[server] Introduce Config and use it everywhere

gitpod-io · Sep 1, 2021 · 757a159 · 757a159
1 parent a4f3803
commit 757a159
Show file tree

Hide file tree

Showing 62 changed files with 576 additions and 610 deletions.
diff --git a/.werft/build.ts b/.werft/build.ts
@@ -90,7 +90,13 @@ export async function build(context, version) {
     const dontTest = "no-test" in buildConfig;
     const cacheLevel = "no-cache" in buildConfig ? "remote-push" : "remote";
     const publishRelease = "publish-release" in buildConfig;
-    const workspaceFeatureFlags = (buildConfig["ws-feature-flags"] || "").split(",").map(e => e.trim())
+    const workspaceFeatureFlags: string[] = ((): string[] => {
+        const raw: string = buildConfig["ws-feature-flags"] || "";
+        if (!raw) {
+            return [];
+        }
+        return raw.split(",").map(e => e.trim());
+    })();
     const dynamicCPULimits = "dynamic-cpu-limits" in buildConfig;
     const withInstaller = "with-installer" in buildConfig || mainBuild;
     const noPreview = ("no-preview" in buildConfig && buildConfig["no-preview"] !== "false") || publishRelease;
@@ -257,7 +263,7 @@ interface DeploymentConfig {
 /**
  * Deploy dev
  */
-export async function deployToDev(deploymentConfig: DeploymentConfig, workspaceFeatureFlags, dynamicCPULimits, storage) {
+export async function deployToDev(deploymentConfig: DeploymentConfig, workspaceFeatureFlags: string[], dynamicCPULimits, storage) {
     werft.phase("deploy", "deploying to dev");
     const { version, destname, namespace, domain, url, k3sWsCluster } = deploymentConfig;
     const [wsdaemonPortMeta, registryNodePortMeta] = findFreeHostPorts("", [

diff --git a/.werft/values.dev.yaml b/.werft/values.dev.yaml
@@ -42,12 +42,14 @@ components:
   server:
     replicas: 1
     makeNewUsersAdmin: true # for development
-    theiaPluginsBucketName: gitpod-core-dev-plugins
+    theiaPluginsBucketNameOverride: gitpod-core-dev-plugins
     enableLocalApp: true
-    enableOAuthServer: true
-    blockNewUsers: true
-    blockNewUsersPasslist:
-    - "gitpod.io"
+    oauthServer:
+      enabled: true
+    blockNewUsers:
+      enabled: true
+      passlist:
+      - "gitpod.io"
     resources:
       # in preview envs, we want deployments to push scale-up early
       memory: 350Mi

diff --git a/chart/templates/proxy-deployment.yaml b/chart/templates/proxy-deployment.yaml
@@ -81,11 +81,6 @@ spec:
 {{ include "gitpod.container.defaultEnv" (dict "root" . "gp" $.Values "comp" $comp) | indent 8 }}
         - name: PROXY_DOMAIN
           value: "{{ $.Values.hostname }}"
-        - name: SERVER_PROXY_APIKEY
-          valueFrom:
-            secretKeyRef:
-              name: server-proxy-apikey
-              key: apikey
       volumes:
       - name: vhosts
         configMap:

diff --git a/chart/templates/server-configmap.yaml b/chart/templates/server-configmap.yaml
@@ -0,0 +1,71 @@
+# Copyright (c) 2020 Gitpod GmbH. All rights reserved.
+# Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+{{ $comp := .Values.components.server -}}
+{{- $this := dict "root" . "gp" $.Values "comp" $comp -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: server-config
+  labels:
+    app: {{ template "gitpod.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+data:
+  config.json: |-
+    {
+        "version": "{{ template "gitpod.comp.version" $this }}",
+        "hostUrl": "https://{{ .Values.hostname }}",
+        "installationShortname": "{{ template "gitpod.installation.shortname" $this }}",
+        "stage": "{{ .Values.installation.stage }}",
+{{- if .Values.devBranch }}
+        "devBranch": "{{ .Values.devBranch }}",
+{{- end }}
+        "license": "{{ .Values.license }}",
+        "trialLicensePrivateKey": "{{ .Values.trialLicensePrivateKey }}",
+        "workspaceHeartbeat": {{ $comp.workspaceHeartbeat | toJson }},
+        "workspaceDefaults": {
+            "ideVersion": "{{ template "gitpod.comp.version" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.theiaImage) }}",
+            "ideImageRepo": "{{ template "gitpod.comp.imageRepo" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.theiaImage) }}",
+            "ideImageAliases": {{ (dict "code" (include "gitpod.comp.imageFull" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.codeImage))) | toJson }},
+            "workspaceImage": "{{ template "gitpod.comp.imageFull" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.defaultImage) }}",
+            "previewFeatureFlags": {{ $comp.previewFeatureFlags | toJson }},
+            "defaultFeatureFlags": {{ $comp.defaultFeatureFlags | toJson }}
+        },
+        "session": {{ $comp.session | toJson }},
+{{- if $comp.github.app }}
+        "githubApp": {{ $comp.github.app | toJson }},
+{{- end }}
+        "definitelyGpDisabled": {{ $comp.definitelyGpDisabled }},
+        "workspaceGarbageCollection": {{ $comp.garbageCollection | toJson }},
+        "enableLocalApp": {{ $comp.enableLocalApp }},
+        "authProviderConfigs": {{ .Values.authProviders | toJson }},
+        "disableDynamicAuthProviderLogin": {{ $comp.disableDynamicAuthProviderLogin }},
+        "brandingConfig": {{ .Values.branding | toJson }},
+        "maxEnvvarPerUserCount": {{ $comp.maxEnvvarPerUserCount }},
+        "maxConcurrentPrebuildsPerRef": {{ $comp.maxConcurrentPrebuildsPerRef }},
+        "incrementalPrebuilds": {{ $comp.incrementalPrebuilds | toJson }},
+        "blockNewUsers": {{ $comp.blockNewUsers | toJson }},
+        "makeNewUsersAdmin": {{ $comp.makeNewUsersAdmin }},
+{{- if $comp.theiaPluginsBucketNameOverride }}
+        "theiaPluginsBucketNameOverride": "{{ $comp.theiaPluginsBucketNameOverride }}",
+{{- end }}
+        "defaultBaseImageRegistryWhitelist": {{ $comp.defaultBaseImageRegistryWhitelist | toJson }},
+        "runDbDeleter": {{ $comp.runDbDeleter }},
+        "oauthServer": {
+            "enabled": {{ $comp.oauthServer.enabled }}
+{{- if $comp.oauthServer.enabled }}
+            , "jwtSecret": {{ (randAlphaNum 20) | quote }}
+{{- end }}
+        },
+        "rateLimiter": {{ $comp.rateLimiter | toJson }},
+        "contentServiceAddr": {{ $comp.contentServiceAddr | quote }},
+        "imageBuilderAddr": {{ $comp.imageBuilderAddr | quote }},
+{{- if $comp.serverProxyApiKey }}
+        "serverProxyApiKey": "{{ $comp.serverProxyApiKey }}",
+{{- end }}
+        "codeSync": {{ $comp.codeSync | toJson }},
+        "enablePayment": {{ $comp.enablePayment }},
+        "insecureNoDomain": {{ $comp.insecureNoDomain }}
+    }
diff --git a/chart/templates/server-proxy-apikey-secret.yaml b/chart/templates/server-proxy-apikey-secret.yaml
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -18,6 +18,7 @@ installation:
   shortname: ""
   kubedomain: "svc.cluster.local"
 license: ""
+trialLicensePrivateKey: ""
 installNetworkPolicies: true
 installPodSecurityPolicies: true
 imagePullPolicy: IfNotPresent
@@ -132,7 +133,6 @@ branding:
         url: https://www.gitpod.io/terms/
 workspaceScheduler: workspace-scheduler
 serverProxyApiKey: "fF7+aCPvF9Pa0AEjmoZ+yWVh6PqBjM5VEA0wyQs3FH4="
-previewFeatureFlags: []
 
 components:
 
@@ -290,20 +290,23 @@ components:
 
   server:
     name: "server"
-    dependsOn:
-    - "server-proxy-apikey-secret.yaml"
-    - "auth-providers-configmap.yaml"
-    sessionSecret: Important!Really-Change-This-Key!
+    dependsOn: []
     resources:
       cpu: "200m"
     github:
-      app: {}
-    blockNewUsers: false
-    blockNewUsersPasslist: []
+      app:
+        enabled: false
+    blockNewUsers:
+      enabled: false
+      passlist: []
     runDbDeleter: true
     storage: {}
     wsman: []
     defaultBaseImageRegistryWhitelist: []
+    session:
+      maxAgeMs: 259200000  # 3 days
+      secret: Important!Really-Change-This-Key!
+    previewFeatureFlags: []
     defaultFeatureFlags: []
     incrementalPrebuilds:
       repositoryPasslist: []
@@ -325,8 +328,44 @@ components:
       env: null
     volumes: null
     garbageCollection:
-      disabled: "false"
+      disabled: false
+      startDate: null
+      chunkLimit: 1000
+      minAgeDays: 14
+      minAgePrebuildDays: 7
+      contentRetentionPeriodDays: 21
+      contentChunkLimit: 1000
     definitelyGpDisabled: "false"
+    enableLocalApp: true
+    disableDynamicAuthProviderLogin: false
+    maxEnvvarPerUserCount: 4048
+    maxConcurrentPrebuildsPerRef: 10
+    makeNewUsersAdmin: false
+    theiaPluginsBucketNameOverride: null
+    oauthServer:
+      enabled: false
+    rateLimiter:
+      groups:
+        inWorkspaceUserAction:
+          points: 10
+          durationsSec: 2
+      functions:
+        openPort:
+          group: inWorkspaceUserAction
+        closePort:
+          group: inWorkspaceUserAction
+        controlAdmission:
+          group: inWorkspaceUserAction
+        shareSnapshot:
+          group: inWorkspaceUserAction
+    contentServiceAddr: "content-service:8080"
+    imageBuilderAddr: "image-builder-mk3:8080"
+    codeSync: {}
+    enablePayment: false
+    workspaceHeartbeat:
+      intervalSeconds: 60
+      timeoutSeconds: 300
+    insecureNoDomain: false
 
   serviceWaiter:
     imageName: "service-waiter"
@@ -375,7 +414,6 @@ components:
     svcName: "proxy"
     dependsOn:
     - "proxy-configmap.yaml"
-    - "server-proxy-apikey-secret.yaml"
     ports:
       http:
         containerPort: 80

diff --git a/components/server/ee/src/container-module.ts b/components/server/ee/src/container-module.ts
@@ -35,8 +35,6 @@ import { WorkspaceFactoryEE } from "./workspace/workspace-factory";
 import { MonitoringEndpointsAppEE } from "./monitoring-endpoint-ee";
 import { MonitoringEndpointsApp } from "../../src/monitoring-endpoints";
 import { WorkspaceHealthMonitoring } from "./workspace/workspace-health-monitoring";
-import { EnvEE } from "./env";
-import { Env } from "../../src/env";
 import { AccountService } from "@gitpod/gitpod-payment-endpoint/lib/accounting/account-service";
 import { AccountServiceImpl, SubscriptionService, TeamSubscriptionService } from "@gitpod/gitpod-payment-endpoint/lib/accounting";
 import { ChargebeeProvider, ChargebeeProviderOptions, UpgradeHelper } from "@gitpod/gitpod-payment-endpoint/lib/chargebee";
@@ -54,6 +52,7 @@ import { EMailDomainService, EMailDomainServiceImpl } from "./auth/email-domain-
 import { UserDeletionServiceEE } from "./user/user-deletion-service";
 import { GitHubAppSupport } from "./github/github-app-support";
 import { GitLabAppSupport } from "./gitlab/gitlab-app-support";
+import { Config } from "../../src/config";
 
 export const productionEEContainerModule = new ContainerModule((bind, unbind, isBound, rebind) => {
     rebind(Server).to(ServerEE).inSingletonScope();
@@ -87,9 +86,6 @@ export const productionEEContainerModule = new ContainerModule((bind, unbind, is
     bind(AccountStatementProvider).toSelf().inRequestScope();
 
     // various
-    bind(EnvEE).toSelf().inSingletonScope();
-    rebind(Env).to(EnvEE).inSingletonScope();
-
     rebind(MessageBusIntegration).to(MessageBusIntegrationEE).inSingletonScope();
     rebind(HostContainerMapping).to(HostContainerMappingEE).inSingletonScope();
     bind(EMailDomainService).to(EMailDomainServiceImpl).inSingletonScope();
@@ -110,8 +106,8 @@ export const productionEEContainerModule = new ContainerModule((bind, unbind, is
     // payment/billing
     bind(ChargebeeProvider).toSelf().inSingletonScope();
     bind(ChargebeeProviderOptions).toDynamicValue(ctx => {
-        const env = ctx.container.get(EnvEE);
-        return env.chargebeeProviderOptions;
+        const config = ctx.container.get<Config>(Config);
+        return config.chargebeeProviderOptions;
     }).inSingletonScope();
     bind(UpgradeHelper).toSelf().inSingletonScope();
     bind(ChargebeeCouponComputer).toSelf().inSingletonScope();

diff --git a/components/server/ee/src/license-source.ts b/components/server/ee/src/license-source.ts
@@ -6,13 +6,13 @@
 
 import { LicenseKeySource } from "@gitpod/licensor/lib";
 import { inject, injectable } from "inversify";
-import { Env } from "../../src/env";
 import { LicenseDB } from "@gitpod/gitpod-db/lib";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { Config } from "../../src/config";
 
 @injectable()
 export class DBLicenseKeySource implements LicenseKeySource {
-    @inject(Env) protected readonly env: Env;
+    @inject(Config) protected readonly config: Config;
     @inject(LicenseDB) protected readonly licenseDB: LicenseDB;
 
     async getKey(): Promise<{ key: string; domain: string; }> {
@@ -23,8 +23,8 @@ export class DBLicenseKeySource implements LicenseKeySource {
             log.error("cannot get license key - even if you have a license, the EE features won't work", err);
         }
         return {
-            key: key || this.env.gitpodLicense || "",
-            domain: this.env.hostUrl.url.host,
+            key: key || this.config.license || "",
+            domain: this.config.hostUrl.url.host,
         };
     }
 }
diff --git a/components/server/ee/src/prebuilds/bitbucket-service.ts b/components/server/ee/src/prebuilds/bitbucket-service.ts
@@ -10,7 +10,7 @@ import { inject, injectable } from "inversify";
 import { BitbucketApiFactory } from "../../../src/bitbucket/bitbucket-api-factory";
 import { AuthProviderParams } from "../../../src/auth/auth-provider";
 import { BitbucketApp } from "./bitbucket-app";
-import { Env } from "../../../src/env";
+import { Config } from "../../../src/config";
 import { TokenService } from "../../../src/user/token-service";
 import { BitbucketContextParser } from "../../../src/bitbucket/bitbucket-context-parser";
 
@@ -20,14 +20,14 @@ export class BitbucketService extends RepositoryService {
     static PREBUILD_TOKEN_SCOPE = 'prebuilds';
 
     @inject(BitbucketApiFactory) protected api: BitbucketApiFactory;
-    @inject(Env) protected env: Env;
-    @inject(AuthProviderParams) protected config: AuthProviderParams;
+    @inject(Config) protected readonly config: Config;
+    @inject(AuthProviderParams) protected authProviderConfig: AuthProviderParams;
     @inject(TokenService) protected tokenService: TokenService;
     @inject(BitbucketContextParser) protected bitbucketContextParser: BitbucketContextParser;
 
     async canInstallAutomatedPrebuilds(user: User, cloneUrl: string): Promise<boolean> {
         const { host } = await this.bitbucketContextParser.parseURL(user, cloneUrl);
-        return host === this.config.host;
+        return host === this.authProviderConfig.host;
     }
 
     async installAutomatedPrebuilds(user: User, cloneUrl: string): Promise<void> {
@@ -50,7 +50,7 @@ export class BitbucketService extends RepositoryService {
                 workspace: owner,
                 // see https://developer.atlassian.com/bitbucket/api/2/reference/resource/repositories/%7Bworkspace%7D/%7Brepo_slug%7D/hooks#post
                 _body: {
-                    "description": `Gitpod Prebuilds for ${this.env.hostUrl}.`,
+                    "description": `Gitpod Prebuilds for ${this.config.hostUrl}.`,
                     "url": hookUrl + `?token=${user.id + '|' + tokenEntry.token.value}`,
                     "active": true,
                     "events": [
@@ -68,7 +68,7 @@ export class BitbucketService extends RepositoryService {
     }
 
     protected getHookUrl() {
-        return this.env.hostUrl.with({
+        return this.config.hostUrl.with({
             pathname: BitbucketApp.path
         }).toString();
     }