[ 
https://issues.apache.org/jira/browse/CAMEL-24050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

chio chuan ooi updated CAMEL-24050:
-----------------------------------
    Description: 
{{{}ZeebeService{}}}'s OAuth setup conflates two independent concerns — 
authentication and transport encryption — into a single branch:


{code:java}
if (clientId != null) {
    OAuthCredentialsProvider credentialsProvider = new 
OAuthCredentialsProviderBuilder()
            .authorizationServerUrl(oAuthAPI)
            .audience(gatewayAddress)
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build();

    zeebeClient = ZeebeClient.newClientBuilder()
            .gatewayAddress(gatewayAddress)
            .credentialsProvider(credentialsProvider)
            .build();
} else {
    zeebeClient = ZeebeClient.newClientBuilder()
            .gatewayAddress(gatewayAddress)
            .usePlaintext()
            .build();
}
{code}
{{ZeebeClient.newClientBuilder()}} defaults to TLS unless {{.usePlaintext()}} 
is explicitly called. The {{if (clientId != null)}} branch never calls 
{{{}.usePlaintext(){}}}, which hardcodes an assumption that {*}using OAuth 
always implies TLS{*}.

it should allow the usePlaintext and oAuth configuration as seperate parameter. 

it should be 
{code:java}
import io.camunda.zeebe.client.ZeebeClientBuilder;

    public void doStart() {
        String gatewayAddress = String.format("%s:%d", gatewayHost, 
gatewayPort);

        ZeebeClientBuilder builder = ZeebeClient.newClientBuilder()
                .gatewayAddress(gatewayAddress);

        if (clientId != null) {
            OAuthCredentialsProvider credentialsProvider = new 
OAuthCredentialsProviderBuilder()
                    .authorizationServerUrl(oAuthAPI)
                    .audience(gatewayAddress)
                    .clientId(clientId)
                    .clientSecret(clientSecret)
                    .build();
            builder.credentialsProvider(credentialsProvider);
        }

        if (usePlaintext) {
            builder.usePlaintext();
        }

        zeebeClient = builder.build();

        if (managedChannel == null) {
            managedChannel = ManagedChannelBuilder.forAddress(gatewayHost, 
gatewayPort)
                    .usePlaintext()
                    .build();
        }
    }
{code}

  was:
{{{}ZeebeService{}}}'s OAuth setup conflates two independent concerns — 
authentication and transport encryption — into a single branch:


{code:java}
if (clientId != null) {
    OAuthCredentialsProvider credentialsProvider = new 
OAuthCredentialsProviderBuilder()
            .authorizationServerUrl(oAuthAPI)
            .audience(gatewayAddress)
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build();

    zeebeClient = ZeebeClient.newClientBuilder()
            .gatewayAddress(gatewayAddress)
            .credentialsProvider(credentialsProvider)
            .build();
} else {
    zeebeClient = ZeebeClient.newClientBuilder()
            .gatewayAddress(gatewayAddress)
            .usePlaintext()
            .build();
}
{code}
{{ZeebeClient.newClientBuilder()}} defaults to TLS unless {{.usePlaintext()}} 
is explicitly called. The {{if (clientId != null)}} branch never calls 
{{{}.usePlaintext(){}}}, which hardcodes an assumption that {*}using OAuth 
always implies TLS{*}.

it should allow the usePlaintext and oAuth configuration as seperate parameter. 

it should be 
{code:java}
ZeebeClient.Builder builder = ZeebeClient.newClientBuilder()
        .gatewayAddress(gatewayAddress);

if (clientId != null) {
    OAuthCredentialsProvider credentialsProvider = new 
OAuthCredentialsProviderBuilder()
            .authorizationServerUrl(oAuthAPI)
            .audience(gatewayAddress)
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build();
    builder.credentialsProvider(credentialsProvider);
}

if (usePlaintext) {
    builder.usePlaintext();
}

zeebeClient = builder.build();
{code}


> camel-zeebe: allow OAuth credentials and plaintext gRPC to be configured 
> independently
> --------------------------------------------------------------------------------------
>
>                 Key: CAMEL-24050
>                 URL: https://issues.apache.org/jira/browse/CAMEL-24050
>             Project: Camel
>          Issue Type: Improvement
>    Affects Versions: 4.18.3
>            Reporter: chio chuan ooi
>            Priority: Minor
>
> {{{}ZeebeService{}}}'s OAuth setup conflates two independent concerns — 
> authentication and transport encryption — into a single branch:
> {code:java}
> if (clientId != null) {
>     OAuthCredentialsProvider credentialsProvider = new 
> OAuthCredentialsProviderBuilder()
>             .authorizationServerUrl(oAuthAPI)
>             .audience(gatewayAddress)
>             .clientId(clientId)
>             .clientSecret(clientSecret)
>             .build();
>     zeebeClient = ZeebeClient.newClientBuilder()
>             .gatewayAddress(gatewayAddress)
>             .credentialsProvider(credentialsProvider)
>             .build();
> } else {
>     zeebeClient = ZeebeClient.newClientBuilder()
>             .gatewayAddress(gatewayAddress)
>             .usePlaintext()
>             .build();
> }
> {code}
> {{ZeebeClient.newClientBuilder()}} defaults to TLS unless {{.usePlaintext()}} 
> is explicitly called. The {{if (clientId != null)}} branch never calls 
> {{{}.usePlaintext(){}}}, which hardcodes an assumption that {*}using OAuth 
> always implies TLS{*}.
> it should allow the usePlaintext and oAuth configuration as seperate 
> parameter. 
> it should be 
> {code:java}
> import io.camunda.zeebe.client.ZeebeClientBuilder;
>     public void doStart() {
>         String gatewayAddress = String.format("%s:%d", gatewayHost, 
> gatewayPort);
>         ZeebeClientBuilder builder = ZeebeClient.newClientBuilder()
>                 .gatewayAddress(gatewayAddress);
>         if (clientId != null) {
>             OAuthCredentialsProvider credentialsProvider = new 
> OAuthCredentialsProviderBuilder()
>                     .authorizationServerUrl(oAuthAPI)
>                     .audience(gatewayAddress)
>                     .clientId(clientId)
>                     .clientSecret(clientSecret)
>                     .build();
>             builder.credentialsProvider(credentialsProvider);
>         }
>         if (usePlaintext) {
>             builder.usePlaintext();
>         }
>         zeebeClient = builder.build();
>         if (managedChannel == null) {
>             managedChannel = ManagedChannelBuilder.forAddress(gatewayHost, 
> gatewayPort)
>                     .usePlaintext()
>                     .build();
>         }
>     }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to