squakez commented on code in PR #6427:
URL: https://github.com/apache/camel-k/pull/6427#discussion_r2631629529
##########
pkg/trait/init_containers.go:
##########
@@ -93,28 +93,18 @@ func (t *initContainersTrait) Configure(e *Environment)
(bool, *TraitCondition,
}
// Set the CA cert truststore init container if configured
if ok && jvm.hasCACert() {
- _, secretKey, err := parseSecretRef(jvm.CACert)
- if err != nil {
+ if err := jvm.validateCACertConfig(); err != nil {
return false, nil, err
}
- if secretKey == "" {
- secretKey = "ca.crt"
- }
-
- secretName, secretKey2, err :=
jvm.getTrustStorePasswordSecretRef()
- if err != nil {
- return false, nil, err
- }
-
+ // keytool reads password from file using
-storepass:file
keytoolCmd := fmt.Sprintf(
- "keytool -importcert -noprompt -alias custom-ca
-storepass:env %s -keystore %s -file /etc/secrets/cacert/%s",
- truststorePasswordEnvVar,
jvm.getTrustStorePath(), secretKey,
+ "keytool -importcert -noprompt -alias custom-ca
-storepass:file %s -keystore %s -file %s",
Review Comment:
Ah, wasn't aware of that one. Definitely cleaner this way then!
##########
docs/modules/ROOT/partials/apis/camel-k-crds.adoc:
##########
@@ -7801,25 +7801,26 @@ string
|
-The secret should contain PEM-encoded certificates.
-Example: "secret:my-ca-certs" or "secret:my-ca-certs/custom-ca.crt"
+Path to a PEM-encoded CA certificate file. The file must be mounted
+by the user using the mount trait (e.g., mount.configs or mount.secrets).
+Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
|`caCertMountPath` +
string
|
-The path where the generated truststore will be mounted
+The path where the generated truststore will be mounted.
Default: "/etc/camel/conf.d/_truststore"
|`caCertPassword` +
string
|
-Required when caCert is set. A secret reference containing the truststore
password.
-If the secret key is not specified, "password" is used as the default key.
-Example: "secret:my-truststore-password" or
"secret:my-truststore-password/mykey"
+Required when caCert is set. Path to a file containing the truststore password.
+The file must be mounted by the user using the mount trait.
Review Comment:
Ditto
##########
pkg/trait/jvm.go:
##########
@@ -379,26 +379,13 @@ func getLegacyCamelQuarkusDependenciesPaths() *sets.Set {
}
// configureCACert configures the CA certificate truststore and returns the
JVM arguments.
-func (t *jvmTrait) configureCaCert(e *Environment) ([]string, error) {
- if t.CACert == "" {
- return nil, nil
- }
-
- _, _, err := parseSecretRef(t.CACert)
- if err != nil {
+func (t *jvmTrait) configureCaCert() ([]string, error) {
+ if err := t.validateCACertConfig(); err != nil {
Review Comment:
I think this one is redundant. You have already done the check in the
`configure()` func.
##########
docs/modules/ROOT/partials/apis/camel-k-crds.adoc:
##########
@@ -7801,25 +7801,26 @@ string
|
-The secret should contain PEM-encoded certificates.
-Example: "secret:my-ca-certs" or "secret:my-ca-certs/custom-ca.crt"
+Path to a PEM-encoded CA certificate file. The file must be mounted
+by the user using the mount trait (e.g., mount.configs or mount.secrets).
Review Comment:
Better remove the mention to the mount trait. The user may have also baked
the file at build time in other manners or via volumes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
