fix: fall back to TLS trust when cluster CA path is missing#317
fix: fall back to TLS trust when cluster CA path is missing#317adietish wants to merge 14 commits into
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #317 +/- ##
==========================================
+ Coverage 0.00% 31.89% +31.89%
==========================================
Files 4 109 +105
Lines 26 4399 +4373
Branches 0 801 +801
==========================================
+ Hits 0 1403 +1403
- Misses 26 2833 +2807
- Partials 0 163 +163 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
aaa5778 to
c0a8be0
Compare
Stale or missing certificate-authority file paths in kubeconfig must not break TLS trust resolution on a different machine. Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Use the TLS trust established in the wizard for post-login API connections instead of kubeconfig CA settings or JVM default trust. Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
Centralize kubeconfig cluster resolution in KubeConfigUtils as getClusterByServer and drop the duplicate from KubeConfigTlsUtils. Signed-off-by: Andre Dietisheim <adietish@redhat.com>
Use the Certificate Authority input when establishing TLS context so user-provided paths and PEM data are honored before the trust dialog. Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Parent trust prompts to the wizard, use invokeLater instead of invokeAndWait, and split TLS setup from authentication so API and OAuth certificates can both be accepted. Add TLS trust logging and surface OAuth discovery failures. Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
…odeFlow class Signed-off-by: Andre Dietisheim <adietish@redhat.com>
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
98b09d2 to
9144841
Compare
Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Unify API and OAuth endpoint trust through establishTrustForEndpoint, consolidate certificate resolution into resolveCertificatesForUrls and mergeTrustedContext, and expose createOpenShiftTlsContext on TlsTrustManager so OAuth hosts get the same probe-and-prompt flow as the API server. Signed-off-by: Andre Dietisheim <adietish@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
fixes eclipse-che/che#23878