Details
-
Task
-
Resolution: Done
-
Critical
-
None
-
None
Description
If security scanning is enabled in config-tool, user must enter pre-shared key (PSK) string (eg. "secret"). This value would be saved to quay config.yaml. In addition, the string should be simultaneously displayed in UI base64-encoded with note that the encoded value must be specified in clair's config.yaml. This flow replaced the clair-v2 security_scanner.pem generation.
diff --git a/local-dev/clair/config.yaml b/local-dev/clair/config.yaml index 3e95629..e8d636b 100644 --- a/local-dev/clair/config.yaml +++ b/local-dev/clair/config.yaml @@ -3,6 +3,12 @@ log_level: debug-color introspection_addr: "" http_listen_addr: ":6000" updaters: {} +auth: + psk: + key: | + c2VjcmV0 + iss: + - quay indexer: connstring: host=clair-db port=5432 user=clair dbname=clair sslmode=disable scanlock_retry: 10 diff --git a/local-dev/quay/config.yaml b/local-dev/quay/config.yaml index a43530e..6ec092a 100644 --- a/local-dev/quay/config.yaml +++ b/local-dev/quay/config.yaml @@ -48,6 +48,8 @@ REGISTRY_TITLE: Red Hat Quay REGISTRY_TITLE_SHORT: Red Hat Quay REPO_MIRROR_SERVER_HOSTNAME: null REPO_MIRROR_TLS_VERIFY: true +SECURITY_SCANNER_V4_SIGN_JWT: true +SECURITY_SCANNER_V4_PSK: secret SECURITY_SCANNER_V4_ENDPOINT: http://clair-traefik:6060 SECURITY_SCANNER_V4_NAMESPACE_WHITELIST: - "clairv4-org"