feat(RHTAPWATCH-1039): mount custom certificate

[yftacherzog]

Introducing optional parameters for referencing a config map containing CA bundle. The certificate is mounted to a location within the path the OS is taking certificates from.

[yftacherzog]

@zregvart hi,
Can you give me a hint here what this failure might be about?
In the logs I see it fails for:

Error: File was modified in build
Error: Process completed with exit code 1.

[lcarva]

@yftacherzog, run make generate and add the files under docs that were updated to your commit.

[lcarva]

/ok-to-test

[yftacherzog]

@yftacherzog, run make generate and add the files under docs that were updated to your commit.

Thanks!

I was running into the error below when running that command locally, but for now I was able to work around it by running this inside a container.

→ make generate 
❱ generate
go generate ./...
verifying github.com/enterprise-contract/go-gather/[email protected]: checksum mismatch
	downloaded: h1:wdg7DKN8sxYJeQhUZD/gZQTe6Dff4NIfQN8dZG2r7d8=
	go.sum:     h1:ndkHJHJemunUF6Ik8XG2u3sPHHOm8nNIiS2hj6jFPLA=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
make: *** [Makefile:45: generate] Error 1

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.74%. Comparing base (3459e02) to head (857f069).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1814   +/-   ##
=======================================
  Coverage   80.74%   80.74%           
=======================================
  Files          68       68           
  Lines        4954     4954           
=======================================
  Hits         4000     4000           
  Misses        954      954           

Flag	Coverage Δ
generative	80.74% <ø> (ø)
integration	80.74% <ø> (ø)
unit	80.74% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[lcarva]

Any particular reason a volume, instead of a workspace, was used?

[yftacherzog]

No particular reason. Any best practices around this? I'm not sure what's the impact of using one vs. the other.

[lcarva]

I usually prefer a workspace because it provide more flexibility. While a volume is tied to a particular "storage" type, e.g. ConfigMap, a workspace is not. A workspace can be from a Secret, ConfigMap, PVC, emptyDir, etc. Although most of those would not be applicable in this case, I can see either Secret or ConfigMap being used.

More info here: https://tekton.dev/docs/pipelines/workspaces/

[yftacherzog]

Thanks for the explanation! I'll keep that in mind going forward.