-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to add blobs for TLS #20
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lookin good, but I think we're missing a couple corner cases:
_write_tls_blobs_to_files
should return or block with a message about invalid config iftls-*-path
config vars aren't truthy- config should override the cert-provider relation, so in the reactive code, we should update the cert handlers so they only fire
@when_not(config.set.tls-*-blob)
- need a new reactive handler
@when(config.set.tls-*-blob)
that setscharm.docker-registry.tls-enabled
and calls configure. this is how clients know that registry comms should go over https.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't return false in configure_registry since tls is optional. Also, we still need reactive handlers to ensure config overrides relation data.
https://bugs.launchpad.net/layer-docker-registry/+bug/1788891