From 7edf298056060c8be28797c094b35a82440372d4 Mon Sep 17 00:00:00 2001
From: Richard Cox <richard.cox@suse.com>
Date: Thu, 24 Dec 2020 14:48:28 +0000
Subject: [PATCH 1/5] Fix helm chart note for ClusterIP

---
 deploy/kubernetes/console/templates/NOTES.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/kubernetes/console/templates/NOTES.txt b/deploy/kubernetes/console/templates/NOTES.txt
index 85402894d2..29a019a405 100644
--- a/deploy/kubernetes/console/templates/NOTES.txt
+++ b/deploy/kubernetes/console/templates/NOTES.txt
@@ -28,7 +28,7 @@ Get the URL by running these commands in the same shell:
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Release.Name }}-ui-ext -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
   echo http://$SERVICE_IP:{{ .Values.console.service.servicePort }}
 {{- else if contains "ClusterIP"  .Values.console.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app=stratos-0,component=ui" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ .Release.Name }},component=stratos" -o jsonpath="{.items[0].metadata.name}")
   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 443
 {{- end }}
 {{- end }}

From 173848bd8b445d19cf46b3bfdd4ff39055cc1bf8 Mon Sep 17 00:00:00 2001
From: Richard Cox <richard.cox@suse.com>
Date: Wed, 23 Dec 2020 14:53:20 +0000
Subject: [PATCH 2/5] CF Push: Ensure git credentials are not stored in env var
 - use a specific var for clone url instead of obj that becomes env var - tidy
 up logic

---
 src/jetstream/plugins/cfapppush/deploy.go | 34 +++++++++++------------
 src/jetstream/plugins/cfapppush/types.go  |  7 +++--
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/src/jetstream/plugins/cfapppush/deploy.go b/src/jetstream/plugins/cfapppush/deploy.go
index f0160e93d8..97617269a9 100644
--- a/src/jetstream/plugins/cfapppush/deploy.go
+++ b/src/jetstream/plugins/cfapppush/deploy.go
@@ -389,29 +389,27 @@ func (cfAppPush *CFAppPush) getGitSCMSource(clientWebSocket *websocket.Conn, tem
 	}
 
 	loggerURL := info.URL
+	cloneURL := info.URL
 
+	// Apply credentials associated with the endpoint
 	if len(info.EndpointGUID) != 0 {
 		parsedURL, err := url.Parse(info.URL)
 		if err != nil {
 			return StratosProject{}, tempDir, errors.New("Failed to parse SCM URL")
 		}
 
-		// mask the credentials for the logs
-
 		tokenRecord, isTokenFound := cfAppPush.portalProxy.GetCNSITokenRecord(info.EndpointGUID, userGUID)
-		if !isTokenFound {
-			loggerURL = parsedURL.String()
-		} else {
-			var (
-				username string
-				password string
-			)
-
+		if isTokenFound {
 			authTokenDecodedBytes, err := base64.StdEncoding.DecodeString(tokenRecord.AuthToken)
 			if err != nil {
 				return StratosProject{}, tempDir, errors.New("Failed to decode auth token")
 			}
 
+			var (
+				username string
+				password string
+			)
+
 			switch info.SCM {
 			case SCM_TYPE_GITHUB:
 				// GitHub API uses token auth: username and password are stored in the token information
@@ -429,20 +427,22 @@ func (cfAppPush *CFAppPush) getGitSCMSource(clientWebSocket *websocket.Conn, tem
 				return StratosProject{}, tempDir, errors.New("Username is empty")
 			}
 
+			// mask the credentials for the logs and env var
 			parsedURL.User = url.UserPassword("REDACTED", "REDACTED")
 			loggerURL = parsedURL.String()
 
+			// apply the correct credentials
 			parsedURL.User = url.UserPassword(username, password)
+			cloneURL = parsedURL.String()
 		}
-
-		info.URL = parsedURL.String()
 	}
 
 	log.Debugf("GitSCM SCM: %s, Source: %s, branch %s, url: %s", info.SCM, info.Project, info.Branch, loggerURL)
 	cloneDetails := CloneDetails{
-		Url:    info.URL,
-		Branch: info.Branch,
-		Commit: info.CommitHash,
+		Url:       cloneURL,
+		LoggerUrl: loggerURL,
+		Branch:    info.Branch,
+		Commit:    info.CommitHash,
 	}
 	info.CommitHash, err = cloneRepository(cloneDetails, clientWebSocket, tempDir)
 	if err != nil {
@@ -594,7 +594,7 @@ func cloneRepository(cloneDetails CloneDetails, clientWebSocket *websocket.Conn,
 
 	if len(cloneDetails.Branch) == 0 {
 		err := errors.New("No branch supplied")
-		log.Infof("Failed to checkout repo %s due to %+v", cloneDetails.Url, err)
+		log.Infof("Failed to checkout repo %s due to %+v", cloneDetails.LoggerUrl, err)
 		sendErrorMessage(clientWebSocket, err, CLOSE_FAILED_NO_BRANCH)
 		return "", err
 	}
@@ -603,7 +603,7 @@ func cloneRepository(cloneDetails CloneDetails, clientWebSocket *websocket.Conn,
 
 	err := vcsGit.Create(tempDir, cloneDetails.Url, cloneDetails.Branch)
 	if err != nil {
-		log.Infof("Failed to clone repo %s due to %+v", cloneDetails.Url, err)
+		log.Infof("Failed to clone repo %s due to %+v", cloneDetails.LoggerUrl, err)
 		sendErrorMessage(clientWebSocket, err, CLOSE_FAILED_CLONE)
 		return "", err
 	}
diff --git a/src/jetstream/plugins/cfapppush/types.go b/src/jetstream/plugins/cfapppush/types.go
index 0902594660..af56336660 100644
--- a/src/jetstream/plugins/cfapppush/types.go
+++ b/src/jetstream/plugins/cfapppush/types.go
@@ -117,7 +117,8 @@ type Applications struct {
 }
 
 type CloneDetails struct {
-	Url    string
-	Branch string
-	Commit string
+	Url       string
+	LoggerUrl string
+	Branch    string
+	Commit    string
 }

From 00e0ad3911c021d3a654f7efbc0f770f85b05f55 Mon Sep 17 00:00:00 2001
From: Richard Cox <richard.cox@suse.com>
Date: Thu, 24 Dec 2020 15:45:59 +0000
Subject: [PATCH 3/5] Fix issue where path was unescaped, causing proxy fetch
 of gitlab projects containing %2f to 404

---
 deploy/containers/nginx/conf/nginx.k8s.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy/containers/nginx/conf/nginx.k8s.conf b/deploy/containers/nginx/conf/nginx.k8s.conf
index 0fe6da70bf..653d36d44c 100644
--- a/deploy/containers/nginx/conf/nginx.k8s.conf
+++ b/deploy/containers/nginx/conf/nginx.k8s.conf
@@ -66,18 +66,18 @@ http {
             proxy_set_header        Connection $connection_upgrade;
         }
 
-        location /api/ {
+        location /api {
             proxy_pass_header       Server;
             proxy_set_header        Host $http_host;
             proxy_redirect          off;
             proxy_set_header        X-Real-IP $remote_addr;
             proxy_set_header        X-Scheme $scheme;
-            proxy_pass              https://portalproxy/api/;
+            proxy_pass              https://portalproxy;
             proxy_intercept_errors  on;
             proxy_http_version      1.1;
             proxy_set_header        Upgrade $http_upgrade;
             proxy_set_header        Connection $connection_upgrade;
-        }        
+        }
 
         location / {
             root                    /usr/share/nginx/html;

From 78a80ff9e21f625bee012161de58d6e9f20cc33a Mon Sep 17 00:00:00 2001
From: Richard Cox <richard.cox@suse.com>
Date: Mon, 4 Jan 2021 11:47:35 +0000
Subject: [PATCH 4/5] Update clone failed text, repo does not now have to be
 public

---
 .../deploy-application/deploy-application-deployer.ts           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/frontend/packages/cloud-foundry/src/features/applications/deploy-application/deploy-application-deployer.ts b/src/frontend/packages/cloud-foundry/src/features/applications/deploy-application/deploy-application-deployer.ts
index e575c35ddd..df2a5062c3 100644
--- a/src/frontend/packages/cloud-foundry/src/features/applications/deploy-application/deploy-application-deployer.ts
+++ b/src/frontend/packages/cloud-foundry/src/features/applications/deploy-application/deploy-application-deployer.ts
@@ -341,7 +341,7 @@ export class DeployApplicationDeployer {
         break;
       case SocketEventTypes.CLOSE_FAILED_CLONE:
         this.onClose(log, 'Deploy Failed - Failed to clone repository!',
-          'Failed to deploy app! Please make sure the repository is public.');
+          'Failed to deploy app! Please make sure the repository is accessible.');
         break;
       case SocketEventTypes.CLOSE_FAILED_NO_BRANCH:
         this.onClose(log, 'Deploy Failed - Failed to located branch!',

From 0c55aa355b49f580376b87de97155b58d9b4a5cf Mon Sep 17 00:00:00 2001
From: Richard Cox <richard.cox@suse.com>
Date: Mon, 4 Jan 2021 11:49:15 +0000
Subject: [PATCH 5/5] Apply nginx uri substituion fix to nginx.dev.conf as well
 - think this is only used by docker compose, which isn't supported anymore

---
 deploy/containers/nginx/conf/nginx.dev.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/containers/nginx/conf/nginx.dev.conf b/deploy/containers/nginx/conf/nginx.dev.conf
index b3e8b0eccd..74f0ad2a88 100644
--- a/deploy/containers/nginx/conf/nginx.dev.conf
+++ b/deploy/containers/nginx/conf/nginx.dev.conf
@@ -66,13 +66,13 @@ http {
             proxy_set_header        Connection $connection_upgrade;
         }
 
-        location /api/ {
+        location /api {
             proxy_pass_header       Server;
             proxy_set_header        Host $http_host;
             proxy_redirect          off;
             proxy_set_header        X-Real-IP $remote_addr;
             proxy_set_header        X-Scheme $scheme;
-            proxy_pass              https://portalproxy/api/;
+            proxy_pass              https://portalproxy;
             proxy_intercept_errors  on;
             proxy_http_version      1.1;
             proxy_set_header        Upgrade $http_upgrade;