mirror of
https://github.com/gitpod-io/gitpod.git
synced 2025-12-08 17:36:30 +00:00
e9aae6e497
* [docker-up] Minor fixes and add tests Tool: gitpod/catfood.gitpod.cloud * [image-builder-bob] Tests&fixes from an experimental PR Tool: gitpod/catfood.gitpod.cloud * [supervisor, ws-manager] Write docker credentials into client config file if passed into workspace Tool: gitpod/catfood.gitpod.cloud * [server] Introduce project.settings.enableDockerdAuthentication and expose it on the API Tool: gitpod/catfood.gitpod.cloud * [dashboard] Add "Docker registry authentication" toggle under projects/env vars Tool: gitpod/catfood.gitpod.cloud * [server] Guard project.settings.enableDockerdAuthentication by org write_settings permission Tool: gitpod/catfood.gitpod.cloud * review comments with cleanup + small fixes Tool: gitpod/catfood.gitpod.cloud
99 lines
3.2 KiB
Go
99 lines
3.2 KiB
Go
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
|
|
// Licensed under the GNU Affero General Public License (AGPL).
|
|
// See License.AGPL.txt in the project root for license information.
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
|
|
"github.com/containerd/containerd/remotes/docker"
|
|
"github.com/distribution/reference"
|
|
"github.com/spf13/cobra"
|
|
|
|
log "github.com/gitpod-io/gitpod/common-go/log"
|
|
"github.com/gitpod-io/gitpod/image-builder/bob/pkg/proxy"
|
|
)
|
|
|
|
var proxyOpts struct {
|
|
BaseRef, TargetRef string
|
|
Auth string
|
|
AdditionalAuth string
|
|
}
|
|
|
|
// proxyCmd represents the build command
|
|
var proxyCmd = &cobra.Command{
|
|
Use: "proxy",
|
|
Short: "Runs an authenticating proxy",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
log.Init("bob", "", true, os.Getenv("SUPERVISOR_DEBUG_ENABLE") == "true")
|
|
log := log.WithField("command", "proxy")
|
|
|
|
authP, err := proxy.NewAuthorizerFromDockerEnvVar(proxyOpts.Auth)
|
|
if err != nil {
|
|
log.WithError(err).WithField("auth", proxyOpts.Auth).Fatal("cannot unmarshal auth")
|
|
}
|
|
authA, err := proxy.NewAuthorizerFromEnvVar(proxyOpts.AdditionalAuth)
|
|
if err != nil {
|
|
log.WithError(err).WithField("additionalAuth", proxyOpts.AdditionalAuth).Fatal("cannot unmarshal additionalAuth")
|
|
}
|
|
authP = authP.AddIfNotExists(authA)
|
|
|
|
baseref, err := reference.ParseNormalizedNamed(proxyOpts.BaseRef)
|
|
if err != nil {
|
|
log.WithError(err).Fatal("cannot parse base ref")
|
|
}
|
|
var basetag string
|
|
if r, ok := baseref.(reference.NamedTagged); ok {
|
|
basetag = r.Tag()
|
|
}
|
|
targetref, err := reference.ParseNormalizedNamed(proxyOpts.TargetRef)
|
|
if err != nil {
|
|
log.WithError(err).Fatal("cannot parse target ref")
|
|
}
|
|
var targettag string
|
|
if r, ok := targetref.(reference.NamedTagged); ok {
|
|
targettag = r.Tag()
|
|
}
|
|
|
|
auth := func() docker.Authorizer { return docker.NewDockerAuthorizer(docker.WithAuthCreds(authP.Authorize)) }
|
|
mirrorAuth := func() docker.Authorizer { return docker.NewDockerAuthorizer(docker.WithAuthCreds(authA.Authorize)) }
|
|
prx, err := proxy.NewProxy(&url.URL{Host: "localhost:8080", Scheme: "http"}, map[string]proxy.Repo{
|
|
"base": {
|
|
Host: reference.Domain(baseref),
|
|
Repo: reference.Path(baseref),
|
|
Tag: basetag,
|
|
Auth: auth,
|
|
},
|
|
"target": {
|
|
Host: reference.Domain(targetref),
|
|
Repo: reference.Path(targetref),
|
|
Tag: targettag,
|
|
Auth: auth,
|
|
},
|
|
}, mirrorAuth)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
http.Handle("/", prx)
|
|
log.Info("starting bob proxy on :8080")
|
|
err = http.ListenAndServe(":8080", nil)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
},
|
|
}
|
|
|
|
func init() {
|
|
rootCmd.AddCommand(proxyCmd)
|
|
|
|
// These env vars start with `WORKSPACEKIT_` so that they aren't passed on to ring2
|
|
proxyCmd.Flags().StringVar(&proxyOpts.BaseRef, "base-ref", os.Getenv("WORKSPACEKIT_BOBPROXY_BASEREF"), "ref of the base image")
|
|
proxyCmd.Flags().StringVar(&proxyOpts.TargetRef, "target-ref", os.Getenv("WORKSPACEKIT_BOBPROXY_TARGETREF"), "ref of the target image")
|
|
proxyCmd.Flags().StringVar(&proxyOpts.Auth, "auth", os.Getenv("WORKSPACEKIT_BOBPROXY_AUTH"), "authentication to use")
|
|
proxyCmd.Flags().StringVar(&proxyOpts.AdditionalAuth, "additional-auth", os.Getenv("WORKSPACEKIT_BOBPROXY_ADDITIONALAUTH"), "additional authentication to use")
|
|
}
|