smolnar82 opened a new pull request, #1175: URL: https://github.com/apache/knox/pull/1175
[KNOX-3276:](https://issues.apache.org/jira/browse/KNOX-3276) - New config for CM client SSL configs ## What changes were proposed in this pull request? ### Summary This change introduces **dedicated SSL protocol and cipher configuration for the Cloudera Manager discovery client**. ### Changes - Added new gateway configuration properties: - `gateway.cloudera.manager.service.discovery.ssl.protocols` - `gateway.cloudera.manager.service.discovery.ssl.ciphers` - Added new configuration methods to `GatewayConfig`: - `getClouderaManagerClientSSLProtocols()` - `getClouderaManagerClientSSLCiphers()` - Updated `DiscoveryApiClient` to use these new configuration methods when building the OkHttp TLS `ConnectionSpec`. - Refactored TLS setup logic into helper methods: - `configureSslProtocols` - `configureSslCiphers` - Added DEBUG-level logging to indicate which SSL protocols and ciphers are used and whether they were explicitly configured. - Updated tests and test configuration classes to use the new configuration methods. ### Default behavior - If the new CM-specific properties are **not configured**, the discovery client falls back to: - the gateway-wide `includedSSLProtocols` - the gateway-wide `includedSSLCiphers` - If those are also empty, the client uses the **SSLContext supported protocols and cipher suites**. ### Impact Allows **independent TLS configuration for the Cloudera Manager discovery client** without affecting other gateway TLS settings. ## How was this patch tested? Ran existing unit tests. ## Integration Tests N/A ## UI changes N/A -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
