Try adding support for generic proxy to domain proxy.

Author: tecarter94

deploy/tasks/buildah-oci-ta.yaml

@@ -146,8 +146,17 @@ spec:
     - name: PROXY_TARGET_WHITELIST
       description: Comma separated whitelist of target hosts for the domain proxy.
       type: string
-    - name: CACHE_URL
-      description: Cache URL.
+    - name: INTERNAL_PROXY_ADDRESS
+      description: Host and port of proxy used internally by the domain proxy.
+      type: string
+    - name: INTERNAL_PROXY_USER
+      description: User of proxy used internally by the domain proxy.
+      type: string
+    - name: INTERNAL_PROXY_PASSWORD
+      description: Password of proxy used internally by the domain proxy.
+      type: string
+    - name: INTERNAL_NON_PROXY_HOSTS
+      description: Comma separated list of target hosts that bypass the proxy used internally by the domain proxy.
       type: string
   results:
     - name: IMAGE_DIGEST
@@ -240,8 +249,14 @@ spec:
         value: $(params.BYTE_BUFFER_SIZE)
       - name: PROXY_TARGET_WHITELIST
         value: $(params.PROXY_TARGET_WHITELIST)
-      - name: CACHE_URL
-        value: $(params.CACHE_URL)
+      - name: INTERNAL_PROXY_ADDRESS
+        value: $(params.INTERNAL_PROXY_ADDRESS)
+      - name: INTERNAL_PROXY_USER
+        value: $(params.INTERNAL_PROXY_USER)
+      - name: INTERNAL_PROXY_PASSWORD
+        value: $(params.INTERNAL_PROXY_PASSWORD)
+      - name: INTERNAL_NON_PROXY_HOSTS
+        value: $(params.INTERNAL_NON_PROXY_HOSTS)
     volumeMounts:
       - mountPath: /shared
         name: shared
@@ -398,7 +413,6 @@ spec:
             echo ${DOMAIN_PROXY_ARGS[@]} # TODO remove
             /app/domain-proxy-server-runner &
             server_pid=$!
-            curl -v "${CACHE_URL}/org/apache/maven/plugins/maven-jar-plugin/3.4.1/maven-jar-plugin-3.4.1.jar"
           fi
         fi
 

java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java

@@ -89,8 +89,6 @@ public void run() {
 
             export http_proxy=http://localhost:8080
             export https_proxy=${http_proxy}
-            export HTTP_PROXY=${http_proxy}
-            export HTTPS_PROXY=${http_proxy}
             #fix this when we no longer need to run as root
             export HOME=${HOME:=/root}
             # Custom base working directory.
@@ -108,7 +106,6 @@ public void run() {
             # useful if Gradle/Ant also requires Maven configured.
             export MAVEN_HOME=${MAVEN_HOME:=/opt/maven/3.8.8}
             export GRADLE_USER_HOME="${JBS_WORKDIR}/software/settings/.gradle"
-            curl -v "${PROXY_URL}/org/apache/maven/plugins/maven-jar-plugin/3.4.1/maven-jar-plugin-3.4.1.jar"
 
             mkdir -p ${JBS_WORKDIR}/logs ${JBS_WORKDIR}/packages ${JBS_WORKDIR}/settings ${HOME}/.sbt/1.0 ${GRADLE_USER_HOME} ${HOME}/.m2
             cd ${JBS_WORKDIR}/source
@@ -183,8 +180,6 @@ private String getContainerFile() {
             ENV PROXY_URL=$PROXY_URL
             ENV http_proxy=http://localhost:8080
             ENV https_proxy=${http_proxy}
-            ENV HTTP_PROXY=${http_proxy}
-            ENV HTTPS_PROXY=${http_proxy}
             COPY .jbs/run-build.sh /var/workdir
             COPY . /var/workdir/workspace/source/
             RUN /var/workdir/run-build.sh
@@ -412,9 +407,7 @@ private String getAntSetup() {
                 <property name="local-pattern" value="\\${user.home}/.m2/repository/[organisation]/[module]/[revision]/[module]-[revision](-[classifier]).[ext]"/>
                 <settings defaultResolver="defaultChain"/>
                 <resolvers>
-                    <ibiblio name="default" root="\\${cache-url}" pattern="\\${default-pattern}" m2compatible="true">
-                        <proxy host="localhost" port="8080" />
-                    </ibiblio>
+                    <ibiblio name="default" root="\\${cache-url}" pattern="\\${default-pattern}" m2compatible="true"/>
                     <filesystem name="local" m2compatible="true">
                         <artifact pattern="\\${local-pattern}"/>
                         <ivy pattern="\\${local-pattern}"/>

java-components/domain-proxy/server/src/main/java/com/redhat/hacbs/domainproxy/ExternalProxyVerticle.java

@@ -35,6 +35,10 @@ public class ExternalProxyVerticle extends AbstractVerticle {
     @ConfigProperty(name = "proxy-target-whitelist")
     Set<String> proxyTargetWhitelist;
 
+    @Inject
+    @ConfigProperty(name = "quarkus.rest-client.non-proxy-hosts")
+    Set<String> nonProxyHosts;
+
     private final WebClient webClient;
     private final NetClient netClient;
     private final HttpServer httpServer;
@@ -125,8 +129,8 @@ private void handleConnectRequest(final HttpServerRequest request) {
 
     private boolean isTargetWhitelisted(final String targetHost, final HttpServerRequest request) {
         Log.infof("Target %s", targetHost);
-        if (!proxyTargetWhitelist.contains(targetHost)) {
-            Log.error("Target is not in whitelist");
+        if (!proxyTargetWhitelist.contains(targetHost) && !nonProxyHosts.contains(targetHost)) {
+            Log.error("Target is not whitelisted or a non-proxy host");
             request.response()
                     .setStatusCode(HttpResponseStatus.NOT_FOUND.code())
                     .setStatusMessage(HttpResponseStatus.NOT_FOUND.reasonPhrase())

java-components/domain-proxy/server/src/main/resources/application.properties

@@ -2,4 +2,8 @@ server-domain-socket=${DOMAIN_SOCKET:/tmp/domain-server}
 server-http-port=2000
 byte-buffer-size=${BYTE_BUFFER_SIZE:1024}
 proxy-target-whitelist=${PROXY_TARGET_WHITELIST:repo.maven.apache.org,repository.jboss.org,packages.confluent.io,jitpack.io,repo.gradle.org,plugins.gradle.org}
+quarkus.rest-client.proxy-address=${INTERNAL_PROXY_ADDRESS:indy-generic-proxy:80}
+quarkus.rest-client.proxy-user=${INTERNAL_PROXY_USER}
+quarkus.rest-client.proxy-password=${INTERNAL_PROXY_PASSWORD}
+quarkus.rest-client.non-proxy-hosts=${INTERNAL_NON_PROXY_HOSTS:localhost}
 quarkus.log.level=DEBUG

pkg/reconciler/dependencybuild/buildrecipeyaml.go

@@ -556,14 +556,35 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					Name: "PROXY_TARGET_WHITELIST",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: whitelistUrl.Host + ",cdn-ubi.redhat.com",
+						StringVal: "cdn-ubi.redhat.com",
 					},
 				},
 				{
-					Name: "CACHE_URL",
+					Name: "INTERNAL_PROXY_ADDRESS",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: cacheUrl,
+						StringVal: "indy-generic-proxy:80",
+					},
+				},
+				{
+					Name: "INTERNAL_PROXY_USER",
+					Value: tektonpipeline.ParamValue{
+						Type:      tektonpipeline.ParamTypeString,
+						StringVal: "${BUILD_ID}+tracking",
+					},
+				},
+				{
+					Name: "INTERNAL_PROXY_PASSWORD",
+					Value: tektonpipeline.ParamValue{
+						Type:      tektonpipeline.ParamTypeString,
+						StringVal: "${ACCESS_TOKEN}",
+					},
+				},
+				{
+					Name: "INTERNAL_NON_PROXY_HOSTS",
+					Value: tektonpipeline.ParamValue{
+						Type:      tektonpipeline.ParamTypeString,
+						StringVal: whitelistUrl.Host + ",localhost",
 					},
 				},
 			},