Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-29 05:35:43 +01:00
Code Issues Projects Releases Wiki Activity

tls support for pushing sbom (#20515)

Browse Source 
Make it supports the tls configuration for the client for pushing sbom object

Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
Wang Yan 2024-05-30 17:40:20 +08:00 committed by GitHub
parent 723abc6167
commit 614bf40a5d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/pkg/scan/util.go
View File

@ -15,7 +15,6 @@
package scan package scan
import ( import (
"crypto/tls"
"fmt" "fmt"
"net/http" "net/http"
@ -30,24 +29,25 @@ import (
"github.com/opencontainers/go-digest" "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1" ocispec "github.com/opencontainers/image-spec/specs-go/v1"
commonhttp "github.com/goharbor/harbor/src/common/http"
"github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/pkg/robot/model" "github.com/goharbor/harbor/src/pkg/robot/model"
v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1" v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
) )
// Insecure ...
type Insecure bool
// RemoteOptions ... // RemoteOptions ...
func (i Insecure) RemoteOptions() []remote.Option { func RemoteOptions() []remote.Option {
tr := http.DefaultTransport.(*http.Transport).Clone() tr := http.DefaultTransport.(*http.Transport).Clone()
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: bool(i)} if commonhttp.InternalEnableVerifyClientCert() {
tlsConfig, err := commonhttp.GetInternalTLSConfig()
if err != nil {
log.Errorf("SBOM client load cert file with err: %v", err)
}
tr.TLSClientConfig = tlsConfig
}
return []remote.Option{remote.WithTransport(tr)} return []remote.Option{remote.WithTransport(tr)}
} }
type referrer struct {
Insecure
}
// GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact. // GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) { func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
accArt, err := mutate.Append(empty.Image, mutate.Addendum{ accArt, err := mutate.Append(empty.Image, mutate.Addendum{
@ -92,7 +92,7 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
if err != nil { if err != nil {
return "", err return "", err
} }
opts := append(referrer{Insecure: true}.RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret})) opts := append(RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
if err := remote.Write(accRef, accArt, opts...); err != nil { if err := remote.Write(accRef, accArt, opts...); err != nil {
return "", err return "", err
} }