introducing env to git pipeline resource

Git resource parameters now support, httpProxy, httpsProxy, and noProxy. All three parameters are optional, no validation done on any. Its user's responsibility to specify valid values and specify whichever is needed based on their use case. e.g.: ``` inputs: resources: - name: skaffold resourceSpec: type: git params: - name: revision value: master - name: url value: https://github.com/GoogleContainerTools/skaffold - name: httpProxy value: "http.proxy.com" - name: httpsProxy value: "https.proxy.com" - name: noProxy value: "no.proxy.com" ```
tektoncd · Mar 18, 2020 · a10e779 · a10e779
1 parent 153f1d1
commit a10e779
Show file tree

Hide file tree

Showing 6 changed files with 492 additions and 37 deletions.
diff --git a/docs/resources.md b/docs/resources.md
@@ -377,6 +377,38 @@ spec:
       value: refs/pull/52525/head
 ```
 
+#### Using HTTP/HTTPS Proxy
+
+The `httpProxy` and `httpsProxy` parameter can be used to proxy non-SSL/SSL requests, for example to use an enterprise
+proxy server for SSL requests:
+
+```yaml
+spec:
+  type: git
+  params:
+    - name: url
+      value: https://github.com/bobcatfish/wizzbang.git
+    - name: httpsProxy
+      value: "my-enterprise.proxy.com"
+```
+
+#### Using No Proxy
+
+The `noProxy` parameter can be used to opt out of proxying, for example, to not proxy HTTP/HTTPS requests to
+`no.proxy.com`:
+
+```yaml
+spec:
+  type: git
+  params:
+    - name: url
+      value: https://github.com/bobcatfish/wizzbang.git
+    - name: noProxy
+      value: "no.proxy.com"
+```
+
+Note: `httpProxy`, `httpsProxy`, and `noProxy` are all optional but no validation done if all three are specified.
+
 ### Pull Request Resource
 
 The `pullRequest` resource represents a pull request event from a source control

diff --git a/examples/v1alpha1/taskruns/git-resource.yaml b/examples/v1alpha1/taskruns/git-resource.yaml
@@ -69,3 +69,58 @@ spec:
             value: pull/2932/head
           - name: url
             value: https://github.com/GoogleContainerTools/skaffold
+
+---
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  generateName: git-resource-sslverify-
+spec:
+  taskSpec:
+    inputs:
+      resources:
+        - name: skaffold
+          type: git
+    steps:
+      - image: ubuntu
+        script: cat skaffold/README.md
+  inputs:
+    resources:
+      - name: skaffold
+        resourceSpec:
+          type: git
+          params:
+            - name: revision
+              value: master
+            - name: url
+              value: https://github.com/GoogleContainerTools/skaffold
+            - name: sslVerify
+              value: "false"
+---
+
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  generateName: git-resource-no-proxy-
+spec:
+  taskSpec:
+    inputs:
+      resources:
+        - name: skaffold
+          type: git
+    steps:
+      - image: ubuntu
+        script: cat skaffold/README.md
+  inputs:
+    resources:
+      - name: skaffold
+        resourceSpec:
+          type: git
+          params:
+            - name: revision
+              value: master
+            - name: url
+              value: https://github.com/GoogleContainerTools/skaffold
+            - name: noProxy
+              value: "google.com"
+---
diff --git a/pkg/apis/resource/v1alpha1/git/git_resource.go b/pkg/apis/resource/v1alpha1/git/git_resource.go
@@ -44,9 +44,12 @@ type Resource struct {
 	Revision   string `json:"revision"`
 	Submodules bool   `json:"submodules"`
 
-	Depth     uint   `json:"depth"`
-	SSLVerify bool   `json:"sslVerify"`
-	GitImage  string `json:"-"`
+	Depth      uint   `json:"depth"`
+	SSLVerify  bool   `json:"sslVerify"`
+	HTTPProxy  string `json:"httpProxy"`
+	HTTPSProxy string `json:"httpsProxy"`
+	NOProxy    string `json:"noProxy"`
+	GitImage   string `json:"-"`
 }
 
 // NewResource creates a new git resource to pass to a Task
@@ -74,6 +77,12 @@ func NewResource(gitImage string, r *resource.PipelineResource) (*Resource, erro
 			gitResource.Depth = toUint(param.Value, 1)
 		case strings.EqualFold(param.Name, "SSLVerify"):
 			gitResource.SSLVerify = toBool(param.Value, true)
+		case strings.EqualFold(param.Name, "HTTPProxy"):
+			gitResource.HTTPProxy = param.Value
+		case strings.EqualFold(param.Name, "HTTPSProxy"):
+			gitResource.HTTPSProxy = param.Value
+		case strings.EqualFold(param.Name, "NOProxy"):
+			gitResource.NOProxy = param.Value
 		}
 	}
 	// default revision to master if nothing is provided
@@ -120,12 +129,15 @@ func (s *Resource) GetURL() string {
 // Replacements is used for template replacement on a GitResource inside of a Taskrun.
 func (s *Resource) Replacements() map[string]string {
 	return map[string]string{
-		"name":      s.Name,
-		"type":      s.Type,
-		"url":       s.URL,
-		"revision":  s.Revision,
-		"depth":     strconv.FormatUint(uint64(s.Depth), 10),
-		"sslVerify": strconv.FormatBool(s.SSLVerify),
+		"name":       s.Name,
+		"type":       s.Type,
+		"url":        s.URL,
+		"revision":   s.Revision,
+		"depth":      strconv.FormatUint(uint64(s.Depth), 10),
+		"sslVerify":  strconv.FormatBool(s.SSLVerify),
+		"httpProxy":  s.HTTPProxy,
+		"httpsProxy": s.HTTPSProxy,
+		"noProxy":    s.NOProxy,
 	}
 }
 
@@ -147,6 +159,23 @@ func (s *Resource) GetInputTaskModifier(_ *v1alpha1.TaskSpec, path string) (v1al
 		args = append(args, "-sslVerify=false")
 	}
 
+	env := []corev1.EnvVar{{
+		Name:  "TEKTON_RESOURCE_NAME",
+		Value: s.Name,
+	}}
+
+	if len(s.HTTPProxy) != 0 {
+		env = append(env, corev1.EnvVar{Name: "HTTP_PROXY", Value: s.HTTPProxy})
+	}
+
+	if len(s.HTTPSProxy) != 0 {
+		env = append(env, corev1.EnvVar{Name: "HTTPS_PROXY", Value: s.HTTPSProxy})
+	}
+
+	if len(s.NOProxy) != 0 {
+		env = append(env, corev1.EnvVar{Name: "NO_PROXY", Value: s.NOProxy})
+	}
+
 	step := v1alpha1.Step{
 		Container: corev1.Container{
 			Name:       names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(gitSource + "-" + s.Name),
@@ -155,10 +184,7 @@ func (s *Resource) GetInputTaskModifier(_ *v1alpha1.TaskSpec, path string) (v1al
 			Args:       args,
 			WorkingDir: pipeline.WorkspaceDir,
 			// This is used to populate the ResourceResult status.
-			Env: []corev1.EnvVar{{
-				Name:  "TEKTON_RESOURCE_NAME",
-				Value: s.Name,
-			}},
+			Env: env,
 		},
 	}