Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: add option for skipping SSL verification when using Git #260

Closed
alexandreroman opened this issue May 31, 2023 · 6 comments
Closed

Feature request: add option for skipping SSL verification when using Git #260

alexandreroman opened this issue May 31, 2023 · 6 comments
Assignees
@vmunishwar
Labels
carvel-accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request

Comments

@alexandreroman
Copy link

Describe the problem/challenge you have
vendir has no option for setting GIT_SSL_NO_VERIFY=true, which could be used with Git repos using a self-signed certificate.
This environment variable tells Git not to verify SSL certificates.

Describe the solution you'd like
The current implementation already sets a few environment variables when using Git, such as GIT_LFS_SKIP_SMUDGE=1 to skip downloading lfs files.

I wish there was a way to disable SSL verification when using Git, by adding a flag in the Git configuration.

For example:

git:
      url: https://github.com/cloudfoundry/cf-k8s-networking
      ref: origin/master
      # skip SSL verification
      skipSslVerification: true

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.
@alexandreroman alexandreroman added carvel-triage This issue has not yet been reviewed for validity enhancement This issue is a feature request labels May 31, 2023
@neil-hickey
Copy link
Contributor

Thanks for submitting this issue @alexandreroman , would you be interesting in making a PR with the change?

@alexandreroman
Copy link
Author

I'm not into Go, but I'm happy to help with testing when you get something ready.

@vmunishwar vmunishwar self-assigned this Jun 5, 2023
@joaopapereira joaopapereira added carvel-accepted This issue should be considered for future work and that the triage process has been completed and removed carvel-triage This issue has not yet been reviewed for validity labels Jun 6, 2023
@vmunishwar vmunishwar mentioned this issue Jun 10, 2023
Merged
@vmunishwar
Copy link
Contributor

vmunishwar commented Aug 8, 2023
edited
Loading

Response from @alexandreroman -
The problem is: I ran into this issue with my customer when using kapp-controller (through TAP namespace-provisioner) and a private Git repo with a self-signed certificate. Ultimately we’d need to add a setting in kapp-controller to skip TLS validation for Git repos - maybe using the flag dangerousSkipTLSVerify?

As per above message seems like we need to implement this in kapp-controller.

@joaopapereira joaopapereira mentioned this issue Aug 8, 2023
Closed
@alexandreroman
Copy link
Author

Correct: from a user perspective, kapp-controller will have to configure vendir to skip TLS verification (this is my use case). Reusing the existing flag dangerousSkipTLSVerify would be great.

@vmunishwar vmunishwar mentioned this issue Sep 21, 2023
Open
@vmunishwar
Copy link
Contributor

@alexandreroman - Here is the PR (#265) for adding option for skipping SSL verification when using Git. I have merged this PR to develop. This feature should be available with the next release of vendir.

@vmunishwar vmunishwar mentioned this issue Oct 10, 2023
Merged
@joaopapereira
Copy link
Member

Fixed in release v0.36.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vmunishwar vmunishwar

Labels
carvel-accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request
Projects
Carvel
Archived in project
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexandreroman @joaopapereira @neil-hickey @vmunishwar