added https proxy support

libopenstorage · Jul 10, 2023 · 9f0fe5f · 9f0fe5f
1 parent 582e7cf
commit 9f0fe5f
Show file tree

Hide file tree

Showing 10 changed files with 90 additions and 28 deletions.
diff --git a/deploy/ccm/envoy-config-collector-custom-proxy.yaml b/deploy/ccm/envoy-config-collector-custom-proxy.yaml
@@ -48,6 +48,9 @@ static_resources:
                 - header:
                     key: "product-version"
                     value: PRODUCT_VERSION
+                - header:
+                    key: "Proxy-Authorization"
+                    value: BASIC_AUTH
                 route:
                   host_rewrite_literal: REST_PROXY_URL
                   cluster: cluster_cloud_support
@@ -100,6 +103,9 @@ static_resources:
             - header:
                 key: "product-version"
                 value: PRODUCT_VERSION
+            - header:
+                key: "Proxy-Authorization"
+                value: BASIC_AUTH
   clusters:
   - name: cluster_cloud_support
     type: STRICT_DNS

diff --git a/deploy/ccm/envoy-config-register-custom-proxy.yaml b/deploy/ccm/envoy-config-register-custom-proxy.yaml
@@ -48,6 +48,9 @@ static_resources:
                 - header:
                     key: "product-version"
                     value: PRODUCT_VERSION
+                - header:
+                    key: "Proxy-Authorization"
+                    value: BASIC_AUTH
                 route:
                   host_rewrite_literal: REGISTER_PROXY_URL
                   cluster: cluster_register_cloud_support
@@ -100,6 +103,9 @@ static_resources:
             - header:
                 key: "product-version"
                 value: PRODUCT_VERSION
+            - header:
+                key: "Proxy-Authorization"
+                value: BASIC_AUTH
   clusters:
   - name: cluster_register_cloud_support
     type: STRICT_DNS

diff --git a/deploy/ccm/envoy-config-rest-custom-proxy.yaml b/deploy/ccm/envoy-config-rest-custom-proxy.yaml
@@ -45,6 +45,9 @@ static_resources:
                 - header:
                     key: "product-version"
                     value: PRODUCT_VERSION
+                - header:
+                    key: "Proxy-Authorization"
+                    value: BASIC_AUTH
                 route:
                   host_rewrite_literal: REST_PROXY_URL
                   cluster: cluster_cloud_support
@@ -94,6 +97,9 @@ static_resources:
             - header:
                 key: "product-version"
                 value: PRODUCT_VERSION
+            - header:
+                key: "Proxy-Authorization"
+                value: BASIC_AUTH
   clusters:
   - name: cluster_cloud_support
     type: STRICT_DNS

diff --git a/drivers/storage/portworx/component/telemetry.go b/drivers/storage/portworx/component/telemetry.go
@@ -86,6 +86,7 @@ const (
 	configParameterCertSecretNamespace                   = "CERT_SECRET_NAMESPACE"
 	configParameterCustomProxyAddress                    = "CUSTOM_PROXY_ADDRESS"
 	configParameterCustomProxyPort                       = "CUSTOM_PROXY_PORT"
+	configParameterCustomProxyBasicAuth                  = "BASIC_AUTH"
 	configParameterPortworxPort                          = "PORTWORX_PORT"
 	configParameterRegisterCloudSupportPort              = "REGISTER_CLOUD_SUPPORT_PORT"
 	configParameterRestCloudSupportPort                  = "REST_CLOUD_SUPPORT_PORT"
@@ -607,16 +608,17 @@ func (t *telemetry) createCCMGoConfigMapRegisterProxy(
 
 	_, proxy := pxutil.GetPxProxyEnvVarValue(cluster)
 	if proxy != "" && t.usePxProxy {
-		address, port, err := pxutil.SplitPxProxyHostPort(proxy)
+		host, port, authHeader, err := pxutil.ParsePxProxyURL(proxy)
 		if err != nil {
 			logrus.Errorf("failed to get custom proxy address and port from proxy %s: %v", proxy, err)
 			return k8sutil.DeleteConfigMap(t.k8sClient, ConfigMapNameTelemetryRegisterProxy, cluster.Namespace, *ownerRef)
 		}
 		configFileName = configFileNameTelemetryRegisterCustomProxy
 		replaceMap[configParameterCloudSupportTCPProxyPort] = fmt.Sprint(tcpProxyPort)
 		replaceMap[configParameterCloudSupportEnvoyInternalRedirectPort] = fmt.Sprint(envoyRedirectPort)
-		replaceMap[configParameterCustomProxyAddress] = address
+		replaceMap[configParameterCustomProxyAddress] = host
 		replaceMap[configParameterCustomProxyPort] = port
+		replaceMap[configParameterCustomProxyBasicAuth] = authHeader
 	}
 
 	config, err := readConfigMapDataFromFile(configFileName, replaceMap)
@@ -656,16 +658,17 @@ func (t *telemetry) createCCMGoConfigMapTelemetryPhonehomeProxy(
 
 	_, proxy := pxutil.GetPxProxyEnvVarValue(cluster)
 	if proxy != "" && t.usePxProxy {
-		address, port, err := pxutil.SplitPxProxyHostPort(proxy)
+		host, port, authHeader, err := pxutil.ParsePxProxyURL(proxy)
 		if err != nil {
 			logrus.Errorf("failed to get custom proxy address and port from %s: %v", proxy, err)
 			return k8sutil.DeleteConfigMap(t.k8sClient, ConfigMapNameTelemetryPhonehomeProxy, cluster.Namespace, *ownerRef)
 		}
 		configFileName = configFileNameTelemetryRestCustomProxy
 		replaceMap[configParameterCloudSupportTCPProxyPort] = fmt.Sprint(tcpProxyPort)
 		replaceMap[configParameterCloudSupportEnvoyInternalRedirectPort] = fmt.Sprint(envoyRedirectPort)
-		replaceMap[configParameterCustomProxyAddress] = address
+		replaceMap[configParameterCustomProxyAddress] = host
 		replaceMap[configParameterCustomProxyPort] = port
+		replaceMap[configParameterCustomProxyBasicAuth] = authHeader
 	}
 
 	config, err := readConfigMapDataFromFile(configFileName, replaceMap)
@@ -707,16 +710,17 @@ func (t *telemetry) createCCMGoConfigMapCollectorProxyV2(
 
 	_, proxy := pxutil.GetPxProxyEnvVarValue(cluster)
 	if proxy != "" && t.usePxProxy {
-		address, port, err := pxutil.SplitPxProxyHostPort(proxy)
+		host, port, authHeader, err := pxutil.ParsePxProxyURL(proxy)
 		if err != nil {
 			logrus.Errorf("failed to get custom proxy address and port from %s: %v", proxy, err)
 			return k8sutil.DeleteConfigMap(t.k8sClient, ConfigMapNameTelemetryCollectorProxyV2, cluster.Namespace, *ownerRef)
 		}
 		configFileName = configFileNameTelemetryCollectorCustomProxy
 		replaceMap[configParameterCloudSupportTCPProxyPort] = fmt.Sprint(tcpProxyPort)
 		replaceMap[configParameterCloudSupportEnvoyInternalRedirectPort] = fmt.Sprint(envoyRedirectPort)
-		replaceMap[configParameterCustomProxyAddress] = address
+		replaceMap[configParameterCustomProxyAddress] = host
 		replaceMap[configParameterCustomProxyPort] = port
+		replaceMap[configParameterCustomProxyBasicAuth] = authHeader
 	}
 
 	config, err := readConfigMapDataFromFile(configFileName, replaceMap)

diff --git a/drivers/storage/portworx/portworx.go b/drivers/storage/portworx/portworx.go
@@ -1473,7 +1473,7 @@ func (p *portworx) setTelemetryDefaults(
 		return nil
 	} else if proxyType == pxutil.EnvKeyPortworxHTTPProxy {
 		// CCM Go is supported, but HTTP proxy cannot be split into host and port
-		if _, _, proxyFormatErr := pxutil.SplitPxProxyHostPort(proxy); proxyFormatErr != nil {
+		if _, _, _, proxyFormatErr := pxutil.ParsePxProxyURL(proxy); proxyFormatErr != nil {
 			err = fmt.Errorf("telemetry is not supported with proxy in a format of: %s", proxy)
 		}
 	} else if proxyType == pxutil.EnvKeyPortworxHTTPSProxy {

diff --git a/drivers/storage/portworx/testspec/ccmGoCollectorProxyConfigMap_proxy.yaml b/drivers/storage/portworx/testspec/ccmGoCollectorProxyConfigMap_proxy.yaml
@@ -60,6 +60,9 @@ data:
                     - header:
                         key: "product-version"
                         value: 2.12.0
+                    - header:
+                        key: "proxy-authorization"
+                        value: "Basic dXNlcjpwYXNzd29yZA=="
                     route:
                       host_rewrite_literal: rest.cloud-support.purestorage.com
                       cluster: cluster_cloud_support
@@ -112,6 +115,9 @@ data:
                 - header:
                     key: "product-version"
                     value: 2.12.0
+                - header:
+                    key: "proxy-authorization"
+                    value: "Basic dXNlcjpwYXNzd29yZA=="
       clusters:
       - name: cluster_cloud_support
         type: STRICT_DNS

diff --git a/drivers/storage/portworx/testspec/ccmGoPhonehomeProxyConfigMap_proxy.yaml b/drivers/storage/portworx/testspec/ccmGoPhonehomeProxyConfigMap_proxy.yaml
@@ -57,6 +57,9 @@ data:
                     - header:
                         key: "product-version"
                         value: 2.12.0
+                    - header:
+                        key: "proxy-authorization"
+                        value: "Basic dXNlcjpwYXNzd29yZA=="
                     route:
                       host_rewrite_literal: rest.cloud-support.purestorage.com
                       cluster: cluster_cloud_support
@@ -106,6 +109,9 @@ data:
                 - header:
                     key: "product-version"
                     value: 2.12.0
+                - header:
+                    key: "proxy-authorization"
+                    value: "Basic dXNlcjpwYXNzd29yZA=="
       clusters:
       - name: cluster_cloud_support
         type: STRICT_DNS

diff --git a/drivers/storage/portworx/testspec/ccmGoRegisterProxyConfigMap_proxy.yaml b/drivers/storage/portworx/testspec/ccmGoRegisterProxyConfigMap_proxy.yaml
@@ -60,6 +60,9 @@ data:
                     - header:
                         key: "product-version"
                         value: 2.12.0
+                    - header:
+                        key: "proxy-authorization"
+                        value: "Basic dXNlcjpwYXNzd29yZA=="
                     route:
                       host_rewrite_literal: register.cloud-support.purestorage.com
                       cluster: cluster_register_cloud_support
@@ -112,6 +115,9 @@ data:
                 - header:
                     key: "product-version"
                     value: 2.12.0
+                - header:
+                    key: "proxy-authorization"
+                    value: "Basic dXNlcjpwYXNzd29yZA=="
       clusters:
       - name: cluster_register_cloud_support
         type: STRICT_DNS

diff --git a/drivers/storage/portworx/util/util.go b/drivers/storage/portworx/util/util.go
@@ -256,6 +256,10 @@ const (
 
 	// TelemetryCertName is name of the telemetry cert.
 	TelemetryCertName = "pure-telemetry-certs"
+	// HttpProtocolPrefix is the prefix for HTTP protocol
+	HttpProtocolPrefix = "http://"
+	// HttpsProtocolPrefix is the prefix for HTTPS protocol
+	HttpsProtocolPrefix = "https://"
 )
 
 var (
@@ -683,17 +687,34 @@ func GetPxProxyEnvVarValue(cluster *corev1.StorageCluster) (string, string) {
 	return "", ""
 }
 
-// SplitPxProxyHostPort trims protocol prefix then splits the proxy address of the form "host:port"
-func SplitPxProxyHostPort(proxy string) (string, string, error) {
-	proxy = strings.TrimPrefix(proxy, "http://")
-	proxy = strings.TrimPrefix(proxy, "https://")
-	address, port, err := net.SplitHostPort(proxy)
-	if err != nil {
-		return "", "", err
-	} else if address == "" || port == "" {
-		return "", "", fmt.Errorf("failed to split px proxy address %s", proxy)
+// ParsePxProxy trims protocol prefix then splits the proxy address of the form "host:port" with possible basic authentication credential
+func ParsePxProxyURL(proxy string) (string, string, string, error) {
+	var (
+		host       string
+		port       string
+		authHeader string
+	)
+	if strings.HasPrefix(proxy, HttpsProtocolPrefix) {
+		proxyURL := strings.TrimPrefix(proxy, HttpsProtocolPrefix)
+		auth := strings.Split(proxyURL, "@")[0]
+		encodedAuth := base64.StdEncoding.EncodeToString([]byte(auth))
+		authHeader = fmt.Sprintf("Basic %s", encodedAuth)
+		address, port, err := net.SplitHostPort(strings.Split(proxyURL, "@")[1])
+		if err != nil {
+			return "", "", "", err
+		} else if address == "" || port == "" || encodedAuth == "" {
+			return "", "", "", fmt.Errorf("failed to parse px proxy url %s", proxy)
+		}
+	} else {
+		proxy = strings.TrimPrefix(proxy, HttpProtocolPrefix)
+		address, port, err := net.SplitHostPort(proxy)
+		if err != nil {
+			return "", "", "", err
+		} else if address == "" || port == "" {
+			return "", "", "", fmt.Errorf("failed to parse px proxy url %s", proxy)
+		}
 	}
-	return address, port, nil
+	return host, port, authHeader, nil
 }
 
 // GetValueFromEnvVar returns the value of v1.EnvVar Value or ValueFrom

diff --git a/drivers/storage/portworx/util/util_test.go b/drivers/storage/portworx/util/util_test.go
@@ -329,45 +329,46 @@ func TestGetServiceTypeFromAnnotation(t *testing.T) {
 	require.Equal(t, v1.ServiceType(""), ServiceType(cluster, "other-services"))
 }
 
-func TestSplitPxProxyHostPort(t *testing.T) {
+func TestParsePxProxyURL(t *testing.T) {
 	// Valid cases
-	address, port, err := SplitPxProxyHostPort("http.proxy.address:1234")
+	address, port, authHeader, err := ParsePxProxyURL("http.proxy.address:1234")
 	require.NoError(t, err)
 	require.Equal(t, "http.proxy.address", address)
 	require.Equal(t, "1234", port)
+	require.Equal(t, "", authHeader)
 
-	address, port, err = SplitPxProxyHostPort("http://http.proxy.address:1234")
+	address, port, authHeader, err = ParsePxProxyURL("http://http.proxy.address:1234")
 	require.NoError(t, err)
 	require.Equal(t, "http.proxy.address", address)
 	require.Equal(t, "1234", port)
 
-	address, port, err = SplitPxProxyHostPort("1.2.3.4:1234")
+	address, port, authHeader, err = ParsePxProxyURL("1.2.3.4:1234")
 	require.NoError(t, err)
 	require.Equal(t, "1.2.3.4", address)
 	require.Equal(t, "1234", port)
 
-	address, port, err = SplitPxProxyHostPort("[1:2:3:4:5:6:7:8]:1234")
+	address, port, authHeader, err = ParsePxProxyURL("[1:2:3:4:5:6:7:8]:1234")
 	require.NoError(t, err)
 	require.Equal(t, "1:2:3:4:5:6:7:8", address)
 	require.Equal(t, "1234", port)
 
 	// Invalid cases
-	_, _, err = SplitPxProxyHostPort("")
+	_, _, _, err = ParsePxProxyURL("")
 	require.Error(t, err)
 
-	_, _, err = SplitPxProxyHostPort("http://address")
+	_, _, _, err = ParsePxProxyURL("http://address")
 	require.Error(t, err)
 
-	_, _, err = SplitPxProxyHostPort("address:")
+	_, _, _, err = ParsePxProxyURL("address:")
 	require.Error(t, err)
 
-	_, _, err = SplitPxProxyHostPort("1:2:3:4:5:6:7:8")
+	_, _, _, err = ParsePxProxyURL("1:2:3:4:5:6:7:8")
 	require.Error(t, err)
 
-	_, _, err = SplitPxProxyHostPort(":1234")
+	_, _, _, err = ParsePxProxyURL(":1234")
 	require.Error(t, err)
 
-	_, _, err = SplitPxProxyHostPort("user:password@host:1234")
+	_, _, _, err = ParsePxProxyURL("user:password@host:1234")
 	require.Error(t, err)
 }