Rename whitelist to allowlist. Restore ability to override domain proxy version.

tecarter94 · rnc · commit cb42e4cbe38b · 2025-01-13T11:23:59.000Z
diff --git a/deploy/openshift-ci.sh b/deploy/openshift-ci.sh
@@ -11,6 +11,8 @@ echo "jvm build service jvm cache image:"
 echo ${JVM_BUILD_SERVICE_CACHE_IMAGE}
 echo "jvm build service jvm reqprocessor image:"
 echo ${JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE}
+echo "jvm build service jvm domain proxy image:"
+echo ${JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE}
 
 function waitFor() {
     endTime=$(( $(date +%s) + 600 ))
diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml
@@ -155,8 +155,8 @@ spec:
       description: The idle timeout in milliseconds to use for the domain proxy.
       type: string
       default: 30000
-    - name: DOMAIN_PROXY_TARGET_WHITELIST
-      description: Comma separated whitelist of target hosts for the domain proxy.
+    - name: DOMAIN_PROXY_TARGET_ALLOWLIST
+      description: Comma separated list of allowed target hosts for the domain proxy.
       type: string
       default: ""
     - name: DOMAIN_PROXY_ENABLE_INTERNAL_PROXY
@@ -303,8 +303,8 @@ spec:
         value: $(params.DOMAIN_PROXY_CONNECTION_TIMEOUT)
       - name: DOMAIN_PROXY_IDLE_TIMEOUT
         value: $(params.DOMAIN_PROXY_IDLE_TIMEOUT)
-      - name: DOMAIN_PROXY_TARGET_WHITELIST
-        value: $(params.DOMAIN_PROXY_TARGET_WHITELIST)
+      - name: DOMAIN_PROXY_TARGET_ALLOWLIST
+        value: $(params.DOMAIN_PROXY_TARGET_ALLOWLIST)
       - name: DOMAIN_PROXY_ENABLE_INTERNAL_PROXY
         value: $(params.DOMAIN_PROXY_ENABLE_INTERNAL_PROXY)
       - name: DOMAIN_PROXY_INTERNAL_PROXY_HOST
diff --git a/docs/development.adoc b/docs/development.adoc
@@ -153,6 +153,7 @@ export QUAY_USERNAME=<your-quay-io-account-username>
 export JVM_BUILD_SERVICE_IMAGE=
 export JVM_BUILD_SERVICE_CACHE_IMAGE=
 export JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE=
+export JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE=
 ./deploy/openshift-ci.sh
 make openshift-e2e
 ----
diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go
@@ -7,6 +7,7 @@ import (
 	"github.com/go-logr/logr"
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -30,6 +31,8 @@ const (
 	BuildTaskName     = "build"
 	PostBuildTaskName = "post-build"
 	DeployTaskName    = "deploy"
+
+	DomainProxyImage = "quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/domain-proxy:latest"
 )
 
 //go:embed scripts/maven-build.sh
@@ -481,7 +484,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 		},
 	}
 
-	whitelistUrl, err := url.Parse(cacheUrl)
+	allowlistUrl, err := url.Parse(cacheUrl)
 	if err != nil {
 		return nil, "", err
 	}
@@ -542,7 +545,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					Name: "BUILD_IMAGE",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: DomainProxyImage,
+						StringVal: domainProxyImage(),
 					},
 				},
 				{
@@ -553,10 +556,10 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					},
 				},
 				{
-					Name: "DOMAIN_PROXY_TARGET_WHITELIST",
+					Name: "DOMAIN_PROXY_TARGET_ALLOWLIST",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: whitelistUrl.Host + ",localhost,cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com",
+						StringVal: allowlistUrl.Host + ",localhost,cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com",
 					},
 				},
 				{
@@ -591,7 +594,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					Name: "DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: whitelistUrl.Host + ",localhost",
+						StringVal: allowlistUrl.Host + ",localhost",
 					},
 				},
 			},
@@ -991,3 +994,11 @@ func settingOrDefault(setting, def string) string {
 	}
 	return setting
 }
+
+func domainProxyImage() string {
+	domainProxyImage := os.Getenv("JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE")
+	if len(domainProxyImage) == 0 {
+		domainProxyImage = DomainProxyImage
+	}
+	return domainProxyImage
+}
diff --git a/pkg/reconciler/dependencybuild/dependencybuild.go b/pkg/reconciler/dependencybuild/dependencybuild.go
@@ -73,8 +73,6 @@ const (
 
 	PipelineRunFinalizer = "jvmbuildservice.io/finalizer"
 	DeploySuffix         = "-deploy"
-
-	DomainProxyImage = "quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/domain-proxy:latest"
 )
 
 type ReconcileDependencyBuild struct {

Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,6 @@ const (`
`73`	`73`
`74`	`74`	`PipelineRunFinalizer = "jvmbuildservice.io/finalizer"`
`75`	`75`	`DeploySuffix = "-deploy"`
`76`		`-`
`77`		`- DomainProxyImage = "quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/domain-proxy:latest"`
`78`	`76`	`)`
`79`	`77`
`80`	`78`	`type ReconcileDependencyBuild struct {`