Allow mongo client to be configured by a tls registry #46293
Conversation
Malandril
force-pushed
the
mongo-tls-registry
branch
from
cc96bcf to
30c1fb9
Compare
Malandril
changed the title
Malandril
force-pushed
the
mongo-tls-registry
branch
from
30c1fb9 to
d5c66d2
Compare
This comment has been minimized.
This comment has been minimized.
Malandril
force-pushed
the
mongo-tls-registry
branch
3 times, most recently
from
80e1c7e to
930883d
Compare
This comment has been minimized.
This comment has been minimized.
|
🙈 The PR is closed and the preview is expired. |
This comment has been minimized.
This comment has been minimized.
| import io.smallrye.certs.junit5.Certificate; | ||
| import io.smallrye.certs.junit5.Certificates; | ||
|
|
||
| @DisabledOnOs(value = OS.WINDOWS, disabledReason = "Tests don't pass on windows CI") |
There was a problem hiding this comment.
The tests on windows CI don't seem to work correctly, I cannot reproduce it, on my local windows.
It may be because the generated certs use relative paths.
There was a problem hiding this comment.
Thanks for the report. It might be something related to the Junit 5 plugin generating certificates.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
This is really nice, thanks!
I added a few minor suggestions and questions. And it's probably a good idea to let @cescoffier have a look.
docs/src/main/asciidoc/mongodb.adoc
Outdated
|
|
||
| If you want to use SSL/TLS encryption, you need to add these properties in your `application.properties`: | ||
| You can configure the client to trust servers with certificates with invalid hostnames: | ||
|
|
||
| [source,properties] | ||
| ---- | ||
| quarkus.mongodb.tls=true | ||
| quarkus.mongodb.tls-insecure=true # only if TLS certificate cannot be validated |
There was a problem hiding this comment.
Is this needed when you are using a TLS configuration from the registry? IIRC, it's configured there?
There was a problem hiding this comment.
This option configures the mongo builder with the method invalidHostNameAllowed.
The tls registry config is applied after, if the quarkus.mongodb.tls is true, the registry can replace this because it can be configured with quarkus.tls.hostname-verification-algorithm=NONE.
...sions/mongodb-client/runtime/src/main/java/io/quarkus/mongodb/runtime/MongoClientConfig.java
Show resolved
Hide resolved
extensions/mongodb-client/runtime/src/main/java/io/quarkus/mongodb/runtime/MongoClients.java
Outdated
Show resolved
Hide resolved
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
extensions/mongodb-client/deployment/src/test/java/io/quarkus/mongodb/MongoTestBase.java
Show resolved
Hide resolved
...sions/mongodb-client/runtime/src/main/java/io/quarkus/mongodb/runtime/MongoClientConfig.java
Outdated
Show resolved
Hide resolved
extensions/mongodb-client/deployment/src/test/java/io/quarkus/mongodb/MongoTestBase.java
Show resolved
Hide resolved
| import io.smallrye.certs.junit5.Certificate; | ||
| import io.smallrye.certs.junit5.Certificates; | ||
|
|
||
| @DisabledOnOs(value = OS.WINDOWS, disabledReason = "Tests don't pass on windows CI") |
There was a problem hiding this comment.
Thanks for the report. It might be something related to the Junit 5 plugin generating certificates.
This comment has been minimized.
This comment has been minimized.
Malandril
force-pushed
the
mongo-tls-registry
branch
from
ec10539 to
5763a4f
Compare
|
When all is done, we'll need to have the commits squashed |
This comment has been minimized.
This comment has been minimized.
Malandril
force-pushed
the
mongo-tls-registry
branch
2 times, most recently
from
840f7c6 to
a08bd7e
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Malandril
force-pushed
the
mongo-tls-registry
branch
from
a08bd7e to
cd1ffd4
Compare
test: Disable tls test on windows Apply suggestions from code review Co-authored-by: Guillaume Smet <[email protected]> Deprecate tlsInsecure mongo configuration Review comments, enable tls when configuration name set
Malandril
force-pushed
the
mongo-tls-registry
branch
from
cd1ffd4 to
bc2b0eb
Compare
Status for workflow
|
This comment has been minimized.
This comment has been minimized.
geoand
added
release/noteworthy-feature
triage/waiting-for-ci
Status for workflow
|
quarkus-bot
bot
removed
the
triage/waiting-for-ci
This PR allows the mongodb client to be configured using a tls registry configuration. This allows simpler ways to configure the trustores, and mtls connections.
By default the mongodb client dost not use the default tls registry.