[supervisor] Make ports configured in .gitpod.yml private by default

[corneliusludmann]

Fixes #4159

How to test

• Open https://corneliusludmann-never-make-ports-4159.staging.gitpod-dev.com/#https://github.com/corneliusludmann/gitpod-playground/tree/test-port-visibility
• F1 → View: Show Remote Explorer
• Verify that port 8081 is the only port that is public (it's explicitly configured to be public in the .gitpod.yml file)

[codecov]

Codecov Report

Merging #4548 (4454cde) into main (299b1b9) will increase coverage by 36.44%.
The diff coverage is 50.00%.

@@            Coverage Diff            @@
##           main    #4548       +/-   ##
=========================================
+ Coverage      0   36.44%   +36.44%     
=========================================
  Files         0       14       +14     
  Lines         0     3880     +3880     
=========================================
+ Hits          0     1414     +1414     
- Misses        0     2349     +2349     
- Partials      0      117      +117     

Flag	Coverage Δ
components-ws-manager-app	36.44% <50.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
components/ws-manager/pkg/manager/manager.go	24.45% <50.00%> (ø)
components/ws-manager/pkg/manager/manager_ee.go	0.00% <0.00%> (ø)
components/ws-manager/pkg/manager/config.go	32.50% <0.00%> (ø)
components/ws-manager/pkg/manager/create.go	79.40% <0.00%> (ø)
components/ws-manager/pkg/manager/monitor.go	0.00% <0.00%> (ø)
components/ws-manager/pkg/manager/headless.go	44.00% <0.00%> (ø)
components/ws-manager/pkg/manager/imagespec.go	0.00% <0.00%> (ø)
components/ws-manager/pkg/manager/status.go	72.14% <0.00%> (ø)
components/ws-manager/pkg/manager/probe.go	0.00% <0.00%> (ø)
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 299b1b9...4454cde. Read the comment docs.

[csweichel]

You'll also have to adapt this for the ports that are exposed on workspace start where ws-manager creates the port service: https://github.com/gitpod-io/gitpod/blob/main/components/server/src/workspace/workspace-starter.ts#L609

[corneliusludmann]

@csweichel: Thanks for the hint.

What about these 2 places? Do we need to change the default values here as well?

gitpod/components/server/src/workspace/gitpod-server-impl.ts

Lines 1074 to 1082 in 99ec2a5

	protected portVisibilityToProto(visibility: PortVisibility | undefined): ProtoPortVisibility {
	switch (visibility) {
	case 'private':
	return ProtoPortVisibility.PORT_VISIBILITY_PRIVATE;
	default: // the default for requests is: public
	case 'public':
	return ProtoPortVisibility.PORT_VISIBILITY_PUBLIC;
	}
	}

gitpod/components/ws-manager/pkg/manager/manager.go

Lines 749 to 763 in 660c7ec

	func portNameToVisibility(s string) api.PortVisibility {
	parts := strings.Split(s, "-")
	if len(parts) != 2 {
	// old or wrong port name: return default
	return api.PortVisibility_PORT_VISIBILITY_PUBLIC
	}
	// parse (or public as fallback: important for backwards compatibility during rollout)
	visibilitStr := fmt.Sprintf("PORT_VISIBILITY_%s", strings.ToUpper(parts[1]))
	i32Value, present := api.PortVisibility_value[visibilitStr]
	if !present {
	return api.PortVisibility_PORT_VISIBILITY_PUBLIC
	}
	return api.PortVisibility(i32Value)
	}

[csweichel]

@csweichel: Thanks for the hint.

What about these 2 places? Do we need to change the default values here as well?

Yes

[JanKoehnlein]

LGTM