From 7d8702ff8e4734f933dc2cd6ac8d4475f6acc25b Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Thu, 28 Apr 2022 15:21:49 +0000 Subject: [PATCH 1/4] Make disableDynamicAuthProviderLogin configurable This was previously hard-coded to false in the server configmap. --- install/installer/pkg/components/server/configmap.go | 10 +++++++++- .../pkg/config/v1/experimental/experimental.go | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go index 3d70ef132810e6..31b8cf16666824 100644 --- a/install/installer/pkg/components/server/configmap.go +++ b/install/installer/pkg/components/server/configmap.go @@ -48,6 +48,14 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { return nil }) + disableDynamicAuthProviderLogin := false + _ = ctx.WithExperimental(func(cfg *experimental.Config) error { + if cfg.WebApp != nil && cfg.WebApp.Server != nil { + disableDynamicAuthProviderLogin = cfg.WebApp.Server.DisableDynamicAuthProviderLogin + } + return nil + }) + githubApp := GitHubApp{} _ = ctx.WithExperimental(func(cfg *experimental.Config) error { if cfg.WebApp != nil && cfg.WebApp.Server != nil && cfg.WebApp.Server.GithubApp != nil { @@ -106,7 +114,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { return providers }(), - DisableDynamicAuthProviderLogin: false, + DisableDynamicAuthProviderLogin: disableDynamicAuthProviderLogin, MaxEnvvarPerUserCount: 4048, MaxConcurrentPrebuildsPerRef: 10, IncrementalPrebuilds: IncrementalPrebuilds{CommitHistory: 100, RepositoryPasslist: []string{}}, diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go index 2d3c3fe99a24c2..fbe1d0abe02c01 100644 --- a/install/installer/pkg/config/v1/experimental/experimental.go +++ b/install/installer/pkg/config/v1/experimental/experimental.go @@ -91,6 +91,7 @@ type ServerConfig struct { WebhookSecret string `json:"webhookSecret"` CertSecretName string `json:"certSecretName"` } `json:"githubApp"` + DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"` } type PublicAPIConfig struct { From 1535229021aff87ec2d2f589955af215924c2a5c Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Thu, 28 Apr 2022 12:02:01 +0000 Subject: [PATCH 2/4] Make enableLocalApp configurable This was previously hard-coded to true in the server configmap. --- install/installer/pkg/components/server/configmap.go | 10 +++++++++- .../pkg/config/v1/experimental/experimental.go | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go index 31b8cf16666824..14d48b14697838 100644 --- a/install/installer/pkg/components/server/configmap.go +++ b/install/installer/pkg/components/server/configmap.go @@ -56,6 +56,14 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { return nil }) + enableLocalApp := true + _ = ctx.WithExperimental(func(cfg *experimental.Config) error { + if cfg.WebApp != nil && cfg.WebApp.Server != nil { + enableLocalApp = cfg.WebApp.Server.EnableLocalApp + } + return nil + }) + githubApp := GitHubApp{} _ = ctx.WithExperimental(func(cfg *experimental.Config) error { if cfg.WebApp != nil && cfg.WebApp.Server != nil && cfg.WebApp.Server.GithubApp != nil { @@ -103,7 +111,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { MinAgeDays: 14, MinAgePrebuildDays: 7, }, - EnableLocalApp: true, + EnableLocalApp: enableLocalApp, AuthProviderConfigFiles: func() []string { providers := make([]string, 0) diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go index fbe1d0abe02c01..72293e45ad355d 100644 --- a/install/installer/pkg/config/v1/experimental/experimental.go +++ b/install/installer/pkg/config/v1/experimental/experimental.go @@ -92,6 +92,7 @@ type ServerConfig struct { CertSecretName string `json:"certSecretName"` } `json:"githubApp"` DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"` + EnableLocalApp bool `json:"enableLocalApp"` } type PublicAPIConfig struct { From 1031a7c031ab5bc4da356525004c4f41eac733f2 Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Thu, 28 Apr 2022 15:17:13 +0000 Subject: [PATCH 3/4] Make defaultBaseImageRegistryWhitelist configurable This was previously hard-coded to empty in the server configmap. --- install/installer/pkg/components/server/configmap.go | 12 +++++++++++- .../pkg/config/v1/experimental/experimental.go | 5 +++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go index 14d48b14697838..38fe06c9b65cee 100644 --- a/install/installer/pkg/components/server/configmap.go +++ b/install/installer/pkg/components/server/configmap.go @@ -64,6 +64,16 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { return nil }) + defaultBaseImageRegistryWhitelist := []string{} + _ = ctx.WithExperimental(func(cfg *experimental.Config) error { + if cfg.WebApp != nil && cfg.WebApp.Server != nil { + if cfg.WebApp.Server.DefaultBaseImageRegistryWhiteList != nil { + defaultBaseImageRegistryWhitelist = cfg.WebApp.Server.DefaultBaseImageRegistryWhiteList + } + } + return nil + }) + githubApp := GitHubApp{} _ = ctx.WithExperimental(func(cfg *experimental.Config) error { if cfg.WebApp != nil && cfg.WebApp.Server != nil && cfg.WebApp.Server.GithubApp != nil { @@ -128,7 +138,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { IncrementalPrebuilds: IncrementalPrebuilds{CommitHistory: 100, RepositoryPasslist: []string{}}, BlockNewUsers: ctx.Config.BlockNewUsers, MakeNewUsersAdmin: false, - DefaultBaseImageRegistryWhitelist: []string{}, + DefaultBaseImageRegistryWhitelist: defaultBaseImageRegistryWhitelist, RunDbDeleter: true, OAuthServer: OAuthServer{ Enabled: true, diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go index 72293e45ad355d..29036be622433e 100644 --- a/install/installer/pkg/config/v1/experimental/experimental.go +++ b/install/installer/pkg/config/v1/experimental/experimental.go @@ -91,8 +91,9 @@ type ServerConfig struct { WebhookSecret string `json:"webhookSecret"` CertSecretName string `json:"certSecretName"` } `json:"githubApp"` - DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"` - EnableLocalApp bool `json:"enableLocalApp"` + DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"` + EnableLocalApp bool `json:"enableLocalApp"` + DefaultBaseImageRegistryWhiteList []string `json:"defaultBaseImageRegistryWhitelist"` } type PublicAPIConfig struct { From 718405720ee78770999d5e6ba612b54b9b783c7c Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Fri, 29 Apr 2022 09:26:14 +0000 Subject: [PATCH 4/4] Add tests for server configmap logic Extract named structs for fields that were nested under `ServerConfig` so that they can be instantiated in tests. --- .../pkg/components/server/configmap_test.go | 115 ++++++++++++++++++ .../config/v1/experimental/experimental.go | 54 ++++---- 2 files changed, 146 insertions(+), 23 deletions(-) create mode 100644 install/installer/pkg/components/server/configmap_test.go diff --git a/install/installer/pkg/components/server/configmap_test.go b/install/installer/pkg/components/server/configmap_test.go new file mode 100644 index 00000000000000..7fba354b2b62ec --- /dev/null +++ b/install/installer/pkg/components/server/configmap_test.go @@ -0,0 +1,115 @@ +// Copyright (c) 2022 Gitpod GmbH. All rights reserved. +// Licensed under the MIT License. See License-MIT.txt in the project root for license information. + +package server + +import ( + "encoding/json" + "testing" + + "github.com/gitpod-io/gitpod/installer/pkg/common" + "github.com/gitpod-io/gitpod/installer/pkg/config/v1" + "github.com/gitpod-io/gitpod/installer/pkg/config/v1/experimental" + "github.com/gitpod-io/gitpod/installer/pkg/config/versions" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" +) + +func TestConfigMap(t *testing.T) { + type Expectation struct { + EnableLocalApp bool + DisableDynamicAuthProviderLogin bool + DefaultBaseImageRegistryWhiteList []string + WorkspaceImage string + JWTSecret string + SessionSecret string + GitHubApp experimental.GithubApp + } + + expectation := Expectation{ + EnableLocalApp: true, + DisableDynamicAuthProviderLogin: true, + DefaultBaseImageRegistryWhiteList: []string{"some-registry"}, + WorkspaceImage: "some-workspace-image", + JWTSecret: "some-jwt-secret", + SessionSecret: "some-session-secret", + GitHubApp: experimental.GithubApp{ + AppId: 123, + AuthProviderId: "some-auth-provider-id", + BaseUrl: "some-base-url", + CertPath: "some-cert-path", + Enabled: true, + LogLevel: "some-log-level", + MarketplaceName: "some-marketplace-name", + WebhookSecret: "some-webhook-secret", + CertSecretName: "some-cert-secret-name", + }, + } + + ctx, err := common.NewRenderContext(config.Config{ + Experimental: &experimental.Config{ + WebApp: &experimental.WebAppConfig{ + Server: &experimental.ServerConfig{ + DisableDynamicAuthProviderLogin: expectation.DisableDynamicAuthProviderLogin, + EnableLocalApp: expectation.EnableLocalApp, + DefaultBaseImageRegistryWhiteList: expectation.DefaultBaseImageRegistryWhiteList, + WorkspaceDefaults: experimental.WorkspaceDefaults{ + WorkspaceImage: expectation.WorkspaceImage, + }, + OAuthServer: experimental.OAuthServer{ + JWTSecret: expectation.JWTSecret, + }, + Session: experimental.Session{ + Secret: expectation.SessionSecret, + }, + GithubApp: &expectation.GitHubApp, + }, + }, + }, + }, versions.Manifest{}, "test_namespace") + + require.NoError(t, err) + objs, err := configmap(ctx) + if err != nil { + t.Errorf("failed to generate configmap: %s\n", err) + } + + configmap, ok := objs[0].(*corev1.ConfigMap) + if !ok { + t.Fatalf("rendering configmap did not return a configMap") + return + } + + configJson, ok := configmap.Data["config.json"] + if ok == false { + t.Errorf("no %q key found in configmap data", "config.json") + } + + var config ConfigSerialized + if err := json.Unmarshal([]byte(configJson), &config); err != nil { + t.Errorf("failed to unmarshal config json: %s", err) + } + + actual := Expectation{ + DisableDynamicAuthProviderLogin: config.DisableDynamicAuthProviderLogin, + EnableLocalApp: config.EnableLocalApp, + DefaultBaseImageRegistryWhiteList: config.DefaultBaseImageRegistryWhitelist, + WorkspaceImage: config.WorkspaceDefaults.WorkspaceImage, + JWTSecret: config.OAuthServer.JWTSecret, + SessionSecret: config.Session.Secret, + GitHubApp: experimental.GithubApp{ + AppId: config.GitHubApp.AppId, + AuthProviderId: config.GitHubApp.AuthProviderId, + BaseUrl: config.GitHubApp.BaseUrl, + CertPath: config.GitHubApp.CertPath, + Enabled: config.GitHubApp.Enabled, + LogLevel: config.GitHubApp.LogLevel, + MarketplaceName: config.GitHubApp.MarketplaceName, + WebhookSecret: config.GitHubApp.WebhookSecret, + CertSecretName: config.GitHubApp.CertSecretName, + }, + } + + assert.Equal(t, expectation, actual) +} diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go index 29036be622433e..c1316651731d3b 100644 --- a/install/installer/pkg/config/v1/experimental/experimental.go +++ b/install/installer/pkg/config/v1/experimental/experimental.go @@ -70,30 +70,38 @@ type WebAppConfig struct { UsePodAffinity bool `json:"usePodAffinity"` } +type WorkspaceDefaults struct { + WorkspaceImage string `json:"workspaceImage"` +} + +type OAuthServer struct { + JWTSecret string `json:"jwtSecret"` +} + +type Session struct { + Secret string `json:"secret"` +} + +type GithubApp struct { + AppId int32 `json:"appId"` + AuthProviderId string `json:"authProviderId"` + BaseUrl string `json:"baseUrl"` + CertPath string `json:"certPath"` + Enabled bool `json:"enabled"` + LogLevel string `json:"logLevel"` + MarketplaceName string `json:"marketplaceName"` + WebhookSecret string `json:"webhookSecret"` + CertSecretName string `json:"certSecretName"` +} + type ServerConfig struct { - WorkspaceDefaults struct { - WorkspaceImage string `json:"workspaceImage"` - } `json:"workspaceDefaults"` - OAuthServer struct { - JWTSecret string `json:"jwtSecret"` - } `json:"oauthServer"` - Session struct { - Secret string `json:"secret"` - } `json:"session"` - GithubApp *struct { - AppId int32 `json:"appId"` - AuthProviderId string `json:"authProviderId"` - BaseUrl string `json:"baseUrl"` - CertPath string `json:"certPath"` - Enabled bool `json:"enabled"` - LogLevel string `json:"logLevel"` - MarketplaceName string `json:"marketplaceName"` - WebhookSecret string `json:"webhookSecret"` - CertSecretName string `json:"certSecretName"` - } `json:"githubApp"` - DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"` - EnableLocalApp bool `json:"enableLocalApp"` - DefaultBaseImageRegistryWhiteList []string `json:"defaultBaseImageRegistryWhitelist"` + WorkspaceDefaults WorkspaceDefaults `json:"workspaceDefaults"` + OAuthServer OAuthServer `json:"oauthServer"` + Session Session `json:"session"` + GithubApp *GithubApp `json:"githubApp"` + DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"` + EnableLocalApp bool `json:"enableLocalApp"` + DefaultBaseImageRegistryWhiteList []string `json:"defaultBaseImageRegistryWhitelist"` } type PublicAPIConfig struct {