From 07f1396c7000668afde6197c274371127e2cb8ff Mon Sep 17 00:00:00 2001
From: Stuart Douglas <stuart.w.douglas@gmail.com>
Date: Thu, 14 Sep 2023 11:02:17 +1000
Subject: [PATCH] STONEBLD-1735 allow creation of private repositories

---
 .../base/jvmbuildservice.io_jbsconfigs.yaml   |  4 +++
 .../cli/settings/SetupRebuildsCommand.java    |  5 ++++
 .../crds/jvmbuildservice.io_jbsconfigs.yaml   |  4 +++
 openshift-with-appstudio-test/e2e/util.go     | 28 +++++++++++--------
 .../v1alpha1/jbsconfig_types.go               | 15 +++++++---
 .../v1alpha1/zz_generated.deepcopy.go         | 24 +++++++++++++++-
 pkg/reconciler/jbsconfig/jbsconfig.go         |  6 +++-
 7 files changed, 68 insertions(+), 18 deletions(-)

diff --git a/deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml b/deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml
index 38213e683..a19a8c1e8 100644
--- a/deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml
+++ b/deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml
@@ -122,6 +122,10 @@ spec:
                     type: string
                   prependTag:
                     type: string
+                  private:
+                    description: if this is true and we are automatically creating
+                      registries then we will make it private
+                    type: boolean
                   repository:
                     type: string
                   secretName:
diff --git a/java-components/cli/src/main/java/io/github/redhatappstudio/jvmbuild/cli/settings/SetupRebuildsCommand.java b/java-components/cli/src/main/java/io/github/redhatappstudio/jvmbuild/cli/settings/SetupRebuildsCommand.java
index de0a92ef5..9eaab9a97 100644
--- a/java-components/cli/src/main/java/io/github/redhatappstudio/jvmbuild/cli/settings/SetupRebuildsCommand.java
+++ b/java-components/cli/src/main/java/io/github/redhatappstudio/jvmbuild/cli/settings/SetupRebuildsCommand.java
@@ -15,6 +15,9 @@ public class SetupRebuildsCommand implements Runnable {
     @Inject
     KubernetesClient client;
 
+    @CommandLine.Option(names = "--private-repo")
+    boolean privateRepo;
+
     @Override
     public void run() {
 
@@ -27,6 +30,7 @@ public void run() {
             }
             config.getSpec().setEnableRebuilds(true);
             config.getSpec().setRequireArtifactVerification(true);
+            config.getSpec().getRegistry().set_private(privateRepo);
             resource.patch(config);
         } else {
             config = new JBSConfig();
@@ -34,6 +38,7 @@ public void run() {
             config.getMetadata().setName(ModelConstants.JBS_CONFIG_NAME);
             config.getSpec().setEnableRebuilds(true);
             config.getSpec().setRequireArtifactVerification(true);
+            config.getSpec().getRegistry().set_private(privateRepo);
             client.resource(config).create();
         }
         long timeout = System.currentTimeMillis() + 10000;
diff --git a/java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml b/java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml
index 38213e683..a19a8c1e8 100644
--- a/java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml
+++ b/java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml
@@ -122,6 +122,10 @@ spec:
                     type: string
                   prependTag:
                     type: string
+                  private:
+                    description: if this is true and we are automatically creating
+                      registries then we will make it private
+                    type: boolean
                   repository:
                     type: string
                   secretName:
diff --git a/openshift-with-appstudio-test/e2e/util.go b/openshift-with-appstudio-test/e2e/util.go
index fb1fcb836..ce5b40984 100644
--- a/openshift-with-appstudio-test/e2e/util.go
+++ b/openshift-with-appstudio-test/e2e/util.go
@@ -296,11 +296,13 @@ func setupConfig(t *testing.T, namespace string, hermetic bool) *testArgs {
 				WorkerThreads: "100",
 				RequestCPU:    "10m",
 			},
-			Registry: v1alpha1.ImageRegistry{
-				Host:       "quay.io",
-				Owner:      owner,
-				Repository: "test-images",
-				PrependTag: strconv.FormatInt(time.Now().UnixMilli(), 10),
+			Registry: v1alpha1.ImageRegistrySpec{
+				ImageRegistry: v1alpha1.ImageRegistry{
+					Host:       "quay.io",
+					Owner:      owner,
+					Repository: "test-images",
+					PrependTag: strconv.FormatInt(time.Now().UnixMilli(), 10),
+				},
 			},
 			RelocationPatterns: []v1alpha1.RelocationPatternElement{
 				{
@@ -897,13 +899,15 @@ func setupMinikube(t *testing.T, namespace string) *testArgs {
 				DisableTLS:    true,
 				Storage:       "756Mi",
 			},
-			Registry: v1alpha1.ImageRegistry{
-				Host:       devIp,
-				Owner:      owner,
-				Repository: "test-images",
-				Port:       "5000",
-				Insecure:   true,
-				PrependTag: strconv.FormatInt(time.Now().UnixMilli(), 10),
+			Registry: v1alpha1.ImageRegistrySpec{
+				ImageRegistry: v1alpha1.ImageRegistry{
+					Host:       devIp,
+					Owner:      owner,
+					Repository: "test-images",
+					Port:       "5000",
+					Insecure:   true,
+					PrependTag: strconv.FormatInt(time.Now().UnixMilli(), 10),
+				},
 			},
 		},
 		Status: v1alpha1.JBSConfigStatus{},
diff --git a/pkg/apis/jvmbuildservice/v1alpha1/jbsconfig_types.go b/pkg/apis/jvmbuildservice/v1alpha1/jbsconfig_types.go
index 5f1d2b5df..5f3727741 100644
--- a/pkg/apis/jvmbuildservice/v1alpha1/jbsconfig_types.go
+++ b/pkg/apis/jvmbuildservice/v1alpha1/jbsconfig_types.go
@@ -45,9 +45,9 @@ type JBSConfigSpec struct {
 
 	MavenBaseLocations map[string]string `json:"mavenBaseLocations,omitempty"`
 
-	SharedRegistries []ImageRegistry `json:"sharedRegistries,omitempty"`
-	Registry         ImageRegistry   `json:"registry,omitempty"`
-	MavenDeployment  MavenDeployment `json:"mavenDeployment,omitempty"`
+	SharedRegistries []ImageRegistry   `json:"sharedRegistries,omitempty"`
+	Registry         ImageRegistrySpec `json:"registry,omitempty"`
+	MavenDeployment  MavenDeployment   `json:"mavenDeployment,omitempty"`
 	// Deprecated: Replaced by explicit declaration of Registry above.
 	ImageRegistry      `json:",inline,omitempty"`
 	CacheSettings      CacheSettings              `json:"cacheSettings,omitempty"`
@@ -55,6 +55,13 @@ type JBSConfigSpec struct {
 	RelocationPatterns []RelocationPatternElement `json:"relocationPatterns,omitempty"`
 }
 
+type ImageRegistrySpec struct {
+	ImageRegistry `json:",inline,omitempty"`
+
+	//if this is true and we are automatically creating registries then we will make it private
+	Private *bool `json:"private,omitempty"`
+}
+
 type JBSConfigStatus struct {
 	Message          string         `json:"message,omitempty"`
 	ImageRegistry    *ImageRegistry `json:"imageRegistry,omitempty"`
@@ -134,7 +141,7 @@ type JBSConfig struct {
 }
 
 func (in *JBSConfig) ImageRegistry() ImageRegistry {
-	ret := in.Spec.Registry
+	ret := in.Spec.Registry.ImageRegistry
 	if ret.Host == "" {
 		ret.Host = "quay.io"
 	}
diff --git a/pkg/apis/jvmbuildservice/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/jvmbuildservice/v1alpha1/zz_generated.deepcopy.go
index d433fdac9..1665feac7 100644
--- a/pkg/apis/jvmbuildservice/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/jvmbuildservice/v1alpha1/zz_generated.deepcopy.go
@@ -497,6 +497,28 @@ func (in *ImageRegistry) DeepCopy() *ImageRegistry {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImageRegistrySpec) DeepCopyInto(out *ImageRegistrySpec) {
+	*out = *in
+	out.ImageRegistry = in.ImageRegistry
+	if in.Private != nil {
+		in, out := &in.Private, &out.Private
+		*out = new(bool)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageRegistrySpec.
+func (in *ImageRegistrySpec) DeepCopy() *ImageRegistrySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ImageRegistrySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *JBSConfig) DeepCopyInto(out *JBSConfig) {
 	*out = *in
@@ -578,7 +600,7 @@ func (in *JBSConfigSpec) DeepCopyInto(out *JBSConfigSpec) {
 		*out = make([]ImageRegistry, len(*in))
 		copy(*out, *in)
 	}
-	out.Registry = in.Registry
+	in.Registry.DeepCopyInto(&out.Registry)
 	out.ImageRegistry = in.ImageRegistry
 	out.CacheSettings = in.CacheSettings
 	out.BuildSettings = in.BuildSettings
diff --git a/pkg/reconciler/jbsconfig/jbsconfig.go b/pkg/reconciler/jbsconfig/jbsconfig.go
index c4dbd6154..a9ba2381d 100644
--- a/pkg/reconciler/jbsconfig/jbsconfig.go
+++ b/pkg/reconciler/jbsconfig/jbsconfig.go
@@ -598,13 +598,17 @@ func (r *ReconcilerJBSConfig) cacheDeployment(ctx context.Context, log logr.Logg
 
 func (r *ReconcilerJBSConfig) handleNoOwnerSpecified(ctx context.Context, log logr.Logger, config *v1alpha1.JBSConfig) error {
 
+	vis := imagecontroller.ImageVisibilityPublic
+	if config.Spec.Registry.Private != nil && *config.Spec.Registry.Private {
+		vis = imagecontroller.ImageVisibilityPrivate
+	}
 	repo := imagecontroller.ImageRepository{}
 	err := r.client.Get(ctx, types.NamespacedName{Namespace: config.Namespace, Name: v1alpha1.DefaultImageSecretName}, &repo)
 	if err != nil {
 		if errors.IsNotFound(err) {
 			repo.Name = v1alpha1.DefaultImageSecretName
 			repo.Namespace = config.Namespace
-			repo.Spec.Image.Visibility = imagecontroller.ImageVisibilityPublic
+			repo.Spec.Image.Visibility = vis
 			err := controllerutil.SetOwnerReference(config, &repo, r.scheme)
 			if err != nil {
 				return err