Merge pull request quarkusio#44648 from gsmet/fix-management-interfac…

…e-defaults Assorted fixes for management interface
aloubyansky · Nov 26, 2024 · 2a45367 · 2a45367
2 parents 9ff49c1 + 884b651
commit 2a45367
Show file tree

Hide file tree

Showing 26 changed files with 111 additions and 69 deletions.
diff --git a/docs/src/main/asciidoc/management-interface-reference.adoc b/docs/src/main/asciidoc/management-interface-reference.adoc
@@ -40,15 +40,30 @@ NOTE: The management interface is disabled when no extensions relying on it (suc
 By default, the management interface is exposed on the interface: `0.0.0.0` (all interfaces) and on the port `9000` (`9001` in test mode).
 It does not use TLS (`https`) by default.
 
-You can configure the host, ports, and TLS certificates using the following properties:
+You can configure the host, ports, and TLS configuration name using the following properties:
 
 * `quarkus.management.host` - the interface / host
 * `quarkus.management.port` - the port
 * `quarkus.management.test-port` - the port to use in test mode
-* `quarkus.management.ssl` - the TLS configuration, xref:http-reference#ssl[same as for the main HTTP server].
+* `quarkus.management.tls-configuration-name` - the TLS configuration name, xref:http-reference.adoc#using-the-tls-centralized-configuration[same as for the main HTTP server].
 
 Here is a configuration example exposing the management interface on _https://localhost:9002_:
 
+[source, properties]
+----
+quarkus.management.enabled=true
+quarkus.management.host=localhost
+quarkus.management.port=9002
+quarkus.management.tls-configuration-name=management
+
+# Your TLS registry configuration
+...
+----
+
+With this configuration, TLS is enabled and configured as defined in the `management` configuration of the TLS registry.
+
+You can also configure the management interface with the legacy SSL configuration, as for (xref:http-reference.adoc#ssl[the main HTTP server]):
+
 [source, properties]
 ----
 quarkus.management.enabled=true

diff --git a/...oyment/src/test/java/io/quarkus/info/deployment/EnabledInfoOnManagementInterfaceTest.java b/...oyment/src/test/java/io/quarkus/info/deployment/EnabledInfoOnManagementInterfaceTest.java
@@ -22,7 +22,7 @@ public void test() {
                 .then()
                 .statusCode(404);
 
-        when().get("http://0.0.0.0:9001/q/info")
+        when().get("http://localhost:9001/q/info")
                 .then()
                 .statusCode(200)
                 .body("os", is(notNullValue()))

diff --git a/...a/io/quarkus/micrometer/deployment/export/PrometheusEnabledOnManagementInterfaceTest.java b/...a/io/quarkus/micrometer/deployment/export/PrometheusEnabledOnManagementInterfaceTest.java
@@ -22,13 +22,13 @@ public class PrometheusEnabledOnManagementInterfaceTest {
     public void metricsEndpoint() {
         RestAssured.given()
                 .accept("application/json")
-                .get("http://0.0.0.0:9001/q/metrics")
+                .get("http://localhost:9001/q/metrics")
                 .then()
                 .log().all()
                 .statusCode(406);
 
         RestAssured.given()
-                .get("http://0.0.0.0:9001/q/metrics")
+                .get("http://localhost:9001/q/metrics")
                 .then()
                 .statusCode(200);
     }

diff --git a/...deployment/src/test/java/io/quarkus/oidc/test/CodeFlowManagementInterfaceDevModeTest.java b/...deployment/src/test/java/io/quarkus/oidc/test/CodeFlowManagementInterfaceDevModeTest.java
@@ -50,7 +50,7 @@ public class CodeFlowManagementInterfaceDevModeTest {
     @Test
     public void testAuthenticatedHttpPermission() throws IOException {
         try (final WebClient webClient = createWebClient()) {
-            HtmlPage page = webClient.getPage("http://0.0.0.0:9000/code-flow");
+            HtmlPage page = webClient.getPage("http://localhost:9000/code-flow");
 
             assertEquals("Sign in to quarkus", page.getTitleText());
 

diff --git a/...t/src/test/java/io/quarkus/smallrye/health/test/HealthCheckOnManagementInterfaceTest.java b/...t/src/test/java/io/quarkus/smallrye/health/test/HealthCheckOnManagementInterfaceTest.java
@@ -28,11 +28,11 @@ class HealthCheckOnManagementInterfaceTest {
     void testHealth() {
         try {
             RestAssured.defaultParser = Parser.JSON;
-            when().get("http://0.0.0.0:9001/q/health/live").then()
+            when().get("http://localhost:9001/q/health/live").then()
                     .body("status", is("UP"),
                             "checks.status", contains("UP"),
                             "checks.name", contains("my-check"));
-            when().get("http://0.0.0.0:9001/q/health/live").then()
+            when().get("http://localhost:9001/q/health/live").then()
                     .body("status", is("DOWN"),
                             "checks.status", contains("DOWN"),
                             "checks.name", contains("my-check"));

diff --git a/...uarkus/smallrye/health/test/HealthCheckOnManagementInterfaceWithAbsoluteRootPathTest.java b/...uarkus/smallrye/health/test/HealthCheckOnManagementInterfaceWithAbsoluteRootPathTest.java
@@ -29,11 +29,11 @@ class HealthCheckOnManagementInterfaceWithAbsoluteRootPathTest {
     void testHealth() {
         try {
             RestAssured.defaultParser = Parser.JSON;
-            when().get("http://0.0.0.0:9001/sante/live").then()
+            when().get("http://localhost:9001/sante/live").then()
                     .body("status", is("UP"),
                             "checks.status", contains("UP"),
                             "checks.name", contains("my-check"));
-            when().get("http://0.0.0.0:9001/sante/live").then()
+            when().get("http://localhost:9001/sante/live").then()
                     .body("status", is("DOWN"),
                             "checks.status", contains("DOWN"),
                             "checks.name", contains("my-check"));

diff --git a/...uarkus/smallrye/health/test/HealthCheckOnManagementInterfaceWithRelativeRootPathTest.java b/...uarkus/smallrye/health/test/HealthCheckOnManagementInterfaceWithRelativeRootPathTest.java
@@ -30,11 +30,11 @@ class HealthCheckOnManagementInterfaceWithRelativeRootPathTest {
     void testHealth() {
         try {
             RestAssured.defaultParser = Parser.JSON;
-            when().get("http://0.0.0.0:9001/management/sante/live").then()
+            when().get("http://localhost:9001/management/sante/live").then()
                     .body("status", is("UP"),
                             "checks.status", contains("UP"),
                             "checks.name", contains("my-check"));
-            when().get("http://0.0.0.0:9001/management/sante/live").then()
+            when().get("http://localhost:9001/management/sante/live").then()
                     .body("status", is("DOWN"),
                             "checks.status", contains("DOWN"),
                             "checks.name", contains("my-check"));

diff --git a/...yment/src/main/java/io/quarkus/vertx/http/deployment/NonApplicationRootPathBuildItem.java b/...yment/src/main/java/io/quarkus/vertx/http/deployment/NonApplicationRootPathBuildItem.java
@@ -203,12 +203,15 @@ public static String getManagementUrlPrefix() {
      */
     public static String getManagementUrlPrefix(LaunchModeBuildItem mode) {
         Config config = ConfigProvider.getConfig();
-        var managementHost = config.getOptionalValue("quarkus.management.host", String.class).orElse("0.0.0.0");
+        // These will always be defined except when the configuration is not properly set up
+        // (for instance in NonApplicationRootPathBuildItemTest)
+        // so we default to the safest behavior possible
+        var managementHost = config.getOptionalValue("quarkus.management.host", String.class).orElse("localhost");
         var managementPort = config.getOptionalValue("quarkus.management.port", Integer.class).orElse(9000);
         if (mode != null && mode.isTest()) {
             managementPort = config.getOptionalValue("quarkus.management.test-port", Integer.class).orElse(9001);
         }
-        var isHttps = isTLsConfigured(config);
+        var isHttps = isTlsConfigured(config);
 
         return (isHttps ? "https://" : "http://") + managementHost + ":" + managementPort;
     }
@@ -435,7 +438,15 @@ public Builder management(String managementConfigKey) {
      * @param config the config
      * @return {@code true} if the management interface configuration contains a key or a certificate (indicating TLS)
      */
-    private static boolean isTLsConfigured(Config config) {
+    private static boolean isTlsConfigured(Config config) {
+        // TLS registry
+        var hasTlsConfigurationName = config.getOptionalValue("quarkus.management.tls-configuration-name", String.class)
+                .isPresent();
+        if (hasTlsConfigurationName) {
+            return true;
+        }
+
+        // legacy TLS configuration
         var hasCert = config.getOptionalValue("quarkus.management.ssl.certificate.file", String.class).isPresent();
         var hasKey = config.getOptionalValue("quarkus.management.ssl.certificate.key-file", String.class).isPresent();
 

diff --git a/...t/src/test/java/io/quarkus/vertx/http/deployment/NonApplicationRootPathBuildItemTest.java b/...t/src/test/java/io/quarkus/vertx/http/deployment/NonApplicationRootPathBuildItemTest.java
@@ -118,13 +118,13 @@ void testResolveManagementPathWithRelativeRootPath() {
         NonApplicationRootPathBuildItem buildItem = new NonApplicationRootPathBuildItem("/", "q",
                 managementInterfaceBuildTimeConfig.rootPath);
         Assertions.assertEquals("/management/", buildItem.getManagementRootPath());
-        Assertions.assertEquals("http://0.0.0.0:9000/management/foo",
+        Assertions.assertEquals("http://localhost:9000/management/foo",
                 buildItem.resolveManagementPath("foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/management/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9000/management/foo/sub/path",
                 buildItem.resolveManagementPath("foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo",
+        Assertions.assertEquals("http://localhost:9000/foo",
                 buildItem.resolveManagementPath("/foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9000/foo/sub/path",
                 buildItem.resolveManagementPath("/foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
         Assertions.assertThrows(IllegalArgumentException.class,
                 () -> buildItem.resolveManagementPath("../foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
@@ -144,13 +144,13 @@ void testResolveManagementPathWithRelativeRootPathInTestMode() {
         NonApplicationRootPathBuildItem buildItem = new NonApplicationRootPathBuildItem("/", "q",
                 managementInterfaceBuildTimeConfig.rootPath);
         Assertions.assertEquals("/management/", buildItem.getManagementRootPath());
-        Assertions.assertEquals("http://0.0.0.0:9001/management/foo",
+        Assertions.assertEquals("http://localhost:9001/management/foo",
                 buildItem.resolveManagementPath("foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9001/management/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9001/management/foo/sub/path",
                 buildItem.resolveManagementPath("foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9001/foo",
+        Assertions.assertEquals("http://localhost:9001/foo",
                 buildItem.resolveManagementPath("/foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9001/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9001/foo/sub/path",
                 buildItem.resolveManagementPath("/foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
         Assertions.assertThrows(IllegalArgumentException.class,
                 () -> buildItem.resolveManagementPath("../foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
@@ -196,13 +196,13 @@ void testResolveManagementPathWithAbsoluteRootPath() {
         NonApplicationRootPathBuildItem buildItem = new NonApplicationRootPathBuildItem("/", "/q",
                 managementInterfaceBuildTimeConfig.rootPath);
         Assertions.assertEquals("/management/", buildItem.getManagementRootPath());
-        Assertions.assertEquals("http://0.0.0.0:9000/management/foo",
+        Assertions.assertEquals("http://localhost:9000/management/foo",
                 buildItem.resolveManagementPath("foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/management/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9000/management/foo/sub/path",
                 buildItem.resolveManagementPath("foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo",
+        Assertions.assertEquals("http://localhost:9000/foo",
                 buildItem.resolveManagementPath("/foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9000/foo/sub/path",
                 buildItem.resolveManagementPath("/foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
         Assertions.assertThrows(IllegalArgumentException.class,
                 () -> buildItem.resolveManagementPath("../foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
@@ -222,13 +222,13 @@ void testResolveManagementPathWithEmptyRootPath() {
         NonApplicationRootPathBuildItem buildItem = new NonApplicationRootPathBuildItem("/", "/q",
                 managementInterfaceBuildTimeConfig.rootPath);
         Assertions.assertEquals("/", buildItem.getManagementRootPath());
-        Assertions.assertEquals("http://0.0.0.0:9000/foo",
+        Assertions.assertEquals("http://localhost:9000/foo",
                 buildItem.resolveManagementPath("foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9000/foo/sub/path",
                 buildItem.resolveManagementPath("foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo",
+        Assertions.assertEquals("http://localhost:9000/foo",
                 buildItem.resolveManagementPath("/foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo/sub/path",
+        Assertions.assertEquals("http://localhost:9000/foo/sub/path",
                 buildItem.resolveManagementPath("/foo/sub/path", managementInterfaceBuildTimeConfig, launchModeBuildItem));
         Assertions.assertThrows(IllegalArgumentException.class,
                 () -> buildItem.resolveManagementPath("../foo", managementInterfaceBuildTimeConfig, launchModeBuildItem));
@@ -247,9 +247,9 @@ void testResolveManagementPathWithWithWildcards() {
 
         NonApplicationRootPathBuildItem buildItem = new NonApplicationRootPathBuildItem("/", "/q",
                 managementInterfaceBuildTimeConfig.rootPath);
-        Assertions.assertEquals("http://0.0.0.0:9000/management/foo/*",
+        Assertions.assertEquals("http://localhost:9000/management/foo/*",
                 buildItem.resolveManagementPath("foo/*", managementInterfaceBuildTimeConfig, launchModeBuildItem));
-        Assertions.assertEquals("http://0.0.0.0:9000/foo/*",
+        Assertions.assertEquals("http://localhost:9000/foo/*",
                 buildItem.resolveManagementPath("/foo/*", managementInterfaceBuildTimeConfig, launchModeBuildItem));
     }
 }
diff --git a/.../deployment/src/test/java/io/quarkus/vertx/http/management/ManagementAndRootPathTest.java b/.../deployment/src/test/java/io/quarkus/vertx/http/management/ManagementAndRootPathTest.java
@@ -67,7 +67,7 @@ public void handle(RoutingContext routingContext) {
     @Test
     public void testNonApplicationEndpointDirect() {
         // Note RestAssured knows the path prefix is /api
-        RestAssured.given().get("http://0.0.0.0:9001/management/management-relative")
+        RestAssured.given().get("http://localhost:9001/management/management-relative")
                 .then().statusCode(200).body(Matchers.equalTo("/management/management-relative"));
     }
 

diff --git a/...t/src/test/java/io/quarkus/vertx/http/management/ManagementWithJksAndTlsRegistryTest.java b/...t/src/test/java/io/quarkus/vertx/http/management/ManagementWithJksAndTlsRegistryTest.java
@@ -79,7 +79,7 @@ public void handle(RoutingContext rc) {
     public void testTLSWithJks() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...http/deployment/src/test/java/io/quarkus/vertx/http/management/ManagementWithJksTest.java b/...http/deployment/src/test/java/io/quarkus/vertx/http/management/ManagementWithJksTest.java
@@ -79,7 +79,7 @@ public void handle(RoutingContext rc) {
     public void testSslWithJks() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...t/java/io/quarkus/vertx/http/management/ManagementWithJksWithAliasAndTlsRegistryTest.java b/...t/java/io/quarkus/vertx/http/management/ManagementWithJksWithAliasAndTlsRegistryTest.java
@@ -85,7 +85,7 @@ public void handle(RoutingContext rc) {
     public void testTLSWithJks() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-alias-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...oyment/src/test/java/io/quarkus/vertx/http/management/ManagementWithJksWithAliasTest.java b/...oyment/src/test/java/io/quarkus/vertx/http/management/ManagementWithJksWithAliasTest.java
@@ -84,7 +84,7 @@ public void handle(RoutingContext rc) {
     public void testSslWithJks() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-alias-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/.../src/test/java/io/quarkus/vertx/http/management/ManagementWithMainServerDisabledTest.java b/.../src/test/java/io/quarkus/vertx/http/management/ManagementWithMainServerDisabledTest.java
@@ -65,7 +65,7 @@ public void handle(RoutingContext rc) {
     @Test
     public void testManagementWithoutMain() {
         RestAssured.given()
-                .get("http://0.0.0.0:9001/management/my-route")
+                .get("http://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ok"));
     }
 

diff --git a/...t/src/test/java/io/quarkus/vertx/http/management/ManagementWithP12AndTlsRegistryTest.java b/...t/src/test/java/io/quarkus/vertx/http/management/ManagementWithP12AndTlsRegistryTest.java
@@ -79,7 +79,7 @@ public void handle(RoutingContext rc) {
     public void testTLSWithP12() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...http/deployment/src/test/java/io/quarkus/vertx/http/management/ManagementWithP12Test.java b/...http/deployment/src/test/java/io/quarkus/vertx/http/management/ManagementWithP12Test.java
@@ -79,7 +79,7 @@ public void handle(RoutingContext rc) {
     public void testSslWithP12() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...t/java/io/quarkus/vertx/http/management/ManagementWithP12WithAliasAndTlsRegistryTest.java b/...t/java/io/quarkus/vertx/http/management/ManagementWithP12WithAliasAndTlsRegistryTest.java
@@ -85,7 +85,7 @@ public void handle(RoutingContext rc) {
     public void testTLSWithP12() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-alias-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...oyment/src/test/java/io/quarkus/vertx/http/management/ManagementWithP12WithAliasTest.java b/...oyment/src/test/java/io/quarkus/vertx/http/management/ManagementWithP12WithAliasTest.java
@@ -84,7 +84,7 @@ public void handle(RoutingContext rc) {
     public void testSslWithP12() {
         RestAssured.given()
                 .trustStore(new File("target/certs/ssl-management-interface-alias-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/.../test/java/io/quarkus/vertx/http/management/ManagementWithPemAndNamedTlsRegistryTest.java b/.../test/java/io/quarkus/vertx/http/management/ManagementWithPemAndNamedTlsRegistryTest.java
@@ -83,7 +83,7 @@ public void testTLSWithPem() {
         RestAssured.given()
                 .given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...t/src/test/java/io/quarkus/vertx/http/management/ManagementWithPemAndTlsRegistryTest.java b/...t/src/test/java/io/quarkus/vertx/http/management/ManagementWithPemAndTlsRegistryTest.java
@@ -82,7 +82,7 @@ public void testTLSWithPem() {
         RestAssured.given()
                 .given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }
 

diff --git a/...http/deployment/src/test/java/io/quarkus/vertx/http/management/ManagementWithPemTest.java b/...http/deployment/src/test/java/io/quarkus/vertx/http/management/ManagementWithPemTest.java
@@ -82,7 +82,7 @@ public void testSslWithPem() {
         RestAssured.given()
                 .given()
                 .trustStore(new File("target/certs/ssl-management-interface-test-truststore.jks"), "secret")
-                .get("https://0.0.0.0:9001/management/my-route")
+                .get("https://localhost:9001/management/my-route")
                 .then().statusCode(200).body(Matchers.equalTo("ssl"));
     }