableInternalProxy = false + InternalProxyHostKey = "DOMAIN_PROXY_INTERNAL_PROXY_HOST" DefaultInternalProxyHost = "indy-generic-proxy" - InternalProxyPortKey = "INTERNAL_PROXY_PORT" + InternalProxyPortKey = "DOMAIN_PROXY_INTERNAL_PROXY_PORT" DefaultInternalProxyPort = 80 - InternalProxyUserKey = "INTERNAL_PROXY_USER" + InternalProxyUserKey = "DOMAIN_PROXY_INTERNAL_PROXY_USER" DefaultInternalProxyUser = "" - InternalProxyPasswordKey = "INTERNAL_PROXY_PASSWORD" + InternalProxyPasswordKey = "DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD" DefaultInternalProxyPassword = "" - InternalNonProxyHostsKey = "INTERNAL_NON_PROXY_HOSTS" + InternalNonProxyHostsKey = "DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS" DefaultInternalNonProxyHosts = "localhost" DomainSocketToHttp = "Domain Socket <-> HTTP" DomainSocketToHttps = "Domain Socket <-> HTTPS" @@ -41,8 +41,8 @@ var common = NewCommon(logger) type DomainProxyServer struct { sharedParams SharedParams - proxyTargetWhitelist map[string]bool - internalProxy bool + targetWhitelist map[string]bool + enableInternalProxy bool internalProxyHost string internalProxyPort int internalProxyUser string @@ -59,8 +59,8 @@ func NewDomainProxyServer() *DomainProxyServer { runningContext, initiateShutdown := context.WithCancel(context.Background()) return &DomainProxyServer{ sharedParams: common.NewSharedParams(), - proxyTargetWhitelist: getProxyTargetWhitelist(), - internalProxy: getInternalProxy(), + targetWhitelist: getTargetWhitelist(), + enableInternalProxy: getEnableInternalProxy(), internalProxyHost: getInternalProxyHost(), internalProxyPort: getInternalProxyPort(), internalProxyUser: getInternalProxyUser(), @@ -306,7 +306,7 @@ func getTargetHostAndPort(host string, defaultPort int) (string, int) { } func (dps *DomainProxyServer) isTargetWhitelisted(targetHost string, writer http.ResponseWriter) bool { - if !dps.proxyTargetWhitelist[targetHost] { + if !dps.targetWhitelist[targetHost] { message := fmt.Sprintf("Target host %s is not whitelisted", targetHost) logger.Println(message) http.Error(writer, message, http.StatusForbidden) @@ -316,7 +316,7 @@ func (dps *DomainProxyServer) isTargetWhitelisted(targetHost string, writer http } func (dps *DomainProxyServer) useInternalProxy(targetHost string) bool { - if dps.internalProxy { + if dps.enableInternalProxy { if !dps.internalNonProxyHosts[targetHost] { return true } else { @@ -388,12 +388,12 @@ func (rw *responseWriter) WriteHeader(statusCode int) { } } -func getProxyTargetWhitelist() map[string]bool { - return common.GetCsvEnvVariable(ProxyTargetWhitelistKey, DefaultProxyTargetWhitelist) +func getTargetWhitelist() map[string]bool { + return common.GetCsvEnvVariable(TargetWhitelistKey, DefaultTargetWhitelist) } -func getInternalProxy() bool { - return common.GetBoolEnvVariable(InternalProxyKey, DefaultInternalProxy) +func getEnableInternalProxy() bool { + return common.GetBoolEnvVariable(EnableInternalProxyKey, DefaultEnableInternalProxy) } func getInternalProxyHost() string { diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index 75f8bca0c..8cec863c6 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -546,49 +546,49 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi }, }, { - Name: "DOMAIN_PROXY", + Name: "ENABLE_DOMAIN_PROXY", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: "true", }, }, { - Name: "PROXY_TARGET_WHITELIST", + Name: "DOMAIN_PROXY_TARGET_WHITELIST", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: whitelistUrl.Host + ",localhost,cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com", }, }, { - Name: "INTERNAL_PROXY_HOST", + Name: "DOMAIN_PROXY_INTERNAL_PROXY_HOST", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: "indy-generic-proxy", }, }, { - Name: "INTERNAL_PROXY_PORT", + Name: "DOMAIN_PROXY_INTERNAL_PROXY_PORT", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: "80", }, }, { - Name: "INTERNAL_PROXY_USER", + Name: "DOMAIN_PROXY_INTERNAL_PROXY_USER", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: buildId + "+tracking", }, }, { - Name: "INTERNAL_PROXY_PASSWORD", + Name: "DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: "${ACCESS_TOKEN}", // TODO how to get the access token value? }, }, { - Name: "INTERNAL_NON_PROXY_HOSTS", + Name: "DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS", Value: tektonpipeline.ParamValue{ Type: tektonpipeline.ParamTypeString, StringVal: whitelistUrl.Host + ",localhost",