Merge pull request #7652 from reasonerjt/uaa-ca-file

Alow user to set CA cert for UAA in harbor.yml

make/harbor.yml

@@ -95,3 +95,7 @@ _version: 1.8.0
 #   registry_db_index: 1
 #   jobservice_db_index: 2
 #   chartmuseum_db_index: 3
+
+# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
+# uaa:
+#   ca_file: /path/to/ca

make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja

@@ -1,4 +1,4 @@
-version: '2'
+version: '2.3'
 services:
   log:
     image: goharbor/harbor-log:{{version}}
@@ -130,12 +130,16 @@ services:
       - SETUID
     volumes:
       - ./common/config/core/app.conf:/etc/core/app.conf:z
-      - ./common/config/core/certificates/:/etc/core/certificates/:z
       - {{data_volume}}/secret/core/private_key.pem:/etc/core/private_key.pem:z
       - {{data_volume}}/secret/keys/secretkey:/etc/core/key:z
       - {{data_volume}}/ca_download/:/etc/core/ca/:z
       - {{data_volume}}/psc/:/etc/core/token/:z
       - {{data_volume}}/:/data/:z
+{% if uaa_ca_file %}
+      - type: bind
+        source: {{uaa_ca_file}}
+        target: /etc/core/certificates/uaa_ca.pem
+{% endif %}
     networks:
       harbor:
 {% if with_notary %}

make/photon/prepare/utils/configs.py

@@ -190,4 +190,7 @@ def parse_yaml_config(config_file_path):
      # Admiral configs
     config_dict['admiral_url'] = configs.get("admiral_url") or ""
 
+    # UAA configs
+    config_dict['uaa'] = configs.get('uaa') or {}
+
     return config_dict

make/photon/prepare/utils/docker_compose.py

@@ -43,4 +43,8 @@ def prepare_docker_compose(configs, with_clair, with_notary, with_chartmuseum):
         rendering_variables['cert_key_path'] = configs['cert_key_path']
         rendering_variables['cert_path'] = configs['cert_path']
 
+    uaa_config = configs.get('uaa') or {}
+    if uaa_config.get('ca_file'):
+        rendering_variables['uaa_ca_file'] = uaa_config['ca_file']
+
     render_jinja(docker_compose_template_path, docker_compose_yml_path, **rendering_variables)