This is an automated email from the ASF dual-hosted git repository. pcongiusti pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 13d4c0aa0fadfd33982af4ec1f0f4d618ca81070 Author: Pranjul Kalsi <[email protected]> AuthorDate: Fri Dec 19 13:22:48 2025 +0530 fix(jvm): consolidate caCert validation to init_containers and update docs --- docs/modules/ROOT/partials/apis/camel-k-crds.adoc | 4 +-- docs/modules/traits/pages/jvm.adoc | 5 +--- helm/camel-k/crds/camel-k-crds.yaml | 32 ++++++---------------- pkg/apis/camel/v1/trait/jvm.go | 4 +-- .../camel.apache.org_integrationplatforms.yaml | 8 ++---- .../camel.apache.org_integrationprofiles.yaml | 8 ++---- .../crd/bases/camel.apache.org_integrations.yaml | 8 ++---- .../config/crd/bases/camel.apache.org_pipes.yaml | 8 ++---- pkg/trait/jvm.go | 16 +++-------- pkg/trait/jvm_test.go | 29 -------------------- 10 files changed, 23 insertions(+), 99 deletions(-) diff --git a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc index 2013fbab5..6a58ee2ad 100644 --- a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc +++ b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc @@ -7801,8 +7801,7 @@ string | -Path to a PEM-encoded CA certificate file. The file must be mounted -by the user using the mount trait (e.g., mount.configs or mount.secrets). +Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" |`caCertMountPath` + @@ -7819,7 +7818,6 @@ string Required when caCert is set. Path to a file containing the truststore password. -The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" diff --git a/docs/modules/traits/pages/jvm.adoc b/docs/modules/traits/pages/jvm.adoc index a7079b61b..0b02a9024 100755 --- a/docs/modules/traits/pages/jvm.adoc +++ b/docs/modules/traits/pages/jvm.adoc @@ -64,8 +64,7 @@ Deprecated: no longer in use. | jvm.ca-cert | string -| Path to a PEM-encoded CA certificate file. The file must be mounted -by the user using the mount trait (e.g., mount.configs or mount.secrets). +| Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" | jvm.ca-cert-mount-path @@ -76,7 +75,6 @@ Default: "/etc/camel/conf.d/_truststore" | jvm.ca-cert-password | string | Required when caCert is set. Path to a file containing the truststore password. -The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" |=== @@ -153,4 +151,3 @@ This will automatically: 3. Configure the JVM to use the generated truststore via `-Djavax.net.ssl.trustStore` NOTE: The `ca-cert-password` option is **required** when using `ca-cert`. Both values must be file paths to the mounted secrets. - diff --git a/helm/camel-k/crds/camel-k-crds.yaml b/helm/camel-k/crds/camel-k-crds.yaml index 9b6662390..84cb8ad48 100644 --- a/helm/camel-k/crds/camel-k-crds.yaml +++ b/helm/camel-k/crds/camel-k-crds.yaml @@ -4723,8 +4723,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -4735,7 +4734,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -7146,8 +7144,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -7158,7 +7155,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -9471,8 +9467,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -9483,7 +9478,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -11773,8 +11767,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -11785,7 +11778,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -20909,8 +20901,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -20921,7 +20912,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -23165,8 +23155,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -23177,7 +23166,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -33663,8 +33651,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -33675,7 +33662,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -35851,8 +35837,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -35863,7 +35848,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: diff --git a/pkg/apis/camel/v1/trait/jvm.go b/pkg/apis/camel/v1/trait/jvm.go index a1f855fe0..881876045 100644 --- a/pkg/apis/camel/v1/trait/jvm.go +++ b/pkg/apis/camel/v1/trait/jvm.go @@ -42,15 +42,13 @@ type JVMTrait struct { Jar string `json:"jar,omitempty" property:"jar"` // A list of JVM agents to download and execute with format `<agent-name>;<agent-url>[;<jvm-agent-options>]`. Agents []string `json:"agents,omitempty" property:"agents"` - // Path to a PEM-encoded CA certificate file. The file must be mounted - // by the user using the mount trait (e.g., mount.configs or mount.secrets). + // Path to a PEM-encoded CA certificate file. // Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" CACert string `json:"caCert,omitempty" property:"ca-cert"` // The path where the generated truststore will be mounted. // Default: "/etc/camel/conf.d/_truststore" CACertMountPath string `json:"caCertMountPath,omitempty" property:"ca-cert-mount-path"` // Required when caCert is set. Path to a file containing the truststore password. - // The file must be mounted by the user using the mount trait. // Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" CACertPassword string `json:"caCertPassword,omitempty" property:"ca-cert-password"` } diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml index 972725282..dec9e1fdb 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml @@ -1474,8 +1474,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -1486,7 +1485,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -3897,8 +3895,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -3909,7 +3906,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml index d51140633..e2e672585 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml @@ -1342,8 +1342,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -1354,7 +1353,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -3644,8 +3642,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -3656,7 +3653,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml index 901483d1c..c88edef29 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml @@ -8156,8 +8156,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -8168,7 +8167,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -10412,8 +10410,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -10424,7 +10421,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: diff --git a/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml b/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml index f7e2979db..975a1eca2 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml @@ -8212,8 +8212,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -8224,7 +8223,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: @@ -10400,8 +10398,7 @@ spec: type: array caCert: description: |- - Path to a PEM-encoded CA certificate file. The file must be mounted - by the user using the mount trait (e.g., mount.configs or mount.secrets). + Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt" type: string caCertMountPath: @@ -10412,7 +10409,6 @@ spec: caCertPassword: description: |- Required when caCert is set. Path to a file containing the truststore password. - The file must be mounted by the user using the mount trait. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password" type: string classpath: diff --git a/pkg/trait/jvm.go b/pkg/trait/jvm.go index 8c1a5c541..cefb92677 100644 --- a/pkg/trait/jvm.go +++ b/pkg/trait/jvm.go @@ -158,11 +158,7 @@ func (t *jvmTrait) Apply(e *Environment) error { args = append(args, httpProxyArgs...) } - caCertArgs, err := t.configureCaCert() - if err != nil { - return err - } - if caCertArgs != nil { + if caCertArgs := t.configureCaCert(); caCertArgs != nil { args = append(args, caCertArgs...) } @@ -379,17 +375,13 @@ func getLegacyCamelQuarkusDependenciesPaths() *sets.Set { } // configureCACert configures the CA certificate truststore and returns the JVM arguments. -func (t *jvmTrait) configureCaCert() ([]string, error) { - if err := t.validateCACertConfig(); err != nil { - return nil, err - } - +func (t *jvmTrait) configureCaCert() []string { if t.CACert == "" { - return nil, nil + return nil } return []string{ "-Djavax.net.ssl.trustStore=" + t.getTrustStorePath(), fmt.Sprintf("-Djavax.net.ssl.trustStorePassword=$(%s)", truststorePasswordEnvVar), - }, nil + } } diff --git a/pkg/trait/jvm_test.go b/pkg/trait/jvm_test.go index c458c0154..7402d748a 100644 --- a/pkg/trait/jvm_test.go +++ b/pkg/trait/jvm_test.go @@ -720,35 +720,6 @@ func TestApplyJvmTraitAgentFail(t *testing.T) { assert.Contains(t, err.Error(), "could not parse JVM agent") } -func TestApplyJvmTraitWithCACertMissingPassword(t *testing.T) { - trait, environment := createNominalJvmTest(v1.IntegrationKitTypePlatform) - trait.CACert = "/etc/camel/conf.d/_secrets/my-ca/ca.crt" - - d := appsv1.Deployment{ - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: defaultContainerName, - }, - }, - }, - }, - }, - } - - environment.Resources.Add(&d) - configure, condition, err := trait.Configure(environment) - require.NoError(t, err) - assert.True(t, configure) - assert.Nil(t, condition) - - err = trait.Apply(environment) - require.Error(t, err) - assert.Contains(t, err.Error(), "ca-cert-password is required") -} - func TestApplyJvmTraitWithCACert(t *testing.T) { trait, environment := createNominalJvmTest(v1.IntegrationKitTypePlatform) trait.CACert = "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
