Background:
On CyberArk dev laptops, golang module dependencies are
downloaded with a corporate proxy in the middle. For these connections to
succeed we need to configure the proxy CA certificate in build containers.)
Desired Outcome
Docker-based build of the conjur-authn-k8s images (using ./bin/build) works on
a CyberArk NG laptop.
Currently, this build fails when Go modules (new dependencies) are being loaded
on CyberArk dev laptops, since this is done with a corporate proxy at the
corporate network edge. The Docker containers used for this build do not
natively have the CyberArk CA certificate loaded in their trusted certificate store,
so the connection fails with an unknown certificate error.
Implemented Changes
When builds are run on CyberArk NG laptops, the corporate CA cert is downloaded
using the security find-certificate ... command. The Dockerfile has been changed
to load the directory where the certificate is copied (this will be an empty directory
on non-CyberArk laptops, but the CA cert isn't needed there), and build any
certificates from that directory into the build containers CA cert trust.
Connected Issue/Story
N/A
Definition of Done
[x] Builds work on CyberArk NG laptops
Changelog
[ ] The CHANGELOG has been updated, or
[x] This PR does not include user-facing changes and doesn't require a
CHANGELOG update
Test coverage
[ ] This PR includes new unit and integration tests to go with the code
changes, or
[x] The changes in this PR do not require tests
Documentation
[ ] Docs (e.g. READMEs) were updated in this PR
[ ] A follow-up issue to update official docs has been filed here: [insert issue ID]()
[ ] This PR does not require updating any documentation
Behavior
[ ] This PR changes product behavior and has been reviewed by a PO, or
[ ] These changes are part of a larger initiative that will be reviewed later, or
[x] No behavior was changed with this PR
Security
[ ] Security architect has reviewed the changes in this PR,
[ ] These changes are part of a larger initiative with a separate security review, or
[x] There are no security aspects to these changes
Background: On CyberArk dev laptops, golang module dependencies are downloaded with a corporate proxy in the middle. For these connections to succeed we need to configure the proxy CA certificate in build containers.)
Desired Outcome
Docker-based build of the conjur-authn-k8s images (using
./bin/build) works on a CyberArk NG laptop.Currently, this build fails when Go modules (new dependencies) are being loaded on CyberArk dev laptops, since this is done with a corporate proxy at the corporate network edge. The Docker containers used for this build do not natively have the CyberArk CA certificate loaded in their trusted certificate store, so the connection fails with an unknown certificate error.
Implemented Changes
When builds are run on CyberArk NG laptops, the corporate CA cert is downloaded using the
security find-certificate ...command. The Dockerfile has been changed to load the directory where the certificate is copied (this will be an empty directory on non-CyberArk laptops, but the CA cert isn't needed there), and build any certificates from that directory into the build containers CA cert trust.Connected Issue/Story
N/A
Definition of Done
Changelog
Test coverage
Documentation
READMEs) were updated in this PRBehavior
Security