[server] Introduce project.settings.enableDockerdAuthentication and expose it on the API

Tool: gitpod/catfood.gitpod.cloud

Author: geropl

Diff for: components/gitpod-protocol/src/protocol.ts

@@ -280,6 +280,26 @@ export namespace EnvVar {
     export function is(data: any): data is EnvVar {
         return data.hasOwnProperty("name") && data.hasOwnProperty("value");
     }
+
+    /**
+     * Extracts the "host:credentials" pairs from the GITPOD_IMAGE_AUTH environment variable.
+     * @param envVars
+     * @returns A map of host to credentials
+     */
+    export function getGitpodImageAuth(envVars: EnvVarWithValue[]): Map<string, string> {
+        const res = new Map<string, string>();
+        const imageAuth = envVars.find((e) => e.name === EnvVar.GITPOD_IMAGE_AUTH_ENV_VAR_NAME);
+        if (!imageAuth) {
+            return res;
+        }
+
+        (imageAuth.value || "")
+            .split(",")
+            .map((e) => e.trim().split(":"))
+            .filter((e) => e.length == 2)
+            .forEach((e) => res.set(e[0], e[1]));
+        return res;
+    }
 }
 
 export namespace UserEnvVar {

Diff for: components/gitpod-protocol/src/teams-projects-protocol.ts

@@ -28,6 +28,11 @@ export interface ProjectSettings {
     restrictedWorkspaceClasses?: string[];
 
     restrictedEditorNames?: string[];
+
+    /**
+     * Enable automatic authentication for docker daemon with all credentials specified in GITPOD_IMAGE_AUTH
+     */
+    enableDockerdAuthentication?: boolean;
 }
 export namespace PrebuildSettings {
     export type BranchStrategy = "default-branch" | "all-branches" | "matched-branches";

Diff for: components/public-api/gitpod/v1/configuration.proto

@@ -52,6 +52,8 @@ message WorkspaceSettings {
   string workspace_class = 1;
   repeated string restricted_workspace_classes = 2;
   repeated string restricted_editor_names = 3;
+  // Enable automatic authentication for docker daemon with all credentials specified in GITPOD_IMAGE_AUTH
+  bool enable_dockerd_authentication = 4;
 }
 
 service ConfigurationService {
@@ -131,6 +133,9 @@ message UpdateConfigurationRequest {
     repeated string restricted_editor_names = 4;
     // Specifies whether restricted_editor_names should be updated.
     optional bool update_restricted_editor_names = 5;
+
+    // Enable automatic authentication for docker daemon with all credentials specified in GITPOD_IMAGE_AUTH
+    optional bool enable_dockerd_authentication = 6;
   }
   string configuration_id = 1;
   optional string name = 2;