feat(ctrl): warning if registry is insecure

Closes #5809
apache · Jan 29, 2025 · 8c000af · 8c000af
1 parent e685450
commit 8c000af
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 0 deletions.
diff --git a/pkg/controller/integrationplatform/monitor.go b/pkg/controller/integrationplatform/monitor.go
@@ -83,6 +83,7 @@ func (action *monitorAction) Handle(ctx context.Context, platform *v1.Integratio
 	if err != nil {
 		return platform, err
 	}
+	//nolint: nestif
 	if isOpenshift && platform.Status.Build.PublishStrategy == v1.IntegrationPlatformBuildPublishStrategyS2I {
 		platform.Status.SetCondition(
 			v1.IntegrationPlatformConditionTypeRegistryAvailable,
@@ -110,6 +111,17 @@ func (action *monitorAction) Handle(ctx context.Context, platform *v1.Integratio
 				corev1.ConditionTrue,
 				v1.IntegrationPlatformConditionTypeRegistryAvailableReason,
 				fmt.Sprintf("registry available at %s", platform.Status.Build.Registry.Address))
+			// Warn if insecure registry
+			if platform.Status.Build.Registry.Insecure {
+				platform.Status.SetCondition(
+					v1.IntegrationPlatformConditionType("InsecureRegistryWarning"),
+					corev1.ConditionTrue,
+					"InsecureRegistryWarningReason",
+					"Registry is insecure. This setup should not be used in a production environment.")
+				action.L.Infof(
+					"WARN: provided container registry is insecure. This setup should not be used in a production environment.",
+				)
+			}
 		}
 	}
 	action.checkTraitAnnotationsDeprecatedNotice(platform)

diff --git a/pkg/controller/integrationplatform/monitor_test.go b/pkg/controller/integrationplatform/monitor_test.go
@@ -87,6 +87,7 @@ func TestMonitorReady(t *testing.T) {
 
 	assert.Equal(t, v1.IntegrationPlatformPhaseReady, answer.Status.Phase)
 	assert.Equal(t, corev1.ConditionTrue, answer.Status.GetCondition(v1.IntegrationPlatformConditionTypeRegistryAvailable).Status)
+	assert.Nil(t, answer.Status.GetCondition(v1.IntegrationPlatformConditionType("InsecureRegistryWarning")))
 	assert.Equal(t, "3.2.1", answer.Status.Build.RuntimeCoreVersion)
 }
 
@@ -255,3 +256,41 @@ func TestMonitorMissingCatalogError(t *testing.T) {
 		defaults.DefaultRuntimeVersion), answer.Status.GetCondition(
 		v1.IntegrationPlatformConditionCamelCatalogAvailable).Message)
 }
+
+func TestMonitorWarningInsecureRegistry(t *testing.T) {
+	catalog := v1.NewCamelCatalog("ns", fmt.Sprintf("camel-catalog-%s", "1.2.3"))
+	catalog.Spec.Runtime.Version = "1.2.3"
+	catalog.Spec.Runtime.Provider = v1.RuntimeProviderQuarkus
+	catalog.Spec.Runtime.Metadata = map[string]string{
+		"camel.version": "3.2.1",
+	}
+	ip := v1.IntegrationPlatform{}
+	ip.Namespace = "ns"
+	ip.Name = "ck"
+	ip.Spec.Build.Registry.Address = "1.2.3.4"
+	ip.Spec.Build.Registry.Insecure = true
+	ip.Spec.Build.RuntimeVersion = "1.2.3"
+	ip.Spec.Build.RuntimeProvider = v1.RuntimeProviderQuarkus
+	ip.Status.Build.RuntimeVersion = "1.2.3"
+	ip.Status.Build.RuntimeProvider = v1.RuntimeProviderQuarkus
+	ip.Status.Build.Registry.Address = "1.2.3.4"
+	ip.Status.Build.Registry.Insecure = true
+	ip.Status.Phase = v1.IntegrationPlatformPhaseReady
+	c, err := internal.NewFakeClient(&ip, &catalog)
+	require.NoError(t, err)
+
+	action := NewMonitorAction()
+	action.InjectLogger(log.Log)
+	action.InjectClient(c)
+
+	answer, err := action.Handle(context.TODO(), &ip)
+	require.NoError(t, err)
+	assert.NotNil(t, answer)
+
+	assert.Equal(t, v1.IntegrationPlatformPhaseReady, answer.Status.Phase)
+	assert.Equal(t, corev1.ConditionTrue, answer.Status.GetCondition(v1.IntegrationPlatformConditionTypeRegistryAvailable).Status)
+	assert.Equal(t, corev1.ConditionTrue, answer.Status.GetCondition(v1.IntegrationPlatformConditionType("InsecureRegistryWarning")).Status)
+	assert.Equal(t, "Registry is insecure. This setup should not be used in a production environment.",
+		answer.Status.GetCondition(
+			v1.IntegrationPlatformConditionType("InsecureRegistryWarning")).Message)
+}