cluster-bootstrap support TLS requests in client calls #426
+142
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pjfanning
force-pushed
the
cluster-bootstrap-tls
branch
from
fdefb91 to
7b92aa8
Compare
pjfanning
force-pushed
the
cluster-bootstrap-tls
branch
from
7b92aa8 to
1fec922
Compare
He-Pin
reviewed
Nov 17, 2025
...scala/org/apache/pekko/management/cluster/bootstrap/internal/HttpContactPointBootstrap.scala
Outdated
Show resolved
Hide resolved
pjfanning
force-pushed
the
cluster-bootstrap-tls
branch
from
1fec922 to
9dbab64
Compare
Update HttpContactPointBootstrap.scala Update HttpContactPointBootstrap.scala add cert Update BootstrapCoordinatorSpec.scala extra test make TLS version configurable cert unused Update BootstrapCoordinatorSpec.scala Update BootstrapCoordinatorSpec.scala Update HttpContactPointBootstrap.scala Revert "cert unused" This reverts commit 83b45b5. add tests
pjfanning
force-pushed
the
cluster-bootstrap-tls
branch
from
199650b to
fbf30a1
Compare
pjfanning
requested review from
Roiocam,
danischroeter,
mdedetrich,
nvollmar,
raboof and
samueleresca
He-Pin
approved these changes
Nov 18, 2025
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds TLS/HTTPS support to cluster-bootstrap client calls when probing contact points. The implementation is based on the pattern used in AbstractKubernetesApiImpl, with the key difference being that the trust store configuration is optional - users can rely on their JDK's default trust store if ca-path is left empty.
Key Changes
- Added SSL context generation with optional custom certificate trust store
- HTTP client now uses HTTPS connection context when the URI scheme is "https://"
- Comprehensive test coverage for SSL context generation with various configurations
Reviewed Changes
Copilot reviewed 6 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| management-cluster-bootstrap/src/main/scala/org/apache/pekko/management/cluster/bootstrap/internal/HttpContactPointBootstrap.scala | Implements SSL context generation and conditionally uses HTTPS connection context based on URI scheme |
| management-cluster-bootstrap/src/main/scala/org/apache/pekko/management/cluster/bootstrap/ClusterBootstrapSettings.scala | Adds configuration settings for ca-path and tls-version under httpClient |
| management-cluster-bootstrap/src/main/resources/reference.conf | Adds default configuration for HTTP client SSL/TLS settings |
| management-cluster-bootstrap/src/test/scala/org/apache/pekko/management/cluster/bootstrap/internal/HttpContactPointBootstrapSpec.scala | Adds comprehensive tests for SSL context generation with various scenarios |
| management-cluster-bootstrap/src/test/scala/org/apache/pekko/management/cluster/bootstrap/internal/BootstrapCoordinatorSpec.scala | Minor import reorganization |
| management-cluster-bootstrap/src/test/resources/application.conf | Adds test configuration for actor system |
| management-cluster-bootstrap/src/test/files/ca.crt | Adds test certificate for SSL context tests |
| build.sbt | Adds dependency on managementPki module |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
...a/org/apache/pekko/management/cluster/bootstrap/internal/HttpContactPointBootstrapSpec.scala
Outdated
Show resolved
Hide resolved
Co-authored-by: Copilot <[email protected]>
…anagement/cluster/bootstrap/internal/HttpContactPointBootstrapSpec.scala Co-authored-by: Copilot <[email protected]>
pjfanning
added a commit
to pjfanning/incubator-pekko-management
that referenced
this pull request
Nov 18, 2025
* cluster-bootstrap support TLS requests in client calls Update HttpContactPointBootstrap.scala Update HttpContactPointBootstrap.scala add cert Update BootstrapCoordinatorSpec.scala extra test make TLS version configurable cert unused Update BootstrapCoordinatorSpec.scala Update BootstrapCoordinatorSpec.scala Update HttpContactPointBootstrap.scala Revert "cert unused" This reverts commit 83b45b5. add tests * Update management-cluster-bootstrap/src/main/resources/reference.conf Co-authored-by: Copilot <[email protected]> * Update management-cluster-bootstrap/src/test/scala/org/apache/pekko/management/cluster/bootstrap/internal/HttpContactPointBootstrapSpec.scala Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: Copilot <[email protected]>
pjfanning
added a commit
that referenced
this pull request
Nov 19, 2025
* cluster-bootstrap support TLS requests in client calls Update HttpContactPointBootstrap.scala Update HttpContactPointBootstrap.scala add cert Update BootstrapCoordinatorSpec.scala extra test make TLS version configurable cert unused Update BootstrapCoordinatorSpec.scala Update BootstrapCoordinatorSpec.scala Update HttpContactPointBootstrap.scala Revert "cert unused" This reverts commit 83b45b5. add tests * Update management-cluster-bootstrap/src/main/resources/reference.conf * Update management-cluster-bootstrap/src/test/scala/org/apache/pekko/management/cluster/bootstrap/internal/HttpContactPointBootstrapSpec.scala --------- Co-authored-by: Copilot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.