mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-21 23:21:26 +01:00
tls support for pushing sbom (#20514)
Make it supports the tls configuration for the client for pushing sbom object Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
parent
05c1c2825f
commit
8bc76a6548
@ -15,7 +15,6 @@
|
||||
package scan
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
@ -30,24 +29,25 @@ import (
|
||||
"github.com/opencontainers/go-digest"
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
|
||||
commonhttp "github.com/goharbor/harbor/src/common/http"
|
||||
"github.com/goharbor/harbor/src/lib/log"
|
||||
"github.com/goharbor/harbor/src/pkg/robot/model"
|
||||
v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
|
||||
)
|
||||
|
||||
// Insecure ...
|
||||
type Insecure bool
|
||||
|
||||
// RemoteOptions ...
|
||||
func (i Insecure) RemoteOptions() []remote.Option {
|
||||
func RemoteOptions() []remote.Option {
|
||||
tr := http.DefaultTransport.(*http.Transport).Clone()
|
||||
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: bool(i)}
|
||||
if commonhttp.InternalEnableVerifyClientCert() {
|
||||
tlsConfig, err := commonhttp.GetInternalTLSConfig()
|
||||
if err != nil {
|
||||
log.Errorf("SBOM client load cert file with err: %v", err)
|
||||
}
|
||||
tr.TLSClientConfig = tlsConfig
|
||||
}
|
||||
return []remote.Option{remote.WithTransport(tr)}
|
||||
}
|
||||
|
||||
type referrer struct {
|
||||
Insecure
|
||||
}
|
||||
|
||||
// GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
|
||||
func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
|
||||
accArt, err := mutate.Append(empty.Image, mutate.Addendum{
|
||||
@ -92,7 +92,7 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
opts := append(referrer{Insecure: true}.RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
|
||||
opts := append(RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
|
||||
if err := remote.Write(accRef, accArt, opts...); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user