New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow http proxy env variables to be set in privileged sti container #3401
Conversation
|
@mfojtik ptal |
|
(Note that i also added an env stanza to docker type builds..since it's additive i believe it's ok to just add it to the v1 api) |
|
LGTM (the HTTP_PROXY var will be supported also by docker build soon, so if you set it, docker build can pick it up and the build might use it which is not what you always want...) |
|
I'm sorry if I'm wrong, but just in case. |
|
@nak3 at least one reference i've found implies it does support just setting the env variables, in lowercase form: I don't have an environment setup to easily validate that though, if you do, i'd appreciate knowing! |
|
@bparees After I tested an environment setup again, it worked correctly. Sorry! Please merge this PR. |
|
Do we need to subdivide the proxy for different parts of a build? Docker build vs git clone vs hooks called by the s2i scripts?
|
|
@smarterclayton when the docker PR to add support for HTTP_PROXY gets merged, then we will have to do it... I'm not sure what would be the best way to do this however... |
| @@ -17,7 +17,7 @@ const ( | |||
| sourceSecretMountPath = "/var/run/secrets/openshift.io/source" | |||
| ) | |||
|
|
|||
| var whitelistEnvVarNames = []string{"BUILD_LOGLEVEL"} | |||
| var whitelistEnvVarNames = []string{"BUILD_LOGLEVEL", "HTTP_PROXY", "HTTPS_PROXY", "http_proxy", "https_proxy"} | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we type this once and assume we'll always allow both upper case and lower case vars?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds insecure to me :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i like to make this explicit :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine by me, was just curious.
|
@smarterclayton the question would be, do we still want to leave the _PROXY env vars on the whitelist? let me take a crack at it. |
49d25a1
to
9074d7f
Compare
|
@smarterclayton @mfojtik massive rework, ptal again. |
| os.Setenv("https_proxy", s.build.Parameters.Source.Git.HTTPSProxy) | ||
| setHttps = true | ||
| } | ||
| if len(s.build.Parameters.Source.Git.HTTPSProxy) != 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're checking HTTPS but setting HTTP proxy here/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doh. thanks.
|
@soltysh cut+paste error corrected in sti and docker. thanks for the catch. |
|
@soltysh any other comments? |
| @@ -1004,12 +1004,26 @@ func deepCopy_api_DockerBuildStrategy(in buildapi.DockerBuildStrategy, out *buil | |||
| } else { | |||
| out.PullSecret = nil | |||
| } | |||
| if in.Env != nil { | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you reverse this if? So you just set Env to nil and return and nuke the else
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's generated code, so no.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh i should guess it from the name :-)
|
@bparees couple coding nits, otherwise LGTM |
| @@ -166,6 +166,12 @@ type GitBuildSource struct { | |||
|
|
|||
| // Ref is the branch/tag/ref to build. | |||
| Ref string `json:"ref,omitempty" description:"identifies the branch/tag/ref to build"` | |||
|
|
|||
| // HTTPProxy is a proxy used to reach the git repository over http | |||
| HTTPProxy string `json:"httpProxy,omitempty"` | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Description please, all the new vars should have one.
f21260c
to
37e82d6
Compare
|
LGTM [merge] |
|
Damn it @mfojtik you were faster with your LGTM 😜 |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/3424/) (Image: devenv-fedora_1880) |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/3424/) |
|
[merge] |
|
Evaluated for origin up to 64d3312 |
Merged by openshift-bot
fixes #3395
lots of changes here now: