gitpod-io · roboquat · Jul 6, 2022 · Jul 1, 2022 · Jun 30, 2022
diff --git a/components/BUILD.yaml b/components/BUILD.yaml
@@ -72,6 +72,7 @@ packages:
       - components/ws-proxy:docker
       - components/ide-proxy:docker
       - components/kots-config-check/database:docker
+      - components/kots-config-check/registry:docker
       - components/kots-config-check/storage:docker
       - test:docker
       - dev/version-manifest:app

diff --git a/components/kots-config-check/registry/BUILD.yaml b/components/kots-config-check/registry/BUILD.yaml
@@ -0,0 +1,29 @@
+packages:
+  - name: app
+    type: go
+    srcs:
+      - go.mod
+      - go.sum
+      - "**/*.go"
+    env:
+      - CGO_ENABLED=0
+    config:
+      packaging: app
+      buildCommand: ["go", "build", "-trimpath", "-ldflags", "-buildid= -w -s -X 'github.com/gitpod-io/gitpod/kots-config-check/registry/cmd.Version=commit-${__git_commit}'"]
+  - name: docker
+    type: docker
+    deps:
+      - :app
+    argdeps:
+      - imageRepoBase
+    srcs:
+      - entrypoint.sh
+    config:
+      buildArgs:
+        VERSION: ${version}
+      dockerfile: leeway.Dockerfile
+      metadata:
+        helm-component: kots-config-check.registry
+      image:
+        - ${imageRepoBase}/kots-config-check/registry:${version}
+        - ${imageRepoBase}/kots-config-check/registry:commit-${__git_commit}
diff --git a/components/kots-config-check/registry/cmd/check.go b/components/kots-config-check/registry/cmd/check.go
@@ -0,0 +1,77 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License-AGPL.txt in the project root for license information.
+
+package cmd
+
+import (
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/heroku/docker-registry-client/registry"
+	"github.com/spf13/cobra"
+)
+
+var checkOpts struct {
+	Username      string
+	Password      string
+	ServerAddress string
+	InCluster     bool
+}
+
+// @link https://cloud.google.com/container-registry/docs/pushing-and-pulling#add-registry
+var gcpUrls = []string{
+	"gcr.io",
+	"asia.gcr.io",
+	"eu.gcr.io",
+	"us.gcr.io",
+}
+
+// Google registries must use the hostname for the authentication to be accurately checked
+func checkGoogleAddress(address *url.URL, googleRegistry string) error {
+	if strings.HasPrefix(address.Path, googleRegistry) && address.Path != googleRegistry {
+		return fmt.Errorf("google container registries must use the address %s, not %s", googleRegistry, address.Path)
+	}
+
+	return nil
+}
+
+var checkCmd = &cobra.Command{
+	Use:   "check",
+	Short: "Checks registry connection",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if !checkOpts.InCluster {
+			serverAddress, err := url.Parse(checkOpts.ServerAddress)
+			if err != nil {
+				return err
+			}
+			if serverAddress.Scheme == "" {
+				// If no scheme, default to HTTPS
+				serverAddress.Scheme = "https"
+			}
+
+			for _, url := range gcpUrls {
+				if err := checkGoogleAddress(serverAddress, url); err != nil {
+					return err
+				}
+			}
+
+			_, err = registry.New(serverAddress.String(), checkOpts.Username, checkOpts.Password)
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(checkCmd)
+
+	checkCmd.Flags().StringVarP(&checkOpts.Username, "username", "u", "", "Registry username")
+	checkCmd.Flags().StringVarP(&checkOpts.Password, "password", "p", "", "Registry password")
+	checkCmd.Flags().StringVarP(&checkOpts.ServerAddress, "server-address", "s", "", "Registry server address")
+	checkCmd.Flags().BoolVar(&checkOpts.InCluster, "in-cluster", false, "Registry in-cluster")
+}
diff --git a/components/kots-config-check/registry/cmd/root.go b/components/kots-config-check/registry/cmd/root.go
@@ -0,0 +1,26 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License-AGPL.txt in the project root for license information.
+
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+var (
+	// ServiceName is the name we use for tracing/logging
+	ServiceName = "registry"
+	// Version of this service - set during build
+	Version = ""
+)
+
+// rootCmd represents the base command when called without any subcommands
+var rootCmd = &cobra.Command{
+	Use:   ServiceName,
+	Short: "This validates a Docker v2 registry connection string",
+}
+
+func Execute() {
+	cobra.CheckErr(rootCmd.Execute())
+}
diff --git a/components/kots-config-check/registry/entrypoint.sh b/components/kots-config-check/registry/entrypoint.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+# Licensed under the GNU Affero General Public License (AGPL).
+# See License-AGPL.txt in the project root for license information.
+
+set -euo pipefail
+
+REG_IN_CLUSTER_ENABLED="${1:-""}"
+REG_USERNAME="${2:-""}"
+REG_PASSWORD="${3:-""}"
+REG_URL="${4:-""}"
+REG_SERVER="${5:-""}"
+REG_IN_CLUSTER_S3_ENABLED="${6:-""}"
+REG_STORE_LOCATION="${7:-""}"
+REG_S3_ENDPOINT="${8:-""}"
+REG_S3_ACCESS_KEY_ID="${9:-""}"
+REG_S3_SECRET_ACCESS_KEY="${10:-""}"
+REG_S3_BUCKET_NAME="${11:-""}"
+
+connection="false"
+s3connection="false"
+
+REG_TYPE="incluster"
+if [ "${REG_IN_CLUSTER_ENABLED}" == "0" ]; then
+  REG_TYPE="external"
+fi
+
+case "${REG_TYPE}" in
+  external)
+    echo "Using external registry"
+
+    REG_SERVER_ADDRESS="${REG_URL}"
+    if [ "${REG_SERVER}" != "" ]; then
+      REG_SERVER_ADDRESS="${REG_SERVER}"
+    fi
+
+    # Check the registry connection
+    if /app/registry \
+      check \
+      --server-address="${REG_SERVER_ADDRESS}" \
+      --username="${REG_USERNAME}" \
+      --password="${REG_PASSWORD}"; then
+      connection="true"
+    fi
+
+    s3connection="true"
+    ;;
+  incluster)
+    echo "Using in-cluster registry"
+    connection="true"
+
+    # This is "true" or "false" not "1" or "0"
+    if [ "${REG_IN_CLUSTER_S3_ENABLED}" == "true" ]; then
+      # The Azure and GCP arguments are ignored - use variable names so it's readable
+      if bash /storage.sh \
+        "s3" \
+        "${REG_STORE_LOCATION}" \
+        "AZURE_ACCOUNT_NAME" \
+        "AZURE_ACCESS_KEY" \
+        "GCP_PROJECT_ID" \
+        "GCP_SERVICE_ACCOUNT_KEY" \
+        "${REG_S3_ENDPOINT}" \
+        "${REG_S3_ACCESS_KEY_ID}" \
+        "${REG_S3_SECRET_ACCESS_KEY}" \
+        "${REG_S3_BUCKET_NAME}"; then
+        s3connection="true"
+      fi
+    else
+      s3connection="true"
+    fi
+    ;;
+  *)
+    echo "Unknown registry type: '${REG_TYPE}'"
+    exit 1
+    ;;
+esac
+
+if [ "${connection}" = "true" ]; then
+  echo "registry: ok"
+else
+  echo "registry: error"
+fi
+if [ "${s3connection}" = "true" ]; then
+  echo "s3: ok"
+else
+  echo "s3: error"
+fi
diff --git a/components/kots-config-check/registry/go.mod b/components/kots-config-check/registry/go.mod
@@ -0,0 +1,19 @@
+module github.com/gitpod-io/gitpod/kots-config-check/registry
+
+go 1.18
+
+require (
+	github.com/heroku/docker-registry-client v0.0.0-20211012143308-9463674c8930
+	github.com/spf13/cobra v1.5.0
+)
+
+require (
+	github.com/docker/distribution v0.0.0-20171011171712-7484e51bf6af // indirect
+	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
+	github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
+	github.com/sirupsen/logrus v1.4.2 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/sys v0.0.0-20190422165155-953cdadca894 // indirect
+)