From cb42e4cbe38bd9abd143f58b32c36631c2820330 Mon Sep 17 00:00:00 2001
From: Tim Carter <tim.e.carter94@gmail.com>
Date: Mon, 13 Jan 2025 16:18:31 +1100
Subject: [PATCH 1/2] Rename whitelist to allowlist. Restore ability to
 override domain proxy version.

---
 deploy/openshift-ci.sh                        |  2 ++
 deploy/tasks/buildah-oci-ta.yaml              |  8 +++----
 docs/development.adoc                         |  1 +
 .../dependencybuild/buildrecipeyaml.go        | 21 ++++++++++++++-----
 .../dependencybuild/dependencybuild.go        |  2 --
 5 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/deploy/openshift-ci.sh b/deploy/openshift-ci.sh
index b06f1af65..afae0e28a 100755
--- a/deploy/openshift-ci.sh
+++ b/deploy/openshift-ci.sh
@@ -11,6 +11,8 @@ echo "jvm build service jvm cache image:"
 echo ${JVM_BUILD_SERVICE_CACHE_IMAGE}
 echo "jvm build service jvm reqprocessor image:"
 echo ${JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE}
+echo "jvm build service jvm domain proxy image:"
+echo ${JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE}
 
 function waitFor() {
     endTime=$(( $(date +%s) + 600 ))
diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml
index 2b485f704..09b2a20fe 100644
--- a/deploy/tasks/buildah-oci-ta.yaml
+++ b/deploy/tasks/buildah-oci-ta.yaml
@@ -155,8 +155,8 @@ spec:
       description: The idle timeout in milliseconds to use for the domain proxy.
       type: string
       default: 30000
-    - name: DOMAIN_PROXY_TARGET_WHITELIST
-      description: Comma separated whitelist of target hosts for the domain proxy.
+    - name: DOMAIN_PROXY_TARGET_ALLOWLIST
+      description: Comma separated list of allowed target hosts for the domain proxy.
       type: string
       default: ""
     - name: DOMAIN_PROXY_ENABLE_INTERNAL_PROXY
@@ -303,8 +303,8 @@ spec:
         value: $(params.DOMAIN_PROXY_CONNECTION_TIMEOUT)
       - name: DOMAIN_PROXY_IDLE_TIMEOUT
         value: $(params.DOMAIN_PROXY_IDLE_TIMEOUT)
-      - name: DOMAIN_PROXY_TARGET_WHITELIST
-        value: $(params.DOMAIN_PROXY_TARGET_WHITELIST)
+      - name: DOMAIN_PROXY_TARGET_ALLOWLIST
+        value: $(params.DOMAIN_PROXY_TARGET_ALLOWLIST)
       - name: DOMAIN_PROXY_ENABLE_INTERNAL_PROXY
         value: $(params.DOMAIN_PROXY_ENABLE_INTERNAL_PROXY)
       - name: DOMAIN_PROXY_INTERNAL_PROXY_HOST
diff --git a/docs/development.adoc b/docs/development.adoc
index d2df5c0ae..317085a87 100644
--- a/docs/development.adoc
+++ b/docs/development.adoc
@@ -153,6 +153,7 @@ export QUAY_USERNAME=<your-quay-io-account-username>
 export JVM_BUILD_SERVICE_IMAGE=
 export JVM_BUILD_SERVICE_CACHE_IMAGE=
 export JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE=
+export JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE=
 ./deploy/openshift-ci.sh
 make openshift-e2e
 ----
diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go
index 002a55a84..e529b5c1c 100644
--- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go
+++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go
@@ -7,6 +7,7 @@ import (
 	"github.com/go-logr/logr"
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -30,6 +31,8 @@ const (
 	BuildTaskName     = "build"
 	PostBuildTaskName = "post-build"
 	DeployTaskName    = "deploy"
+
+	DomainProxyImage = "quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/domain-proxy:latest"
 )
 
 //go:embed scripts/maven-build.sh
@@ -481,7 +484,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 		},
 	}
 
-	whitelistUrl, err := url.Parse(cacheUrl)
+	allowlistUrl, err := url.Parse(cacheUrl)
 	if err != nil {
 		return nil, "", err
 	}
@@ -542,7 +545,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					Name: "BUILD_IMAGE",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: DomainProxyImage,
+						StringVal: domainProxyImage(),
 					},
 				},
 				{
@@ -553,10 +556,10 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					},
 				},
 				{
-					Name: "DOMAIN_PROXY_TARGET_WHITELIST",
+					Name: "DOMAIN_PROXY_TARGET_ALLOWLIST",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: whitelistUrl.Host + ",localhost,cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com",
+						StringVal: allowlistUrl.Host + ",localhost,cdn-ubi.redhat.com,repo1.maven.org,repo.scala-sbt.org,scala.jfrog.io,repo.typesafe.com,jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com",
 					},
 				},
 				{
@@ -591,7 +594,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					Name: "DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
-						StringVal: whitelistUrl.Host + ",localhost",
+						StringVal: allowlistUrl.Host + ",localhost",
 					},
 				},
 			},
@@ -991,3 +994,11 @@ func settingOrDefault(setting, def string) string {
 	}
 	return setting
 }
+
+func domainProxyImage() string {
+	domainProxyImage := os.Getenv("JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE")
+	if len(domainProxyImage) == 0 {
+		domainProxyImage = DomainProxyImage
+	}
+	return domainProxyImage
+}
diff --git a/pkg/reconciler/dependencybuild/dependencybuild.go b/pkg/reconciler/dependencybuild/dependencybuild.go
index ce97587aa..44bfc1b8f 100644
--- a/pkg/reconciler/dependencybuild/dependencybuild.go
+++ b/pkg/reconciler/dependencybuild/dependencybuild.go
@@ -73,8 +73,6 @@ const (
 
 	PipelineRunFinalizer = "jvmbuildservice.io/finalizer"
 	DeploySuffix         = "-deploy"
-
-	DomainProxyImage = "quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/domain-proxy:latest"
 )
 
 type ReconcileDependencyBuild struct {

From 45898890667c26efe8df754c57843c081b7c90a5 Mon Sep 17 00:00:00 2001
From: Nick Cross <ncross@redhat.com>
Date: Mon, 13 Jan 2025 12:08:49 +0000
Subject: [PATCH 2/2] Update buildah-oci-ta reference

---
 pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go b/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go
index cb21075a7..742d8058a 100644
--- a/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go
+++ b/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go
@@ -48,6 +48,6 @@ type SystemConfigList struct {
 const (
 	KonfluxGitDefinition          = "https://raw.githubusercontent.com/konflux-ci/build-definitions/refs/heads/main/task/git-clone/0.1/git-clone.yaml"
 	KonfluxPreBuildDefinitions    = "https://raw.githubusercontent.com/redhat-appstudio/jvm-build-service/main/deploy/tasks/pre-build.yaml"
-	KonfluxBuildDefinitions       = "https://raw.githubusercontent.com/redhat-appstudio/jvm-build-service/main/deploy/tasks/buildah-oci-ta.yaml"
+	KonfluxBuildDefinitions       = "https://raw.githubusercontent.com/tecarter94/jvm-build-service/rename-domain-proxy-whitelist/deploy/tasks/buildah-oci-ta.yaml"
 	KonfluxMavenDeployDefinitions = "https://raw.githubusercontent.com/redhat-appstudio/jvm-build-service/main/deploy/tasks/maven-deployment.yaml"
 )