[
https://issues.apache.org/jira/browse/CAMEL-24050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
chio chuan ooi updated CAMEL-24050:
-----------------------------------
Description:
{{{}ZeebeService{}}}'s OAuth setup conflates two independent concerns —
authentication and transport encryption — into a single branch:
{code:java}
if (clientId != null) {
OAuthCredentialsProvider credentialsProvider = new
OAuthCredentialsProviderBuilder()
.authorizationServerUrl(oAuthAPI)
.audience(gatewayAddress)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
zeebeClient = ZeebeClient.newClientBuilder()
.gatewayAddress(gatewayAddress)
.credentialsProvider(credentialsProvider)
.build();
} else {
zeebeClient = ZeebeClient.newClientBuilder()
.gatewayAddress(gatewayAddress)
.usePlaintext()
.build();
}
{code}
{{ZeebeClient.newClientBuilder()}} defaults to TLS unless {{.usePlaintext()}}
is explicitly called. The {{if (clientId != null)}} branch never calls
{{{}.usePlaintext(){}}}, which hardcodes an assumption that {*}using OAuth
always implies TLS{*}.
it should allow the usePlaintext and oAuth configuration as seperate parameter.
it should be
{code:java}
import io.camunda.zeebe.client.ZeebeClientBuilder;
public void doStart() {
String gatewayAddress = String.format("%s:%d", gatewayHost,
gatewayPort);
ZeebeClientBuilder builder = ZeebeClient.newClientBuilder()
.gatewayAddress(gatewayAddress);
if (clientId != null) {
OAuthCredentialsProvider credentialsProvider = new
OAuthCredentialsProviderBuilder()
.authorizationServerUrl(oAuthAPI)
.audience(gatewayAddress)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
builder.credentialsProvider(credentialsProvider);
}
if (usePlaintext) {
builder.usePlaintext();
}
zeebeClient = builder.build();
if (managedChannel == null) {
managedChannel = ManagedChannelBuilder.forAddress(gatewayHost,
gatewayPort)
.usePlaintext()
.build();
}
}
{code}
was:
{{{}ZeebeService{}}}'s OAuth setup conflates two independent concerns —
authentication and transport encryption — into a single branch:
{code:java}
if (clientId != null) {
OAuthCredentialsProvider credentialsProvider = new
OAuthCredentialsProviderBuilder()
.authorizationServerUrl(oAuthAPI)
.audience(gatewayAddress)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
zeebeClient = ZeebeClient.newClientBuilder()
.gatewayAddress(gatewayAddress)
.credentialsProvider(credentialsProvider)
.build();
} else {
zeebeClient = ZeebeClient.newClientBuilder()
.gatewayAddress(gatewayAddress)
.usePlaintext()
.build();
}
{code}
{{ZeebeClient.newClientBuilder()}} defaults to TLS unless {{.usePlaintext()}}
is explicitly called. The {{if (clientId != null)}} branch never calls
{{{}.usePlaintext(){}}}, which hardcodes an assumption that {*}using OAuth
always implies TLS{*}.
it should allow the usePlaintext and oAuth configuration as seperate parameter.
it should be
{code:java}
ZeebeClient.Builder builder = ZeebeClient.newClientBuilder()
.gatewayAddress(gatewayAddress);
if (clientId != null) {
OAuthCredentialsProvider credentialsProvider = new
OAuthCredentialsProviderBuilder()
.authorizationServerUrl(oAuthAPI)
.audience(gatewayAddress)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
builder.credentialsProvider(credentialsProvider);
}
if (usePlaintext) {
builder.usePlaintext();
}
zeebeClient = builder.build();
{code}
> camel-zeebe: allow OAuth credentials and plaintext gRPC to be configured
> independently
> --------------------------------------------------------------------------------------
>
> Key: CAMEL-24050
> URL: https://issues.apache.org/jira/browse/CAMEL-24050
> Project: Camel
> Issue Type: Improvement
> Affects Versions: 4.18.3
> Reporter: chio chuan ooi
> Priority: Minor
>
> {{{}ZeebeService{}}}'s OAuth setup conflates two independent concerns —
> authentication and transport encryption — into a single branch:
> {code:java}
> if (clientId != null) {
> OAuthCredentialsProvider credentialsProvider = new
> OAuthCredentialsProviderBuilder()
> .authorizationServerUrl(oAuthAPI)
> .audience(gatewayAddress)
> .clientId(clientId)
> .clientSecret(clientSecret)
> .build();
> zeebeClient = ZeebeClient.newClientBuilder()
> .gatewayAddress(gatewayAddress)
> .credentialsProvider(credentialsProvider)
> .build();
> } else {
> zeebeClient = ZeebeClient.newClientBuilder()
> .gatewayAddress(gatewayAddress)
> .usePlaintext()
> .build();
> }
> {code}
> {{ZeebeClient.newClientBuilder()}} defaults to TLS unless {{.usePlaintext()}}
> is explicitly called. The {{if (clientId != null)}} branch never calls
> {{{}.usePlaintext(){}}}, which hardcodes an assumption that {*}using OAuth
> always implies TLS{*}.
> it should allow the usePlaintext and oAuth configuration as seperate
> parameter.
> it should be
> {code:java}
> import io.camunda.zeebe.client.ZeebeClientBuilder;
> public void doStart() {
> String gatewayAddress = String.format("%s:%d", gatewayHost,
> gatewayPort);
> ZeebeClientBuilder builder = ZeebeClient.newClientBuilder()
> .gatewayAddress(gatewayAddress);
> if (clientId != null) {
> OAuthCredentialsProvider credentialsProvider = new
> OAuthCredentialsProviderBuilder()
> .authorizationServerUrl(oAuthAPI)
> .audience(gatewayAddress)
> .clientId(clientId)
> .clientSecret(clientSecret)
> .build();
> builder.credentialsProvider(credentialsProvider);
> }
> if (usePlaintext) {
> builder.usePlaintext();
> }
> zeebeClient = builder.build();
> if (managedChannel == null) {
> managedChannel = ManagedChannelBuilder.forAddress(gatewayHost,
> gatewayPort)
> .usePlaintext()
> .build();
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)