Make port visibility private by default

corneliusludmann · corneliusludmann · commit caa322c871da · 2021-06-21T16:22:15.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file.
 
 ## June 2021
 
+- Breaking Change: Make ports configured in `.gitpod.yml` private by default when no value for `visibility` is given (was public). This change is for security reasons. ([#4548](https://github.com/gitpod-io/gitpod/pull/4548))
 - Fix active workspace list in dashboard (show also older pinned workspaces) ([#4523](https://github.com/gitpod-io/gitpod/pull/4523))
 - Adding `ItemsList` component as a more maintainable and consistent way to render a list of workspaces, git integrations, environment variables, etc. ([#4454](https://github.com/gitpod-io/gitpod/pull/4454))
 - Improve backup stability when pods get evicted ([#4405](https://github.com/gitpod-io/gitpod/pull/4405))
diff --git a/components/gitpod-protocol/data/gitpod-schema.json b/components/gitpod-protocol/data/gitpod-schema.json
@@ -34,8 +34,8 @@
                             "private",
                             "public"
                         ],
-                        "default": "public",
-                        "description": "Whether the port visibility should be private or public. 'public' (default) will allow everyone with the port URL to access the port. 'private' will only allow users with workspace access to access the port."
+                        "default": "private",
+                        "description": "Whether the port visibility should be private or public. 'private' (default) will only allow users with workspace access to access the port. 'public' will allow everyone with the port URL to access the port."
                     },
                     "name": {
                         "type": "string",
diff --git a/components/server/src/workspace/gitpod-server-impl.ts b/components/server/src/workspace/gitpod-server-impl.ts
@@ -1073,9 +1073,9 @@ export class GitpodServerImpl<Client extends GitpodClient, Server extends Gitpod
 
     protected portVisibilityToProto(visibility: PortVisibility | undefined): ProtoPortVisibility {
         switch (visibility) {
+            default:    // the default for requests is: private
             case 'private':
                 return ProtoPortVisibility.PORT_VISIBILITY_PRIVATE;
-            default:    // the default for requests is: public
             case 'public':
                 return ProtoPortVisibility.PORT_VISIBILITY_PUBLIC;
         }
diff --git a/components/server/src/workspace/workspace-starter.ts b/components/server/src/workspace/workspace-starter.ts
@@ -606,7 +606,7 @@ export class WorkspaceStarter {
 
             spec.setPort(p.port);
             spec.setTarget(target);
-            spec.setVisibility(p.visibility == 'private' ? PortVisibility.PORT_VISIBILITY_PRIVATE : PortVisibility.PORT_VISIBILITY_PUBLIC);
+            spec.setVisibility(p.visibility == 'public' ? PortVisibility.PORT_VISIBILITY_PUBLIC : PortVisibility.PORT_VISIBILITY_PRIVATE);
             return spec;
         }).filter(spec => !!spec) as PortSpec[];
 
diff --git a/components/supervisor/pkg/ports/ports.go b/components/supervisor/pkg/ports/ports.go
@@ -342,9 +342,9 @@ func (pm *Manager) nextState(ctx context.Context) map[uint32]*managedPort {
 				return
 			}
 			mp.GlobalPort = port
-			mp.Visibility = api.PortVisibility_public
-			if config.Visibility == "private" {
-				mp.Visibility = api.PortVisibility_private
+			mp.Visibility = api.PortVisibility_private
+			if config.Visibility == "public" {
+				mp.Visibility = api.PortVisibility_public
 			}
 			public := mp.Visibility == api.PortVisibility_public
 			pm.autoExpose(ctx, mp, public)
@@ -396,7 +396,7 @@ func (pm *Manager) nextState(ctx context.Context) map[uint32]*managedPort {
 		if mp.Exposed || configured {
 			public = mp.Visibility == api.PortVisibility_public
 		} else {
-			public = exists && config.Visibility != "private"
+			public = exists && config.Visibility == "public"
 		}
 
 		pm.autoExpose(ctx, mp, public)
diff --git a/components/supervisor/pkg/ports/ports_test.go b/components/supervisor/pkg/ports/ports_test.go
@@ -128,7 +128,7 @@ func TestPortsUpdateState(t *testing.T) {
 				},
 			},
 			ExpectedExposure: []ExposedPort{
-				{LocalPort: 8080, GlobalPort: 8080, Public: true},
+				{LocalPort: 8080, GlobalPort: 8080},
 				{LocalPort: 9229, GlobalPort: 9229},
 				{LocalPort: 9229, GlobalPort: 60000},
 			},
@@ -159,7 +159,7 @@ func TestPortsUpdateState(t *testing.T) {
 				{Served: []ServedPort{{"0100007F", 4040, true}, {"00000000", 60000, false}}},
 			},
 			ExpectedExposure: []ExposedPort{
-				{LocalPort: 4040, GlobalPort: 60000, Public: true},
+				{LocalPort: 4040, GlobalPort: 60000},
 			},
 			ExpectedUpdates: UpdateExpectation{
 				{},
diff --git a/components/ws-manager/pkg/manager/manager.go b/components/ws-manager/pkg/manager/manager.go
@@ -750,14 +750,14 @@ func portNameToVisibility(s string) api.PortVisibility {
 	parts := strings.Split(s, "-")
 	if len(parts) != 2 {
 		// old or wrong port name: return default
-		return api.PortVisibility_PORT_VISIBILITY_PUBLIC
+		return api.PortVisibility_PORT_VISIBILITY_PRIVATE
 	}
 
 	// parse (or public as fallback: important for backwards compatibility during rollout)
 	visibilitStr := fmt.Sprintf("PORT_VISIBILITY_%s", strings.ToUpper(parts[1]))
 	i32Value, present := api.PortVisibility_value[visibilitStr]
 	if !present {
-		return api.PortVisibility_PORT_VISIBILITY_PUBLIC
+		return api.PortVisibility_PORT_VISIBILITY_PRIVATE
 	}
 	return api.PortVisibility(i32Value)
 }
diff --git a/components/ws-manager/pkg/manager/testdata/status_interrupted.golden b/components/ws-manager/pkg/manager/testdata/status_interrupted.golden
@@ -14,13 +14,11 @@
             "exposed_ports": [
                 {
                     "port": 5900,
-                    "target": 35900,
-                    "visibility": 1
+                    "target": 35900
                 },
                 {
                     "port": 8080,
-                    "target": 38080,
-                    "visibility": 1
+                    "target": 38080
                 }
             ]
         },
diff --git a/components/ws-manager/pkg/manager/testdata/status_regularStart_Initializing00.golden b/components/ws-manager/pkg/manager/testdata/status_regularStart_Initializing00.golden
@@ -13,8 +13,7 @@
             "url": "http://10.0.0.114:8082",
             "exposed_ports": [
                 {
-                    "port": 8080,
-                    "visibility": 1
+                    "port": 8080
                 }
             ]
         },
diff --git a/components/ws-manager/pkg/manager/testdata/status_wsstartup_Creating00.golden b/components/ws-manager/pkg/manager/testdata/status_wsstartup_Creating00.golden
@@ -13,8 +13,7 @@
             "url": "http://10.0.0.114:8082",
             "exposed_ports": [
                 {
-                    "port": 8080,
-                    "visibility": 1
+                    "port": 8080
                 }
             ]
         },

Original file line number	Diff line number	Diff line change
`@@ -750,14 +750,14 @@ func portNameToVisibility(s string) api.PortVisibility {`
`750`	`750`	`parts := strings.Split(s, "-")`
`751`	`751`	`if len(parts) != 2 {`
`752`	`752`	`// old or wrong port name: return default`
`753`		`- return api.PortVisibility_PORT_VISIBILITY_PUBLIC`
	`753`	`+ return api.PortVisibility_PORT_VISIBILITY_PRIVATE`
`754`	`754`	`}`
`755`	`755`
`756`	`756`	`// parse (or public as fallback: important for backwards compatibility during rollout)`
`757`	`757`	`visibilitStr := fmt.Sprintf("PORT_VISIBILITY_%s", strings.ToUpper(parts[1]))`
`758`	`758`	`i32Value, present := api.PortVisibility_value[visibilitStr]`
`759`	`759`	`if !present {`
`760`		`- return api.PortVisibility_PORT_VISIBILITY_PUBLIC`
	`760`	`+ return api.PortVisibility_PORT_VISIBILITY_PRIVATE`
`761`	`761`	`}`
`762`	`762`	`return api.PortVisibility(i32Value)`
`763`	`763`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,13 +14,11 @@`
`14`	`14`	`"exposed_ports": [`
`15`	`15`	`{`
`16`	`16`	`"port": 5900,`
`17`		`- "target": 35900,`
`18`		`- "visibility": 1`
	`17`	`+ "target": 35900`
`19`	`18`	`},`
`20`	`19`	`{`
`21`	`20`	`"port": 8080,`
`22`		`- "target": 38080,`
`23`		`- "visibility": 1`
	`21`	`+ "target": 38080`
`24`	`22`	`}`
`25`	`23`	`]`
`26`	`24`	`},`
Original file line number	Diff line number	Diff line change
`@@ -13,8 +13,7 @@`
`13`	`13`	`"url": "http://10.0.0.114:8082",`
`14`	`14`	`"exposed_ports": [`
`15`	`15`	`{`
`16`		`- "port": 8080,`
`17`		`- "visibility": 1`
	`16`	`+ "port": 8080`
`18`	`17`	`}`
`19`	`18`	`]`
`20`	`19`	`},`