code-marketplace icon indicating copy to clipboard operation
code-marketplace copied to clipboard
verified publisher icon coder

Support for custom CAs

Open dcarlet opened this issue 2 years ago • 0 comments

When utilizing Artifactory, if the artifactory service you connect to is on a domain that isn't signed by the common CAs (common for airgapped environments), then Code Marketplace won't be able to connect to the Artifactory instance due to x509 errors:

2023-03-09 19:12:53.155 [ERROR] <artifactory.go:346> Error reading extensions {"request_id": "808d1d25-2b7b-4294-8d01-7aa47dc415e8", "error": "Get \"https://artifactory.local.domain/artifactory/api/storage/vscode-extensions?list\u0026deep=1\u0026depth=3\u0026listFolders=1\": x509: certificate signed by unknown authority"}

This could be solved by supporting custom CAs: MVP:

  • [ ] Add ca-certificates to the dockerfile
  • [ ] Add helm values to allow the user to pass in a secret with all the required CAs, one per data element (PEM encoded).
  • [ ] Update deployment template to volume mount these secrets and run an update-ca-certificates at the start.

non-MVP Possible other changes:

  1. Figure out how to allow them to specify a set of secrets that contain one or more cert files, and process all of those.

dcarlet avatar Mar 16 '23 18:03 dcarlet