feat: add proxy support

Author: cloudshiftchris

README.md

@@ -81,9 +81,19 @@ limit role permissions to those required for CodeArtifact.
 
 ## Other configuration properties
 
-| System Property                                              | Environment Variable                                         | Description                                                                                 |
-|--------------------------------------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------|
-| codeartifact.domains                                         | CODEARTIFACT_DOMAINS                                         | Regex of domains to provide authentication for (defaults to all domains)                    |
+| System Property                                             | Environment Variable                                         | Description                                                                                 |
+|-------------------------------------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------|
+| codeartifact.domains                                        | CODEARTIFACT_DOMAINS                                         | Regex of domains to provide authentication for (defaults to all domains)                    |
+ codeartifact.proxy.enabled | CODEARTIFACT_PROXY_ENABLED | Enable proxying of CodeArtifact URLs (default: true), if proxy base URLs configured (above) |
+| codeartifact.<domain>-<domain owner>-<region>.proxy.base-url | CODEARTIFACT_<DOMAIN>_<DOMAIN_OWNER>_<REGION>_PROXY_BASE_URL | Proxy base URL to use                       |
+| codeartifact.<region>.proxy.base-url | CODEARTIFACT_<REGION>_PROXY_BASE_URL                         | Proxy base URL to use                       |
+| codeartifact.proxy.base-url | CODEARTIFACT_PROXY_BASE_URL                                  | Proxy base URL to use                       |
+
+## Reverse Proxy Configuration
+
+If you wish to place CodeArtifact behind a reverse proxy (for example, CloudFront or other CDN) you can specify the proxy to use (see table above).  The configured CodeArtifact URLs are used to generate a CodeArtifact token, and are then reconfigured to use the proxy URL (continuing to pass along the authentication token).  Your configured proxy is responsible for handling authentication/caching as appropriate.
+
+Repositories configured for publishing are not configured to use the proxy.
 
 ## Obtaining CodeArtifact tokens for other (non-Maven repository) uses
 

gradle.properties

@@ -3,7 +3,7 @@ description=CodeArtifact settings plugin for Gradle
 kotlin.code.style=official
 
 group=io.cloudshiftdev.codeartifact
-version=1.0.7
+version=1.1.0
 
 org.gradle.jvmargs=-Dfile.encoding\=UTF-8
 org.gradle.vfs.watch=true

src/main/kotlin/io/cloudshiftdev/gradle/codeartifact/CodeArtifactPlugin.kt

@@ -2,6 +2,7 @@ package io.cloudshiftdev.gradle.codeartifact
 
 import io.cloudshiftdev.gradle.codeartifact.CodeArtifactEndpoint.Companion.toCodeArtifactEndpoint
 import io.cloudshiftdev.gradle.codeartifact.CodeArtifactEndpoint.Companion.toCodeArtifactEndpointOrNull
+import java.net.URI
 import javax.inject.Inject
 import kotlin.contracts.ExperimentalContracts
 import kotlin.contracts.contract
@@ -72,14 +73,17 @@ public abstract class CodeArtifactPlugin @Inject constructor(private val objects
 
         project.plugins.withType<MavenPublishPlugin> {
             project.configure<PublishingExtension> {
-                repositories.all { configureCodeArtifactRepository(this, project.providers) }
+                repositories.all {
+                    configureCodeArtifactRepository(this, project.providers, useProxy = false)
+                }
             }
         }
     }
 
     private fun configureCodeArtifactRepository(
         repository: ArtifactRepository,
         providers: ProviderFactory,
+        useProxy: Boolean = true,
     ) {
         if (!shouldConfigureCodeArtifactRepository(repository)) return
 
@@ -88,6 +92,25 @@ public abstract class CodeArtifactPlugin @Inject constructor(private val objects
 
         val tokenProvider = providers.codeArtifactToken(endpoint)
         repository.setConfiguredCredentials(createRepoCredentials(tokenProvider))
+
+        val proxyEnabled = resolveSystemVar("codeartifact.proxy.enabled")?.toBoolean() ?: true
+
+        if (useProxy && proxyEnabled) {
+            val key1 =
+                "codeartifact.${endpoint.domain}-${endpoint.domainOwner}-${endpoint.region}.proxy.base-url"
+            val key2 = "codeartifact.${endpoint.region}.proxy.base-url"
+            val key3 = "codeartifact.proxy.base-url"
+            resolveSystemVar(key1, key2, key3)?.let { proxyBaseUrl ->
+                val proxyUrl = URI("${proxyBaseUrl}/${endpoint.url.path}")
+                logger.lifecycle(
+                    "Using proxy for CodeArtifact repository: $proxyUrl -> ${endpoint.url}"
+                )
+                repository.url = proxyUrl
+            }
+                ?: run {
+                    logger.info("No proxy configured for CodeArtifact repository: ${endpoint.url}")
+                }
+        }
     }
 
     @OptIn(ExperimentalContracts::class)

src/main/kotlin/io/cloudshiftdev/gradle/codeartifact/Extensions.kt

@@ -14,7 +14,11 @@ internal fun URI.queryParameters() =
         key to value
     } ?: emptyMap()
 
-internal fun resolveSystemVar(key: String): String? =
+internal fun resolveSystemVar(vararg keys: String): String? {
+    return keys.firstNotNullOfOrNull { resolveSystemVarInternal(it) }
+}
+
+internal fun resolveSystemVarInternal(key: String): String? =
     System.getProperty(key)?.takeIf(String::isNotBlank)
         ?: System.getenv(key.toScreamingSnakeCase())?.takeIf(String::isNotBlank)