diff --git a/app/store/database/migrate/postgres/0070_drop_index_upstream_proxy_configs.down.sql b/app/store/database/migrate/postgres/0070_drop_index_upstream_proxy_configs.down.sql new file mode 100644 index 000000000..a65a8575f --- /dev/null +++ b/app/store/database/migrate/postgres/0070_drop_index_upstream_proxy_configs.down.sql @@ -0,0 +1,4 @@ +alter table upstream_proxy_configs + add constraint fk_layers_secret_identifier_and_secret_space_id + foreign key (upstream_proxy_config_secret_identifier, upstream_proxy_config_secret_space_id) + references secrets(secret_uid, secret_space_id) \ No newline at end of file diff --git a/app/store/database/migrate/postgres/0070_drop_index_upstream_proxy_configs.up.sql b/app/store/database/migrate/postgres/0070_drop_index_upstream_proxy_configs.up.sql new file mode 100644 index 000000000..3b6759ab4 --- /dev/null +++ b/app/store/database/migrate/postgres/0070_drop_index_upstream_proxy_configs.up.sql @@ -0,0 +1,2 @@ +alter table upstream_proxy_configs + drop constraint fk_layers_secret_identifier_and_secret_space_id; \ No newline at end of file diff --git a/app/store/database/migrate/sqlite/0070_drop_index_upstream_proxy_configs.down.sql b/app/store/database/migrate/sqlite/0070_drop_index_upstream_proxy_configs.down.sql new file mode 100644 index 000000000..443b1f1ac --- /dev/null +++ b/app/store/database/migrate/sqlite/0070_drop_index_upstream_proxy_configs.down.sql @@ -0,0 +1,54 @@ +create table upstream_proxy_configs_dg_tmp +( + upstream_proxy_config_id INTEGER + primary key autoincrement, + upstream_proxy_config_registry_id INTEGER not null + constraint fk_upstream_proxy_config_registry_id + references registries + on delete cascade, + upstream_proxy_config_source text, + upstream_proxy_config_url text, + upstream_proxy_config_auth_type text not null, + upstream_proxy_config_user_name text, + upstream_proxy_config_secret_identifier text, + upstream_proxy_config_secret_space_id int, + upstream_proxy_config_token text, + upstream_proxy_config_created_at INTEGER, + upstream_proxy_config_updated_at INTEGER, + upstream_proxy_config_created_by INTEGER, + upstream_proxy_config_updated_by INTEGER, + constraint fk_layers_secret_identifier_and_secret_space_id + foreign key (upstream_proxy_config_secret_identifier, + upstream_proxy_config_secret_space_id) references secrets (secret_uid, secret_space_id) +); + +insert into upstream_proxy_configs_dg_tmp(upstream_proxy_config_id, upstream_proxy_config_registry_id, + upstream_proxy_config_source, upstream_proxy_config_url, + upstream_proxy_config_auth_type, upstream_proxy_config_user_name, + upstream_proxy_config_secret_identifier, + upstream_proxy_config_secret_space_id, upstream_proxy_config_token, + upstream_proxy_config_created_at, upstream_proxy_config_updated_at, + upstream_proxy_config_created_by, upstream_proxy_config_updated_by) +select upstream_proxy_config_id, + upstream_proxy_config_registry_id, + upstream_proxy_config_source, + upstream_proxy_config_url, + upstream_proxy_config_auth_type, + upstream_proxy_config_user_name, + upstream_proxy_config_secret_identifier, + upstream_proxy_config_secret_space_id, + upstream_proxy_config_token, + upstream_proxy_config_created_at, + upstream_proxy_config_updated_at, + upstream_proxy_config_created_by, + upstream_proxy_config_updated_by +from upstream_proxy_configs; + +drop table upstream_proxy_configs; + +alter table upstream_proxy_configs_dg_tmp + rename to upstream_proxy_configs; + +create index index_upstream_proxy_config_on_registry_id + on upstream_proxy_configs (upstream_proxy_config_registry_id); + diff --git a/app/store/database/migrate/sqlite/0070_drop_index_upstream_proxy_configs.up.sql b/app/store/database/migrate/sqlite/0070_drop_index_upstream_proxy_configs.up.sql new file mode 100644 index 000000000..302cde96a --- /dev/null +++ b/app/store/database/migrate/sqlite/0070_drop_index_upstream_proxy_configs.up.sql @@ -0,0 +1,51 @@ +create table upstream_proxy_configs_dg_tmp +( + upstream_proxy_config_id INTEGER + primary key autoincrement, + upstream_proxy_config_registry_id INTEGER not null + constraint fk_upstream_proxy_config_registry_id + references registries + on delete cascade, + upstream_proxy_config_source text, + upstream_proxy_config_url text, + upstream_proxy_config_auth_type text not null, + upstream_proxy_config_user_name text, + upstream_proxy_config_secret_identifier text, + upstream_proxy_config_secret_space_id int, + upstream_proxy_config_token text, + upstream_proxy_config_created_at INTEGER, + upstream_proxy_config_updated_at INTEGER, + upstream_proxy_config_created_by INTEGER, + upstream_proxy_config_updated_by INTEGER +); + +insert into upstream_proxy_configs_dg_tmp(upstream_proxy_config_id, upstream_proxy_config_registry_id, + upstream_proxy_config_source, upstream_proxy_config_url, + upstream_proxy_config_auth_type, upstream_proxy_config_user_name, + upstream_proxy_config_secret_identifier, + upstream_proxy_config_secret_space_id, upstream_proxy_config_token, + upstream_proxy_config_created_at, upstream_proxy_config_updated_at, + upstream_proxy_config_created_by, upstream_proxy_config_updated_by) +select upstream_proxy_config_id, + upstream_proxy_config_registry_id, + upstream_proxy_config_source, + upstream_proxy_config_url, + upstream_proxy_config_auth_type, + upstream_proxy_config_user_name, + upstream_proxy_config_secret_identifier, + upstream_proxy_config_secret_space_id, + upstream_proxy_config_token, + upstream_proxy_config_created_at, + upstream_proxy_config_updated_at, + upstream_proxy_config_created_by, + upstream_proxy_config_updated_by +from upstream_proxy_configs; + +drop table upstream_proxy_configs; + +alter table upstream_proxy_configs_dg_tmp + rename to upstream_proxy_configs; + +create index index_upstream_proxy_config_on_registry_id + on upstream_proxy_configs (upstream_proxy_config_registry_id); + diff --git a/cmd/gitness/wire_gen.go b/cmd/gitness/wire_gen.go index ffc7e6458..b0b96f15d 100644 --- a/cmd/gitness/wire_gen.go +++ b/cmd/gitness/wire_gen.go @@ -435,7 +435,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro manifestService := docker.ManifestServiceProvider(registryRepository, manifestRepository, blobRepository, mediaTypesRepository, manifestReferenceRepository, tagRepository, artifactRepository, artifactStatRepository, layerRepository, gcService, transactor) registryBlobRepository := database2.ProvideRegistryBlobDao(db) localRegistry := docker.LocalRegistryProvider(app, manifestService, blobRepository, registryRepository, manifestRepository, registryBlobRepository, mediaTypesRepository, tagRepository, artifactRepository, artifactStatRepository, gcService, transactor) - upstreamProxyConfigRepository := database2.ProvideUpstreamDao(db, registryRepository) + upstreamProxyConfigRepository := database2.ProvideUpstreamDao(db, registryRepository, spacePathStore) secretService := secret3.ProvideSecretService(secretStore, encrypter, spacePathStore) remoteRegistry := docker.RemoteRegistryProvider(localRegistry, app, upstreamProxyConfigRepository, spacePathStore, secretService) coreController := pkg.CoreControllerProvider(registryRepository) @@ -443,7 +443,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro handler := api2.NewHandlerProvider(dockerController, spaceStore, tokenStore, controller, authenticator, provider, authorizer) registryOCIHandler := router.OCIHandlerProvider(handler) cleanupPolicyRepository := database2.ProvideCleanupPolicyDao(db, transactor) - apiHandler := router.APIHandlerProvider(registryRepository, upstreamProxyConfigRepository, tagRepository, manifestRepository, cleanupPolicyRepository, artifactRepository, storageDriver, spaceStore, transactor, authenticator, provider, authorizer, auditService) + apiHandler := router.APIHandlerProvider(registryRepository, upstreamProxyConfigRepository, tagRepository, manifestRepository, cleanupPolicyRepository, artifactRepository, storageDriver, spaceStore, transactor, authenticator, provider, authorizer, auditService, spacePathStore) appRouter := router.AppRouterProvider(registryOCIHandler, apiHandler) routerRouter := router2.ProvideRouter(ctx, config, authenticator, repoController, reposettingsController, executionController, logsController, spaceController, pipelineController, secretController, triggerController, connectorController, templateController, pluginController, pullreqController, webhookController, githookController, gitInterface, serviceaccountController, controller, principalController, usergroupController, checkController, systemController, uploadController, keywordsearchController, infraproviderController, gitspaceController, migrateController, aiagentController, capabilitiesController, provider, openapiService, appRouter) serverServer := server2.ProvideServer(config, routerRouter) diff --git a/registry/app/api/controller/metadata/base.go b/registry/app/api/controller/metadata/base.go index 62822c2ed..cce319ae2 100644 --- a/registry/app/api/controller/metadata/base.go +++ b/registry/app/api/controller/metadata/base.go @@ -316,13 +316,10 @@ func CreateUpstreamProxyResponseJSONResponse(upstreamproxy *types.UpstreamProxy) if api.AuthType(upstreamproxy.RepoAuthType) == api.AuthTypeUserPassword { auth := api.UserPassword{} auth.UserName = upstreamproxy.UserName - auth.SecretIdentifier = &upstreamproxy.SecretIdentifier.String - auth.SecretSpaceId = nil - if upstreamproxy.SecretSpaceID.Valid { - // Convert int32 to int and assign to the expected field - secretSpaceID := int(upstreamproxy.SecretSpaceID.Int32) - auth.SecretSpaceId = &secretSpaceID - } + auth.SecretIdentifier = &upstreamproxy.SecretIdentifier + secretSpaceIDInt := int(upstreamproxy.SecretSpaceID) + auth.SecretSpaceId = &secretSpaceIDInt + auth.SecretSpacePath = &upstreamproxy.SecretSpacePath _ = configAuth.FromUserPassword(auth) } diff --git a/registry/app/api/controller/metadata/controller.go b/registry/app/api/controller/metadata/controller.go index d719b4d01..f4dfbb6bf 100644 --- a/registry/app/api/controller/metadata/controller.go +++ b/registry/app/api/controller/metadata/controller.go @@ -38,6 +38,7 @@ type APIController struct { URLProvider urlprovider.Provider Authorizer authz.Authorizer AuditService audit.Service + spacePathStore corestore.SpacePathStore } func NewAPIController( @@ -53,6 +54,7 @@ func NewAPIController( urlProvider urlprovider.Provider, authorizer authz.Authorizer, auditService audit.Service, + spacePathStore corestore.SpacePathStore, ) *APIController { return &APIController{ RegistryRepository: repositoryStore, @@ -67,5 +69,6 @@ func NewAPIController( URLProvider: urlProvider, Authorizer: authorizer, AuditService: auditService, + spacePathStore: spacePathStore, } } diff --git a/registry/app/api/controller/metadata/create_registry.go b/registry/app/api/controller/metadata/create_registry.go index 677c04cc8..918ab5fe7 100644 --- a/registry/app/api/controller/metadata/create_registry.go +++ b/registry/app/api/controller/metadata/create_registry.go @@ -75,7 +75,8 @@ func (c *APIController) CreateRegistry( if registryRequest.Config.Type == artifact.RegistryTypeVIRTUAL { return c.createVirtualRegistry(ctx, registryRequest, regInfo, session, parentRef) } - registry, upstreamproxy, err := CreateUpstreamProxyEntity( + registry, upstreamproxy, err := c.CreateUpstreamProxyEntity( + ctx, registryRequest, regInfo.parentID, regInfo.rootIdentifierID, ) @@ -254,10 +255,8 @@ func CreateRegistryEntity( return entity, nil } -func CreateUpstreamProxyEntity( - dto artifact.RegistryRequest, - parentID int64, - rootParentID int64, +func (c *APIController) CreateUpstreamProxyEntity( + ctx context.Context, dto artifact.RegistryRequest, parentID int64, rootParentID int64, ) (*registrytypes.Registry, *registrytypes.UpstreamProxyConfig, error) { allowedPattern := []string{} if dto.AllowedPattern != nil { @@ -311,11 +310,32 @@ func CreateUpstreamProxyEntity( return nil, nil, err } upstreamProxyConfigEntity.UserName = res.UserName - if res.SecretIdentifier == nil || res.SecretSpaceId == nil { - return nil, nil, fmt.Errorf("failed to create upstream proxy: secret_identifier or secret_space_id missing") + if res.SecretIdentifier == nil { + return nil, nil, fmt.Errorf("failed to create upstream proxy: secret_identifier missing") } - upstreamProxyConfigEntity.SecretIdentifier = *res.SecretIdentifier + + upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretSpaceId, res.SecretSpacePath) + if err != nil { + return nil, nil, err + } + upstreamProxyConfigEntity.SecretSpaceID = *res.SecretSpaceId } return repoEntity, upstreamProxyConfigEntity, nil } + +func (c *APIController) getSecretID(ctx context.Context, secretSpaceID *int, secretSpacePath *string) (int, error) { + if secretSpaceID == nil && secretSpacePath == nil { + return -1, fmt.Errorf("failed to create upstream proxy: secret space missing") + } + + if secretSpaceID != nil { + return *secretSpaceID, nil + } + + path, err := c.spacePathStore.FindByPath(ctx, *secretSpacePath) + if err != nil { + return -1, fmt.Errorf("failed to get Space Path: %w", err) + } + return int(path.SpaceID), nil +} diff --git a/registry/app/api/controller/metadata/update_registry.go b/registry/app/api/controller/metadata/update_registry.go index 1c2afaf68..bb352e7a7 100644 --- a/registry/app/api/controller/metadata/update_registry.go +++ b/registry/app/api/controller/metadata/update_registry.go @@ -89,7 +89,8 @@ func (c *APIController) ModifyRegistry( if err != nil { return throwModifyRegistry500Error(err), err } - registry, upstreamproxy, err := UpdateUpstreamProxyEntity( + registry, upstreamproxy, err := c.UpdateUpstreamProxyEntity( + ctx, artifact.RegistryRequest(*r.Body), regInfo.parentID, regInfo.rootIdentifierID, upstreamproxyEntity, ) @@ -327,11 +328,8 @@ func UpdateRepoEntity( return entity, nil } -func UpdateUpstreamProxyEntity( - dto artifact.RegistryRequest, - parentID int64, - rootParentID int64, - u *types.UpstreamProxy, +func (c *APIController) UpdateUpstreamProxyEntity( + ctx context.Context, dto artifact.RegistryRequest, parentID int64, rootParentID int64, u *types.UpstreamProxy, ) (*types.Registry, *types.UpstreamProxyConfig, error) { allowedPattern := []string{} if dto.AllowedPattern != nil { @@ -387,7 +385,14 @@ func UpdateUpstreamProxyEntity( return nil, nil, err } upstreamProxyConfigEntity.UserName = res.UserName - upstreamProxyConfigEntity.SecretIdentifier = *res.SecretIdentifier + if res.SecretIdentifier == nil { + return nil, nil, fmt.Errorf("failed to create upstream proxy: secret_identifier missing") + } + + upstreamProxyConfigEntity.SecretSpaceID, err = c.getSecretID(ctx, res.SecretSpaceId, res.SecretSpacePath) + if err != nil { + return nil, nil, err + } upstreamProxyConfigEntity.SecretSpaceID = *res.SecretSpaceId } else { upstreamProxyConfigEntity.UserName = "" diff --git a/registry/app/api/openapi/api.yaml b/registry/app/api/openapi/api.yaml index 75b670cad..322402dde 100644 --- a/registry/app/api/openapi/api.yaml +++ b/registry/app/api/openapi/api.yaml @@ -1465,6 +1465,8 @@ components: type: string secretSpaceId: type: integer + secretSpacePath: + type: string required: - userName - password diff --git a/registry/app/api/openapi/contracts/artifact/services.gen.go b/registry/app/api/openapi/contracts/artifact/services.gen.go index 2acdd239f..495f915d6 100644 --- a/registry/app/api/openapi/contracts/artifact/services.gen.go +++ b/registry/app/api/openapi/contracts/artifact/services.gen.go @@ -3725,26 +3725,26 @@ var swaggerSpec = []string{ "ip1hMnGdRvryKd6QZ4TVhS3RCXgP9WRSlAHVNIdY4vqgO5x8NK2Km5vHbEJRAUy9aLayuP2IqUdlpfKs", "EEKmGdP3o+/Ozy+nU+Sjt2dX13eTS+Sjy8nk48TIvjFjtDfAxe8FkWU1xmIX1cUtyX6Y3opwIYOR24S3", "UqrTN9/VhTzLr0tfcHLBYlVGJK6fKUgA+uVbcmNmUdwjH50XlGWJUXNOUa+SqAVSH/14tQKpVw84LjhB", - "BRduHl0b7cJ4CAiwnto3STTNcQBXobnmqKBALNtfjfFUlNwFS7G45lfTlAEoUomby+t10QDaiwqZ+E9R", - "OstUQX25Xl5eDGPPVV55ITxAzOWi5aQ1RgvGcjoejR4fH08WsulJlAkxIhZ3d3h2e6VtRYzR65PTk1OR", - "IOaQ4jxCY/S7+ElO62K0I6K9weWZadvhvLxhpWJ0gkSX0gYcCSWJ/oan3e1ncdOaZGS40YgnnPXlOE82", - "P1y5P6d9dUzj/pffTl/bOyrpRq3zN0sfvTk97W+oXeQgmjjwMhzReHP6u2s7dbLCR/9ykc90xlOcylDV", - "DcrSup0ZnnMTIs2ZvvJGFW5Gz/r1Y0sJnxiYYbK8EL9rQPIiuduKg4An0MKd+f/z6AFS7zs8tYAmu1gb", - "aMar1yTUVmDioE11GOknQMeb0zf9jaqDcJuDU8veNjz5aA7MdFUhK0hKa7iUpQ3DYfMO2CFg5mcMLfsC", - "j834dgzlhQFDd+IYIX1R0BGv1k/bANDG57cjCDcKwjZ61pgSR2rtaVS/GBvj3XVEWXNnu51rtfbL6YYQ", - "6fe20+5ydaQWq0MOtNo9pOuFVvuVEUd4W+FtApwG8LqyxxHfVB2rNML7HbDGycoT00S9ckbzbUY2HHf7", - "sbh6a7NDA/1y1PXQa7538YhcK3LbWHoJbp/VX0stRHekE/1BWtLtKUy371lfK9sw3xb7EngfA/OgvGOT", - "oVmD+Oaj9D6RfYznx3jeBfb66I4D3CVxN+DrMz57DeZrQ7JxMe8RlI6grOy+CViWi/Sj5/KP5UheEzrS", - "zrtY8Wo+1klNqDWdEz3wcN26mt+hjf5hl/Xco/Oe36OPdKzxcnTeg2c9a6zcpUGwUa+pT1E6O011VLHH", - "Z+ojjUeXMblM4/Lio6sMd5UKYrtwFf10mLOzaGfNetxFP5V2dJiuOaZ1JfHRdYa7jga3XToPXct7qLv7", - "/HQTzgscon3F+9ET1veErc8jC4gTp9cU02l2owu0j8b/GvDvuMb/6AH9HmC5LUGBf+XxBqHvlEBZj+p3", - "gv9nTZ5ejP5jLvRi/BsyoS14wKDl1Mb9kp3Lqo27K38FB+j5YtrRBdwWZtu3mG5wgba7WId6OI5F8VhT", - "GsumWRyfNW8aOGikb7Hgp/ogryOx/ELwrkuJmh8TOTqlYzGRhu+h7ig/xfdKfIrvVd+LhioTPb++8kx3", - "xXr3mELoZak68K4u3Ww5p+E22t375tAZaP3Zp+Pbj0eQ91Yl2+DWVR4qTrnQ0XP1ze1tV86Jk1prH8Y5", - "1lj8yjUWHWAdmhP15kJ0NxiVRVQDcp/qYLBzm0nrPv9jquWaah1deGCOpbuvCPUdvrt6m5GD89azl817", - "V4/Xbt99X+KPgxr9sp54PBk00BNXXKDtiuLIPO9AOkXzxaU61iBPfo9wHo0eXgv7lX217h27vRJ3Tahv", - "5clv5PkrXzWUwpSHzzUBOYjMvc2B+auf1NR6qINNZwfVHczZrPnBa62z1n6Uc58rX67VemwscS6/Lv8X", - "AAD//4u67HhmjgAA", + "BRduHl0b7cJ4CAiwnto3STTNcQBXobnmSCOxrsgXFIhli6wx5oqSu2kpOrfOaiozAGkquXN5BS8aYHxR", + "sRP/KUpnmSq6L9fUy8tj7PnMKy+EB4i5XLSc2MZowVhOx6PR4+PjyUI2PYkyIUbE4u4Oz26vtO2KMXp9", + "cnpyKpLIHFKcR2iMfhc/yalfjHZEtLe8PDNtTZyXt7BUjE6Q6FLagKOlJNHfArX7/yyuXJOMDLce8aS0", + "vkDnyearK3fstK+XadwR89vpa3tHJd2odUZn6aM3p6f9DbXLHkQTB16GYxxvTn93badOX/joXy7ymc6B", + "ipMbqgJCWVq3M8NzbkKkOdNX3qjCzehZv6JsKeETAzNMqBfidw1IXiR3ZHEQ8CRbuDP/fx49QOp9h6cW", + "0GQXawPNeD2bhNoKTBy0qQ4s/QToeHP6pr9RdVhuc3Bq2duGJx/NgZmuM2QFSWkNl7L8YThs3gE7BMz8", + "jKFlX+CxGd+OobwwYOhOHDWkLwo64vX7aRsA2vj8dgThRkHYRs8aU+JIrU+N6pdnY7y7jihr7n63c63W", + "njrdECL93nbafa+O1GIFyYFWu6t0vdBqv1biCG8rvE2A0wBeV/844puqo5dGeL8D1jh9eWKaqFfOcb7N", + "yIbjbj8WV292dmigX6C6HnrNdzMekWtFbhtLL8Hts/prqYXojnSiP0hLuj2F6fZd7GtlG+YbZV8C72Ng", + "HpR3bDI0axDffJTeJ7KP8fwYz7vAXh/vcYC7JO4GfH0OaK/BfG1INi7vPYLSEZSV3TcBy3KRfvRc/rEc", + "yatER9qZGCtezUc/qQm1prOkBx6uW9f3O7TRP/6ynnt03gV89JGONV6OznvwrOeRlbs0CDbqNfVJS2en", + "qY4z9vhMfezx6DIml2lccHx0leGuUkFsF66inyBzdhbtPFqPu+gn144O0zXHtK4tPrrOcNfR4LZL56Fr", + "eQ91d5+fbsJ5gUO0r4E/esL6nrD1eWQBceL0mmI68W50gfbx+V8D/h1X/R89oN8DLDcqKPCvPN4g9J0S", + "KOtx/k7w/6zJ04vRf8yFXox/Qya0BQ8YtJzauIOyc1m1cb/lr+AAPV9VO7qA28Js+6bTDS7QdhfrUA/H", + "sSgea0pj2TSL47PmbQQHjfQtFvxUH+11JJZfEd51KVHzgyNHp3QsJtLwPdQd5ef6XonP9b3qe9FQZaLn", + "11ee6T5Z7x5TCL0sVYfi1cWcLec03Fi7e98cOgOtP/t0fB/yCPLeqmQb3LrKQ8UpFzp6rr7Lve3KOXFU", + "a+3DOMcai1+5xqIDrENzot5ciO4Go7KIakDuUx0edm4zad35f0y1XFOtowsPzLF09xWhvsN3V288cnDe", + "evayee/q8drtu+9L/HFQo1/WE48ngwZ64ooLtF1RnJnnHUinaL64VMca5MnvEc6j0cNrYb+yr9bdZLdX", + "4j4K9T09+R09f+XLh1KY8vC5JiAHkbm3OTB/9bObWg91sOnsoLqnOZs1P4qtddbaj3Luc+XrtlqPjSXO", + "5dfl/wIAAP//tvNQvIqOAAA=", } // GetSwagger returns the content of the embedded swagger specification file diff --git a/registry/app/api/openapi/contracts/artifact/types.gen.go b/registry/app/api/openapi/contracts/artifact/types.gen.go index 4425b6139..11b5e416a 100644 --- a/registry/app/api/openapi/contracts/artifact/types.gen.go +++ b/registry/app/api/openapi/contracts/artifact/types.gen.go @@ -414,6 +414,7 @@ type UpstreamConfigSource string type UserPassword struct { SecretIdentifier *string `json:"secretIdentifier,omitempty"` SecretSpaceId *int `json:"secretSpaceId,omitempty"` + SecretSpacePath *string `json:"secretSpacePath,omitempty"` UserName string `json:"userName"` } diff --git a/registry/app/api/router/harness/route.go b/registry/app/api/router/harness/route.go index 600e5782d..14dfc96b5 100644 --- a/registry/app/api/router/harness/route.go +++ b/registry/app/api/router/harness/route.go @@ -65,6 +65,7 @@ func NewAPIHandler( urlProvider urlprovider.Provider, authorizer authz.Authorizer, auditService audit.Service, + spacePathStore corestore.SpacePathStore, ) APIHandler { r := chi.NewRouter() r.Use(audit.Middleware()) @@ -83,6 +84,7 @@ func NewAPIHandler( urlProvider, authorizer, auditService, + spacePathStore, ) handler := artifact.NewStrictHandler(apiController, []artifact.StrictMiddlewareFunc{}) muxHandler := artifact.HandlerFromMuxWithBaseURL(handler, r, baseURL) diff --git a/registry/app/api/router/wire.go b/registry/app/api/router/wire.go index af6253a69..c4baa5b2b 100644 --- a/registry/app/api/router/wire.go +++ b/registry/app/api/router/wire.go @@ -52,6 +52,7 @@ func APIHandlerProvider( urlProvider urlprovider.Provider, authorizer authz.Authorizer, auditService audit.Service, + spacePathStore corestore.SpacePathStore, ) harness.APIHandler { return harness.NewAPIHandler( repoDao, @@ -68,6 +69,7 @@ func APIHandlerProvider( urlProvider, authorizer, auditService, + spacePathStore, ) } diff --git a/registry/app/remote/adapter/native/adapter.go b/registry/app/remote/adapter/native/adapter.go index 44d0b2224..c63f2c7ad 100644 --- a/registry/app/remote/adapter/native/adapter.go +++ b/registry/app/remote/adapter/native/adapter.go @@ -63,15 +63,8 @@ func getPwd( ctx context.Context, spacePathStore store.SpacePathStore, secretService secret.Service, reg types.UpstreamProxy, ) string { if api.AuthType(reg.RepoAuthType) == api.AuthTypeUserPassword { - secretSpaceID := int64(0) - if reg.SecretSpaceID.Valid { - secretSpaceID = int64(reg.SecretSpaceID.Int32) - } - - secretIdentifier := "" - if reg.SecretIdentifier.Valid { - secretIdentifier = reg.SecretIdentifier.String - } + secretSpaceID := reg.SecretSpaceID + secretIdentifier := reg.SecretIdentifier spacePath, err := spacePathStore.FindPrimaryBySpaceID(ctx, secretSpaceID) if err != nil { diff --git a/registry/app/store/database/upstream_proxy.go b/registry/app/store/database/upstream_proxy.go index baa961d3b..1b512ff54 100644 --- a/registry/app/store/database/upstream_proxy.go +++ b/registry/app/store/database/upstream_proxy.go @@ -21,6 +21,7 @@ import ( "time" "github.com/harness/gitness/app/api/request" + corestore "github.com/harness/gitness/app/store" "github.com/harness/gitness/registry/app/api/openapi/contracts/artifact" "github.com/harness/gitness/registry/app/store" "github.com/harness/gitness/registry/app/store/database/util" @@ -35,14 +36,18 @@ import ( ) type UpstreamproxyDao struct { - registryDao store.RegistryRepository - db *sqlx.DB + registryDao store.RegistryRepository + db *sqlx.DB + spacePathStore corestore.SpacePathStore } -func NewUpstreamproxyDao(db *sqlx.DB, registryDao store.RegistryRepository) store.UpstreamProxyConfigRepository { +func NewUpstreamproxyDao( + db *sqlx.DB, registryDao store.RegistryRepository, spacePathStore corestore.SpacePathStore, +) store.UpstreamProxyConfigRepository { return &UpstreamproxyDao{ - registryDao: registryDao, - db: db, + registryDao: registryDao, + db: db, + spacePathStore: spacePathStore, } } @@ -150,7 +155,8 @@ func (r UpstreamproxyDao) GetByRegistryIdentifier( } func (r UpstreamproxyDao) GetByParentID(ctx context.Context, parentID string) ( - upstreamProxies *[]types.UpstreamProxy, err error) { + upstreamProxies *[]types.UpstreamProxy, err error, +) { q := getUpstreamProxyQuery() q = q.Where("r.registry_parent_id = ? AND r.registry_type = 'UPSTREAM'", parentID) @@ -371,17 +377,35 @@ func (r UpstreamproxyDao) mapToInternalUpstreamProxy( } func (r UpstreamproxyDao) mapToUpstreamProxy( - _ context.Context, + ctx context.Context, dst *upstreamProxyDB, ) (*types.UpstreamProxy, error) { createdBy := int64(-1) updatedBy := int64(-1) + secretIdentifier := "" + secretSpaceID := int64(-1) if dst.CreatedBy.Valid { createdBy = dst.CreatedBy.Int64 } if dst.UpdatedBy.Valid { updatedBy = dst.UpdatedBy.Int64 } + if dst.SecretIdentifier.Valid { + secretIdentifier = dst.SecretIdentifier.String + } + if dst.SecretSpaceID.Valid { + secretSpaceID = int64(dst.SecretSpaceID.Int32) + } + + secretSpacePath := "" + if dst.SecretSpaceID.Valid { + primary, err := r.spacePathStore.FindPrimaryBySpaceID(ctx, int64(dst.SecretSpaceID.Int32)) + if err != nil { + return nil, fmt.Errorf("failed to get secret space path: %w", err) + } + secretSpacePath = primary.Value + } + return &types.UpstreamProxy{ ID: dst.ID, RegistryID: dst.RegistryID, @@ -394,8 +418,9 @@ func (r UpstreamproxyDao) mapToUpstreamProxy( RepoURL: dst.RepoURL, RepoAuthType: dst.RepoAuthType, UserName: dst.UserName, - SecretIdentifier: dst.SecretIdentifier, - SecretSpaceID: dst.SecretSpaceID, + SecretIdentifier: secretIdentifier, + SecretSpaceID: secretSpaceID, + SecretSpacePath: secretSpacePath, Token: dst.Token, CreatedAt: time.UnixMilli(dst.CreatedAt), UpdatedAt: time.UnixMilli(dst.UpdatedAt), diff --git a/registry/app/store/database/wire.go b/registry/app/store/database/wire.go index f40b25c6b..62a409629 100644 --- a/registry/app/store/database/wire.go +++ b/registry/app/store/database/wire.go @@ -15,6 +15,7 @@ package database import ( + corestore "github.com/harness/gitness/app/store" "github.com/harness/gitness/registry/app/store" "github.com/harness/gitness/store/database/dbtx" @@ -22,9 +23,12 @@ import ( "github.com/jmoiron/sqlx" ) -func ProvideUpstreamDao(db *sqlx.DB, - registryDao store.RegistryRepository) store.UpstreamProxyConfigRepository { - return NewUpstreamproxyDao(db, registryDao) +func ProvideUpstreamDao( + db *sqlx.DB, + registryDao store.RegistryRepository, + spacePathStore corestore.SpacePathStore, +) store.UpstreamProxyConfigRepository { + return NewUpstreamproxyDao(db, registryDao, spacePathStore) } func ProvideRepoDao(db *sqlx.DB, mtRepository store.MediaTypesRepository) store.RegistryRepository { diff --git a/registry/types/upstream_proxy_config.go b/registry/types/upstream_proxy_config.go index 466133554..bfefd123f 100644 --- a/registry/types/upstream_proxy_config.go +++ b/registry/types/upstream_proxy_config.go @@ -15,7 +15,6 @@ package types import ( - "database/sql" "time" "github.com/harness/gitness/registry/app/api/openapi/contracts/artifact" @@ -51,8 +50,9 @@ type UpstreamProxy struct { RepoURL string RepoAuthType string UserName string - SecretIdentifier sql.NullString - SecretSpaceID sql.NullInt32 + SecretIdentifier string + SecretSpaceID int64 + SecretSpacePath string Token string CreatedAt time.Time UpdatedAt time.Time