Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a mechanism to skip SSL verification #4083

Closed
wants to merge 6 commits into from
Closed

Implement a mechanism to skip SSL verification #4083

wants to merge 6 commits into from

Conversation

Haarolean
Copy link
Contributor

@Haarolean Haarolean commented Aug 2, 2023
edited
Loading

  • Breaking change? (if so, please describe the impact and migration path for existing application instances)

What changes did you make? (Give an overview)
Closes #4082

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • No need to
  • Manually (please, describe, if necessary)
  • Unit checks
  • Integration checks
  • Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
  • My changes generate no new warnings (e.g. Sonar is happy)
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

@Haarolean Haarolean added type/enhancement En enhancement to an already existing feature scope/backend labels Aug 2, 2023
@Haarolean Haarolean self-assigned this Aug 2, 2023
@Haarolean Haarolean requested a review from a team as a code owner August 2, 2023 12:42
@github-actions
Copy link

github-actions bot commented Aug 2, 2023

Image published at public.ecr.aws/provectus/kafka-ui-custom-build:4083

iliax
iliax suggested changes Aug 3, 2023
View reviewed changes
kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/KafkaClientSslPropertiesUtil.java Outdated
Comment on lines 17 to 35
if (truststoreConfig == null) {
return;
}

if (!truststoreConfig.isVerifySsl()) {
sink.put(SSL_ENGINE_FACTORY_CLASS_CONFIG, InsecureSslEngineFactory.class);
return;
}

if (truststoreConfig.getTruststoreLocation() == null) {
return;
}

sink.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststoreConfig.getTruststoreLocation());

if (truststoreConfig.getTruststorePassword() != null) {
sink.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, truststoreConfig.getTruststorePassword());
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets maybe avoid extensive spaces usage here

iliax
iliax suggested changes Aug 3, 2023
View reviewed changes
kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/ClustersProperties.java
@@ -101,6 +109,16 @@ public static class SchemaRegistryAuth {
public static class TruststoreConfig {
String truststoreLocation;
String truststorePassword;
boolean verifySsl = true;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we also need to add property to kafka-ui-api.yaml

@github-actions
Copy link

github-actions bot commented Aug 4, 2023

Image published at public.ecr.aws/provectus/kafka-ui-custom-build:4083

@github-actions
Copy link

github-actions bot commented Aug 8, 2023

Image published at public.ecr.aws/provectus/kafka-ui-custom-build:4083

iliax
iliax suggested changes Aug 24, 2023
View reviewed changes
kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/KafkaClientSslPropertiesUtil.java
Comment on lines +19 to +21
if (truststoreConfig.getTruststoreLocation() == null) {
return;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if verifySsl set to false ? Looks like truststoreConfig.isVerifySsl() check should go before this..

kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/WebClientConfigurator.java
Comment on lines +105 to +114
@SneakyThrows
public WebClientConfigurator configureNoSsl() {
var contextBuilder = SslContextBuilder.forClient();
contextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);

SslContext context = contextBuilder.build();

httpClient = httpClient.secure(t -> t.sslContext(context));
return this;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pls simplify

@Haarolean Haarolean removed their assignment Sep 24, 2023
@Haarolean Haarolean closed this Jan 19, 2024
@fallen-up fallen-up mentioned this pull request Apr 4, 2024
Closed
4 tasks
@Haarolean Haarolean mentioned this pull request Apr 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iliax iliax iliax requested changes

Assignees
No one assigned
Labels
scope/backend status/image_testing type/enhancement En enhancement to an already existing feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement a mechanism to skip SSL verification
2 participants
@Haarolean @iliax