Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforcer truststore should trust ca root certs #3088

Merged
merged 8 commits into from
Oct 21, 2022
Merged

Enforcer truststore should trust ca root certs #3088

merged 8 commits into from
Oct 21, 2022

Conversation

Amila-Rukshan
Copy link
Contributor

@Amila-Rukshan Amila-Rukshan commented Sep 29, 2022
edited
Loading

Purpose

Added a method to load the trusted root certificates in the <javahome>/lib/security/cacerts location to the existing truststore.

Made cert trusting method configurable via env config

env variable name values default value
TRUST_DEFAULT_CERTS true / false true

Ex:
Docker compose config:

enforcer:
    hostname: enforcer
    image: wso2/choreo-connect-enforcer:1.2.0-m1-SNAPSHOT
    ...
    ...
    environment:
      ...
      ...
      - TRUSTED_CA_CERTS_PATH=/home/wso2/security/truststore
      - TRUST_DEFAULT_CERTS=false
      ...

k8s config:

...
spec:
      containers:
        - name: choreo-connect-enforcer
          ...
          image: wso2/choreo-connect-enforcer:1.2.0-m1-SNAPSHOT
         ...
          env:
            ...
            ...
            - name: TRUSTED_CA_CERTS_PATH
              value: "/home/wso2/security/truststore"
            - name: TRUST_DEFAULT_CERTS
              value: "false"
            ...

Issues

Fixes #

Automation tests

  • Unit tests added: Yes/No
  • Integration tests added: Yes/No

Tested environments

Not Tested

Maintainers: Check before merge

  • Assigned 'Type' label
  • Assigned the project
  • Validated respective github issues
  • Assigned milestone to the github issue(s)

@Amila-Rukshan Amila-Rukshan changed the title Enforcer ca truststore should trust ca certs Enforcer truststore should trust ca root certs Sep 29, 2022
@pubudu538
Copy link
Contributor

We need to update docs as well.

@Amila-Rukshan Amila-Rukshan mentioned this pull request Oct 6, 2022
Merged
pubudu538
pubudu538 previously approved these changes Oct 14, 2022
View reviewed changes
VirajSalaka
VirajSalaka previously approved these changes Oct 17, 2022
View reviewed changes
@Amila-Rukshan Amila-Rukshan dismissed stale reviews from VirajSalaka and pubudu538 via c4c6dae October 21, 2022 04:16
@Amila-Rukshan Amila-Rukshan merged commit 12b81d7 into wso2:main Oct 21, 2022
slahirucd7 added a commit to slahirucd7/product-microgateway that referenced this pull request Nov 2, 2022
@slahirucd7
oRevert "Merge pull request wso2#3088 from Amila-Rukshan/enforcer-ca-…
64fe246 
…truststore"

This reverts commit 12b81d7, reversing
changes made to 06336f0.
slahirucd7 added a commit to slahirucd7/product-microgateway that referenced this pull request Nov 2, 2022
@slahirucd7
Revert "oRevert "Merge pull request wso2#3088 from Amila-Rukshan/enfo…
7f7d4d3 
…rcer-ca-truststore""

This reverts commit 64fe246.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VajiraPrabuddhaka VajiraPrabuddhaka VajiraPrabuddhaka approved these changes

@pubudu538 pubudu538 Awaiting requested review from pubudu538 pubudu538 is a code owner

@VirajSalaka VirajSalaka Awaiting requested review from VirajSalaka

Assignees
No one assigned
Labels
Type/Improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Amila-Rukshan @pubudu538 @VajiraPrabuddhaka @VirajSalaka