Skip to content

Commit

Permalink
Rename config property
Browse files Browse the repository at this point in the history
  • Loading branch information
Josh-Matsuoka authored and andrewazores committed Dec 19, 2024
1 parent 263a21e commit 1694b6a
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 10 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ and how it advertises itself to a Cryostat server instance. Properties that requ
- [ ] `cryostat.agent.webclient.tls.version` [`String`]: the version of TLS used for the Agent's client SSL context. Default `TLSv1.2`.
- [ ] `cryostat.agent.webclient.tls.trust-all` [`boolean`]: control whether the agent trusts all certificates presented by the Cryostat server. Default `false`. This should only be overridden for development and testing purposes, never in production.
- [ ] `cryostat.agent.webclient.tls.verify-hostname` [`boolean`]: control whether the agent verifies hostnames on certificates presented by the Cryostat server. Default `true`. This should only be overridden for development and testing purposes, never in production.
- [ ] `cryostat.agent.webclient.tls.required` [`boolean`]: Specify wether the agent should use TLS by default, expecting the base URI to be an https connection with a certificate it trusts. Defaults to `true`. Should only be disabled for testing/prototyping purposes.
- [ ] `cryostat.agent.webclient.tls.trustore.cert` [`list`]: the list of truststoreConfig objects with alias, path, and type properties for certificates to be stored in the agent's truststore. For example, 'cryostat.agent.webclient.tls.truststore.cert[0].type' would be the type of the first certificate in this list. A truststoreConfig object must contain all three properties to be a valid certificate entry.
- [ ] `cryostat.agent.webclient.tls.truststore.type` [`String`]: the type of truststore used for the agent's client truststore. Default `JKS`.
- [ ] `cryostat.agent.webclient.tls.truststore.path` [`String`]: the filepath to the agent's webclient truststore. This takes precedence over `cryostat.agent.webclient.tls.truststore.cert` and must be configured with the truststore's pass with `cryostat.agent.webclient.tls.truststore.pass.file` or `cryostat.agent.webclient.tls.truststore.pass`.
Expand Down Expand Up @@ -255,7 +256,6 @@ and how it advertises itself to a Cryostat server instance. Properties that requ
- [ ] `cryostat.agent.callback.port` [`int`]: An override for the port portion of the `cryostat.agent.callback` URL.
- [ ] `rht.insights.java.opt-out` [`boolean`]: for the Red Hat build of Cryostat, set this to true to disable data collection for Red Hat Insights. Defaults to `false`. Red Hat Insights data collection is always disabled for community builds of Cryostat.
- [ ] `rht.insights.java.debug` [`boolean`]: for the Red Hat build of Cryostat, set this to true to enable debug logging for the Red Hat Insights Java Agent. Defaults to `false`. Red Hat Insights data collection is always disabled for community builds of Cryostat.
- [ ] `cryostat.agent.tls.enabled` [`boolean`]: Specify wether the agent should use TLS by default, expecting the base URI to be an https connection with a certificate it trusts. Defaults to `true`. Should only be disabled for testing/prototyping purposes.

These properties can be set by JVM system properties or by environment variables. For example, the property
`cryostat.agent.baseuri` can be set using `-Dcryostat.agent.baseuri=https://mycryostat.example.com:1234/` or
Expand Down
9 changes: 5 additions & 4 deletions src/main/java/io/cryostat/agent/ConfigModule.java
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,9 @@ public abstract class ConfigModule {
public static final String CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_COUNT =
"cryostat.agent.webclient.response.retry-count";

public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED =
"cryostat.agent.webclient.tls.required";

public static final String CRYOSTAT_AGENT_WEBSERVER_HOST = "cryostat.agent.webserver.host";
public static final String CRYOSTAT_AGENT_WEBSERVER_PORT = "cryostat.agent.webserver.port";
public static final String CRYOSTAT_AGENT_WEBSERVER_TLS_VERSION =
Expand Down Expand Up @@ -232,8 +235,6 @@ public abstract class ConfigModule {
"(?<host>[A-Za-z0-9-.]+)(?:\\[(?<script>.+)\\])?";
private static final Pattern HOST_SCRIPT_PATTERN = Pattern.compile(HOST_SCRIPT_PATTERN_STRING);

public static final String CRYOSTAT_AGENT_TLS_ENABLED = "cryostat.agent.tls.enabled";

@Provides
@Singleton
public static Config provideConfig() {
Expand Down Expand Up @@ -963,9 +964,9 @@ public static long provideCryostatSmartTriggerEvaluationPeriodMs(Config config)

@Provides
@Singleton
@Named(CRYOSTAT_AGENT_TLS_ENABLED)
@Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED)
public static boolean provideCryostatAgentTlsEnabled(Config config) {
return config.getValue(CRYOSTAT_AGENT_TLS_ENABLED, boolean.class);
return config.getValue(CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED, boolean.class);
}

public enum URIRange {
Expand Down
8 changes: 4 additions & 4 deletions src/main/java/io/cryostat/agent/MainModule.java
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ public static SSLContext provideClientSslContext(
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_MANAGER_TYPE)
String clientAuthKeyManagerType,
@Named(ConfigModule.CRYOSTAT_AGENT_BASEURI) URI baseUri,
@Named(ConfigModule.CRYOSTAT_AGENT_TLS_ENABLED) boolean tlsEnabled) {
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED) boolean tlsEnabled) {
try {
KeyManager[] keyManagers = null;
if (clientAuthCertPath.isPresent() && clientAuthKeyPath.isPresent() && tlsEnabled) {
Expand All @@ -247,7 +247,7 @@ public static SSLContext provideClientSslContext(
String.format(
"If TLS is enabled via the (%s) property, the base URI (%s)"
+ " must be an https connection.",
ConfigModule.CRYOSTAT_AGENT_TLS_ENABLED,
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED,
ConfigModule.CRYOSTAT_AGENT_BASEURI));
}
KeyStore ks = KeyStore.getInstance(clientAuthKeystoreType);
Expand Down Expand Up @@ -322,7 +322,7 @@ public static SSLContext provideClientSslContext(
+ " must be true as well.",
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_CERT_PATH,
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PATH,
ConfigModule.CRYOSTAT_AGENT_TLS_ENABLED));
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED));
}

X509TrustManager trustManager = null;
Expand Down Expand Up @@ -625,7 +625,7 @@ public static HttpClient provideHttpClient(
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_CONNECT_TIMEOUT_MS) int connectTimeout,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_TIMEOUT_MS) int responseTimeout,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_COUNT) int retryCount,
@Named(ConfigModule.CRYOSTAT_AGENT_TLS_ENABLED) boolean tlsEnabled) {
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED) boolean tlsEnabled) {
SSLConnectionSocketFactory sslSocketFactory =
new SSLConnectionSocketFactory(
sslContext,
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/META-INF/microprofile-config.properties
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ cryostat.agent.webclient.response.retry-count=3
cryostat.agent.webclient.tls.version=TLSv1.2
cryostat.agent.webclient.tls.trust-all=false
cryostat.agent.webclient.tls.verify-hostname=true
cryostat.agent.webclient.tls.required=true
cryostat.agent.webclient.tls.truststore.type=JKS
cryostat.agent.webclient.tls.truststore.pass-charset=utf-8

Expand Down Expand Up @@ -83,4 +84,3 @@ cryostat.agent.harvester.max-size-b=0
cryostat.agent.smart-trigger.definitions=
cryostat.agent.smart-trigger.evaluation.period-ms=1000

cryostat.agent.tls.enabled=true

0 comments on commit 1694b6a

Please sign in to comment.