gnodet commented on code in PR #24668:
URL: https://github.com/apache/camel/pull/24668#discussion_r3573515430
##########
components/camel-ai/camel-openai/src/main/java/org/apache/camel/component/openai/OpenAIConfiguration.java:
##########
@@ -240,7 +240,7 @@ public class OpenAIConfiguration implements Cloneable {
@Metadata(description = "The algorithm used by the trust manager factory
for SSL connections")
private String sslTrustmanagerAlgorithm = "PKIX";
- @UriParam(label = "security", defaultValue = "https")
+ @UriParam(label = "security", defaultValue = "https", security =
"insecure:ssl")
Review Comment:
The annotation correctly adds `security = "insecure:ssl"`. However, consider
also adding `insecureValue = ""` explicitly (or even `insecureValue = "none"`)
to document the insecure value.
The current behavior without `insecureValue`: the build tooling defaults to
`""` for String-type options (see `collectSecurityOption` in
`UpdateSensitizeHelper.java`). This catches `sslEndpointAlgorithm=""` but
misses `sslEndpointAlgorithm=none`, even though both disable hostname
verification (see `OpenAIEndpoint.java` line 539).
Note: this same gap exists for `strictHostKeyChecking` in
`BaseSftpConfiguration`, so this may be acceptable for now.
##########
components/camel-ai/camel-openai/src/generated/resources/META-INF/org/apache/camel/component/openai/openai.json:
##########
@@ -113,7 +113,7 @@
"lazyStartProducer": { "index": 34, "kind": "parameter", "displayName":
"Lazy Start Producer", "group": "producer (advanced)", "label":
"producer,advanced", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a producer may otherwise
fail during starting and cause the route to fail being started. By deferring
this startup to be lazy then the startup failure can be handled during routing
messages via Camel's routing error handlers. Beware that when the first message
is processed then creating and starting the producer may take a little time and
prolong the total processing time of the processing." },
"oauthProfile": { "index": 35, "kind": "parameter", "displayName": "Oauth
Profile", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false,
"deprecationNote": "", "autowired": false, "secret": false,
"configurationClass": "org.apache.camel.component.openai.OpenAIConfiguration",
"configurationField": "configuration", "description": "OAuth profile name for
obtaining an access token via the OAuth 2.0 Client Credentials grant. When set,
the token is acquired from the configured identity provider and used instead of
apiKey. Requires camel-oauth on the classpath. The profile properties are
resolved from camel.oauth..client-id, camel.oauth..client-secret, and
camel.oauth..token-endpoint." },
"sslContextParameters": { "index": 36, "kind": "parameter", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"deprecationNote": "", "autowired": false, "secret": false,
"configurationClass": "org.apache.camel.component.openai.OpenAIConfiguration",
"configurationField": "configuration", "description": "SSLContextParameters to
use for configuring SSL\/TLS. When set, takes precedence over the individual
sslTruststore, sslKeystore, and sslProtocol options." },
- "sslEndpointAlgorithm": { "index": 37, "kind": "parameter", "displayName":
"Ssl Endpoint Algorithm", "group": "security", "label": "security", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"deprecationNote": "", "autowired": false, "secret": false, "defaultValue":
"https", "configurationClass":
"org.apache.camel.component.openai.OpenAIConfiguration", "configurationField":
"configuration", "description": "The endpoint identification algorithm to
validate the server hostname using the server certificate. Set to an empty
string or 'none' to disable hostname verification" },
+ "sslEndpointAlgorithm": { "index": 37, "kind": "parameter", "displayName":
"Ssl Endpoint Algorithm", "group": "security", "label": "security", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"deprecationNote": "", "autowired": false, "secret": false, "security":
"insecure:ssl", "defaultValue": "https", "configurationClass":
"org.apache.camel.component.openai.OpenAIConfiguration", "configurationField":
"configuration", "description": "The endpoint identification algorithm to
validate the server hostname using the server certificate. Set to an empty
string or 'none' to disable hostname verification" },
Review Comment:
This component-level metadata is correctly updated. However, the **catalog
copy** at
`catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/openai.json`
also needs the same update. It will be auto-generated when the catalog module
builds successfully.
Additionally,
`core/camel-util/src/main/java/org/apache/camel/util/SecurityUtils.java` needs
a new entry in the `SECURITY_OPTIONS` map (also auto-generated during catalog
build). Without it, the runtime security policy framework cannot enforce
policies on this option.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]