-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHCLOUD-30039 Use TLS CA from Clowder with recipients-resolver #2422
base: master
Are you sure you want to change the base?
RHCLOUD-30039 Use TLS CA from Clowder with recipients-resolver #2422
Conversation
aa6fdb5
to
7a7d8bb
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2422 +/- ##
============================================
- Coverage 69.98% 69.89% -0.10%
+ Complexity 1794 1793 -1
============================================
Files 379 379
Lines 7903 7919 +16
Branches 685 686 +1
============================================
+ Hits 5531 5535 +4
- Misses 2080 2093 +13
+ Partials 292 291 -1 ☔ View full report in Codecov by Sentry. |
.sslContextParameters(getSslContextParameters()) | ||
.x509HostnameVerifier(NoopHostnameVerifier.INSTANCE); | ||
HttpEndpointBuilder endpointBuilder = https(fullURL.replace("https://", "")); | ||
if (emailConnectorConfig.getRecipientsResolverTrustStorePath().isPresent() && emailConnectorConfig.getRecipientsResolverTrustStorePassword().isPresent() && emailConnectorConfig.getRecipientsResolverTrustStoreType().isPresent()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about a keystore without password ? is password field is always mandatory, even it it's empty ?
I ask because on Kafka client setup, we must not add the keystore password configuration key if its empty.
|
||
endpointBuilder.sslContextParameters(sslContextParameters); | ||
} else { | ||
Log.warn("TLS is enabled for recipients-resolver but the trust store could not be used to build the Camel endpoint because the trust store path, password or type are missing in the Clowder configuration"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we invalidate the health check it this error happends ?
My consern is if something goes wrong, all pods could be deployed with an inconsistent ssl config and all requests to the recipients-resolver will probably fail, involving a production outage ?
Shouldn't we apply the same keystore management on engine ? |
/retest |
2 similar comments
/retest |
/retest |
b4ad6df
to
8027e7a
Compare
/retest |
8027e7a
to
808e395
Compare
/retest |
1 similar comment
/retest |
808e395
to
4580446
Compare
4580446
to
5e7f519
Compare
No description provided.