Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow TLS certificate reloading for the HTTP server #38608

Merged
merged 1 commit into from
Feb 7, 2024
Merged

Allow TLS certificate reloading for the HTTP server #38608

merged 1 commit into from
Feb 7, 2024

Conversation

cescoffier
Copy link
Member

@cescoffier cescoffier commented Feb 6, 2024
edited
Loading

Key store, trust store and certificate files can be reloaded periodically.
The period is configured using the quarkus.http.ssl.certificate.reload-period property.

The files are reloaded from the same location as they were initially loaded from.
If there is no content change, the reloading is a no-op.
It the reloading fails, the server will continue to use the previous certificates.

Fix #15926.

@cescoffier cescoffier requested a review from geoand February 6, 2024 14:09
geoand
geoand reviewed Feb 6, 2024
View reviewed changes
Copy link
Contributor

@geoand geoand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff!

I added a couple questions

...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloadUtils.java Outdated Show resolved Hide resolved
...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloadUtils.java Outdated Show resolved Hide resolved
...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloadUtils.java Outdated Show resolved Hide resolved
@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 6, 2024
edited
Loading

🙈 The PR is closed and the preview is expired.

@cescoffier
Allow TLS certificate reloading for the HTTP server
6ab3ced 
Key store, trust store and certificate files can be reloaded periodically.
The period is configured using the `quarkus.http.ssl.certificate.reload-period` property.

The files are reloaded from the same location as they were initially loaded from.
If there is no content change, the reloading is a no-op.
It the reloading fails, the server will continue to use the previous certificates.
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Feb 6, 2024

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 6ab3ced.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

⚠️ There are other check runs running, make sure you don't need to wait for their status before merging.

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Feb 6, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 6ab3ced.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Flaky tests - Develocity

⚙️ JVM Tests - JDK 21

📦 extensions/smallrye-reactive-messaging-kafka/deployment

io.quarkus.smallrye.reactivemessaging.kafka.deployment.dev.KafkaDevServicesDevModeTestCase.sseStream - History

  • Assertion condition Expecting size of: [] to be greater than or equal to 2 but was 0 within 10 seconds. - org.awaitility.core.ConditionTimeoutException
org.awaitility.core.ConditionTimeoutException: 
Assertion condition 
Expecting size of:
  []
to be greater than or equal to 2 but was 0 within 10 seconds.
	at org.awaitility.core.ConditionAwaiter.await(ConditionAwaiter.java:167)
	at org.awaitility.core.AssertionCondition.await(AssertionCondition.java:119)
	at org.awaitility.core.AssertionCondition.await(AssertionCondition.java:31)

@cescoffier cescoffier merged commit 95ac381 into quarkusio:main Feb 7, 2024
52 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Feb 7, 2024
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Feb 7, 2024
@cescoffier cescoffier deleted the http-tls-reload branch February 7, 2024 07:11
@vmuzikar vmuzikar mentioned this pull request Feb 9, 2024
Closed
@gsmet
Copy link
Member

gsmet commented Feb 13, 2024

In the end, it was decided not to backport it.

@gsmet
Copy link
Member

gsmet commented Feb 27, 2024

If we backport this one, we will also need this one: #39026

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin left review comments

@geoand geoand geoand approved these changes

Assignees
No one assigned
Labels
area/documentation area/security area/vertx kind/enhancement New feature or request release/noteworthy-feature triage/flaky-test
Projects
Quarkus Documentation
Status: Done
Milestone
3.9.0.CR1
Development

Successfully merging this pull request may close these issues.

Hot Reload for TLS Keystore
5 participants
@cescoffier @gsmet @sberyozkin @geoand @gastaldi