Merge pull request #778 from spring-projects/LukeBalizet-update-registry-image-schema

Luke balizet update registry image schema

Author: kdvolder

headless-services/concourse-language-server/src/main/java/org/springframework/ide/vscode/concourse/PipelineYmlSchema.java

@@ -62,6 +62,7 @@
 
 /**
  * @author Kris De Volder
+ * @author LukeBalizet
  */
 public class PipelineYmlSchema implements YamlSchema {
 
@@ -156,14 +157,32 @@ public class PipelineYmlSchema implements YamlSchema {
 	public final YType t_semver = f.yatomic("Semver")
 			.parseWith(ValueParsers.NE_STRING); //TODO: use real semver parser.
 
-	public final YType t_s3_region = f.yenum("S3Region",
-			//See: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUT.html
-			 "us-west-1", "us-west-2",
-			 "ca-central-1", "EU", "eu-west-1",
-			 "eu-west-2", "eu-central-1",
-			 "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2",
-			 "sa-east-1",
-			 "us-east-2"
+	public final YType t_aws_region = f.yenum("AWSRegion",
+			//See https://docs.aws.amazon.com/general/latest/gr/rande.html
+			"af-south-1",
+			"ap-east-1",
+			"ap-southeast-3",
+			"ap-south-1",
+			"ap-northeast-3",
+			"ap-northeast-2",
+			"ap-southeast-1",
+			"ap-southeast-2",
+			"ap-northeast-1",
+			"ca-central-1",
+			"cn-north-1",
+			"cn-northwest-1",
+			"eu-central-1",
+			"eu-west-1",
+			"eu-west-2",
+			"eu-south-1",
+			"eu-west-3",
+			"eu-north-1",
+			"me-south-1",
+			"us-east-1",
+			"us-east-2",
+			"us-west-1",
+			"us-west-2",
+			"sa-east-1"
 	);
 
 	public final YType t_day = f.yenum("Day",
@@ -606,14 +625,16 @@ private void initializeDefaultResourceTypes() {
 			put.require(Constraints.requireAtMostOneOf("rebase", "merge"));
 			resourceTypes.def("git", source, get, put);
 		}
+
+		// Shared by docker-image and registry-image
+		AbstractType registry_mirror = f.ybean("RegistryMirror");
+		addProp(registry_mirror, "host", t_ne_string).isPrimary(true);
+		addProp(registry_mirror, "username", t_ne_string);
+		addProp(registry_mirror, "password", t_ne_string);
+		
 		//docker-image:
 		{
 
-			AbstractType registry_mirror = f.ybean("RegistryMirror");
-			addProp(registry_mirror, "host", t_ne_string).isPrimary(true);
-			addProp(registry_mirror, "username", t_ne_string);
-			addProp(registry_mirror, "password", t_ne_string);
-			
 			AbstractType source = f.ybean("DockerImageSource");
 			addProp(source, "repository", t_ne_string).isPrimary(true);
 			addProp(source, "tag", t_ne_string);
@@ -670,14 +691,24 @@ private void initializeDefaultResourceTypes() {
 
 			resourceTypes.def("docker-image", source, get, put);
 		}
-		//registry_image
+		//registry-image
 		{
 			AbstractType source = f.ybean("RegistryImageSource");
 			addProp(source, "repository", t_ne_string).isPrimary(true);
+			addProp(source, "insecure", t_boolean);
 			addProp(source, "tag", t_ne_string);
+			addProp(source, "variant", t_ne_string);
+			addProp(source, "semver_constraint", t_ne_string);
 			addProp(source, "username", t_ne_string);
 			addProp(source, "password", t_ne_string);
+			addProp(source, "aws_access_key_id", t_ne_string);
+			addProp(source, "aws_secret_access_key", t_ne_string);
+			addProp(source, "aws_session_token", t_ne_string);
+			addProp(source, "aws_region", t_aws_region);
+			addProp(source, "aws_role_arn", t_ne_string);
+			addProp(source, "aws_role_arns", t_strings);
 			addProp(source, "debug", t_boolean);
+			addProp(source, "registry_mirror", registry_mirror);
 			{
 				AbstractType contentTrust = f.ybean("RegistryImageContentTrust");
 				addProp(contentTrust, "server", t_ne_string);
@@ -689,16 +720,21 @@ private void initializeDefaultResourceTypes() {
 
 				addProp(source, "content_trust", contentTrust);
 			}
+			addProp(source, "ca_certs", t_strings);
 
 			AbstractType get = f.ybean("RegistryImageGetParams");
 			addProp(get, "format", f.yenum("RegistryImageFormat", "rootfs", "oci"));
 			addProp(get, "skip_download", t_boolean);
 
 			AbstractType put = f.ybean("RegistryImagePutParams");
 			addProp(put, "image", t_ne_string).isPrimary(true);
+			addProp(put, "version", t_ne_string);
+			addProp(put, "bump_aliases", t_boolean);
 			addProp(put, "additional_tags", t_ne_string);
 
 			resourceTypes.def("registry-image", source, get, put);
+			
+			source.require(Constraints.mutuallyExclusive("aws_role_arn", "aws_role_arns"));
 		}
 		//s3
 		{
@@ -714,7 +750,7 @@ private void initializeDefaultResourceTypes() {
 			addProp(source, "access_key_id", t_ne_string);
 			addProp(source, "secret_access_key", t_ne_string);
 			addProp(source, "session_token", t_ne_string);
-			addProp(source, "region_name", t_s3_region);
+			addProp(source, "region_name", t_aws_region);
 			addProp(source, "private", t_boolean);
 			addProp(source, "cloudfront_url", t_ne_string);
 			addProp(source, "endpoint", t_ne_string);
@@ -790,7 +826,7 @@ private void initializeDefaultResourceTypes() {
 			addProp(s3_source, "key", t_ne_string).isRequired(true);
 			addProp(s3_source, "access_key_id", t_ne_string).isRequired(true);
 			addProp(s3_source, "secret_access_key", t_ne_string).isRequired(true);
-			addProp(s3_source, "region_name", t_s3_region);
+			addProp(s3_source, "region_name", t_aws_region);
 			addProp(s3_source, "endpoint", t_ne_string);
 			addProp(s3_source, "disable_ssl", t_boolean);
 

headless-services/concourse-language-server/src/main/resources/desc/RegistryImagePutParams/bump_aliases.md

@@ -0,0 +1,11 @@
+*Optional. Default `false`.* When set to `true` and `version` is specified
+automatically bump alias tags for the version. For example, when pushing version
+`1.2.3`, push the same image to the following tags:
+- `1.2`, if 1.2.3 is the latest version of 1.2.x.
+- `1`, if 1.2.3 is the latest version of 1.x.
+- `latest`, if 1.2.3 is the latest version overall.
+
+If `variant` is configured as `foo`, push the same image to the following tags:
+- `1.2-foo`, if 1.2.3 is the latest version of 1.2.x with `foo`.
+- `1-foo`, if 1.2.3 is the latest version of 1.x with `foo`.
+- `foo`, if 1.2.3 is the latest version overall for `foo`

headless-services/concourse-language-server/src/main/resources/desc/RegistryImagePutParams/version.md

@@ -0,0 +1 @@
+*Optional.* A version number to use as a tag.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_access_key_id.md

@@ -0,0 +1 @@
+*Optional*. The access key ID to use for authenticating with ECR.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_region.md

@@ -0,0 +1,4 @@
+*Optional*. The region to use for
+  accessing ECR. This is required if you are using ECR. This region
+  will help determine the full repository URL you are accessing
+  (e.g., `012345678910.dkr.ecr.us-east-1.amazonaws.com`)

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_role_arn.md

@@ -0,0 +1,3 @@
+*Optional*. If set, then this role will
+  be assumed before authenticating to ECR. An error will occur if
+  `aws_role_arns` is also specified. This is kept for backward compatibility.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_role_arns.md

@@ -0,0 +1,4 @@
+*Optional*. An array of AWS IAM roles.
+  If set, these roles will be assumed in the specified order before
+  authenticating to ECR. An error will occur if `aws_role_arn`
+  is also specified.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_secret_access_key.md

@@ -0,0 +1 @@
+*Optional*. The secret access key to use for authenticating with ECR.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_session_token.md

@@ -0,0 +1,2 @@
+*Optional*. The session token to use for authenticating with
+  STS credentials with ECR.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/ca_certs.md

@@ -0,0 +1,15 @@
+*Optional*. An array of PEM-encoded CA certificates. Example:
+```yaml
+ca_certs:
+- |
+  -----BEGIN CERTIFICATE-----
+  ...
+  -----END CERTIFICATE-----
+- |
+  -----BEGIN CERTIFICATE-----
+  ...
+  -----END CERTIFICATE-----
+``` 
+Each entry specifies the x509 CA certificate for the trusted docker registry.
+This is used to validate the certificate of the docker registry when the
+registry's certificate is signed by a custom authority (or itself).