Merge branch 'release/v3.3.0' into main

cloudogu · Jan 27, 2025 · 39e4a68 · 39e4a68
2 parents 740e6f6 + d095381
commit 39e4a68
Show file tree

Hide file tree

Showing 11 changed files with 335 additions and 83 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,14 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [v3.3.0] - 2025-01-27
+### Added
+- [#128] Proxy support for dogu, container and helm registry.
+  - If configured via `.setup.env.proxy` the setup creates a secret `ces-proxy` with the fully url and uses this proxy to query the dogu registry.
+  Other components e.g. component-operator uses the url from the secret too if available.
+  In general if you use this proxy configuration you should also set the proxy for the dogus via the global config in the setup json.
+  See [setup json documentation](https://docs.cloudogu.com/en/docs/system-components/ces-setup/operations/setup-json/#section-config_globalproxy).
+
 ## [v3.2.2] - 2024-12-19
 ### Fixed
 - [#101] Fix CVE-2024-45337

diff --git a/Dockerfile b/Dockerfile
@@ -30,7 +30,7 @@ RUN make compile-generic
 FROM gcr.io/distroless/static:nonroot
 LABEL maintainer="[email protected]" \
       NAME="k8s-ces-setup" \
-      VERSION="3.2.2"
+      VERSION="3.3.0"
 
 WORKDIR /
 

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 # Set these to the desired values
 ARTIFACT_ID=k8s-ces-setup
-VERSION=3.2.2
+VERSION=3.3.0
 
 GOTAG?=1.23.2
 MAKEFILES_VERSION=9.3.2

diff --git a/app/setup/executor.go b/app/setup/executor.go
@@ -9,7 +9,10 @@ import (
 	k8sreg "github.com/cloudogu/k8s-registry-lib/repository"
 	remotedogudescriptor "github.com/cloudogu/remote-dogu-descriptor-lib/repository"
 	"maps"
+	"net/url"
+	"os"
 	"slices"
+	"strconv"
 	"strings"
 
 	"github.com/cloudogu/cesapp-lib/core"
@@ -59,7 +62,12 @@ func NewExecutor(clusterConfig *rest.Config, k8sClient kubernetes.Interface, set
 		Password: setupCtx.DoguRegistryConfiguration.Password,
 	}
 
-	doguRepository, err := remotedogudescriptor.NewRemoteDoguDescriptorRepository(getRemoteConfig(setupCtx.DoguRegistryConfiguration.Endpoint, setupCtx.DoguRegistryConfiguration.URLSchema), credentials)
+	config, err := getRemoteConfig(setupCtx.DoguRegistryConfiguration.Endpoint, setupCtx.DoguRegistryConfiguration.URLSchema)
+	if err != nil {
+		return nil, err
+	}
+
+	doguRepository, err := remotedogudescriptor.NewRemoteDoguDescriptorRepository(config, credentials)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create new remote dogu repository: %w", err)
 	}
@@ -72,18 +80,55 @@ func NewExecutor(clusterConfig *rest.Config, k8sClient kubernetes.Interface, set
 	}, nil
 }
 
-func getRemoteConfig(endpoint string, urlSchema string) *core.Remote {
+func getRemoteConfig(endpoint string, urlSchema string) (*core.Remote, error) {
 	endpoint = strings.TrimSuffix(endpoint, "/")
 	if urlSchema == "default" {
 		endpoint = strings.TrimSuffix(endpoint, "dogus")
 		endpoint = strings.TrimSuffix(endpoint, "/")
 	}
 
+	proxyURL, b := os.LookupEnv("PROXY_URL")
+
+	proxySettings := core.ProxySettings{}
+	if b && len(proxyURL) > 0 {
+		var err error
+		if proxySettings, err = configureProxySettings(proxyURL); err != nil {
+			return nil, err
+		}
+	}
+
 	return &core.Remote{
-		Endpoint:  endpoint,
-		URLSchema: urlSchema,
-		CacheDir:  "/tmp",
+		Endpoint:      endpoint,
+		URLSchema:     urlSchema,
+		CacheDir:      "/tmp",
+		ProxySettings: proxySettings,
+	}, nil
+}
+
+func configureProxySettings(proxyURL string) (core.ProxySettings, error) {
+	parsedURL, err := url.Parse(proxyURL)
+	if err != nil {
+		return core.ProxySettings{}, fmt.Errorf("invalid proxy url: %w", err)
+	}
+
+	proxySettings := core.ProxySettings{}
+	proxySettings.Enabled = true
+	if parsedURL.User != nil {
+		proxySettings.Username = parsedURL.User.Username()
+		if password, set := parsedURL.User.Password(); set {
+			proxySettings.Password = password
+		}
 	}
+
+	proxySettings.Server = parsedURL.Hostname()
+
+	port, err := strconv.Atoi(parsedURL.Port())
+	if err != nil {
+		return core.ProxySettings{}, fmt.Errorf("invalid port %s: %w", parsedURL.Port(), err)
+	}
+	proxySettings.Port = port
+
+	return proxySettings, nil
 }
 
 // RegisterSetupSteps adds a new step to the setup

diff --git a/app/setup/executor_test.go b/app/setup/executor_test.go
@@ -332,44 +332,93 @@ func Test_getRemoteConfig(t *testing.T) {
 		urlSchema string
 	}
 	tests := []struct {
-		name string
-		args args
-		want *core.Remote
+		name    string
+		args    args
+		want    *core.Remote
+		wantErr assert.ErrorAssertionFunc
+		setEnv  func(t *testing.T)
 	}{
 		{
-			name: "test default url schema",
-			args: args{endpoint: "https://example.com/", urlSchema: "default"},
-			want: &core.Remote{Endpoint: "https://example.com", URLSchema: "default", CacheDir: "/tmp"},
+			name:    "test default url schema",
+			args:    args{endpoint: "https://example.com/", urlSchema: "default"},
+			want:    &core.Remote{Endpoint: "https://example.com", URLSchema: "default", CacheDir: "/tmp"},
+			wantErr: assert.NoError,
 		},
 		{
-			name: "test default url schema with 'dogus' suffix",
-			args: args{endpoint: "https://example.com/dogus", urlSchema: "default"},
-			want: &core.Remote{Endpoint: "https://example.com", URLSchema: "default", CacheDir: "/tmp"},
+			name:    "test default url schema with 'dogus' suffix",
+			args:    args{endpoint: "https://example.com/dogus", urlSchema: "default"},
+			want:    &core.Remote{Endpoint: "https://example.com", URLSchema: "default", CacheDir: "/tmp"},
+			wantErr: assert.NoError,
 		},
 		{
-			name: "test default url schema with 'dogus/' suffix",
-			args: args{endpoint: "https://example.com/dogus/", urlSchema: "default"},
-			want: &core.Remote{Endpoint: "https://example.com", URLSchema: "default", CacheDir: "/tmp"},
+			name:    "test default url schema with 'dogus/' suffix",
+			args:    args{endpoint: "https://example.com/dogus/", urlSchema: "default"},
+			want:    &core.Remote{Endpoint: "https://example.com", URLSchema: "default", CacheDir: "/tmp"},
+			wantErr: assert.NoError,
 		},
 		{
-			name: "test non-default url schema",
-			args: args{endpoint: "https://example.com/", urlSchema: "index"},
-			want: &core.Remote{Endpoint: "https://example.com", URLSchema: "index", CacheDir: "/tmp"},
+			name:    "test non-default url schema",
+			args:    args{endpoint: "https://example.com/", urlSchema: "index"},
+			want:    &core.Remote{Endpoint: "https://example.com", URLSchema: "index", CacheDir: "/tmp"},
+			wantErr: assert.NoError,
 		},
 		{
-			name: "test non-default url schema with 'dogus' suffix",
-			args: args{endpoint: "https://example.com/dogus", urlSchema: "index"},
-			want: &core.Remote{Endpoint: "https://example.com/dogus", URLSchema: "index", CacheDir: "/tmp"},
+			name:    "test non-default url schema with 'dogus' suffix",
+			args:    args{endpoint: "https://example.com/dogus", urlSchema: "index"},
+			want:    &core.Remote{Endpoint: "https://example.com/dogus", URLSchema: "index", CacheDir: "/tmp"},
+			wantErr: assert.NoError,
 		},
 		{
-			name: "test non-default url schema with 'dogus/' suffix",
+			name:    "test non-default url schema with 'dogus/' suffix",
+			args:    args{endpoint: "https://example.com/dogus/", urlSchema: "index"},
+			want:    &core.Remote{Endpoint: "https://example.com/dogus", URLSchema: "index", CacheDir: "/tmp"},
+			wantErr: assert.NoError,
+		},
+		{
+			name: "test with proxy",
 			args: args{endpoint: "https://example.com/dogus/", urlSchema: "index"},
-			want: &core.Remote{Endpoint: "https://example.com/dogus", URLSchema: "index", CacheDir: "/tmp"},
+			want: &core.Remote{Endpoint: "https://example.com/dogus", URLSchema: "index", CacheDir: "/tmp", ProxySettings: core.ProxySettings{
+				Enabled:  true,
+				Server:   "host",
+				Port:     3128,
+				Username: "user",
+				Password: "password",
+			}},
+			wantErr: assert.NoError,
+			setEnv: func(t *testing.T) {
+				t.Setenv("PROXY_URL", "https://user:password@host:3128")
+			},
+		},
+		{
+			name:    "test proxy invalid url",
+			args:    args{endpoint: "https://example.com/dogus/", urlSchema: "index"},
+			want:    nil,
+			wantErr: assert.Error,
+			setEnv: func(t *testing.T) {
+				t.Setenv("PROXY_URL", "://f")
+			},
+		},
+		{
+			name:    "test proxy invalid port",
+			args:    args{endpoint: "https://example.com/dogus/", urlSchema: "index"},
+			want:    nil,
+			wantErr: assert.Error,
+			setEnv: func(t *testing.T) {
+				t.Setenv("PROXY_URL", "https://user:password@host:invalid")
+			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			assert.Equalf(t, tt.want, getRemoteConfig(tt.args.endpoint, tt.args.urlSchema), "getRemoteConfig(%v, %v)", tt.args.endpoint, tt.args.urlSchema)
+			if tt.setEnv != nil {
+				tt.setEnv(t)
+			}
+
+			config, err := getRemoteConfig(tt.args.endpoint, tt.args.urlSchema)
+
+			tt.wantErr(t, err)
+
+			assert.Equalf(t, tt.want, config, "getRemoteConfig(%v, %v)", tt.args.endpoint, tt.args.urlSchema)
 		})
 	}
 }