# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0

group:
  harbor:
    exists: true
user:
  harbor:
    exists: true
file:
  /var/lib/registry:
    exists: true
    mode: "0775"
    owner: harbor
    filetype: directory
  /storage:
    exists: true
    mode: "0775"
    owner: harbor
    filetype: directory
  /opt/bitnami/harbor-registryctl/bin/swagger:
    exists: false
command:
  # Ensure a set of directories exist and the non-root user has write privileges to them
  check-directories-exist-with-user:
    exec: ls -dl /etc/ssl/certs /etc/pki/tls/certs/ 2>/dev/null | grep "drwxrwxr-x.*harbor"
    exit-status: 0
  # Ensure permissions for Internal TLS
  check-permissions-system-certs:
    exec: ls -l /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.trust.crt /etc/ssl/certs/ca-certificates.crt 2>/dev/null | grep "^.\{5\}w.*harbor"
    exit-status: 0
  check-harbor-registryctl-binary:
    exec: harbor_registryctl --help
    exit-status: 0