Skip to content

feat: Allow adding root certificate authorities#3

Merged
danielpacak merged 2 commits into
goharbor:masterfrom
danielpacak:issue_2_root_cas
Oct 26, 2019
Merged

feat: Allow adding root certificate authorities#3
danielpacak merged 2 commits into
goharbor:masterfrom
danielpacak:issue_2_root_cas

Conversation

@danielpacak
Copy link
Copy Markdown
Contributor

@danielpacak danielpacak commented Oct 22, 2019

No description provided.

@codecov-io
Copy link
Copy Markdown

codecov-io commented Oct 22, 2019
edited by codecov Bot
Loading

Codecov Report

Attention: Patch coverage is 58.33333% with 15 lines in your changes missing coverage. Please review.

Project coverage is 68.85%. Comparing base (f3d32a6) to head (4377168).
Report is 21 commits behind head on master.

Files with missing lines Patch % Lines
pkg/etc/config.go 38.88% 6 Missing and 5 partials ⚠️
pkg/scanner/clair/client.go 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master       #3      +/-   ##
==========================================
+ Coverage   60.47%   68.85%   +8.37%     
==========================================
  Files           7        7              
  Lines         334      350      +16     
==========================================
+ Hits          202      241      +39     
+ Misses        128       97      -31     
- Partials        4       12       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@danielpacak
Copy link
Copy Markdown
Contributor Author

danielpacak commented Oct 24, 2019

@steven-zou @heww Let's fix and merge #4 first. And then I'll rebase and merge so you can review.

steven-zou
steven-zou requested changes Oct 25, 2019
View reviewed changes
Copy link
Copy Markdown
Collaborator

@steven-zou steven-zou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments left.

Comment thread pkg/etc/config.go Outdated
Comment thread pkg/registry/client.go Outdated
Comment thread pkg/scanner/clair/scanner.go Outdated
heww
heww reviewed Oct 25, 2019
View reviewed changes
Comment thread README.md Outdated
@danielpacak
feat: Allow adding root certificate authorities
a8c4249 
Harbor and Clair can be deployed with certificates signed by certificate
authorities which are not present in the adapters host's root CA set.
If that's the case, the corresponding clients will fail with well known
error: `certificate signed by unknown authority`. Also it happens
because the clients will not trust self-signed certificates, because
they don’t recognise the signer as a trusted Root CA.

In order to support custom CAs and self-signed certificates this commit
adds support for `SCANNER_TLS_CLIENTCAS` and
`SCANNER_TLS_INSECURE_SKIP_VERIFY` config envs.

Resolves: #2

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
@danielpacak
refactor: Return singleton registry.Client from registry.ClientFactory
4377168 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
steven-zou
steven-zou approved these changes Oct 26, 2019
View reviewed changes
Copy link
Copy Markdown
Collaborator

@steven-zou steven-zou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@danielpacak danielpacak merged commit 0caedab into goharbor:master Oct 26, 2019
@danielpacak danielpacak deleted the issue_2_root_cas branch October 26, 2019 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@heww heww heww approved these changes

@steven-zou steven-zou steven-zou approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@danielpacak @codecov-io @heww @steven-zou