[jira] [Work logged] (KNOX-3276) Add new config that controls TLS settings in CM client

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3276?focusedWorklogId=1009116&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1009116
 ]

ASF GitHub Bot logged work on KNOX-3276:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 11/Mar/26 15:00
            Start Date: 11/Mar/26 15:00
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #1175:
URL: https://github.com/apache/knox/pull/1175

   [KNOX-3276:](https://issues.apache.org/jira/browse/KNOX-3276) - New config 
for CM client SSL configs
   
   ## What changes were proposed in this pull request?
   
   ### Summary
   
   This change introduces **dedicated SSL protocol and cipher configuration for 
the Cloudera Manager discovery client**.
   
   ### Changes
   - Added new gateway configuration properties:
     - `gateway.cloudera.manager.service.discovery.ssl.protocols`
     - `gateway.cloudera.manager.service.discovery.ssl.ciphers`
   - Added new configuration methods to `GatewayConfig`:
     - `getClouderaManagerClientSSLProtocols()`
     - `getClouderaManagerClientSSLCiphers()`
   - Updated `DiscoveryApiClient` to use these new configuration methods when 
building the OkHttp TLS `ConnectionSpec`.
   - Refactored TLS setup logic into helper methods:
     - `configureSslProtocols`
     - `configureSslCiphers`
   - Added DEBUG-level logging to indicate which SSL protocols and ciphers are 
used and whether they were explicitly configured.
   - Updated tests and test configuration classes to use the new configuration 
methods.
   
   ### Default behavior
   - If the new CM-specific properties are **not configured**, the discovery 
client falls back to:
     - the gateway-wide `includedSSLProtocols`
     - the gateway-wide `includedSSLCiphers`
   - If those are also empty, the client uses the **SSLContext supported 
protocols and cipher suites**.
   
   ### Impact
   Allows **independent TLS configuration for the Cloudera Manager discovery 
client** without affecting other gateway TLS settings.
   
   ## How was this patch tested?
   
   Ran existing unit tests.
   
   ## Integration Tests
   N/A
   
   ## UI changes
   N/A
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 1009116)
    Remaining Estimate: 0h
            Time Spent: 10m

> Add new config that controls TLS settings in CM client
> ------------------------------------------------------
>
>                 Key: KNOX-3276
>                 URL: https://issues.apache.org/jira/browse/KNOX-3276
>             Project: Apache Knox
>          Issue Type: Task
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> As of today, Knox uses its own server-side TLS configuration in 
> DiscoveryApiClient when it comes to configuring SSL between Knox and CM.
> However, this might not overlap and CM uses a separate set of TLS 
> ciphers/protocols. To address that, we will need to add new configs to 
> control the SSL settings within the CM API client.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)