[ https://issues.apache.org/jira/browse/DISPATCH-1903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17258920#comment-17258920 ]
Ted Ross commented on DISPATCH-1903: ------------------------------------ +1 [~chug] I would add one more policy value that simply enables the feature, probably defaulted to "disabled". These policy attributes should be held per-vhost. I think the common use case will use a default vhost for a "localhost" listener that enables this feature. That will allow a same-system or same-pod controller to make runtime updates to ssl-profiles while preventing any remote access to the feature. This is planned as a write-only feature (as [~chug] mentioned). There will be no read-back access to the temporary files. It should also be noted that this feature cannot be used to overwrite pre-configured ssl-profile certificate files. > Remote upload of certificate files for new TLS configurations > ------------------------------------------------------------- > > Key: DISPATCH-1903 > URL: https://issues.apache.org/jira/browse/DISPATCH-1903 > Project: Qpid Dispatch > Issue Type: New Feature > Components: Container > Reporter: Ted Ross > Assignee: Ted Ross > Priority: Major > Fix For: 1.15.0 > > > Currently, when using the management protocol to create new SSL-profiles, > those profiles must access certificate files that are already placed in the > file system. In other words, in order to create an SSL-profile on a running > router, files must first be placed on the file system in a location > accessible by the router. This may be problematic in cases where the router > is remote from the managing agent, or when containerization limits access to > the router's underlying file system. > This new feature allows a managing agent to remotely inject files into a > running router to be stored in temporary file storage. These files are > usable in sslProfile management entities (by specifying the files without an > absolute path). The temporary files are removed from the file system on > router shutdown. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org