gnodet commented on code in PR #24668:
URL: https://github.com/apache/camel/pull/24668#discussion_r3573515430


##########
components/camel-ai/camel-openai/src/main/java/org/apache/camel/component/openai/OpenAIConfiguration.java:
##########
@@ -240,7 +240,7 @@ public class OpenAIConfiguration implements Cloneable {
     @Metadata(description = "The algorithm used by the trust manager factory 
for SSL connections")
     private String sslTrustmanagerAlgorithm = "PKIX";
 
-    @UriParam(label = "security", defaultValue = "https")
+    @UriParam(label = "security", defaultValue = "https", security = 
"insecure:ssl")

Review Comment:
   The annotation correctly adds `security = "insecure:ssl"`. However, consider 
also adding `insecureValue = ""` explicitly (or even `insecureValue = "none"`) 
to document the insecure value.
   
   The current behavior without `insecureValue`: the build tooling defaults to 
`""` for String-type options (see `collectSecurityOption` in 
`UpdateSensitizeHelper.java`). This catches `sslEndpointAlgorithm=""` but 
misses `sslEndpointAlgorithm=none`, even though both disable hostname 
verification (see `OpenAIEndpoint.java` line 539).
   
   Note: this same gap exists for `strictHostKeyChecking` in 
`BaseSftpConfiguration`, so this may be acceptable for now.



##########
components/camel-ai/camel-openai/src/generated/resources/META-INF/org/apache/camel/component/openai/openai.json:
##########
@@ -113,7 +113,7 @@
     "lazyStartProducer": { "index": 34, "kind": "parameter", "displayName": 
"Lazy Start Producer", "group": "producer (advanced)", "label": 
"producer,advanced", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether the producer should be started 
lazy (on the first message). By starting lazy you can use this to allow 
CamelContext and routes to startup in situations where a producer may otherwise 
fail during starting and cause the route to fail being started. By deferring 
this startup to be lazy then the startup failure can be handled during routing 
messages via Camel's routing error handlers. Beware that when the first message 
is processed then creating and starting the producer may take a little time and 
prolong the total processing time of the processing." },
     "oauthProfile": { "index": 35, "kind": "parameter", "displayName": "Oauth 
Profile", "group": "security", "label": "security", "required": false, "type": 
"string", "javaType": "java.lang.String", "deprecated": false, 
"deprecationNote": "", "autowired": false, "secret": false, 
"configurationClass": "org.apache.camel.component.openai.OpenAIConfiguration", 
"configurationField": "configuration", "description": "OAuth profile name for 
obtaining an access token via the OAuth 2.0 Client Credentials grant. When set, 
the token is acquired from the configured identity provider and used instead of 
apiKey. Requires camel-oauth on the classpath. The profile properties are 
resolved from camel.oauth..client-id, camel.oauth..client-secret, and 
camel.oauth..token-endpoint." },
     "sslContextParameters": { "index": 36, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"deprecationNote": "", "autowired": false, "secret": false, 
"configurationClass": "org.apache.camel.component.openai.OpenAIConfiguration", 
"configurationField": "configuration", "description": "SSLContextParameters to 
use for configuring SSL\/TLS. When set, takes precedence over the individual 
sslTruststore, sslKeystore, and sslProtocol options." },
-    "sslEndpointAlgorithm": { "index": 37, "kind": "parameter", "displayName": 
"Ssl Endpoint Algorithm", "group": "security", "label": "security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"deprecationNote": "", "autowired": false, "secret": false, "defaultValue": 
"https", "configurationClass": 
"org.apache.camel.component.openai.OpenAIConfiguration", "configurationField": 
"configuration", "description": "The endpoint identification algorithm to 
validate the server hostname using the server certificate. Set to an empty 
string or 'none' to disable hostname verification" },
+    "sslEndpointAlgorithm": { "index": 37, "kind": "parameter", "displayName": 
"Ssl Endpoint Algorithm", "group": "security", "label": "security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"deprecationNote": "", "autowired": false, "secret": false, "security": 
"insecure:ssl", "defaultValue": "https", "configurationClass": 
"org.apache.camel.component.openai.OpenAIConfiguration", "configurationField": 
"configuration", "description": "The endpoint identification algorithm to 
validate the server hostname using the server certificate. Set to an empty 
string or 'none' to disable hostname verification" },

Review Comment:
   This component-level metadata is correctly updated. However, the **catalog 
copy** at 
`catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/openai.json`
 also needs the same update. It will be auto-generated when the catalog module 
builds successfully.
   
   Additionally, 
`core/camel-util/src/main/java/org/apache/camel/util/SecurityUtils.java` needs 
a new entry in the `SECURITY_OPTIONS` map (also auto-generated during catalog 
build). Without it, the runtime security policy framework cannot enforce 
policies on this option.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to