From cfb3392e2e56e3856f0ec6f2adea08fa7ea1c55c Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Wed, 29 Apr 2026 12:12:35 +0800
Subject: [PATCH] feat: add Insecure Skip TLS Verify checkbox in
 cluster-registration-url setting (backport #716) (#838)

* feat: add Insecure Skip TLS Verify checkbox in cluster-registration-url setting (#716)

* feat: add Insecure Skip TLS Verify checkbox

Signed-off-by: Andy Lee <andy.lee@suse.com>

* refactor: set insecureSkipTLSVerify default to false

Signed-off-by: Andy Lee <andy.lee@suse.com>

* fix: conflict

Signed-off-by: Andy Lee <andy.lee@suse.com>

* refactor: remove unneeded change

Signed-off-by: Andy Lee <andy.lee@suse.com>

* fix: get the feature flag in data()

Signed-off-by: Andy Lee <andy.lee@suse.com>

* refactor: make data logic simpler

Signed-off-by: Andy Lee <andy.lee@suse.com>

* refactor: put tip in info banner

Signed-off-by: Andy Lee <andy.lee@suse.com>

---------

Signed-off-by: Andy Lee <andy.lee@suse.com>
(cherry picked from commit 62b80b3cec62c608d51b98e7a91a0146a91e9791)

# Conflicts:
#	pkg/harvester/config/feature-flags.js

* chore: resolve backport merge conflict

Signed-off-by: Ivan Sim <ivan.sim@suse.com>

---------

Signed-off-by: Ivan Sim <ivan.sim@suse.com>
Co-authored-by: Andy Lee <andy.lee@suse.com>
Co-authored-by: Ivan Sim <ivan.sim@suse.com>
---
 .../settings/cluster-registration-url.vue     | 123 ++++++++++++++++++
 pkg/harvester/config/feature-flags.js         |   3 +
 pkg/harvester/config/settings.ts              |   3 +-
 pkg/harvester/l10n/en-us.yaml                 |   6 +
 .../models/harvesterhci.io.setting.js         |   8 ++
 5 files changed, 142 insertions(+), 1 deletion(-)
 create mode 100644 pkg/harvester/components/settings/cluster-registration-url.vue

diff --git a/pkg/harvester/components/settings/cluster-registration-url.vue b/pkg/harvester/components/settings/cluster-registration-url.vue
new file mode 100644
index 00000000..7c0d81a4
--- /dev/null
+++ b/pkg/harvester/components/settings/cluster-registration-url.vue
@@ -0,0 +1,123 @@
+<script>
+import MessageLink from '@shell/components/MessageLink';
+import CreateEditView from '@shell/mixins/create-edit-view';
+import { LabeledInput } from '@components/Form/LabeledInput';
+import { HCI_SETTING } from '../../config/settings';
+import { Checkbox } from '@components/Form/Checkbox';
+import { Banner } from '@components/Banner';
+
+export default {
+  name: 'HarvesterEditClusterRegistrationURL',
+
+  components: {
+    LabeledInput, MessageLink, Checkbox, Banner
+  },
+
+  mixins: [CreateEditView],
+
+  data() {
+    let parseDefaultValue = {};
+
+    try {
+      parseDefaultValue = JSON.parse(this.value.value);
+    } catch (error) {
+      parseDefaultValue.url = this.value.value;
+      parseDefaultValue.insecureSkipTLSVerify = true;
+    }
+
+    return {
+      parseDefaultValue,
+      errors: []
+    };
+  },
+
+  computed: {
+    toCA() {
+      return `${ HCI_SETTING.ADDITIONAL_CA }?mode=edit`;
+    },
+    clusterRegistrationTLSVerifyEnabled() {
+      return this.$store.getters['harvester-common/getFeatureEnabled']('clusterRegistrationTLSVerify');
+    },
+    registrationURL: {
+      get() {
+        return this.clusterRegistrationTLSVerifyEnabled ? this.parseDefaultValue.url : this.parseDefaultValue;
+      },
+
+      set(value) {
+        if (this.clusterRegistrationTLSVerifyEnabled) {
+          this.parseDefaultValue.url = value;
+        } else {
+          this.parseDefaultValue = value;
+        }
+      }
+    }
+  },
+
+  methods: {
+    getDefaultValue() {
+      if (this.clusterRegistrationTLSVerifyEnabled) {
+        return { url: '', insecureSkipTLSVerify: false };
+      } else {
+        return '';
+      }
+    },
+
+    updateUrl() {
+      this.update();
+    },
+
+    update() {
+      if (this.clusterRegistrationTLSVerifyEnabled) {
+        this.value['value'] = JSON.stringify(this.parseDefaultValue);
+      } else {
+        this.value['value'] = this.parseDefaultValue;
+      }
+    },
+
+    useDefault() {
+      this.parseDefaultValue = this.getDefaultValue();
+    },
+
+    updateInsecureSkipTLSVerify(newValue) {
+      const { url = '' } = this.parseDefaultValue;
+
+      this.parseDefaultValue = { url, insecureSkipTLSVerify: newValue };
+      this.update();
+    },
+  }
+};
+</script>
+
+<template>
+  <div
+    class="row"
+  >
+    <div class="col span-12">
+      <Banner color="info">
+        <MessageLink
+          :to="toCA"
+          target="_blank"
+          prefix-label="harvester.setting.clusterRegistrationUrl.tip.prefix"
+          middle-label="harvester.setting.clusterRegistrationUrl.tip.middle"
+          suffix-label="harvester.setting.clusterRegistrationUrl.tip.suffix"
+        />
+      </Banner>
+      <LabeledInput
+        v-model:value="registrationURL"
+        class="mb-20"
+        :mode="mode"
+        :label="t('harvester.setting.clusterRegistrationUrl.url')"
+        @update:value="updateUrl"
+      />
+      <div v-if="clusterRegistrationTLSVerifyEnabled">
+        <Checkbox
+          v-model:value="parseDefaultValue.insecureSkipTLSVerify"
+          class="check mb-5"
+          type="checkbox"
+          :label="t('harvester.setting.clusterRegistrationUrl.insecureSkipTLSVerify')"
+          @update:value="updateInsecureSkipTLSVerify"
+        />
+      </div>
+    </div>
+  </div>
+</template>
diff --git a/pkg/harvester/config/feature-flags.js b/pkg/harvester/config/feature-flags.js
index b3d8b827..289b1093 100644
--- a/pkg/harvester/config/feature-flags.js
+++ b/pkg/harvester/config/feature-flags.js
@@ -57,6 +57,9 @@ const FEATURE_FLAGS = {
     'hotplugNic'
   ],
   'v1.7.1': [],
+  'v1.7.2': [
+    'clusterRegistrationTLSVerify'
+  ],
 };
 
 const generateFeatureFlags = () => {
diff --git a/pkg/harvester/config/settings.ts b/pkg/harvester/config/settings.ts
index 6d513e27..fcaeb968 100644
--- a/pkg/harvester/config/settings.ts
+++ b/pkg/harvester/config/settings.ts
@@ -123,7 +123,8 @@ export const HCI_ALLOWED_SETTINGS = {
 
 export const HCI_SINGLE_CLUSTER_ALLOWED_SETTING = {
   [HCI_SETTING.CLUSTER_REGISTRATION_URL]: {
-    kind:     'url',
+    kind:     'custom',
+    from:     'import',
     canReset: true,
   },
   [HCI_SETTING.UI_PL]: {
diff --git a/pkg/harvester/l10n/en-us.yaml b/pkg/harvester/l10n/en-us.yaml
index 43cd7322..721b3b17 100644
--- a/pkg/harvester/l10n/en-us.yaml
+++ b/pkg/harvester/l10n/en-us.yaml
@@ -1294,6 +1294,12 @@ harvester:
         retention: How long to retain metrics
         retentionSize: Maximum size of metrics
     clusterRegistrationUrl:
+      url: URL
+      insecureSkipTLSVerify: Insecure Skip TLS Verify
+      tip: 
+        prefix: Harvester secures cluster registration via TLS by default. If opt out "Insecure SKip TLS Verify", you must provide custom CA certificates using the
+        middle: 'additional-ca'
+        suffix: setting.
       message: To completely unset the imported Harvester cluster, please also remove it on the Rancher Dashboard UI via the <code> Virtualization Management </code> page.
     ntpServers:
       isNotIPV4: The address you entered is not IPv4 or host. Please enter a valid IPv4 address or a host address.
diff --git a/pkg/harvester/models/harvesterhci.io.setting.js b/pkg/harvester/models/harvesterhci.io.setting.js
index e9650dee..8c6e5488 100644
--- a/pkg/harvester/models/harvesterhci.io.setting.js
+++ b/pkg/harvester/models/harvesterhci.io.setting.js
@@ -52,11 +52,19 @@ export default class HciSetting extends HarvesterResource {
     });
   }
 
+  get clusterRegistrationTLSVerifyFeatureEnabled() {
+    return this.$rootGetters['harvester-common/getFeatureEnabled']('clusterRegistrationTLSVerify');
+  }
+
   get customValue() {
     if (this.metadata.name === HCI_SETTING.STORAGE_NETWORK) {
       try {
         return JSON.stringify(JSON.parse(this.value), null, 2);
       } catch (e) {}
+    } else if (this.metadata.name === HCI_SETTING.CLUSTER_REGISTRATION_URL) {
+      try {
+        return this.clusterRegistrationTLSVerifyFeatureEnabled ? JSON.stringify(JSON.parse(this.value), null, 2) : this.value;
+      } catch (e) {}
     }
 
     return false;