Skip to content

fix: default insecure flag to false for registry create#913

Open
madmecodes wants to merge 1 commit into
goharbor:mainfrom
madmecodes:fix/registry-insecure-default
Open

fix: default insecure flag to false for registry create#913
madmecodes wants to merge 1 commit into
goharbor:mainfrom
madmecodes:fix/registry-insecure-default

Conversation

@madmecodes
Copy link
Copy Markdown

@madmecodes madmecodes commented May 10, 2026

Summary

Fixes #899

The --insecure flag in registry create had its default set to true, which meant every registry was created as insecure even when the user didn't pass --insecure. Changed the default to false so registries are secure by default and the user has to opt in to insecure mode explicitly.

Changes

  • cmd/harbor/root/registry/create.go: changed BoolVarP default from true to false

Test plan

  • Run harbor registry create --name test --type docker-hub --url https://docker.io without --insecure and verify insecure is false in the output
  • Run the same command with --insecure and verify insecure is true

@qcserestipy qcserestipy self-requested a review May 10, 2026 17:30
@codecov
Copy link
Copy Markdown

codecov Bot commented May 10, 2026

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 8.80%. Comparing base (60ad0bd) to head (0d368e9).
⚠️ Report is 159 commits behind head on main.

Files with missing lines Patch % Lines
cmd/harbor/root/registry/create.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##             main    #913      +/-   ##
=========================================
- Coverage   10.99%   8.80%   -2.19%     
=========================================
  Files         173     280     +107     
  Lines        8671   13965    +5294     
=========================================
+ Hits          953    1230     +277     
- Misses       7612   12618    +5006     
- Partials      106     117      +11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@madmecodes
fix: default insecure flag to false for registry create
e56ffdd 
Signed-off-by: madmecodes <ayushguptadev1@gmail.com>
@madmecodes madmecodes force-pushed the fix/registry-insecure-default branch from 0d368e9 to e56ffdd Compare May 10, 2026 18:17
mreiche
mreiche reviewed May 13, 2026
View reviewed changes
Comment thread doc/cli-docs/harbor-registry-create.md
--description string Description of the registry
-h, --help help for create
--insecure Whether Harbor will verify the server certificate (default true)
--insecure Whether Harbor will verify the server certificate
Copy link
Copy Markdown

@mreiche mreiche May 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will NOT verify the server certifcate

Copy link
Copy Markdown
Collaborator

@qcserestipy qcserestipy May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mreiche you are right. @madmecodes, please go ahead and adapt the flags description such that it uses tls for the registry aka a secure connection.

qcserestipy
qcserestipy requested changes May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@qcserestipy qcserestipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you for your contribution. Before merging please adapt the --insecure flags description.

Comment thread doc/cli-docs/harbor-registry-create.md
--description string Description of the registry
-h, --help help for create
--insecure Whether Harbor will verify the server certificate (default true)
--insecure Whether Harbor will verify the server certificate
Copy link
Copy Markdown
Collaborator

@qcserestipy qcserestipy May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mreiche you are right. @madmecodes, please go ahead and adapt the flags description such that it uses tls for the registry aka a secure connection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qcserestipy qcserestipy qcserestipy requested changes

+1 more reviewer

@mreiche mreiche mreiche left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug]: Insecure registries created without --insecure flag

3 participants

@madmecodes @mreiche @qcserestipy