Trait jvm should accept more than one certificate in caCert #6432
Description
Requirement
Release 2.9.0 includes a new feature to set certificates into a custom JVM's trust store.
First, the documentation mentions mounted resources (secrets) but the implementation indeed needs mounted paths.
Next, real use cases involve setting more than one custom certificate. As well, the original JVM's cacerts should be optionally integrated into the new trust store. And, at last, to make things shorter, default passwords ("changeit" I think) may be used.
Here an example of a complete configuration in an integration with a proposed syntax (entries names and structure may be obviously adapted to follow camel-k usual ones).
traits:
mount:
resources:
- secret:ca1-secret@/ca/enterprise
- sectet:ca2-secret@/ca/partners
- secret:ca-passwords-secret@/ca/passwords
jvm:
cacerts:
certicates:
# perhaps the alias my be optional and a computed value my be used
- alias: corporate-ca
filePath: /ca/enterprise/company.crt
- alias: abc-ca
filePath: /ca/enterprise/application-abc.crt
- alias: xyz-ca
filePath: /ca/partners/partner-xyz.crt
# default value may be "changeit"
password: /ca/passwords/new.password
jdkCacertsCopy: true
# it seems to be possible to find it, but can be explicit
jdkCacertsPath: /opt/java/openjdk/lib/security/cacerts
# same default value
jdkCacertsPassword: /ca/passwords/jdk.password
Do you confirm that the trait is available the same way in integration platforms to be applied to all dependent integrations ?