Skip to content

Commit

Permalink
Docs and formatting fixes, deprecate old properties
Browse files Browse the repository at this point in the history
  • Loading branch information
jmartisk committed Oct 15, 2024
1 parent 1578da4 commit 3375bb2
Show file tree
Hide file tree
Showing 8 changed files with 105 additions and 70 deletions.
17 changes: 13 additions & 4 deletions docs/src/main/asciidoc/tls-registry-reference.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ ifndef::no-reactive-routes[]
, or Reactive Routes
endif::no-reactive-routes[]
.
The TLS Registry extension is automatically included in your project when you use compatible extensions, such as Quarkus REST, gRPC, SmallRye GraphQL Client, or Reactive Routes.

As a result, applications that use the TLS Registry can be ready to handle secure communications out of the box.
TLS Registry also provides features like automatic certificate reloading, Let's Encrypt (ACME) integration, Kubernetes Cert-Manager support, and compatibility with various keystore formats, such as PKCS12, PEM, and JKS.

Expand Down Expand Up @@ -155,9 +155,18 @@ quarkus.grpc.clients.hello.tls-configuration-name=MY_TLS_CONFIGURATION
----
quarkus.smallrye-graphql-client.my-client.tls-configuration-name=MY_TLS_CONFIGURATION
----
> [NOTE]
> When using the Typesafe GraphQL client with a certificate reloading mechanism (see <<reloading-certificates>>), it is essential to override the bean's scope to `RequestScoped` (or another similar scope). By default, the Typesafe client is an application-scoped bean.
> This guarantees that each new instance of the bean created after a certificate reload will be configured with the latest certificate.

[NOTE]
====
When using the Typesafe GraphQL client with a certificate

Check warning on line 161 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.TermsSuggestions] Depending on the context, consider using 'by using' or 'that uses' rather than 'using'. Raw Output: {"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'by using' or 'that uses' rather than 'using'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 161, "column": 5}}}, "severity": "INFO"}

Check warning on line 161 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.Spelling] Use correct American English spelling. Did you really mean 'Typesafe'? Raw Output: {"message": "[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'Typesafe'?", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 161, "column": 16}}}, "severity": "WARNING"}
reloading mechanism (see <<reloading-certificates>>), it is essential to
override the bean's scope to `RequestScoped` (or another similar scope
shorter than application). This is because by default, the Typesafe client is an

Check warning on line 164 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.Spelling] Use correct American English spelling. Did you really mean 'Typesafe'? Raw Output: {"message": "[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'Typesafe'?", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 164, "column": 60}}}, "severity": "WARNING"}
application-scoped bean, so shortening the scope guarantees that new instances of the bean
created after a certificate reload will be configured with the latest
certificate. Dynamic clients are `@Dependent` scoped, so you should
inject them into components with an appropriate scope.
====

== Configuring TLS

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,23 +74,37 @@ void setupServiceProviders(BuildProducer<ServiceProviderBuildItem> services) {
.allProvidersFromClassPath("io.smallrye.graphql.client.typesafe.api.TypesafeGraphQLClientBuilder"));
services.produce(ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.dynamic.api.DynamicGraphQLClientBuilder"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.ArgumentFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.DirectiveFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.DirectiveArgumentFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.DocumentFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.EnumFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.FieldFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.FragmentFactory"));
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.ArgumentFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.FragmentReferenceFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.InlineFragmentFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.InputObjectFactory"));
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.DirectiveFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.InputObjectFieldFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.OperationFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.VariableFactory"));
services.produce(ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.VariableTypeFactory"));
ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.DirectiveArgumentFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.DocumentFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.EnumFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.FieldFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.FragmentFactory"));
services.produce(
ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.FragmentReferenceFactory"));
services.produce(ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.InlineFragmentFactory"));
services.produce(ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.InputObjectFactory"));
services.produce(
ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.InputObjectFieldFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.OperationFactory"));
services.produce(
ServiceProviderBuildItem.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.VariableFactory"));
services.produce(ServiceProviderBuildItem
.allProvidersFromClassPath("io.smallrye.graphql.client.core.factory.VariableTypeFactory"));
}

@BuildStep
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import io.vertx.core.http.ClientAuth;
import io.vertx.core.http.HttpServer;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.PfxOptions;

public class SSLTestingTools {
Expand Down Expand Up @@ -54,6 +53,6 @@ public HttpServer runServer(String keystorePath, String keystorePassword,
}

public void close() {
vertx.close();
vertx.close().toCompletionStage().toCompletableFuture().join();
}
}
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@
package io.quarkus.smallrye.graphql.client.deployment.ssl;

import io.quarkus.arc.Arc;
import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.tls.CertificateUpdatedEvent;
import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.smallrye.certs.Format;
import io.smallrye.certs.junit5.Certificate;
import io.smallrye.certs.junit5.Certificates;
import io.smallrye.graphql.client.impl.GraphQLClientsConfiguration;
import io.smallrye.graphql.client.typesafe.api.GraphQLClientApi;
import io.vertx.core.http.HttpServer;
import io.vertx.core.net.KeyCertOptions;
import static org.assertj.core.api.Assertions.assertThat;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.UUID;

import jakarta.enterprise.context.RequestScoped;
import jakarta.enterprise.event.Event;
import jakarta.inject.Inject;

import org.assertj.core.api.Assertions;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.graphql.Query;
Expand All @@ -26,12 +22,18 @@
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.UUID;

import static org.assertj.core.api.Assertions.assertThat;
import io.quarkus.arc.Arc;
import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.tls.CertificateUpdatedEvent;
import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.smallrye.certs.Format;
import io.smallrye.certs.junit5.Certificate;
import io.smallrye.certs.junit5.Certificates;
import io.smallrye.graphql.client.impl.GraphQLClientsConfiguration;
import io.smallrye.graphql.client.typesafe.api.GraphQLClientApi;
import io.vertx.core.http.HttpServer;
import io.vertx.core.net.KeyCertOptions;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "wrong-test-reload", password = "password", formats = Format.PKCS12, client = true),
Expand All @@ -47,11 +49,8 @@ public class TypesafeGraphQLClientReloadKeystoreDefaultTest {
private static final File temp = new File("target/test-certificates-" + UUID.randomUUID());

private static final String CONFIGURATION = """
quarkus.tls.key-store.p12.path=%s
quarkus.tls.key-store.p12.password=password
quarkus.smallrye-graphql-client.my-client.url=https://127.0.0.1:%d/
quarkus.tls.trust-all=true
""".formatted(temp.getAbsolutePath() + "/tls.p12", PORT);
# No config - overridden in the test
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest()
Expand All @@ -60,6 +59,10 @@ public class TypesafeGraphQLClientReloadKeystoreDefaultTest {
.add(new StringAsset(CONFIGURATION), "application.properties")
.addClasses(MyApi.class, SSLTestingTools.class))
.overrideRuntimeConfigKey("loc", temp.getAbsolutePath())
.overrideRuntimeConfigKey("quarkus.tls.key-store.p12.path", temp.getAbsolutePath() + "/tls.p12")
.overrideRuntimeConfigKey("quarkus.tls.key-store.p12.password", "password")
.overrideRuntimeConfigKey("quarkus.smallrye-graphql-client.my-client.url", "https://127.0.0.1:" + PORT)
.overrideRuntimeConfigKey("quarkus.tls.trust-all", "true")
.setBeforeAllCustomizer(() -> {
try {
temp.mkdirs();
Expand Down Expand Up @@ -99,7 +102,8 @@ static void setupServer() throws Exception {
@Test
void testReloading() throws IOException {
TlsConfiguration def = registry.getDefault().orElseThrow();
KeyCertOptions keystoreOptionsBefore = (KeyCertOptions) GraphQLClientsConfiguration.getInstance().getClient("my-client").getTlsKeyStoreOptions();
KeyCertOptions keystoreOptionsBefore = (KeyCertOptions) GraphQLClientsConfiguration.getInstance().getClient("my-client")
.getTlsKeyStoreOptions();
Arc.container().requestContext().activate();
try {
myApi.getResult();
Expand All @@ -116,7 +120,8 @@ void testReloading() throws IOException {
event.fire(new CertificateUpdatedEvent("<default>", def));
Arc.container().requestContext().activate();
try {
assertThat(GraphQLClientsConfiguration.getInstance().getClient("my-client").getTlsKeyStoreOptions()).isNotEqualTo(keystoreOptionsBefore);
assertThat(GraphQLClientsConfiguration.getInstance().getClient("my-client").getTlsKeyStoreOptions())
.isNotEqualTo(keystoreOptionsBefore);
assertThat(myApi.getResult()).isEqualTo(EXPECTED_RESPONSE);
} finally {
Arc.container().requestContext().terminate();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@
import java.nio.file.Files;
import java.util.UUID;

import io.smallrye.graphql.client.impl.GraphQLClientsConfiguration;
import io.vertx.core.net.KeyCertOptions;
import jakarta.enterprise.context.RequestScoped;
import jakarta.enterprise.event.Event;
import jakarta.inject.Inject;
Expand All @@ -32,8 +30,10 @@
import io.smallrye.certs.Format;
import io.smallrye.certs.junit5.Certificate;
import io.smallrye.certs.junit5.Certificates;
import io.smallrye.graphql.client.impl.GraphQLClientsConfiguration;
import io.smallrye.graphql.client.typesafe.api.GraphQLClientApi;
import io.vertx.core.http.HttpServer;
import io.vertx.core.net.KeyCertOptions;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "wrong-test-reload", password = "password", formats = Format.PKCS12, client = true),
Expand All @@ -49,12 +49,8 @@ public class TypesafeGraphQLClientReloadKeystoreTest {
private static final File temp = new File("target/test-certificates-" + UUID.randomUUID());

private static final String CONFIGURATION = """
quarkus.smallrye-graphql-client.my-client.tls-configuration-name=my-tls-client
quarkus.tls.my-tls-client.key-store.p12.path=%s
quarkus.tls.my-tls-client.key-store.p12.password=password
quarkus.smallrye-graphql-client.my-client.url=https://127.0.0.1:%d/
quarkus.tls.my-tls-client.trust-all=true
""".formatted(temp.getAbsolutePath() + "/tls.p12", PORT);
# No config - overridden in the test
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest()
Expand All @@ -63,6 +59,11 @@ public class TypesafeGraphQLClientReloadKeystoreTest {
.add(new StringAsset(CONFIGURATION), "application.properties")
.addClasses(MyApi.class, SSLTestingTools.class))
.overrideRuntimeConfigKey("loc", temp.getAbsolutePath())
.overrideRuntimeConfigKey("quarkus.smallrye-graphql-client.my-client.tls-configuration-name", "my-tls-client")
.overrideRuntimeConfigKey("quarkus.tls.my-tls-client.key-store.p12.path", temp.getAbsolutePath() + "/tls.p12")
.overrideRuntimeConfigKey("quarkus.tls.my-tls-client.key-store.p12.password", "password")
.overrideRuntimeConfigKey("quarkus.smallrye-graphql-client.my-client.url", "https://127.0.0.1:" + PORT)
.overrideRuntimeConfigKey("quarkus.tls.my-tls-client.trust-all", "true")
.setBeforeAllCustomizer(() -> {
try {
temp.mkdirs();
Expand Down Expand Up @@ -102,7 +103,8 @@ static void setupServer() throws Exception {
@Test
void testReloading() throws IOException {
TlsConfiguration tlsClient = registry.get("my-tls-client").orElseThrow();
KeyCertOptions keystoreOptionsBefore = (KeyCertOptions) GraphQLClientsConfiguration.getInstance().getClient("my-client").getTlsKeyStoreOptions();
KeyCertOptions keystoreOptionsBefore = (KeyCertOptions) GraphQLClientsConfiguration.getInstance().getClient("my-client")
.getTlsKeyStoreOptions();
Arc.container().requestContext().activate();
try {
myApi.getResult();
Expand All @@ -119,7 +121,8 @@ void testReloading() throws IOException {
event.fire(new CertificateUpdatedEvent("my-tls-client", tlsClient));
Arc.container().requestContext().activate();
try {
assertThat(GraphQLClientsConfiguration.getInstance().getClient("my-client").getTlsKeyStoreOptions()).isNotEqualTo(keystoreOptionsBefore);
assertThat(GraphQLClientsConfiguration.getInstance().getClient("my-client").getTlsKeyStoreOptions())
.isNotEqualTo(keystoreOptionsBefore);
assertThat(myApi.getResult()).isEqualTo(EXPECTED_RESPONSE);
} finally {
Arc.container().requestContext().terminate();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package io.quarkus.smallrye.graphql.client.runtime;

import io.smallrye.graphql.client.impl.GraphQLClientConfiguration;
import static io.quarkus.tls.runtime.config.TlsConfig.DEFAULT_NAME;

import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
Expand All @@ -9,10 +10,9 @@

import io.quarkus.tls.CertificateUpdatedEvent;
import io.quarkus.tls.TlsConfiguration;
import io.smallrye.graphql.client.impl.GraphQLClientConfiguration;
import io.smallrye.graphql.client.impl.GraphQLClientsConfiguration;

import static io.quarkus.tls.runtime.config.TlsConfig.DEFAULT_NAME;

@Singleton
public class GraphQLClientCertificateUpdateEventListener {

Expand All @@ -26,10 +26,12 @@ public void onCertificateUpdate(@Observes CertificateUpdatedEvent event) {
TlsConfiguration updatedTlsConfiguration = event.tlsConfiguration();
graphQLClientsConfig.clients
.forEach((configKey, clientConfig) -> {
GraphQLClientConfiguration graphQLClientConfiguration = GraphQLClientsConfiguration.getInstance().getClient(configKey);
GraphQLClientConfiguration graphQLClientConfiguration = GraphQLClientsConfiguration.getInstance()
.getClient(configKey);
clientConfig.tlsConfigurationName.ifPresentOrElse(tlsConfigurationName -> {
if (tlsConfigurationName.equals(updatedTlsConfigurationName)) {
updateConfiguration(updatedTlsConfigurationName, updatedTlsConfiguration, graphQLClientConfiguration, configKey);
updateConfiguration(updatedTlsConfigurationName, updatedTlsConfiguration,
graphQLClientConfiguration, configKey);
}
}, () -> {
if (DEFAULT_NAME.equals(updatedTlsConfigurationName)) {
Expand All @@ -39,7 +41,8 @@ public void onCertificateUpdate(@Observes CertificateUpdatedEvent event) {
});
}

private void updateConfiguration(String tlsBucketName, TlsConfiguration updatedTlsConfiguration, GraphQLClientConfiguration graphQLClientConfiguration, String configKey) {
private void updateConfiguration(String tlsBucketName, TlsConfiguration updatedTlsConfiguration,
GraphQLClientConfiguration graphQLClientConfiguration, String configKey) {
LOG.infof("Certificate reloaded for the client '%s' using the TLS configuration (bucket) name '%s'", configKey,
tlsBucketName);
graphQLClientConfiguration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public class GraphQLClientConfig {
* {@code quarkus.smallrye-graphql-client."client-name".tls-bucket-name}.
*/
@ConfigItem
@Deprecated
@Deprecated(forRemoval = true, since = "3.16.0")
public Optional<String> trustStore;

/**
Expand All @@ -69,7 +69,7 @@ public class GraphQLClientConfig {
* {@code quarkus.smallrye-graphql-client."client-name".tls-bucket-name}.
*/
@ConfigItem
@Deprecated
@Deprecated(forRemoval = true, since = "3.16.0")
public Optional<String> trustStorePassword;

/**
Expand All @@ -80,7 +80,7 @@ public class GraphQLClientConfig {
* {@code quarkus.smallrye-graphql-client."client-name".tls-bucket-name}.
*/
@ConfigItem
@Deprecated
@Deprecated(forRemoval = true, since = "3.16.0")
public Optional<String> trustStoreType;

/**
Expand All @@ -91,7 +91,7 @@ public class GraphQLClientConfig {
* {@code quarkus.smallrye-graphql-client."client-name".tls-bucket-name}.
*/
@ConfigItem
@Deprecated
@Deprecated(forRemoval = true, since = "3.16.0")
public Optional<String> keyStore;

/**
Expand All @@ -102,7 +102,7 @@ public class GraphQLClientConfig {
* {@code quarkus.smallrye-graphql-client."client-name".tls-bucket-name}.
*/
@ConfigItem
@Deprecated
@Deprecated(forRemoval = true, since = "3.16.0")
public Optional<String> keyStorePassword;

/**
Expand All @@ -114,7 +114,7 @@ public class GraphQLClientConfig {
*
*/
@ConfigItem
@Deprecated
@Deprecated(forRemoval = true, since = "3.16.0")
public Optional<String> keyStoreType;

/**
Expand Down
Loading

0 comments on commit 3375bb2

Please sign in to comment.