mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-28 11:37:42 +01:00
f0ebd17994
Build base image step should be in build package workflow, and local base images build by new step should be removed since images have been pushed to docker hub. Signed-off-by: danfengliu <danfengl@vmware.com>
117 lines
5.0 KiB
Plaintext
117 lines
5.0 KiB
Plaintext
# Copyright Project Harbor Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License
|
|
|
|
*** Settings ***
|
|
Documentation This resource contains keywords related to creating and using certificates. Requires scripts in infra/integration-image/scripts be available in PATH
|
|
|
|
*** Keywords ***
|
|
Generate Certificate Authority For Chrome
|
|
# add the ca to chrome trust list to enable https testing.
|
|
[Arguments] ${password}=%{HARBOR_PASSWORD} ${cert}=harbor_ca.crt
|
|
${rand}= Evaluate random.randint(0, 100000) modules=random
|
|
Log To Console Generate Certificate Authority For Chrome
|
|
${rc} ${out}= Run And Return Rc And Output echo ${password} > password${rand}.ca
|
|
Log ALL ${out}
|
|
Should Be Equal As Integers ${rc} 0
|
|
${rc} ${out}= Run And Return Rc And Output certutil -d sql:$HOME/.pki/nssdb -A -t TC -f password${rand}.ca -n "Harbor${rand}" -i ./harbor_ca.crt
|
|
Log ALL ${out}
|
|
Should Be Equal As Integers ${rc} 0
|
|
|
|
Generate Certificate Authority
|
|
# Generates CA (private/ca.key.pem, certs/ca.cert.pem, certs/STARK_ENTERPRISES_ROOT_CA.crt) in OUT_DIR
|
|
[Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${OUT_DIR}=/root/ca
|
|
Log To Console Generating Certificate Authority
|
|
${rc} ${out}= Run And Return Rc And Output generate-ca.sh -c ${CA_NAME} -d ${OUT_DIR}
|
|
Log ${out}
|
|
Should Be Equal As Integers ${rc} 0
|
|
|
|
Generate Wildcard Server Certificate
|
|
# Generates key and signs with CA for *.DOMAIN (csr/*.DOMAIN.csr.pem,
|
|
# private/*.DOMAIN.key.pem, certs/*.DOMAIN.cert.pem) in OUT_DIR
|
|
[Arguments] ${DOMAIN}=%{DOMAIN} ${OUT_DIR}=/root/ca ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA
|
|
Log To Console Generating Wildcard Server Certificate
|
|
Run Keyword Generate Server Key And CSR *.${DOMAIN} ${OUT_DIR}
|
|
Run Keyword Sign Server CSR ${CA_NAME} *.${DOMAIN} ${OUT_DIR}
|
|
Run Keyword Create Certificate Bundle CA_NAME=${CA_NAME} SRC_DIR=${OUT_DIR} CN=*.${DOMAIN}
|
|
${out}= Run ls -al ${OUT_DIR}/csr
|
|
Log ${out}
|
|
${out}= Run ls -al ${OUT_DIR}/private
|
|
Log ${out}
|
|
${out}= Run ls -al ${OUT_DIR}/certs
|
|
Log ${out}
|
|
|
|
|
|
Generate Server Key And CSR
|
|
# Generates key and CSR (private/DOMAIN.key.pem, csr/DOMAIN.csr.pem) in OUT_DIR
|
|
[Arguments] ${CN}=%{DOMAIN} ${OUT_DIR}=/root/ca
|
|
Log To Console Generating Server Key And CSR
|
|
${out}= Run generate-server-key-csr.sh -d ${OUT_DIR} -n ${CN}
|
|
Log ${out}
|
|
|
|
|
|
Sign Server CSR
|
|
# Generates certificate signed by CA (certs/DOMAIN.cert.pem) in OUT_DIR
|
|
[Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${CN}=%{DOMAIN} ${OUT_DIR}=/root/ca
|
|
Log To Console Signing Server CSR
|
|
${out}= Run sign-csr.sh -c ${CA_NAME} -d ${OUT_DIR} -n ${CN}
|
|
Log ${out}
|
|
|
|
|
|
Trust Certificate Authority
|
|
# Installs root certificate into trust store on Debian based distro
|
|
[Arguments] ${CRT_FILE}=/root/ca/certs/STARK_ENTERPRISES_ROOT_CA.crt
|
|
Log To Console Installing CA
|
|
${rc} ${out}= Run And Return Rc And Output ubuntu-install-ca.sh -f ${CRT_FILE}
|
|
Should Be Equal As Integers ${rc} 0
|
|
Log ${out}
|
|
|
|
|
|
Reload Default Certificate Authorities
|
|
# Reloads default certificates into trust store on Debian based distro
|
|
# Removes all user provided CAs
|
|
Log To Console Reloading Default CAs
|
|
${rc} ${out}= Run And Return Rc And Output ubuntu-reload-cas.sh
|
|
Should Be Equal As Integers ${rc} 0
|
|
Log ${out}
|
|
|
|
|
|
Create Certificate Bundle
|
|
[Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${SRC_DIR}=/root/ca ${OUT_FILE}=/root/ca/cert-bundle.tgz ${CN}=%{DOMAIN} ${TMP_DIR}=/root/ca/bundle
|
|
${rc} ${out}= Run And Return Rc And Output bundle-certs.sh -c ${CA_NAME} -d ${SRC_DIR} -f ${OUT_FILE} -n ${CN} -o ${TMP_DIR}
|
|
Should Be Equal As Integers ${rc} 0
|
|
Log ${out}
|
|
|
|
|
|
Get Certificate Authority CRT
|
|
# Return ascii armored certificate from file e.g. `-----BEGIN CERTIFICATE-----`
|
|
[Arguments] ${CA_CRT}=STARK_ENTERPRISES_ROOT_CA.crt ${DIR}=/root/ca/certs
|
|
${out}= Run cat ${DIR}/${CA_CRT}
|
|
[Return] ${out}
|
|
|
|
|
|
Get Server Certificate
|
|
# Return ascii armored certificate from file e.g. `-----BEGIN CERTIFICATE-----`
|
|
# PEM must be provided if using a wildcard cert not specified by DOMAIN
|
|
[Arguments] ${PEM}=%{DOMAIN}.cert.pem ${DIR}=/root/ca/certs
|
|
${out}= Run cat ${DIR}/${PEM}
|
|
[Return] ${out}
|
|
|
|
|
|
Get Server Key
|
|
# Return ascii armored key from file e.g. `-----BEGIN RSA PRIVATE KEY-----`
|
|
# PEM must be provided if using a wildcard cert not specified by DOMAIN
|
|
[Arguments] ${PEM}=%{DOMAIN}.key.pem ${DIR}=/root/ca/private
|
|
${out}= Run cat ${DIR}/${PEM}
|
|
[Return] ${out}
|