From 3b8c18fd2664e5950bba5ff3b24c92426450f101 Mon Sep 17 00:00:00 2001
From: miner <yminer@vmware.com>
Date: Mon, 10 Mar 2025 19:45:18 +0800
Subject: [PATCH] update tlsOptions for external redis (#21681)

Signed-off-by: yminer <miner.yang@broadcom.com>
Co-authored-by: yminer <miner.yang@broadcom.com>
---
 make/harbor.yml.tmpl                 | 3 ++-
 make/photon/prepare/utils/configs.py | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl
index 741de9537..61dc0f8ae 100644
--- a/make/harbor.yml.tmpl
+++ b/make/harbor.yml.tmpl
@@ -220,7 +220,8 @@ _version: 2.12.0
 #   # mtls for redis connection is not supported
 #   # tls connection will be disable by default 
 #   tlsOptions:
-#   # if the tlsOptions.rootCA has been specified, then tls connection will be enabled.
+#     enable: false
+#   # if it is a self-signed ca, please set the ca path specifically.
 #     rootCA:
 #   # db_index 0 is for core, it's unchangeable
 #   registry_db_index: 1
diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py
index 45e8dc4b4..131b30b4c 100644
--- a/make/photon/prepare/utils/configs.py
+++ b/make/photon/prepare/utils/configs.py
@@ -356,7 +356,7 @@ def parse_yaml_config(config_file_path, with_trivy):
     return config_dict
 
 def get_redis_schema(redis=None):
-    if 'tlsOptions' in redis and redis['tlsOptions'].get('rootCA') is not None:
+    if 'tlsOptions' in redis and redis['tlsOptions'].get('enable'):
         return redis.get('sentinel_master_set', None) and 'rediss+sentinel' or 'rediss'
     else:
         return redis.get('sentinel_master_set', None) and 'redis+sentinel' or 'redis'
@@ -465,7 +465,7 @@ def get_redis_configs(internal_redis=None, external_redis=None, with_trivy=True)
     if with_trivy:
         configs['trivy_redis_url'] = get_redis_url(redis['trivy_db_index'], redis)
     
-    if 'tlsOptions' in redis and redis['tlsOptions'].get('rootCA') is not None:
+    if 'tlsOptions' in redis and redis['tlsOptions'].get('enable'):
         configs['redis_custom_tls_ca_path'] = redis['tlsOptions']['rootCA']
 
     return configs