diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties index 41ee293a62..fe95611ce2 100644 --- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties +++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties @@ -29,15 +29,6 @@ che.websocket.endpoint=ws://${CHE_HOST}:${CHE_PORT}/api/websocket # for major WebSocket interactions and messaging. che.websocket.internal.endpoint=NULL -# Configures environment variable HTTP_PROXY to a specified value in containers powering workspaces. -che.workspace.http_proxy= - -# Configures environment variable HTTPS_PROXY to a specified value in containers powering workspaces. -che.workspace.https_proxy= - -# Configures environment variable NO_PROXY to a specified value in containers powering workspaces. -che.workspace.no_proxy= - # By default, when users access a workspace with its URL, the workspace # automatically starts (if currently stopped). Set this to `false` to disable this behavior. che.workspace.auto_start=true diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisioner.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisioner.java index c993622569..1b1da7f7cf 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisioner.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisioner.java @@ -25,7 +25,6 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ImagePullSe import org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesTrustedCAProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.NodeSelectorProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.PodTerminationGracePeriodProvisioner; -import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.SecurityContextProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ServiceAccountProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.SshKeysProvisioner; @@ -69,7 +68,6 @@ public interface KubernetesEnvironmentProvisioner externalServerTlsProvisioner; private final ImagePullSecretProvisioner imagePullSecretProvisioner; - private final ProxySettingsProvisioner proxySettingsProvisioner; private final NodeSelectorProvisioner nodeSelectorProvisioner; private final TolerationsProvisioner tolerationsProvisioner; private final ServiceAccountProvisioner serviceAccountProvisioner; @@ -92,7 +90,6 @@ public interface KubernetesEnvironmentProvisioner externalServerTlsProvisionerProvider, ImagePullSecretProvisioner imagePullSecretProvisioner, - ProxySettingsProvisioner proxySettingsProvisioner, NodeSelectorProvisioner nodeSelectorProvisioner, TolerationsProvisioner tolerationsProvisioner, ServiceAccountProvisioner serviceAccountProvisioner, @@ -112,7 +109,6 @@ public interface KubernetesEnvironmentProvisioner proxyEnvVars; - - @Inject - public ProxySettingsProvisioner( - @Named("che.workspace.https_proxy") String httpsProxy, - @Named("che.workspace.http_proxy") String httpProxy, - @Named("che.workspace.no_proxy") String noProxy) { - proxyEnvVars = new HashMap<>(); - if (!httpsProxy.isEmpty()) { - proxyEnvVars.put(HTTPS_PROXY, httpsProxy); - } - if (!httpProxy.isEmpty()) { - proxyEnvVars.put(HTTP_PROXY, httpProxy); - } - if (!noProxy.isEmpty()) { - proxyEnvVars.put(NO_PROXY, noProxy); - } - } - - @Override - @Traced - public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity) - throws InfrastructureException { - - TracingTags.WORKSPACE_ID.set(identity::getWorkspaceId); - - if (!proxyEnvVars.isEmpty()) { - k8sEnv.getPodsData().entrySet().stream() - // JWTProxy container doesn't need proxy settings since it never does any outbound - // requests, and setting of it may fail accessing internal addresses. - .filter(entry -> !entry.getKey().equals(JWT_PROXY_POD_NAME)) - .flatMap( - entry -> - Stream.concat( - entry.getValue().getSpec().getContainers().stream(), - entry.getValue().getSpec().getInitContainers().stream())) - .forEach( - container -> - proxyEnvVars.forEach((k, v) -> container.getEnv().add(new EnvVar(k, v, null)))); - } - } -} diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisionerTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisionerTest.java index e40821986a..4ff4ccb580 100644 --- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisionerTest.java +++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesEnvironmentProvisionerTest.java @@ -25,7 +25,6 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ImagePullSe import org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesTrustedCAProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.NodeSelectorProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.PodTerminationGracePeriodProvisioner; -import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.SecurityContextProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ServiceAccountProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.SshKeysProvisioner; @@ -69,7 +68,6 @@ public class KubernetesEnvironmentProvisionerTest { @Mock private TlsProvisioner externalServerIngressTlsProvisioner; @Mock private ImagePullSecretProvisioner imagePullSecretProvisioner; - @Mock private ProxySettingsProvisioner proxySettingsProvisioner; @Mock private ServiceAccountProvisioner serviceAccountProvisioner; @Mock private CertificateProvisioner certificateProvisioner; @Mock private SshKeysProvisioner sshKeysProvisioner; @@ -100,7 +98,6 @@ public class KubernetesEnvironmentProvisionerTest { podTerminationGracePeriodProvisioner, externalServerIngressTlsProvisionerProvider, imagePullSecretProvisioner, - proxySettingsProvisioner, nodeSelectorProvisioner, tolerationsProvisioner, serviceAccountProvisioner, @@ -124,7 +121,6 @@ public class KubernetesEnvironmentProvisionerTest { podTerminationGracePeriodProvisioner, externalServerIngressTlsProvisioner, imagePullSecretProvisioner, - proxySettingsProvisioner, serviceAccountProvisioner, certificateProvisioner, gitConfigProvisioner, @@ -152,7 +148,6 @@ public class KubernetesEnvironmentProvisionerTest { .verify(podTerminationGracePeriodProvisioner) .provision(eq(k8sEnv), eq(runtimeIdentity)); provisionOrder.verify(imagePullSecretProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity)); - provisionOrder.verify(proxySettingsProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity)); provisionOrder.verify(serviceAccountProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity)); provisionOrder.verify(certificateProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity)); provisionOrder.verify(gitConfigProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity)); diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/ProxySettingsProvisionerTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/ProxySettingsProvisionerTest.java deleted file mode 100644 index 083fb39211..0000000000 --- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/ProxySettingsProvisionerTest.java +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (c) 2012-2021 Red Hat, Inc. - * This program and the accompanying materials are made - * available under the terms of the Eclipse Public License 2.0 - * which is available at https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Red Hat, Inc. - initial API and implementation - */ -package org.eclipse.che.workspace.infrastructure.kubernetes.provision; - -import static org.eclipse.che.commons.lang.NameGenerator.generate; -import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner.HTTPS_PROXY; -import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner.HTTP_PROXY; -import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner.NO_PROXY; -import static org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.JwtProxyProvisioner.JWT_PROXY_POD_NAME; -import static org.mockito.Mockito.lenient; -import static org.testng.Assert.assertTrue; - -import io.fabric8.kubernetes.api.model.Container; -import io.fabric8.kubernetes.api.model.ContainerBuilder; -import io.fabric8.kubernetes.api.model.EnvVar; -import io.fabric8.kubernetes.api.model.Pod; -import io.fabric8.kubernetes.api.model.PodBuilder; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.stream.Stream; -import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity; -import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment; -import org.mockito.Mock; -import org.mockito.testng.MockitoTestNGListener; -import org.testng.annotations.BeforeMethod; -import org.testng.annotations.Listeners; -import org.testng.annotations.Test; - -@Listeners(MockitoTestNGListener.class) -public class ProxySettingsProvisionerTest { - - private static final String WORKSPACE_ID = "workspace123"; - - private static final String HTTP_PROXY_VALUE = "http.proxy1.somewhere.com:3128"; - private static final String HTTPS_PROXY_VALUE = "https.proxy2.somewhere.com:8080"; - private static final String NO_PROXY_VALUE = "localhost,127.0.0.1"; - - @Mock private RuntimeIdentity runtimeId; - - private ProxySettingsProvisioner provisioner; - - @BeforeMethod - public void setUp() { - lenient().when(runtimeId.getWorkspaceId()).thenReturn(WORKSPACE_ID); - provisioner = new ProxySettingsProvisioner(HTTPS_PROXY_VALUE, HTTP_PROXY_VALUE, NO_PROXY_VALUE); - } - - @Test - public void shouldApplyProxySettingsToAllContainers() throws Exception { - - Map pods = new HashMap<>(); - Pod pod1 = pods.put("pod1", buildPod("pod1", buildContainers(2))); - pods.put("pod2", buildPod("pod2", buildContainers(3))); - - KubernetesEnvironment k8sEnv = KubernetesEnvironment.builder().setPods(pods).build(); - provisioner.provision(k8sEnv, runtimeId); - - assertTrue( - k8sEnv.getPodsData().values().stream() - .flatMap(pod -> pod.getSpec().getContainers().stream()) - .allMatch( - container -> - container.getEnv().contains(new EnvVar(HTTP_PROXY, HTTP_PROXY_VALUE, null)) - && container - .getEnv() - .contains(new EnvVar(HTTPS_PROXY, HTTPS_PROXY_VALUE, null)) - && container - .getEnv() - .contains(new EnvVar(NO_PROXY, NO_PROXY_VALUE, null)))); - } - - @Test - public void shouldNotApplyProxySettingsToJWTProxyContainer() throws Exception { - - Map pods = new HashMap<>(); - pods.put(JWT_PROXY_POD_NAME, buildPod(JWT_PROXY_POD_NAME, buildContainers(2))); - - KubernetesEnvironment k8sEnv = KubernetesEnvironment.builder().setPods(pods).build(); - provisioner.provision(k8sEnv, runtimeId); - - assertTrue( - k8sEnv.getPodsData().values().stream() - .filter(pod -> pod.getMetadata().getName().equals(JWT_PROXY_POD_NAME)) - .flatMap(pod -> pod.getSpec().getContainers().stream()) - .noneMatch( - container -> - container.getEnv().contains(new EnvVar(HTTP_PROXY, HTTP_PROXY_VALUE, null)) - || container - .getEnv() - .contains(new EnvVar(HTTPS_PROXY, HTTPS_PROXY_VALUE, null)) - || container - .getEnv() - .contains(new EnvVar(NO_PROXY, NO_PROXY_VALUE, null)))); - } - - @Test - public void shouldApplyProxySettingsToInitContainers() throws Exception { - Map pods = new HashMap<>(); - Pod pod1 = buildPod("pod1", buildContainers(3)); - pod1.getSpec().setInitContainers(Arrays.asList(buildContainers(2))); - pods.put("pod1", pod1); - - KubernetesEnvironment k8sEnv = KubernetesEnvironment.builder().setPods(pods).build(); - provisioner.provision(k8sEnv, runtimeId); - - assertTrue( - k8sEnv.getPodsData().values().stream() - .flatMap( - pod -> - Stream.concat( - pod.getSpec().getContainers().stream(), - pod.getSpec().getInitContainers().stream())) - .allMatch( - container -> - container.getEnv().contains(new EnvVar(HTTP_PROXY, HTTP_PROXY_VALUE, null)) - && container - .getEnv() - .contains(new EnvVar(HTTPS_PROXY, HTTPS_PROXY_VALUE, null)) - && container - .getEnv() - .contains(new EnvVar(NO_PROXY, NO_PROXY_VALUE, null)))); - } - - private Pod buildPod(String podName, Container... containers) { - return new PodBuilder() - .withNewMetadata() - .withName(podName) - .endMetadata() - .withNewSpec() - .withContainers(containers) - .endSpec() - .build(); - } - - private Container[] buildContainers(int size) { - List result = new ArrayList<>(); - for (int i = 0; i < size; i++) { - result.add( - new ContainerBuilder() - .withName(generate("container-", 4)) - .withNewResources() - .endResources() - .build()); - } - return result.toArray(new Container[size]); - } -} diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisioner.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisioner.java index e16d2796d3..f2a261b01c 100644 --- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisioner.java +++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisioner.java @@ -25,7 +25,6 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.provision.GitConfigPr import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ImagePullSecretProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.NodeSelectorProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.PodTerminationGracePeriodProvisioner; -import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ServiceAccountProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.SshKeysProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.TlsProvisioner; @@ -66,7 +65,6 @@ public class OpenShiftEnvironmentProvisioner private final ContainerResourceProvisioner resourceLimitRequestProvisioner; private final PodTerminationGracePeriodProvisioner podTerminationGracePeriodProvisioner; private final ImagePullSecretProvisioner imagePullSecretProvisioner; - private final ProxySettingsProvisioner proxySettingsProvisioner; private final NodeSelectorProvisioner nodeSelectorProvisioner; private final TolerationsProvisioner tolerationsProvisioner; private final ServiceAccountProvisioner serviceAccountProvisioner; @@ -89,7 +87,6 @@ public class OpenShiftEnvironmentProvisioner ContainerResourceProvisioner resourceLimitRequestProvisioner, PodTerminationGracePeriodProvisioner podTerminationGracePeriodProvisioner, ImagePullSecretProvisioner imagePullSecretProvisioner, - ProxySettingsProvisioner proxySettingsProvisioner, NodeSelectorProvisioner nodeSelectorProvisioner, TolerationsProvisioner tolerationsProvisioner, ServiceAccountProvisioner serviceAccountProvisioner, @@ -109,7 +106,6 @@ public class OpenShiftEnvironmentProvisioner this.resourceLimitRequestProvisioner = resourceLimitRequestProvisioner; this.podTerminationGracePeriodProvisioner = podTerminationGracePeriodProvisioner; this.imagePullSecretProvisioner = imagePullSecretProvisioner; - this.proxySettingsProvisioner = proxySettingsProvisioner; this.nodeSelectorProvisioner = nodeSelectorProvisioner; this.tolerationsProvisioner = tolerationsProvisioner; this.serviceAccountProvisioner = serviceAccountProvisioner; @@ -145,7 +141,6 @@ public class OpenShiftEnvironmentProvisioner tolerationsProvisioner.provision(osEnv, identity); podTerminationGracePeriodProvisioner.provision(osEnv, identity); imagePullSecretProvisioner.provision(osEnv, identity); - proxySettingsProvisioner.provision(osEnv, identity); serviceAccountProvisioner.provision(osEnv, identity); certificateProvisioner.provision(osEnv, identity); sshKeysProvisioner.provision(osEnv, identity); diff --git a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisionerTest.java b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisionerTest.java index d7a025c0b6..d00778e088 100644 --- a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisionerTest.java +++ b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftEnvironmentProvisionerTest.java @@ -23,7 +23,6 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.provision.GitConfigPr import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ImagePullSecretProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.NodeSelectorProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.PodTerminationGracePeriodProvisioner; -import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ProxySettingsProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.ServiceAccountProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.SshKeysProvisioner; import org.eclipse.che.workspace.infrastructure.kubernetes.provision.TlsProvisionerProvider; @@ -64,7 +63,6 @@ public class OpenShiftEnvironmentProvisionerTest { @Mock private ContainerResourceProvisioner ramLimitProvisioner; @Mock private PodTerminationGracePeriodProvisioner podTerminationGracePeriodProvisioner; @Mock private ImagePullSecretProvisioner imagePullSecretProvisioner; - @Mock private ProxySettingsProvisioner proxySettingsProvisioner; @Mock private ServiceAccountProvisioner serviceAccountProvisioner; @Mock private CertificateProvisioner certificateProvisioner; @Mock private SshKeysProvisioner sshKeysProvisioner; @@ -94,7 +92,6 @@ public class OpenShiftEnvironmentProvisionerTest { ramLimitProvisioner, podTerminationGracePeriodProvisioner, imagePullSecretProvisioner, - proxySettingsProvisioner, nodeSelectorProvisioner, tolerationsProvisioner, serviceAccountProvisioner, @@ -118,7 +115,6 @@ public class OpenShiftEnvironmentProvisionerTest { tolerationsProvisioner, podTerminationGracePeriodProvisioner, imagePullSecretProvisioner, - proxySettingsProvisioner, serviceAccountProvisioner, certificateProvisioner, sshKeysProvisioner, @@ -145,7 +141,6 @@ public class OpenShiftEnvironmentProvisionerTest { .verify(podTerminationGracePeriodProvisioner) .provision(eq(osEnv), eq(runtimeIdentity)); provisionOrder.verify(imagePullSecretProvisioner).provision(eq(osEnv), eq(runtimeIdentity)); - provisionOrder.verify(proxySettingsProvisioner).provision(eq(osEnv), eq(runtimeIdentity)); provisionOrder.verify(serviceAccountProvisioner).provision(eq(osEnv), eq(runtimeIdentity)); provisionOrder.verify(certificateProvisioner).provision(eq(osEnv), eq(runtimeIdentity)); provisionOrder.verify(sshKeysProvisioner).provision(eq(osEnv), eq(runtimeIdentity));