From 599ca98c099a6e3b751d15d7456c996adb3bbbd4 Mon Sep 17 00:00:00 2001
From: DQ <dengq@vmware.com>
Date: Tue, 21 Apr 2020 21:14:32 +0800
Subject: [PATCH] Hidden veriify client cert verfiy option

Remove to avoid replication access core from external_url issue

Signed-off-by: DQ <dengq@vmware.com>
---
 make/harbor.yml.tmpl                                          | 2 --
 make/photon/prepare/migrations/version_2_0_0/harbor.yml.jinja | 2 --
 make/photon/prepare/utils/configs.py                          | 2 +-
 tests/hostcfg.sh                                              | 1 -
 4 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl
index cd5510113..4f7aafedd 100644
--- a/make/harbor.yml.tmpl
+++ b/make/harbor.yml.tmpl
@@ -21,8 +21,6 @@ https:
 # internal_tls:
 #   # set enabled to true means internal tls is enabled
 #   enabled: true
-#   # verify_client_cert used to decide whether verify client certificate
-#   verify_client_cert: false
 #   # put your cert and key files on dir
 #   dir: /etc/harbor/tls/internal
 
diff --git a/make/photon/prepare/migrations/version_2_0_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_0_0/harbor.yml.jinja
index f4cc92bd8..44f859c53 100644
--- a/make/photon/prepare/migrations/version_2_0_0/harbor.yml.jinja
+++ b/make/photon/prepare/migrations/version_2_0_0/harbor.yml.jinja
@@ -37,8 +37,6 @@ https:
 # internal_tls:
 #   # set enabled to true means internal tls is enabled
 #   enabled: true
-#   # verify_client_cert used to decide whether verify client certificate
-#   verify_client_cert: false
 #   # put your cert and key files on dir
 #   dir: /etc/harbor/tls/internal
 
diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py
index 7ec2da229..5a0cfadc9 100644
--- a/make/photon/prepare/utils/configs.py
+++ b/make/photon/prepare/utils/configs.py
@@ -342,7 +342,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
     if internal_tls_config and internal_tls_config.get('enabled'):
         config_dict['internal_tls'] = InternalTLS(
             internal_tls_config['enabled'],
-            internal_tls_config['verify_client_cert'],
+            False,
             internal_tls_config['dir'],
             configs['data_volume'],
             with_notary=with_notary,
diff --git a/tests/hostcfg.sh b/tests/hostcfg.sh
index 7bddccdb1..22ccacaf1 100755
--- a/tests/hostcfg.sh
+++ b/tests/hostcfg.sh
@@ -7,7 +7,6 @@ sudo sed "s/reg.mydomain.com/$IP/" make/harbor.yml.tmpl |sudo tee make/harbor.ym
 # enable internal tls
 echo "internal_tls:" >> make/harbor.yml
 echo "  enabled: true" >> make/harbor.yml
-echo "  verify_client_cert: true" >> make/harbor.yml
 echo "  dir: /etc/harbor/tls/internal" >> make/harbor.yml
 
 # TODO: remove it when scanner adapter support internal access of harbor