Polish registry-proxy params

Insight: At the moment, proxy-username and proxy-password are not
optional.
The mere purpose of proxy-url is to add the credentials to Jenkins.
So, without username and password URL makes no sense as well.

Author: schnatterer

applications/argocd/petclinic/plain-k8s/Jenkinsfile.ftl

@@ -10,8 +10,8 @@ String getDockerRegistryPath() { env.${namePrefixForEnvVars}REGISTRY_PATH }
 String getDockerRegistryCredentials() { 'registry-user' }
 
 <#if registry.twoRegistries>
-    String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
-    String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
+String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
+String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
 </#if>
 
 <#noparse>

docs/configuration.schema.json

@@ -503,15 +503,15 @@
         },
         "proxyPassword" : {
           "type" : "string",
-          "description" : "Optional when registry-url is set"
+          "description" : "Use with registry-proxy-url, added to Jenkins as credentials."
         },
         "proxyUrl" : {
           "type" : "string",
-          "description" : "The url of your external proxy-registry. Make sure to always use this with registry-proxy-url"
+          "description" : "The url of your proxy-registry. Used in pipelines to authorize pull base images. Use in conjunction with petclinic base image."
         },
         "proxyUsername" : {
           "type" : "string",
-          "description" : "Optional when registry-proxy-url is set"
+          "description" : "Use with registry-proxy-url, added to Jenkins as credentials."
         },
         "url" : {
           "type" : "string",

docs/developers.md

@@ -427,18 +427,16 @@ That is, for most helm charts, you'll need to set an individual value.
 
 ## Testing two registries
 
-### Very simple test
+### Basic test
 * Start playground once,
 * then again with these parameters:  
-  `--registry-proxy-url=localhost:30000`
+  `--registry-url=localhost:30000 --registry-proxy-url=localhost:30000 --registry-proxy-username=Proxy --registry-proxy-password=Proxy12345`
 * The petclinic pipelines should still run
 
 ### Proper test
 
 * Start cluster:
 ```shell
-# Stop other cluster, if necessary
-# k3d cluster stop gitops-playground
 scripts/init-cluster.sh
 ```
 * Setup harbor as stated [above](#external-registry-for-development), but with Port `30000`.  
@@ -460,7 +458,7 @@ for operation in "${operations[@]}"; do
     echo creating user $operation with PW ${operation}12345
     curl -s  --fail 'http://localhost:30000/api/v2.0/users' -X POST -u admin:Harbor12345 -H 'Content-Type: application/json' --data-raw "{\"username\":\"$operation\",\"email\":\"[email protected]\",\"realname\":\"$operation example\",\"password\":\"${operation}12345\",\"comment\":null}"
     
-	echo "Adding member $operation to project $lower_operation; ID=${projectId}"
+    echo "Adding member $operation to project $lower_operation; ID=${projectId}"
 
     curl  --fail "http://localhost:30000/api/v2.0/projects/${projectId}/members" -X POST -u admin:Harbor12345    -H 'Content-Type: application/json' --data-raw "{\"role_id\":4,\"member_user\":{\"username\":\"$operation\"}}"
 done
@@ -473,8 +471,8 @@ skopeo copy docker://eclipse-temurin:11-jre-alpine --dest-creds Proxy:Proxy12345
 ```bash
 docker run --rm -t -u $(id -u)  \
    -v ~/.config/k3d/kubeconfig-gitops-playground.yaml:/home/.kube/config  \
-    --net=host  \     
-    gitops-playground:tag \
+    --net=host  \
+    gitops-playground:dev \
     --yes --argocd --ingress-nginx --base-url=http://localhost \
     --registry-url=localhost:30000 \
     --registry-path=registry \

exercises/petclinic-helm/Jenkinsfile.ftl

@@ -10,8 +10,8 @@ String getDockerRegistryPath() { env.${namePrefixForEnvVars}REGISTRY_PATH }
 String getDockerRegistryCredentials() { 'registry-user' }
 
 <#if registry.twoRegistries>
-    String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
-    String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
+String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
+String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
 </#if>
 <#noparse>
 String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/ces-build-lib/" }

src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy

@@ -295,6 +295,9 @@ class ApplicationConfigurator {
     private void addRegistryConfig(Map newConfig) {
         if (newConfig.registry['proxyUrl']) {
             newConfig.registry['twoRegistries'] = true
+            if (!newConfig.registry['proxyUsername'] || !newConfig.registry['proxyPassword'] ) {
+                throw new RuntimeException("Proxy URL needs to be used with proxy-username and proxy-password")
+            }
         }
 
         if (newConfig.registry['url']) {

src/main/groovy/com/cloudogu/gitops/config/ConfigConstants.groovy

@@ -9,10 +9,9 @@ interface ConfigConstants {
     String REGISTRY_USERNAME_DESCRIPTION = 'Optional when registry-url is set'
     String REGISTRY_PASSWORD_DESCRIPTION = 'Optional when registry-url is set'
 
-    String REGISTRY_PROXY_URL_DESCRIPTION = 'The url of your external proxy-registry. Make sure to always use this with registry-proxy-url'
-    String REGISTRY_PROXY_PATH_DESCRIPTION = 'Optional when registry-proxy-url is set'
-    String REGISTRY_PROXY_USERNAME_DESCRIPTION = 'Optional when registry-proxy-url is set'
-    String REGISTRY_PROXY_PASSWORD_DESCRIPTION = 'Optional when registry-proxy-url is set'
+    String REGISTRY_PROXY_URL_DESCRIPTION = 'The url of your proxy-registry. Used in pipelines to authorize pull base images. Use in conjunction with petclinic base image.'
+    String REGISTRY_PROXY_USERNAME_DESCRIPTION = 'Use with registry-proxy-url, added to Jenkins as credentials.'
+    String REGISTRY_PROXY_PASSWORD_DESCRIPTION = 'Use with registry-proxy-url, added to Jenkins as credentials.'
 
     String FEATURES_DESCRIPTION = 'Config parameters for features or tools'
 

src/main/groovy/com/cloudogu/gitops/config/schema/Schema.groovy

@@ -62,7 +62,7 @@ class Schema {
         String proxyUrl = ""
         @JsonPropertyDescription(REGISTRY_PROXY_USERNAME_DESCRIPTION)
         String proxyUsername = ""
-        @JsonPropertyDescription(REGISTRY_PASSWORD_DESCRIPTION)
+        @JsonPropertyDescription(REGISTRY_PROXY_PASSWORD_DESCRIPTION)
         String proxyPassword = ""
 
         HelmConfig helm

src/main/groovy/com/cloudogu/gitops/destroy/JenkinsDestructionHandler.groovy

@@ -26,7 +26,6 @@ class JenkinsDestructionHandler implements DestructionHandler {
         globalPropertyManager.deleteGlobalProperty("${configuration.getNamePrefixForEnvVars()}REGISTRY_URL")
         globalPropertyManager.deleteGlobalProperty("${configuration.getNamePrefixForEnvVars()}REGISTRY_PATH")
         globalPropertyManager.deleteGlobalProperty("${configuration.getNamePrefixForEnvVars()}REGISTRY_PROXY_URL")
-        globalPropertyManager.deleteGlobalProperty("${configuration.getNamePrefixForEnvVars()}REGISTRY_PROXY_PATH")
         globalPropertyManager.deleteGlobalProperty("${configuration.getNamePrefixForEnvVars()}K8S_VERSION")
     }
 }

src/main/groovy/com/cloudogu/gitops/features/Jenkins.groovy

@@ -105,7 +105,7 @@ class Jenkins extends Feature {
                     "registry-user",
                     "${config.registry['username']}",
                     "${config.registry['password']}",
-                    'credentials for accessing the docker-registry')
+                    'credentials for accessing the docker-registry for writing images built on jenkins')
 
             if (config.registry['twoRegistries']) {
                 jobManger.createCredential(

src/test/groovy/com/cloudogu/gitops/ApplicationConfiguratorTest.groovy

@@ -39,6 +39,8 @@ class ApplicationConfiguratorTest {
             registry   : [
                     url         : EXPECTED_REGISTRY_URL,
                     proxyUrl: "proxy-$EXPECTED_REGISTRY_URL",
+                    proxyUsername: "proxy-user",
+                    proxyPassword: "proxy-pw",
                     internalPort: EXPECTED_REGISTRY_INTERNAL_PORT,
                     path        : null
             ],
@@ -415,6 +417,30 @@ images:
         assertThat(actualConfig['registry']['internal']).isEqualTo(true)
     }
 
+    @Test
+    void "Registry: Fails when proxy but no username and password set"() {
+        def expectedException = 'Proxy URL needs to be used with proxy-username and proxy-password'
+        
+        testConfig.registry['proxyUsername'] = null
+        def exception = shouldFail(RuntimeException) {
+            applicationConfigurator.setConfig(testConfig)
+        }
+        assertThat(exception.message).isEqualTo(expectedException)
+        
+        testConfig.registry['proxyUsername'] = 'something'
+        testConfig.registry['proxyPassword'] = null
+        exception = shouldFail(RuntimeException) {
+            applicationConfigurator.setConfig(testConfig)
+        }
+        assertThat(exception.message).isEqualTo(expectedException)
+        
+        testConfig.registry['proxyUsername'] = null
+        exception = shouldFail(RuntimeException) {
+            applicationConfigurator.setConfig(testConfig)
+        }
+        assertThat(exception.message).isEqualTo(expectedException)
+    }
+    
     List<String> getAllFieldNames(Class clazz, String parentField = '', List<String> fieldNames = []) {
         clazz.declaredFields.each { field ->
             def currentField = parentField + field.name