[feat]: [AH-724]: ECR upstream proxy support (#3181)

* [fix]: [AH-724]: pr checks * [fix]: [AH-724]: pr checks * [fix]: [AH-724]: pr checks * [fix]: [AH-724]: fix upstream proxy update * [fix]: [AH-724]: fix upstream proxy update * [fix]: [AH-724]: fix upstream proxy update * Merge branch 'main' of https://git0.harness.io/l7B_kbSEQD2wjrM7PShm5w/PROD/Harness_Commons/gitness into AH-724-schema-change * [feat]: [AH-724]: ECR upstream proxy support
harness · Jan 6, 2025 · 016a0ce · 016a0ce
1 parent 0ac9a3a
commit 016a0ce
Show file tree

Hide file tree

Showing 19 changed files with 718 additions and 178 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -460,6 +460,10 @@ issues:
       linters: [ goheader ]
     - path: "^registry/app/remote/adapter/dockerhub/adapter.go"
       linters: [ goheader ]
+    - path: "^registry/app/remote/adapter/awsecr/adapter.go"
+      linters: [ goheader ]
+    - path: "^registry/app/remote/adapter/awsecr/auth.go"
+      linters: [ goheader ]
     - path: "^registry/app/remote/adapter/dockerhub/client.go"
       linters: [ goheader ]
     - path: "^registry/app/remote/adapter/dockerhub/consts.go"

diff --git a/.../postgres/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.down.sql b/.../postgres/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE upstream_proxy_configs DROP COLUMN upstream_proxy_config_user_name_secret_space_id;
+ALTER TABLE upstream_proxy_configs DROP COLUMN upstream_proxy_config_user_name_secret_identifier;
diff --git a/...te/postgres/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.up.sql b/...te/postgres/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE upstream_proxy_configs ADD COLUMN upstream_proxy_config_user_name_secret_space_id INTEGER;
+ALTER TABLE upstream_proxy_configs ADD COLUMN upstream_proxy_config_user_name_secret_identifier TEXT;
diff --git a/...te/sqlite/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.down.sql b/...te/sqlite/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE upstream_proxy_configs DROP COLUMN upstream_proxy_config_user_name_secret_space_id;
+ALTER TABLE upstream_proxy_configs DROP COLUMN upstream_proxy_config_user_name_secret_identifier;
diff --git a/...rate/sqlite/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.up.sql b/...rate/sqlite/0093_alter_table_upstream_proxy_configs_add_username_secret_identifier.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE upstream_proxy_configs ADD COLUMN upstream_proxy_config_user_name_secret_space_id INTEGER;
+ALTER TABLE upstream_proxy_configs ADD COLUMN upstream_proxy_config_user_name_secret_identifier TEXT;
diff --git a/registry/app/api/controller/metadata/base.go b/registry/app/api/controller/metadata/base.go
@@ -364,6 +364,18 @@ func CreateUpstreamProxyResponseJSONResponse(upstreamproxy *types.UpstreamProxy)
 		auth.SecretIdentifier = &upstreamproxy.SecretIdentifier
 		auth.SecretSpacePath = &upstreamproxy.SecretSpacePath
 		_ = configAuth.FromUserPassword(auth)
+	} else if api.AuthType(upstreamproxy.RepoAuthType) == api.AuthTypeAccessKeySecretKey {
+		auth := api.AccessKeySecretKey{}
+		auth.AccessKey = &upstreamproxy.UserName
+		auth.AccessKeySecretIdentifier = &upstreamproxy.UserNameSecretIdentifier
+		auth.AccessKeySecretSpacePath = &upstreamproxy.UserNameSecretSpacePath
+		auth.SecretKeyIdentifier = upstreamproxy.SecretIdentifier
+		auth.SecretKeySpacePath = &upstreamproxy.SecretSpacePath
+		err := configAuth.FromAccessKeySecretKey(auth)
+		if err != nil {
+			log.Warn().Msgf("error in converting auth config to access and secret key: %v", err)
+			return &api.RegistryResponseJSONResponse{}
+		}
 	}
 
 	source := api.UpstreamConfigSource(upstreamproxy.Source)

diff --git a/registry/app/api/controller/metadata/create_registry.go b/registry/app/api/controller/metadata/create_registry.go
@@ -267,6 +267,7 @@ func CreateRegistryEntity(
 	return entity, nil
 }
 
+//nolint:gocognit,cyclop
 func (c *APIController) CreateUpstreamProxyEntity(
 	ctx context.Context, dto artifact.RegistryRequest, parentID int64, rootParentID int64,
 ) (*registrytypes.Registry, *registrytypes.UpstreamProxyConfig, error) {
@@ -316,6 +317,7 @@ func (c *APIController) CreateUpstreamProxyEntity(
 		}
 		upstreamProxyConfigEntity.Source = string(*config.Source)
 	}
+	//nolint:nestif
 	if config.AuthType == artifact.AuthTypeUserPassword {
 		res, err := config.Auth.AsUserPassword()
 		if err != nil {
@@ -326,12 +328,47 @@ func (c *APIController) CreateUpstreamProxyEntity(
 			return nil, nil, fmt.Errorf("failed to create upstream proxy: secret_identifier missing")
 		}
 
-		upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretSpacePath)
+		if res.SecretSpacePath != nil && len(*res.SecretSpacePath) > 0 {
+			upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretSpacePath)
+			if err != nil {
+				return nil, nil, err
+			}
+		} else if res.SecretSpaceId != nil {
+			upstreamProxyConfigEntity.SecretSpaceID = *res.SecretSpaceId
+		}
+
+		upstreamProxyConfigEntity.SecretIdentifier = *res.SecretIdentifier
+	} else if config.AuthType == artifact.AuthTypeAccessKeySecretKey {
+		res, err := config.Auth.AsAccessKeySecretKey()
 		if err != nil {
 			return nil, nil, err
 		}
+		switch {
+		case res.AccessKey != nil && len(*res.AccessKey) > 0:
+			upstreamProxyConfigEntity.UserName = *res.AccessKey
+		case res.AccessKeySecretIdentifier == nil:
+			return nil, nil, fmt.Errorf("failed to create upstream proxy: access_key_secret_identifier missing")
+		default:
+			if res.AccessKeySecretSpacePath != nil && len(*res.AccessKeySecretSpacePath) > 0 {
+				upstreamProxyConfigEntity.UserNameSecretSpaceID, err = c.getSecretID(ctx, res.AccessKeySecretSpacePath)
+				if err != nil {
+					return nil, nil, err
+				}
+			} else if res.AccessKeySecretSpaceId != nil {
+				upstreamProxyConfigEntity.UserNameSecretSpaceID = *res.AccessKeySecretSpaceId
+			}
+			upstreamProxyConfigEntity.UserNameSecretIdentifier = *res.AccessKeySecretIdentifier
+		}
 
-		upstreamProxyConfigEntity.SecretIdentifier = *res.SecretIdentifier
+		if res.SecretKeySpacePath != nil && len(*res.SecretKeySpacePath) > 0 {
+			upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretKeySpacePath)
+			if err != nil {
+				return nil, nil, err
+			}
+		} else if res.SecretKeySpaceId != nil {
+			upstreamProxyConfigEntity.SecretSpaceID = *res.SecretKeySpaceId
+		}
+		upstreamProxyConfigEntity.SecretIdentifier = res.SecretKeyIdentifier
 	}
 	return repoEntity, upstreamProxyConfigEntity, nil
 }

diff --git a/registry/app/api/controller/metadata/update_registry.go b/registry/app/api/controller/metadata/update_registry.go
@@ -328,6 +328,7 @@ func UpdateRepoEntity(
 	return entity, nil
 }
 
+//nolint:gocognit,cyclop
 func (c *APIController) UpdateUpstreamProxyEntity(
 	ctx context.Context, dto artifact.RegistryRequest, parentID int64, rootParentID int64, u *types.UpstreamProxy,
 ) (*types.Registry, *types.UpstreamProxyConfig, error) {
@@ -379,7 +380,8 @@ func (c *APIController) UpdateUpstreamProxyEntity(
 	if u.ID != -1 {
 		upstreamProxyConfigEntity.ID = u.ID
 	}
-	if config.AuthType == artifact.AuthTypeUserPassword {
+	switch {
+	case config.AuthType == artifact.AuthTypeUserPassword:
 		res, err := config.Auth.AsUserPassword()
 		if err != nil {
 			return nil, nil, err
@@ -389,12 +391,47 @@ func (c *APIController) UpdateUpstreamProxyEntity(
 			return nil, nil, fmt.Errorf("failed to create upstream proxy: secret_identifier missing")
 		}
 
-		upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretSpacePath)
+		if res.SecretSpacePath != nil && len(*res.SecretSpacePath) > 0 {
+			upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretSpacePath)
+			if err != nil {
+				return nil, nil, err
+			}
+		} else if res.SecretSpaceId != nil {
+			upstreamProxyConfigEntity.SecretSpaceID = *res.SecretSpaceId
+		}
+		upstreamProxyConfigEntity.SecretIdentifier = *res.SecretIdentifier
+	case config.AuthType == artifact.AuthTypeAccessKeySecretKey:
+		res, err := config.Auth.AsAccessKeySecretKey()
 		if err != nil {
 			return nil, nil, err
 		}
-		upstreamProxyConfigEntity.SecretIdentifier = *res.SecretIdentifier
-	} else {
+		switch {
+		case res.AccessKey != nil && len(*res.AccessKey) > 0:
+			upstreamProxyConfigEntity.UserName = *res.AccessKey
+		case res.AccessKeySecretIdentifier == nil:
+			return nil, nil, fmt.Errorf("failed to create upstream proxy: access_key_secret_identifier missing")
+		default:
+			if res.AccessKeySecretSpacePath != nil && len(*res.AccessKeySecretSpacePath) > 0 {
+				upstreamProxyConfigEntity.UserNameSecretSpaceID, err = c.getSecretID(ctx, res.AccessKeySecretSpacePath)
+				if err != nil {
+					return nil, nil, err
+				}
+			} else if res.AccessKeySecretSpaceId != nil {
+				upstreamProxyConfigEntity.UserNameSecretSpaceID = *res.AccessKeySecretSpaceId
+			}
+			upstreamProxyConfigEntity.UserNameSecretIdentifier = *res.AccessKeySecretIdentifier
+		}
+
+		if res.SecretKeySpacePath != nil && len(*res.SecretKeySpacePath) > 0 {
+			upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretKeySpacePath)
+			if err != nil {
+				return nil, nil, err
+			}
+		} else if res.SecretKeySpaceId != nil {
+			upstreamProxyConfigEntity.SecretSpaceID = *res.SecretKeySpaceId
+		}
+		upstreamProxyConfigEntity.SecretIdentifier = res.SecretKeyIdentifier
+	default:
 		upstreamProxyConfigEntity.UserName = ""
 		upstreamProxyConfigEntity.SecretIdentifier = ""
 		upstreamProxyConfigEntity.SecretSpaceID = 0

diff --git a/registry/app/api/controller/metadata/utils.go b/registry/app/api/controller/metadata/utils.go
@@ -107,6 +107,7 @@ var validPackageTypes = []string{
 var validUpstreamSources = []string{
 	string(a.UpstreamConfigSourceCustom),
 	string(a.UpstreamConfigSourceDockerhub),
+	string(a.UpstreamConfigSourceAwsEcr),
 }
 
 func ValidatePackageTypes(packageTypes []string) error {

diff --git a/registry/app/api/openapi/api.yaml b/registry/app/api/openapi/api.yaml
@@ -1490,13 +1490,15 @@ components:
           oneOf:
             - $ref: "#/components/schemas/UserPassword"
             - $ref: "#/components/schemas/Anonymous"
+            - $ref: "#/components/schemas/AccessKeySecretKey"
         url:
           type: string
         source:
           type: string
           enum:
             - Dockerhub
             - Custom
+            - AwsEcr
       x-discriminator-value: UPSTREAM
       required:
         - authType
@@ -1544,6 +1546,7 @@ components:
       description: "Authentication type"
       enum:
         - UserPassword
+        - AccessKeySecretKey
         - Anonymous
     ClientSetupStepType:
       type: string
@@ -1625,9 +1628,28 @@ components:
           type: string
         secretSpacePath:
           type: string
+        secretSpaceId:
+          type: integer
       required:
         - userName
-        - password
+    AccessKeySecretKey:
+      properties:
+        accessKey:
+          type: string
+        accessKeySecretIdentifier:
+          type: string
+        accessKeySecretSpacePath:
+          type: string
+        accessKeySecretSpaceId:
+          type: integer
+        secretKeyIdentifier:
+          type: string
+        secretKeySpacePath:
+          type: string
+        secretKeySpaceId:
+          type: integer
+      required:
+        - secretKeyIdentifier
     Anonymous: {}
   parameters:
     spaceRefQueryParam:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ALTER TABLE upstream_proxy_configs DROP COLUMN upstream_proxy_config_user_name_secret_space_id;
		ALTER TABLE upstream_proxy_configs DROP COLUMN upstream_proxy_config_user_name_secret_identifier;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ALTER TABLE upstream_proxy_configs ADD COLUMN upstream_proxy_config_user_name_secret_space_id INTEGER;
		ALTER TABLE upstream_proxy_configs ADD COLUMN upstream_proxy_config_user_name_secret_identifier TEXT;