Felix,
On 5/22/24 14:11, Felix Schumacher wrote:
Am 21.05.24 um 19:50 schrieb Christopher Schultz:
All,
I've been playing with this PropertySource and I'm wondering if it
could be improved a little.
First of all, it uses an environment variable SERVICE_BINDING_ROOT
which is in line with the service binding standard which is documented
https://servicebinding.io/. Environment variables are a little icky in
Java, so I'd like to do one or more of the following:
1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT
environment variable *or* a system property with an appropriate name
such as service.binding.root, with the system property overriding the
environment variable.
This will allow software to use e.g. catalina.properties to define
service.binding.root instead of using an environment variable which
may be awkward in certain environments.
2. Have ServiceBindingPropertySource fall-back to system property
resolution if no matching file is found. Maybe we should do this with
all PropertySource classes provided by Tomcat?
3. If the SERVICE_BINDING_ROOT environment variable is being used,
copy its value into a system property. This will allow application
software or Tomcat itself to use the file reference as necessary. For
example:
<SSLHostConfig>
<Certificate
certificateKeyFile="${service.binding.root}/myapp/cert.key"
certificateFile="${service.binding.root}/myapp/cert.crt"
...
</Certificate>
</SSLHostConfig>
Without this capability, the application must:
<SSLHostConfig>
<Certificate certificateKeyFile="${custom-certificate.keyFile}"
certificateFile="${custom-certificate.file}"
..
Why would you have to do this? Could not you use
"${path-to-cert-dir}/cert.key"? Where path-to-cert-dir is some sensible
name and the value contains (surprise) the path to the directory in
which cert and key are living happily together.
You can absolutely use this, but Tomcat doesn't let you use environment
variables in ${...} expressions. The ServiceBindingPropertySource only
knows about one environment variable: SERVICE_BINDING_ROOT. The
application can't use that to specify any paths directly. Instead, you'd
have to let SBPS resolve a file for you, then read the "value" of the
config attribute from the file, and that value needs to be a path
itself. So you have to have a file which contains nothing other than
another file path. And it's gotta be fully-qualified. And it can't use
replacements such as ${SERVICE_BINDING_ROOT}/myapp/my.key.
I'm just trying to remove the middle-man because I see it as needless
extra work on the part of the admin /and/ Tomcat plus the downside that
everything needs to be fully-qualified which reduces flexibility.
Apart from that, as Remy pointed out, kubernetes people have no problem
with env variables.
So maybe the whole ask here is "copy $SERVICE_BINDING_ROOT to
-Dservice.binding.root somewhere". That could be catalina.sh/bat or
maybe during ServiceBindingPropertySource initialization, which I think
is probably a better place for it.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
