-
Notifications
You must be signed in to change notification settings - Fork 21
/
defaults.go
155 lines (135 loc) · 6.68 KB
/
defaults.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
// Copyright 2021 VMware, Inc. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package config
import (
"net/url"
"os"
"strings"
"github.com/vmware-tanzu/tanzu-cli/pkg/common"
"github.com/vmware-tanzu/tanzu-cli/pkg/constants"
configlib "github.com/vmware-tanzu/tanzu-plugin-runtime/config"
)
// Default Standalone Discovery configuration
// Value of this variables gets assigned during build time
var (
// DefaultAllowedPluginRepositories this can be comma separated list of allowed registries
DefaultAllowedPluginRepositories = ""
DefaultStandaloneDiscoveryRepository = ""
DefaultStandaloneDiscoveryImagePath = ""
DefaultStandaloneDiscoveryImageTag = ""
DefaultStandaloneDiscoveryName = "default"
// DefaultStandaloneDiscoveryNameLocal Used for local discovery of sources.
// Changing the default-local discovery source label to default and default will be used as a local discovery source
// default and default-local will co-exist in the config.yaml i.e. If local discovery source is used and is now assigned the default name, the discovery source named default-local will still exist.
// And recommend that it be manually removed from the config file.
DefaultStandaloneDiscoveryNameLocal = "default"
DefaultStandaloneDiscoveryType = common.DistributionTypeOCI
DefaultStandaloneDiscoveryLocalPath = ""
)
// DefaultTMCPluginsArtifactRepository is the S3 bucket repository for TMC plugins.
const DefaultTMCPluginsArtifactRepository = "https://tmc-cli.s3-us-west-2.amazonaws.com/plugins/artifacts"
// GetDefaultStandaloneDiscoveryImage returns the default Standalone Discovery image
// from the configured build time variables
func GetDefaultStandaloneDiscoveryImage() string {
defaultStandaloneDiscoveryRepository := DefaultStandaloneDiscoveryRepository
defaultStandaloneDiscoveryImagePath := DefaultStandaloneDiscoveryImagePath
defaultStandaloneDiscoveryImageTag := DefaultStandaloneDiscoveryImageTag
// Run-time overrides of the configuration
if customImageRepo := os.Getenv(constants.ConfigVariableCustomImageRepository); customImageRepo != "" {
defaultStandaloneDiscoveryRepository = customImageRepo
}
if imagePath := os.Getenv(constants.ConfigVariableDefaultStandaloneDiscoveryImagePath); imagePath != "" {
defaultStandaloneDiscoveryImagePath = imagePath
}
if imageTag := os.Getenv(constants.ConfigVariableDefaultStandaloneDiscoveryImageTag); imageTag != "" {
defaultStandaloneDiscoveryImageTag = imageTag
}
return strings.Trim(defaultStandaloneDiscoveryRepository, "/") + "/" + strings.Trim(defaultStandaloneDiscoveryImagePath, "/") + ":" + defaultStandaloneDiscoveryImageTag
}
// GetDefaultStandaloneDiscoveryType returns the default standalone discovery type
func GetDefaultStandaloneDiscoveryType() string {
// Run-time overrides of the configuration
if dType := os.Getenv(constants.ConfigVariableDefaultStandaloneDiscoveryType); dType != "" {
return dType
}
return DefaultStandaloneDiscoveryType
}
// GetDefaultStandaloneDiscoveryLocalPath returns default standalone discovery local path
func GetDefaultStandaloneDiscoveryLocalPath() string {
// Run-time overrides of the configuration
if localPath := os.Getenv(constants.ConfigVariableDefaultStandaloneDiscoveryLocalPath); localPath != "" {
return localPath
}
return DefaultStandaloneDiscoveryLocalPath
}
// GetTrustedRegistries returns the list of trusted registries that can be used for
// downloading the CLIPlugins
func GetTrustedRegistries() []string {
var trustedRegistries []string
// Add default allowed registries to trusted registries
if DefaultAllowedPluginRepositories != "" {
for _, r := range strings.Split(DefaultAllowedPluginRepositories, ",") {
trustedRegistries = append(trustedRegistries, strings.TrimSpace(r))
}
}
// If custom image repository is defined add it to the list of trusted registries
if customImageRepo := os.Getenv(constants.ConfigVariableCustomImageRepository); customImageRepo != "" {
trustedRegistries = append(trustedRegistries, customImageRepo)
}
// Add the configured central plugin discovery images to the trusted registries
discoveries, err := configlib.GetCLIDiscoverySources()
if err == nil && discoveries != nil {
for _, discovery := range discoveries {
// These discoveries only support OCI images
if discovery.OCI != nil {
if u, err := url.ParseRequestURI("https://" + discovery.OCI.Image); err == nil {
trustedRegistries = append(trustedRegistries, u.Hostname())
}
}
}
}
// Add any additional test central plugin discovery images to the trusted registries
testDiscoveryImages := GetAdditionalTestDiscoveryImages()
for _, image := range testDiscoveryImages {
if u, err := url.ParseRequestURI("https://" + image); err == nil {
trustedRegistries = append(trustedRegistries, u.Hostname())
}
}
// If ALLOWED_REGISTRY environment variable is specified, allow those registries as well
if allowedRegistry := os.Getenv(constants.AllowedRegistries); allowedRegistry != "" {
for _, r := range strings.Split(allowedRegistry, ",") {
trustedRegistries = append(trustedRegistries, strings.TrimSpace(r))
}
}
return trustedRegistries
}
// GetAdditionalTestDiscoveryImages would return the private discovery images or test discovery images.
// The private discovery images("TANZU_CLI_PRIVATE_PLUGIN_DISCOVERY_IMAGES") was introduced to support
// the backward compatibility where if there are customers using CLIPlugin CR to point to their private repository.
// It would be deprecated once we confirm there are no users using it but will continue supporting additional testing plugin discoveries.
// It would be mutually exclusive with "TANZU_CLI_ADDITIONAL_PLUGIN_DISCOVERY_IMAGES_TEST_ONLY" environment
// variable. Users can use only one of them and "TANZU_CLI_PRIVATE_PLUGIN_DISCOVERY_IMAGES" takes the priority
func GetAdditionalTestDiscoveryImages() []string {
var additionalImages []string
additionalDiscoveryImages := os.Getenv(constants.ConfigVariableAdditionalPrivateDiscoveryImages)
if additionalDiscoveryImages == "" {
additionalDiscoveryImages = os.Getenv(constants.ConfigVariableAdditionalDiscoveryForTesting)
}
for _, image := range strings.Split(additionalDiscoveryImages, ",") {
image = strings.TrimSpace(image)
if image != "" {
additionalImages = append(additionalImages, image)
}
}
return additionalImages
}
// GetTrustedArtifactLocations returns the list of trusted URI prefixes that can
// be trusted for downloading the CLIPlugins. Currently, this includes only the
// "tanzu-cli-advanced-plugins" GCP bucket where TMC plugins are stored. Other
// exceptions can be added as and when necessary.
func GetTrustedArtifactLocations() []string {
trustedLocations := []string{
DefaultTMCPluginsArtifactRepository,
}
return trustedLocations
}