From adfc5bba6a2c8c8c425651fcb7b82cdbfb9b5d83 Mon Sep 17 00:00:00 2001 From: Georgios Andrianakis Date: Thu, 12 Sep 2024 20:13:08 +0300 Subject: [PATCH] Properly fail when TLS reload config is invalid This now means that Quarkus will exit completely even in dev-mode when the first start contains the invalid reload configuration. This might not be ideal, but it's far better than the previous behavior where the application was stuck and had to be killed with `kill -9` Fixes :#43247 --- .../vertx/http/runtime/VertxHttpRecorder.java | 30 ++++++++++++------- .../options/TlsCertificateReloader.java | 3 ++ 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java index 25492358cd06c..e802519f00101 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java @@ -694,11 +694,16 @@ private static CompletableFuture initializeManagementInterface(Vertx } else { if (httpManagementServerOptions.isSsl() && (managementConfig.ssl.certificate.reloadPeriod.isPresent())) { - long l = TlsCertificateReloader.initCertReloadingAction( - vertx, ar.result(), httpManagementServerOptions, managementConfig.ssl, registry, - managementConfig.tlsConfigurationName); - if (l != -1) { - refresTaskIds.add(l); + try { + long l = TlsCertificateReloader.initCertReloadingAction( + vertx, ar.result(), httpManagementServerOptions, managementConfig.ssl, registry, + managementConfig.tlsConfigurationName); + if (l != -1) { + refresTaskIds.add(l); + } + } catch (IllegalArgumentException e) { + managementInterfaceFuture.completeExceptionally(e); + return; } } @@ -1332,11 +1337,16 @@ public void handle(AsyncResult event) { } if (https && (quarkusConfig.ssl.certificate.reloadPeriod.isPresent())) { - long l = TlsCertificateReloader.initCertReloadingAction( - vertx, httpsServer, httpsOptions, quarkusConfig.ssl, registry, - quarkusConfig.tlsConfigurationName); - if (l != -1) { - reloadingTasks.add(l); + try { + long l = TlsCertificateReloader.initCertReloadingAction( + vertx, httpsServer, httpsOptions, quarkusConfig.ssl, registry, + quarkusConfig.tlsConfigurationName); + if (l != -1) { + reloadingTasks.add(l); + } + } catch (IllegalArgumentException e) { + startFuture.fail(e); + return; } } diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java index 57fa2382f7ea6..b89526740d05b 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java @@ -43,6 +43,9 @@ public class TlsCertificateReloader { private static final Logger LOGGER = Logger.getLogger(TlsCertificateReloader.class); + /** + * @throws IllegalArgumentException if any of the configuration is invalid + */ public static long initCertReloadingAction(Vertx vertx, HttpServer server, HttpServerOptions options, ServerSslConfig configuration, TlsConfigurationRegistry registry, Optional tlsConfigurationName) {