Incorporate Modeler Custom Root Cert Code

Question

Incorporate Modeler Custom Root Cert Code

jwulf opened this issue 5 months ago · 3 comments

At the moment, a user can specify a custom root certificate to use when their Camunda 8 installation is secured by a self-signed or other custom certificate.

The custom root certificate replaces the existing certificate store, rather than being added to it. The Desktop Modeler team have written OS-portable code that loads the existing certificate store and adds the custom certificate to use an aggregrate.

I am going to incorporate this code into the SDK, so that users do not need to write this.

Answer 1 · 2024-04-30T10:00:47.000Z

For a unit test, start a dummy REST server and a dummy gRPC server - both using a self-signed certificate - and exercise one of the REST clients and the Zeebe gRPC client against them.

Answer 2 · 2024-05-01T02:58:34.000Z

This requires some rewiring. Reading the system certificate chain makes the constructor of the API clients async. We can't rely that the client is ready to roll after creating an instance.

To get around this, I tried adding a static asynchronous create method to the class to act as an object factory. The issue here is that creating a new client then becomes async, and the exposed API method for constructing the SDK and getting API clients is synchronous.

All methods that actually use the REST or gRPC connection, however, are already asynchronous.

So: I will put the network connection in an async context in the constructor, and await it in the API methods.

So this.rest: Promise<typeof Got>.

Answer 3 · 2024-05-01T06:35:09.000Z

Looks like the gRPC server mock doesn't bind to localhost correctly in the GitHub CI environment? The tests pass locally, but not there. Maybe there is something running on that port in the runner?