Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DEVOPS-5452] Support different tls for dcap-artifact-retrieval #680

Merged
merged 4 commits into from
Jan 13, 2025
Merged

[DEVOPS-5452] Support different tls for dcap-artifact-retrieval #680

merged 4 commits into from
Jan 13, 2025

Conversation

Taowyoo
Copy link
Collaborator

@Taowyoo Taowyoo commented Jan 13, 2025
edited
Loading

Background

Original native-tls in dcap-artifact-retrieval wont work in distroless container where no root CA is
provided by system.

Change

The solution I proposed here is adding support for choosing rustls as TLS provider for reqwest, rustls will use webpki-roots for default root CAs.

  • Add feature rustls-tls
  • Add/update functions for creating a reqwest client.
  • Add test cases in CI for dcap-artifact-retrieval using rustls.

@Taowyoo
support different tls for dcap-artifact-retrieval
91f1ba5 
Original `native-tls` in `dcap-artifact-retrieval`
wont work in distroless container where no CA is
provided by system.

The solution I proposed here is to adding support
for choosing  `rustls` as TLS provider for
`reqwest`, `rustls` will use
[webpki-roots](https://crates.io/crates/webpki-roots)
for default root CAs. Also the original
`native-tls`  becomes addictive feature but remain
default.
@Taowyoo Taowyoo self-assigned this Jan 13, 2025
@Taowyoo Taowyoo requested a review from mzohreva January 13, 2025 21:14
@mzohreva
Copy link
Contributor

Please update the PR description (first comment) to reflect the new changes.

@Taowyoo Taowyoo added this pull request to the merge queue Jan 13, 2025
Merged via the queue into master with commit 7ff7ae3 Jan 13, 2025
2 checks passed
@Taowyoo Taowyoo deleted the yx/support-diff-tls-lib branch January 13, 2025 22:43
@jethrogb
Copy link
Member

jethrogb commented Jan 14, 2025
edited
Loading

wont work in distroless container where no root CA is provided by system.

It should be trivial to install the needed files in the container?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mzohreva mzohreva mzohreva approved these changes

@raoulstrackx raoulstrackx Awaiting requested review from raoulstrackx

Assignees

@Taowyoo Taowyoo

Labels
C-dcap-artifact-retrieval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Taowyoo @mzohreva @jethrogb