worker: support a proxy for repository mtls configuration

Allows setting a proxy for the mtls settings for a specific repository. This is useful when consuming content from the content service in consoledot.
2024-04-13 14:11:04 +02:00 · 2024-04-13 14:11:04 +02:00 · 05a1e8f054
commit 05a1e8f054
parent 677e30cc68
4 changed files with 21 additions and 0 deletions
--- a/cmd/osbuild-worker/config.go
+++ b/cmd/osbuild-worker/config.go
@ -83,6 +83,7 @@ type repositoryMTLSConfig struct {
 	CA             string `toml:"ca"`
 	MTLSClientKey  string `toml:"mtls_client_key"`
 	MTLSClientCert string `toml:"mtls_client_cert"`
+	Proxy          string `toml:"proxy"`
 }

 type workerConfig struct {
--- a/cmd/osbuild-worker/jobimpl-depsolve.go
+++ b/cmd/osbuild-worker/jobimpl-depsolve.go
@ -19,6 +19,7 @@ type RepositoryMTLSConfig struct {
 	CA             string
 	MTLSClientKey  string
 	MTLSClientCert string
+	Proxy          *url.URL
 }

 func (rmc *RepositoryMTLSConfig) CompareBaseURL(baseURLStr string) (bool, error) {
@ -51,6 +52,12 @@ type DepsolveJobImpl struct {
 // (matching map keys).
 func (impl *DepsolveJobImpl) depsolve(packageSets map[string][]rpmmd.PackageSet, modulePlatformID, arch, releasever string) (map[string][]rpmmd.PackageSpec, map[string][]rpmmd.RepoConfig, error) {
 	solver := impl.Solver.NewWithConfig(modulePlatformID, releasever, arch, "")
+	if impl.RepositoryMTLSConfig.Proxy != nil {
+		err := solver.SetProxy(impl.RepositoryMTLSConfig.Proxy.String())
+		if err != nil {
+			return nil, nil, err
+		}
+	}

 	depsolvedSets := make(map[string][]rpmmd.PackageSpec)
 	repoConfigs := make(map[string][]rpmmd.RepoConfig)
--- a/cmd/osbuild-worker/jobimpl-osbuild.go
+++ b/cmd/osbuild-worker/jobimpl-osbuild.go
@ -491,6 +491,9 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
 		}
 		extraEnv = append(extraEnv, fmt.Sprintf("OSBUILD_SOURCES_CURL_SSL_CLIENT_KEY=%s", impl.RepositoryMTLSConfig.MTLSClientKey))
 		extraEnv = append(extraEnv, fmt.Sprintf("OSBUILD_SOURCES_CURL_SSL_CLIENT_CERT=%s", impl.RepositoryMTLSConfig.MTLSClientCert))
+		if impl.RepositoryMTLSConfig.Proxy != nil {
+			extraEnv = append(extraEnv, fmt.Sprintf("OSBUILD_SOURCES_CURL_PROXY=%s", impl.RepositoryMTLSConfig.Proxy.String()))
+		}
 	}

 	// Run osbuild and handle two kinds of errors
--- a/cmd/osbuild-worker/main.go
+++ b/cmd/osbuild-worker/main.go
@ -440,11 +440,21 @@ func main() {
 		if err != nil {
 			logrus.Fatalf("Repository MTL baseurl not valid: %v", err)
 		}
+
+		var proxyURL *url.URL
+		if config.RepositoryMTLSConfig.Proxy != "" {
+			proxyURL, err = url.Parse(config.RepositoryMTLSConfig.Proxy)
+			if err != nil {
+				logrus.Fatalf("Repository Proxy url not valid: %v", err)
+			}
+		}
+
 		repositoryMTLSConfig = &RepositoryMTLSConfig{
 			BaseURL:        baseURL,
 			CA:             config.RepositoryMTLSConfig.CA,
 			MTLSClientKey:  config.RepositoryMTLSConfig.MTLSClientKey,
 			MTLSClientCert: config.RepositoryMTLSConfig.MTLSClientCert,
+			Proxy:          proxyURL,
 		}
 	}