oscerd opened a new issue, #2791:
URL: https://github.com/apache/camel-kamelets/issues/2791
## Description
The OpenSearch Kamelets (`opensearch-index-sink` and
`opensearch-search-source`) currently expose only basic TLS configuration:
- `enableSSL` (boolean)
- `certificate` (base64-encoded certificate)
Users with enterprise security requirements need additional TLS/mTLS
capabilities that are available on the underlying `camel-opensearch` component
but not surfaced by these Kamelets:
- TLS version specification (TLS 1.2 / 1.3)
- Custom cipher suites
- Client certificate authentication (mTLS)
- Custom trust stores / key stores
- Certificate validation options (hostname verification, etc.)
Originally requested against the
`camel-opensearch-index-sink-kafka-connector`:
apache/camel-kafka-connector#1723. The same gap exists in the Kamelets shipped
by this repository.
## Expected Behavior
The OpenSearch Kamelets should expose the advanced TLS/mTLS options
supported by the `camel-opensearch` component (or a SSLContextParameters bean
reference) so that users can configure:
- mTLS via client keystore (path/content, password, type)
- Trust store configuration (path/content, password, type)
- TLS protocol version and cipher suite selection
- Hostname verification / certificate validation toggles
One approach is to add Kamelet properties mapped to the component's SSL
parameters; another is to allow referencing a pre-configured
`SSLContextParameters` bean.
## Additional Context
- Affected Kamelets:
- `kamelets/opensearch-index-sink.kamelet.yaml`
- `kamelets/opensearch-search-source.kamelet.yaml`
- Underlying component: `camel:opensearch`
- Reference issue: apache/camel-kafka-connector#1723
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
