feat(jolokia): Add default client principals for OpenShift 4
diff --git a/pkg/trait/jolokia.go b/pkg/trait/jolokia.go
index bc8c37e..1e63040 100644
--- a/pkg/trait/jolokia.go
+++ b/pkg/trait/jolokia.go
@@ -92,7 +92,6 @@
setDefaultJolokiaOption(options, &t.Protocol, "protocol", "https")
setDefaultJolokiaOption(options, &t.CaCert, "caCert", "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt")
setDefaultJolokiaOption(options, &t.ExtendedClientCheck, "extendedClientCheck", true)
- setDefaultJolokiaOption(options, &t.ClientPrincipal, "clientPrincipal", "cn=system:master-proxy")
setDefaultJolokiaOption(options, &t.UseSslClientAuthentication, "useSslClientAuthentication", true)
}
@@ -136,7 +135,16 @@
// Then add explicitly set trait configuration properties
addToJolokiaOptions(options, "caCert", t.CaCert)
- addToJolokiaOptions(options, "clientPrincipal", t.ClientPrincipal)
+ if options["clientPrincipal"] == "" && t.ClientPrincipal == nil && e.DetermineProfile() == v1.TraitProfileOpenShift {
+ // TODO: simplify when trait array options are supported
+ // Master API proxy for OpenShift 3
+ addToJolokiaOptions(options, "clientPrincipal.1", "cn=system:master-proxy")
+ // Default Hawtio and Fuse consoles for OpenShift 4
+ addToJolokiaOptions(options, "clientPrincipal.2", "cn=hawtio-online.hawtio.svc")
+ addToJolokiaOptions(options, "clientPrincipal.3", "cn=fuse-console.fuse.svc")
+ } else {
+ addToJolokiaOptions(options, "clientPrincipal", t.ClientPrincipal)
+ }
addToJolokiaOptions(options, "discoveryEnabled", t.DiscoveryEnabled)
addToJolokiaOptions(options, "extendedClientCheck", t.ExtendedClientCheck)
addToJolokiaOptions(options, "host", t.Host)
@@ -211,5 +219,9 @@
if v != nil {
options[key] = *v
}
+ case string:
+ if v != "" {
+ options[key] = v
+ }
}
}