Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[server] Add organization image auth context to workspace image validation #20560

Merged
merged 2 commits into from
Jan 29, 2025
Merged

[server] Add organization image auth context to workspace image validation #20560

merged 2 commits into from
Jan 29, 2025
+37 −8

Conversation

filiptronicek
Copy link
Member

@filiptronicek filiptronicek commented Jan 28, 2025
edited
Loading

Description

As a follow-up to #20538, this PR adds org-level GITPOD_IMAGE_AUTH authentication for base image validation.

This is relevant for validating workspace images when tweaking the organization settings and setting a new custom default workspace image.

Related Issue(s)

Fixes CLC-1104

How to test

  1. Sign up for https://ft-fix-add83ebcff3ec.preview.gitpod-dev.com/settings
  2. After you've signed up, try setting geropl/workspace-base:latest as the default workspace image. It should not let you and result with an error
  3. Join my org and try the same again, now it should let you proceed
  4. Try setting the Docker Registry authentication on the same Organization settings page and after saving that, try setting the default workspace image again with the same value as above - this time, it should work.

/hold

@filiptronicek filiptronicek requested review from a team as code owners January 28, 2025 14:51
geropl
geropl reviewed Jan 28, 2025
View reviewed changes
components/server/src/workspace/workspace-starter.ts Outdated
// if the image resolution is for an organization, we also include the organization's set up env vars
if (organizationId) {
await this.auth.checkPermissionOnOrganization(user.id, "read_env_var", organizationId);
const orgEnvVars = await this.orgDB.getOrgEnvironmentVariables(organizationId);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel this should be rather EnvVarService.listOrgEnvVars + EnvVarService.getOrgEnvVarWithValue (or sth) instead, even though the later needs to be added.

@filiptronicek WDYT?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@geropl klingt gut, I'm going to implement listOrgEnvVarsWithValues on the EnvVarService to combine these to and make it easier to read.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did it in 7194522

@filiptronicek
Introduce listOrgEnvVarsWithValues
7194522 
Tool: gitpod/catfood.gitpod.cloud
geropl
geropl approved these changes Jan 29, 2025
View reviewed changes
Copy link
Member

@geropl geropl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM, thanks! ✔️

@filiptronicek filiptronicek self-assigned this Jan 29, 2025
@roboquat roboquat merged commit 77f3fde into main Jan 29, 2025
17 checks passed
@roboquat roboquat deleted the ft/fix-additional-image-auth-org-setting-validation branch January 29, 2025 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geropl geropl geropl approved these changes

Assignees

@filiptronicek filiptronicek

Labels
size/M team: team-enterprise team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@filiptronicek @geropl @roboquat