Am 21.05.24 um 19:50 schrieb Christopher Schultz:
All,I've been playing with this PropertySource and I'm wondering if it could be improved a little.First of all, it uses an environment variable SERVICE_BINDING_ROOT which is in line with the service binding standard which is documented https://servicebinding.io/. Environment variables are a little icky in Java, so I'd like to do one or more of the following:1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT environment variable *or* a system property with an appropriate name such as service.binding.root, with the system property overriding the environment variable.This will allow software to use e.g. catalina.properties to define service.binding.root instead of using an environment variable which may be awkward in certain environments.2. Have ServiceBindingPropertySource fall-back to system property resolution if no matching file is found. Maybe we should do this with all PropertySource classes provided by Tomcat?3. If the SERVICE_BINDING_ROOT environment variable is being used, copy its value into a system property. This will allow application software or Tomcat itself to use the file reference as necessary. For example:<SSLHostConfig><Certificate certificateKeyFile="${service.binding.root}/myapp/cert.key"certificateFile="${service.binding.root}/myapp/cert.crt" ... </Certificate> </SSLHostConfig> Without this capability, the application must: <SSLHostConfig> <Certificate certificateKeyFile="${custom-certificate.keyFile}" certificateFile="${custom-certificate.file}" ..
Why would you have to do this? Could not you use "${path-to-cert-dir}/cert.key"? Where path-to-cert-dir is some sensible name and the value contains (surprise) the path to the directory in which cert and key are living happily together.
Apart from that, as Remy pointed out, kubernetes people have no problem with env variables.
Felix
</SSLHostConfig>The values passed-into the certificateKeyFile must point to files on the disk which themselves point to ANOTHER file. So you need two files where one will do, plus the file-on-the-disk needs to know its own path so it can point to the OTHER file which actually contains the key/cert bytes.Does anyone have any comments on the above? -chris --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
