refactor: rename certificate check to enabled

Align with other properties using `aws.` as prefix, and `enabled` suffix for flags.
Aiven-Open · Sep 17, 2023 · 5f64f5a · 5f64f5a
1 parent 2416c1b
commit 5f64f5a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/storage/s3/src/main/java/io/aiven/kafka/tieredstorage/storage/s3/S3StorageConfig.java b/storage/s3/src/main/java/io/aiven/kafka/tieredstorage/storage/s3/S3StorageConfig.java
@@ -81,10 +81,10 @@ public class S3StorageConfig extends AbstractConfig {
     public static final String AWS_SECRET_ACCESS_KEY_CONFIG = "aws.secret.access.key";
     private static final String AWS_SECRET_ACCESS_KEY_DOC = "AWS secret access key. "
         + "To be used when static credentials are provided.";
-    public static final String DISABLE_AWS_CERT_CHECKING_CONFIG = "aws.disable.cert.checking";
-    private static final String DISABLE_AWS_CERT_CHECKING_DOC =
-        "This property is used to disable SSL certificate checking for AWS services. "
-            + "When set to \"true\", the SSL certificate checking for AWS services will be bypassed. "
+    public static final String AWS_CERTIFICATE_CHECK_ENABLED_CONFIG = "aws.certificate.check.enabled";
+    private static final String AWS_CERTIFICATE_CHECK_ENABLED_DOC =
+        "This property is used to enable SSL certificate checking for AWS services. "
+            + "When set to \"false\", the SSL certificate checking for AWS services will be bypassed. "
             + "Use with caution and always only in a test environment, as disabling certificate lead the storage "
             + "to be vulnerable to man-in-the-middle attacks.";
 
@@ -161,11 +161,11 @@ public class S3StorageConfig extends AbstractConfig {
                 new NonEmptyPassword(),
                 ConfigDef.Importance.MEDIUM,
                 AWS_SECRET_ACCESS_KEY_DOC)
-            .define(DISABLE_AWS_CERT_CHECKING_CONFIG,
+            .define(AWS_CERTIFICATE_CHECK_ENABLED_CONFIG,
                 ConfigDef.Type.BOOLEAN,
-                false,
+                true,
                 ConfigDef.Importance.LOW,
-                DISABLE_AWS_CERT_CHECKING_DOC
+                AWS_CERTIFICATE_CHECK_ENABLED_DOC
             );
     }
 
@@ -207,7 +207,7 @@ S3Client s3Client() {
             s3ClientBuilder.forcePathStyle(pathStyleAccessEnabled);
         }
 
-        if (disableAwsCertChecking()) {
+        if (!certificateCheckEnabled()) {
             s3ClientBuilder.httpClient(
                 new DefaultSdkHttpClientBuilder()
                     .buildWithDefaults(
@@ -263,8 +263,8 @@ AwsCredentialsProvider credentialsProvider() {
         }
     }
 
-    public Boolean disableAwsCertChecking() {
-        return getBoolean(DISABLE_AWS_CERT_CHECKING_CONFIG);
+    public Boolean certificateCheckEnabled() {
+        return getBoolean(AWS_CERTIFICATE_CHECK_ENABLED_CONFIG);
     }
 
     public String bucketName() {

diff --git a/storage/s3/src/test/java/io/aiven/kafka/tieredstorage/storage/s3/S3StorageConfigTest.java b/storage/s3/src/test/java/io/aiven/kafka/tieredstorage/storage/s3/S3StorageConfigTest.java
@@ -52,7 +52,7 @@ void minimalConfig() {
         assertThat(config.credentialsProvider()).isNull();
         assertThat(config.pathStyleAccessEnabled()).isNull();
         assertThat(config.uploadPartSize()).isEqualTo(S3_MULTIPART_UPLOAD_PART_SIZE_DEFAULT);
-        assertThat(config.disableAwsCertChecking()).isFalse();
+        assertThat(config.certificateCheckEnabled()).isTrue();
         verifyClientConfiguration(config.s3Client(), null);
     }
 
@@ -110,7 +110,7 @@ void configWithStaticCredentials() {
             "s3.endpoint.url", MINIO_URL,
             "aws.access.key.id", username,
             "aws.secret.access.key", password,
-            "aws.disable.cert.checking", "true");
+            "aws.certificate.check.enabled", "false");
 
         final var config = new S3StorageConfig(configs);
 
@@ -119,7 +119,7 @@ void configWithStaticCredentials() {
         assertThat(config.getString("s3.endpoint.url")).isEqualTo(MINIO_URL);
         assertThat(config.getPassword("aws.access.key.id").value()).isEqualTo(username);
         assertThat(config.getPassword("aws.secret.access.key").value()).isEqualTo(password);
-        assertThat(config.disableAwsCertChecking()).isEqualTo(true);
+        assertThat(config.certificateCheckEnabled()).isFalse();
 
         final AwsCredentialsProvider credentialsProvider = config.credentialsProvider();
         assertThat(credentialsProvider).isInstanceOf(StaticCredentialsProvider.class);