feat: manage TLS cert/key files for registry connections and validate certs #146
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richm
requested review from
rhatdan,
baude,
vrothberg and
ikke-t
as code owners
richm
changed the title
|
[citest] |
|
[citest] |
richm
force-pushed
the
certs.d
branch
2 times, most recently
from
a6fd30e to
ed8b139
Compare
|
[citest] |
vrothberg
approved these changes
Apr 19, 2024
… certs Feature: Add two new parameters: podman_registry_certificates is a list of dict. Each dict specifies the certs and keys to use to connect to the specified registry using TLS and optionally use certificate authentication. More information can be found in the manpage for containers-certs.d. podman_validate_certs is a boolean which allows you to require or disable TLS certificate checking (i.e. if you do not have a CA cert for podman_registry_certificates and you still want to pull images from a TLS enabled registry). This corresponds to the parameter "validate_certs" of the module containers.podman.podman_image. You can also control certificate validation by using podman_registries_conf to configure the "insecure" parameter for a registry. Reason: Users need to be able to configure the TLS settings for connecting to registries. Result: Users can connect to registries using TLS and control how that works. QE: tests_auth_and_security.yml has been extended for this. Signed-off-by: Rich Megginson <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Feature: Add two new parameters:
podman_registry_certificates is a list of dict. Each dict specifies the
certs and keys to use to connect to the specified registry using TLS and
optionally use certificate authentication. More information can be found
in the manpage for containers-certs.d.
podman_validate_certs is a boolean which allows you to require or disable
TLS certificate checking (i.e. if you do not have a CA cert for
podman_registry_certificates and you still want to pull images from a TLS
enabled registry). This corresponds to the parameter "validate_certs"
of the module containers.podman.podman_image. You can also control
certificate validation by using podman_registries_conf to configure
the "insecure" parameter for a registry.
Reason: Users need to be able to configure the TLS settings for
connecting to registries.
Result: Users can connect to registries using TLS and control how
that works.
QE: tests_auth_and_security.yml has been extended for this.