From 0a72976b2735dabe48a9f3f5f8532a1f5f7b3edf Mon Sep 17 00:00:00 2001 From: Kai Hudalla Date: Fri, 18 Aug 2023 17:32:53 +0200 Subject: [PATCH] Small fixes * Use appropriate protocol for registering default tenant The device registry only exposes the management API via http if the insecure endpoint is being enabled explicitly. Otherwise, https needs to be used for registering default data with the device registry. * Add example trust store to Dispatch Router container The Dispatch Router configuration contains references to a ca.crt file containing trusted CA certificates. The example keys secret has been extended to contain the example trust store. --- .../hono/example/add_example_data_device_registry.sh | 10 +++++++--- .../dispatch-router/dispatch-router-example-keys.yaml | 3 ++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/charts/hono/example/add_example_data_device_registry.sh b/charts/hono/example/add_example_data_device_registry.sh index c74ef4dd..81e700c6 100755 --- a/charts/hono/example/add_example_data_device_registry.sh +++ b/charts/hono/example/add_example_data_device_registry.sh @@ -11,7 +11,11 @@ # # SPDX-License-Identifier: EPL-2.0 #******************************************************************************* +{{- if ( eq .Values.deviceRegistryExample.hono.registry.http.insecurePortEnabled true ) }} HTTP_BASE_URL="http://{{ include "hono.fullname" . }}-service-device-registry:8080/v1" +{{- else }} +HTTP_BASE_URL="https://{{ include "hono.fullname" . }}-service-device-registry:8443/v1" +{{- end }} check_status() { EXIT_STATUS=$1 @@ -35,7 +39,7 @@ add_tenant(){ HTTP_REQUEST_BODY=$2 echo "Adding tenant [$TENANT_ID]" - HTTP_RESPONSE=$(curl -o /dev/null -sw "%{http_code}" \ + HTTP_RESPONSE=$(curl -o /dev/null -sw "%{http_code}" -k \ -X POST "$HTTP_BASE_URL/tenants/$TENANT_ID" \ --header 'Content-Type: application/json' \ --data-raw "$HTTP_REQUEST_BODY") @@ -49,7 +53,7 @@ register_device(){ HTTP_REQUEST_BODY=$3 echo "Registering device [$TENANT_ID:$DEVICE_ID]" - HTTP_RESPONSE=$(curl -o /dev/null -sw "%{http_code}" \ + HTTP_RESPONSE=$(curl -o /dev/null -sw "%{http_code}" -k \ -X POST "$HTTP_BASE_URL/devices/$TENANT_ID/$DEVICE_ID" \ --header 'Content-Type: application/json' \ --data-raw "$HTTP_REQUEST_BODY") @@ -64,7 +68,7 @@ add_credentials(){ HTTP_REQUEST_BODY=$3 echo "Adding credentials [$TENANT_ID:$DEVICE_ID]" - HTTP_RESPONSE=$(curl -o /dev/null -sw "%{http_code}" \ + HTTP_RESPONSE=$(curl -o /dev/null -sw "%{http_code}" -k \ -X PUT "$HTTP_BASE_URL/credentials/$TENANT_ID/$DEVICE_ID" \ --header 'Content-Type: application/json' \ --data-raw "$HTTP_REQUEST_BODY") diff --git a/charts/hono/templates/dispatch-router/dispatch-router-example-keys.yaml b/charts/hono/templates/dispatch-router/dispatch-router-example-keys.yaml index c12201ea..aa8dd923 100644 --- a/charts/hono/templates/dispatch-router/dispatch-router-example-keys.yaml +++ b/charts/hono/templates/dispatch-router/dispatch-router-example-keys.yaml @@ -1,7 +1,7 @@ {{- $amqpEnabled := and ( has "amqp" .Values.messagingNetworkTypes ) .Values.amqpMessagingNetworkExample.enabled -}} {{- if all $amqpEnabled ( eq .Values.amqpMessagingNetworkExample.dispatchRouter.tlsKeysSecret "example" ) }} # -# Copyright (c) 2022 Contributors to the Eclipse Foundation +# Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -19,6 +19,7 @@ metadata: {{- include "hono.metadata" $args | nindent 2 }} type: Opaque data: + ca.crt: {{ .Files.Get "example/certs/trusted-certs.pem" | b64enc }} tls.key: {{ .Files.Get "example/certs/qdrouter-key.pem" | b64enc }} tls.crt: {{ .Files.Get "example/certs/qdrouter-cert.pem" | b64enc }} {{- end }}