mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-01 14:44:00 +01:00
tls support for pushing sbom (#20515)
Make it supports the tls configuration for the client for pushing sbom object Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
parent
723abc6167
commit
614bf40a5d
@ -15,7 +15,6 @@
|
|||||||
package scan
|
package scan
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
@ -30,24 +29,25 @@ import (
|
|||||||
"github.com/opencontainers/go-digest"
|
"github.com/opencontainers/go-digest"
|
||||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||||
|
|
||||||
|
commonhttp "github.com/goharbor/harbor/src/common/http"
|
||||||
|
"github.com/goharbor/harbor/src/lib/log"
|
||||||
"github.com/goharbor/harbor/src/pkg/robot/model"
|
"github.com/goharbor/harbor/src/pkg/robot/model"
|
||||||
v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
|
v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Insecure ...
|
|
||||||
type Insecure bool
|
|
||||||
|
|
||||||
// RemoteOptions ...
|
// RemoteOptions ...
|
||||||
func (i Insecure) RemoteOptions() []remote.Option {
|
func RemoteOptions() []remote.Option {
|
||||||
tr := http.DefaultTransport.(*http.Transport).Clone()
|
tr := http.DefaultTransport.(*http.Transport).Clone()
|
||||||
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: bool(i)}
|
if commonhttp.InternalEnableVerifyClientCert() {
|
||||||
|
tlsConfig, err := commonhttp.GetInternalTLSConfig()
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("SBOM client load cert file with err: %v", err)
|
||||||
|
}
|
||||||
|
tr.TLSClientConfig = tlsConfig
|
||||||
|
}
|
||||||
return []remote.Option{remote.WithTransport(tr)}
|
return []remote.Option{remote.WithTransport(tr)}
|
||||||
}
|
}
|
||||||
|
|
||||||
type referrer struct {
|
|
||||||
Insecure
|
|
||||||
}
|
|
||||||
|
|
||||||
// GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
|
// GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
|
||||||
func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
|
func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
|
||||||
accArt, err := mutate.Append(empty.Image, mutate.Addendum{
|
accArt, err := mutate.Append(empty.Image, mutate.Addendum{
|
||||||
@ -92,7 +92,7 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
opts := append(referrer{Insecure: true}.RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
|
opts := append(RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
|
||||||
if err := remote.Write(accRef, accArt, opts...); err != nil {
|
if err := remote.Write(accRef, accArt, opts...); err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user