allow http proxy env variables to be set in privileged sti container

[bparees]

fixes #3395

lots of changes here now:

1. updated the sample template to v1 api
2. added Env field to Docker builds
3. whitelist remains what it was (build_loglevel is the only allowed env variable for now in the privileged containers)
4. added httpProxy and httpsProxy fields to GitBuildSource. If present, those values are set as env variables just before we invoke git clone and unset immediately after, so they only impact the clone step - applicable to S2I and Docker type builds

[bparees]

@mfojtik ptal
@smarterclayton do you foresee a problem with allowing users to inject HTTP_PROXY env variables into our privileged STI and Docker builder containers? they need to do this to control the proxy used by our git clone operation.

[bparees]

(Note that i also added an env stanza to docker type builds..since it's additive i believe it's ok to just add it to the v1 api)

[mfojtik]

LGTM (the HTTP_PROXY var will be supported also by docker build soon, so if you set it, docker build can pick it up and the build might use it which is not what you always want...)

[nak3]

I'm sorry if I'm wrong, but just in case.
http proxy for git clone needs to set with git config --global http.proxy $http_proxy in the container. It doesn’t work with only env value.

[bparees]

@nak3 at least one reference i've found implies it does support just setting the env variables, in lowercase form:
http://nknu.net/git-through-proxy/

I don't have an environment setup to easily validate that though, if you do, i'd appreciate knowing!

[nak3]

@bparees After I tested an environment setup again, it worked correctly. Sorry! Please merge this PR.

[smarterclayton]

Do we need to subdivide the proxy for different parts of a build? Docker build vs git clone vs hooks called by the s2i scripts?

On Jun 23, 2015, at 1:46 PM, Ben Parees notifications@github.com wrote:

@mfojtik ptal
@smarterclayton do you foresee a problem with allowing users to inject HTTP_PROXY env variables into our privileged STI and Docker builder containers? they need to do this to control the proxy used by our git clone operation.

—
Reply to this email directly or view it on GitHub.

[mfojtik]

@smarterclayton when the docker PR to add support for HTTP_PROXY gets merged, then we will have to do it... I'm not sure what would be the best way to do this however...

[soltysh]

Can we type this once and assume we'll always allow both upper case and lower case vars?

[bparees]

sounds insecure to me :)

[mfojtik]

i like to make this explicit :-)

[soltysh]

Fine by me, was just curious.

[bparees]

@smarterclayton
So if we want to separate this, we need to add a GIT_PROXY field to the strategies and then update our git clone logic to utilize that proxy. I can do that, but it's a more invasive change.

the question would be, do we still want to leave the _PROXY env vars on the whitelist?

let me take a crack at it.

[bparees]

@smarterclayton @mfojtik massive rework, ptal again.
[test]

[soltysh]

You're checking HTTPS but setting HTTP proxy here/

[bparees]

doh. thanks.

[bparees]

@soltysh cut+paste error corrected in sti and docker. thanks for the catch.

[bparees]

@soltysh any other comments?
[test]

[mfojtik]

can you reverse this if? So you just set Env to nil and return and nuke the else

[bparees]

that's generated code, so no.

[mfojtik]

oh i should guess it from the name :-)

[mfojtik]

@bparees couple coding nits, otherwise LGTM

[soltysh]

Description please, all the new vars should have one.

[mfojtik]

LGTM [merge]

[soltysh]

Damn it @mfojtik you were faster with your LGTM 😜

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/3424/) (Image: devenv-fedora_1880)

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/3424/)

[bparees]

[merge]

[openshift-bot]

Evaluated for origin up to 64d3312