From 44799de548486221ce036002ef63581a52225f9c Mon Sep 17 00:00:00 2001 From: Angel Misevski Date: Mon, 20 Nov 2023 10:20:59 -0500 Subject: [PATCH] [ports-plugin] don't prompt user to redirect endpoints with `exposure: none` (#301) * [ports-plugin] Remove JWT endpoint handling in che-port extension The JWT proxy was removed as of Che 7.42 and is no longer used. See Che issue https://github.com/eclipse/che/issues/21275 for details. * [ports-plugin] Don't prompt to expose endpoints with exposure: none in ports-plugin If an endpoint exists in the devfile and has exposure: none, we shouldn't prompt the user to expose that endpoint if a process starts listening on localhost. * [ports-plugin] Update prompt when process is listening to localhost If a process starts that is listening to localhost (and is thus inaccessible from outside the pod), we show a prompt to the user to add it to Code's redirect routes. However, if the process is listening on a port that matches a public endpoint in the devfile, we should prompt differently, noting the potential error, since the user intends to use the endpoint route instead of a redirect route. --------- Signed-off-by: Angel Misevski --- .../src/devfile-handler-devworkspace-impl.ts | 21 ----------- code/extensions/che-port/src/ports-plugin.ts | 36 +++++++++++++------ 2 files changed, 26 insertions(+), 31 deletions(-) diff --git a/code/extensions/che-port/src/devfile-handler-devworkspace-impl.ts b/code/extensions/che-port/src/devfile-handler-devworkspace-impl.ts index 34482afbd18..8af2aa33e4f 100644 --- a/code/extensions/che-port/src/devfile-handler-devworkspace-impl.ts +++ b/code/extensions/che-port/src/devfile-handler-devworkspace-impl.ts @@ -84,27 +84,6 @@ export class DevWorkspaceDevfileHandlerImpl implements DevfileHandler { } as Endpoint; }); - // Add private JWT proxy ports - const jwtProxyEnv: string[] = Object.keys(process.env).filter(key => - key.includes('_JWTPROXY_SERVICE_PORT_SERVER_') - ); - jwtProxyEnv.forEach((key, index) => { - const value = process.env[key]!.toLocaleLowerCase() || ''; - const port = parseInt(value); - if (!isNaN(port)) { - const endpoint: Endpoint = { - name: `jwt-proxy-${index + 1}`, - exposure: EndpointExposure.FROM_DEVFILE_PRIVATE, - url: '', - targetPort: port, - protocol: 'tcp', - type: 'jwt-proxy', - category: EndpointCategory.PLUGINS, - }; - endpoints.push(endpoint); - } - }); - return endpoints; } } diff --git a/code/extensions/che-port/src/ports-plugin.ts b/code/extensions/che-port/src/ports-plugin.ts index c01e153cacf..3ccf0e3aead 100644 --- a/code/extensions/che-port/src/ports-plugin.ts +++ b/code/extensions/che-port/src/ports-plugin.ts @@ -172,20 +172,36 @@ export class PortsPlugin { // check now if the port is in workspace definition ? const matchingEndpoint = this.devfileEndpoints.find(endpoint => endpoint.targetPort === port.portNumber); - if (matchingEndpoint && matchingEndpoint.exposure === EndpointExposure.FROM_DEVFILE_PRIVATE) { - this.outputChannel.appendLine( - `Endpoint ${matchingEndpoint.name} on port ${matchingEndpoint.targetPort} is defined as Private. Do not prompt to open it.` - ); - return; + if (matchingEndpoint) { + if (matchingEndpoint.exposure === EndpointExposure.FROM_DEVFILE_PRIVATE) { + this.outputChannel.appendLine( + `Endpoint ${matchingEndpoint.name} on port ${matchingEndpoint.targetPort} is defined as exposure: internal. Do not prompt to open it.` + ); + return; + } + if (matchingEndpoint.exposure === EndpointExposure.FROM_DEVFILE_NONE) { + this.outputChannel.appendLine( + `Endpoint ${matchingEndpoint.name} on port ${matchingEndpoint.targetPort} is defined as exposure: none. Do not prompt to open it.` + ); + return; + } } // if not listening on 0.0.0.0 then raise a prompt to add a port redirect if (port.interfaceListen !== PortsPlugin.LISTEN_ALL_IPV4 && port.interfaceListen !== PortsPlugin.LISTEN_ALL_IPV6) { - const desc = `A new process is now listening on port ${port.portNumber} but is listening on interface ${port.interfaceListen} which is internal. - You should change to be remotely available. Would you want to add a redirect for this port so it becomes available ?`; - const err = `A new process is now listening on port ${port.portNumber} but is listening on interface ${port.interfaceListen} which is internal. - This port is not available outside. You should change the code to listen on 0.0.0.0 for example.`; - await this.askRedirect(port, desc, err); + if (matchingEndpoint && matchingEndpoint.exposure === EndpointExposure.FROM_DEVFILE_PUBLIC) { + const desc = `Process ${matchingEndpoint.name} is now listening on port ${matchingEndpoint.targetPort}, but it is listening on ${port.interfaceListen}, + which is internal. You should change the code to listen on port 0.0.0.0 instead. Would you like to add a redirect to make this process available anyway?`; + const err = `Process ${matchingEndpoint.name} is now listening on port ${matchingEndpoint.targetPort}, but it is listening on ${port.interfaceListen}, + which is internal. You should change the code to listen on port 0.0.0.0 instead.`; + await this.askRedirect(port, desc, err); + } else { + const desc = `A new process is now listening on port ${port.portNumber} but is listening on interface ${port.interfaceListen} which is internal. + You should change to be remotely available. Would you want to add a redirect for this port so it becomes available ?`; + const err = `A new process is now listening on port ${port.portNumber} but is listening on interface ${port.interfaceListen} which is internal. + This port is not available outside. You should change the code to listen on 0.0.0.0 for example.`; + await this.askRedirect(port, desc, err); + } return; }