diff --git a/cmd/serve.go b/cmd/serve.go index 94ccaf3ff..24471bace 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -56,7 +56,7 @@ const ( apiPasswordProp = "api.password" apiPortProp = "api.port" apiHostProp = "api.host" - tlsCertCaBundleProp = "api.certCaBundle" + tlsCertProp = "api.tlsCert" tlsKeyProp = "api.tlsKey" encryptionPasswords = "db.encryption.passwords" encryptionEnabled = "db.encryption.enabled" @@ -93,7 +93,7 @@ func init() { _ = viper.BindEnv(apiHostProp, "CSB_LISTENER_HOST") _ = viper.BindEnv(encryptionPasswords, "ENCRYPTION_PASSWORDS") _ = viper.BindEnv(encryptionEnabled, "ENCRYPTION_ENABLED") - _ = viper.BindEnv(tlsCertCaBundleProp, "TLS_CERT_CHAIN") + _ = viper.BindEnv(tlsCertProp, "TLS_CERT") _ = viper.BindEnv(tlsKeyProp, "TLS_PRIVATE_KEY") } @@ -230,10 +230,10 @@ func startServer(registry pakBroker.BrokerRegistry, db *sql.DB, brokerapi http.H host := viper.GetString(apiHostProp) logger.Info("Serving", lager.Data{"port": port}) - tlsCertCaBundleFilePath := viper.GetString(tlsCertCaBundleProp) + tlsCertFilePath := viper.GetString(tlsCertProp) tlsKeyFilePath := viper.GetString(tlsKeyProp) - logger.Info("tlsCertCaBundle", lager.Data{"tlsCertCaBundle": tlsCertCaBundleFilePath}) + logger.Info("tlsCert", lager.Data{"tlsCert": tlsCertFilePath}) logger.Info("tlsKey", lager.Data{"tlsKey": tlsKeyFilePath}) httpServer := &http.Server{ @@ -243,8 +243,8 @@ func startServer(registry pakBroker.BrokerRegistry, db *sql.DB, brokerapi http.H go func() { var err error switch { - case tlsCertCaBundleFilePath != "" && tlsKeyFilePath != "": - err = httpServer.ListenAndServeTLS(tlsCertCaBundleFilePath, tlsKeyFilePath) + case tlsCertFilePath != "" && tlsKeyFilePath != "": + err = httpServer.ListenAndServeTLS(tlsCertFilePath, tlsKeyFilePath) default: err = httpServer.ListenAndServe() } diff --git a/docs/configuration.md b/docs/configuration.md index a58e7f609..8cb76c2ea 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -84,7 +84,7 @@ Broker service configuration values: | SECURITY_USER_NAME * | api.user | string |

Broker authentication username

| | SECURITY_USER_PASSWORD * | api.password | string |

Broker authentication password

| | PORT | api.port | string |

Port to bind broker to

| -| TLS_CERT_CHAIN | api.certCaBundle | string |

File path to a pem encoded certificate chain

| +| TLS_CERT | api.tlsCert | string |

File path to a pem encoded certificate

| | TLS_PRIVATE_KEY | api.tlsKey | string |

File path to a pem encoded private key

| diff --git a/internal/testdrive/broker_start.go b/internal/testdrive/broker_start.go index d71986553..db0e48fe3 100644 --- a/internal/testdrive/broker_start.go +++ b/internal/testdrive/broker_start.go @@ -217,7 +217,7 @@ func tlsConfig(cfg *startBrokerConfig, valid bool) { Expect(os.WriteFile(certFileBuf.Name(), serverCert, 0o644)).To(Succeed()) - cfg.env = append(cfg.env, fmt.Sprintf("TLS_CERT_CHAIN=%s", certFileBuf.Name())) + cfg.env = append(cfg.env, fmt.Sprintf("TLS_CERT=%s", certFileBuf.Name())) cfg.env = append(cfg.env, fmt.Sprintf("TLS_PRIVATE_KEY=%s", privKeyFileBuf.Name())) }