-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for custom CAs #11
Labels
enhancement
New feature or request
Comments
dcarlet
added a commit
to dcarlet/code-marketplace
that referenced
this issue
Mar 16, 2023
Updated Dockerfile to install ca-certificates Updated the deployment.yaml and added: A poststart lifecycle hook to run `update-ca-certificates` volume definition certs that maps to .Values.certificates.secretName volumeMounts that mount the secret to /usr/local/share/ca-certificates/ Both of these generate if persistence is enabled or not (to ensure that if neither persistence or artifactory are specified, but certificates is, that the yaml is still correct. Updated the values.yaml to add certificates: secretName: "" Along with some corresponding updates to the README.md files in root and helm chart. TESTING: Testing was accomplished by creating a separate Dockerfile which was just FROM the existing v1.2.1 image and adding ca-certificates. A values file was created that: 1. Used this image 2. set certificates.secretName 3. Set ingress information 4. Set artifactory.enabled to true and configured it against my private artifactory. Testing was positive: ``` /opt # ./code-marketplace -v add ms-python.python-2023.5.10672245.vsix --artifactory https://artifactory.local.domain/artifactory --repo vscode-extensions 2023-03-16 20:03:56.653 [INFO]<artifactory.go:88>Seeding manifest cache... 2023-03-16 20:03:56.717 [DEBUG]<artifactory.go:135>artifactory request{"path": "api/storage/vscode-extensions?list\u0026deep=1\u0026depth=3\u0026listFolders=1", "method": "GET", "took": "63.398861ms"} 2023-03-16 20:03:56.717 [DEBUG]<artifactory.go:178>parse list response{"took": "305.9µs"} 2023-03-16 20:03:56.718 [INFO]<artifactory.go:120>Seeded manifest cache{"count": 0, "took": "64.410262ms"} 2023-03-16 20:03:57.022 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension.vsixmanifest", "method": "PUT", "took": "290.632781ms"} 2023-03-16 20:03:57.165 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/CHANGELOG.md", "method": "PUT", "took": "142.379237ms"} 2023-03-16 20:03:57.295 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/dist/extension.browser.js", "method": "PUT", "took": "129.862626ms"} 2023-03-16 20:03:57.345 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/dist/extension.browser.js.LICENSE.txt", "method": "PUT", "took": "49.677148ms"} 2023-03-16 20:03:57.400 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/icon.png", "method": "PUT", "took": "55.143953ms"} 2023-03-16 20:03:57.454 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/LICENSE.txt", "method": "PUT", "took": "53.012451ms"} 2023-03-16 20:03:57.509 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/package.json", "method": "PUT", "took": "54.904753ms"} 2023-03-16 20:03:57.561 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/extension/README.md", "method": "PUT", "took": "45.820144ms"} 2023-03-16 20:03:58.209 [DEBUG]<artifactory.go:135>artifactory request{"path": "vscode-extensions/ms-python/python/2023.5.10672245/ms-python.python-2023.5.10672245.vsix", "method": "PUT", "took": "647.480824ms"} Unpacked ms-python.python-2023.5.10672245 to https://artifactory.local.domain/artifactory/ms-python/python/2023.5.10672245 - ms-python.python-2023.5.10672245 has 0 dependencies - ms-python.python-2023.5.10672245 is in a pack with 2 other extensions - ms-toolsai.jupyter - ms-python.vscode-pylance ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When utilizing Artifactory, if the artifactory service you connect to is on a domain that isn't signed by the common CAs (common for airgapped environments), then Code Marketplace won't be able to connect to the Artifactory instance due to x509 errors:
2023-03-09 19:12:53.155 [ERROR] <artifactory.go:346> Error reading extensions {"request_id": "808d1d25-2b7b-4294-8d01-7aa47dc415e8", "error": "Get \"https://artifactory.local.domain/artifactory/api/storage/vscode-extensions?list\u0026deep=1\u0026depth=3\u0026listFolders=1\": x509: certificate signed by unknown authority"}
This could be solved by supporting custom CAs:
MVP:
non-MVP Possible other changes:
The text was updated successfully, but these errors were encountered: