chore: renamed tlsCertCaBundleProp to tlsCertProp (#1131)

* chore: renamed tlsCertCaBundleProp to tlsCertProp - A certificate chain bundle is not required * chore: further rename of tlsCertCaBundleFilePath -> tlsCertFilePath
cloudfoundry · Nov 4, 2024 · 89e861b · 89e861b
1 parent 31d8862
commit 89e861b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -56,7 +56,7 @@ const (
 	apiPasswordProp     = "api.password"
 	apiPortProp         = "api.port"
 	apiHostProp         = "api.host"
-	tlsCertCaBundleProp = "api.certCaBundle"
+	tlsCertProp         = "api.tlsCert"
 	tlsKeyProp          = "api.tlsKey"
 	encryptionPasswords = "db.encryption.passwords"
 	encryptionEnabled   = "db.encryption.enabled"
@@ -93,7 +93,7 @@ func init() {
 	_ = viper.BindEnv(apiHostProp, "CSB_LISTENER_HOST")
 	_ = viper.BindEnv(encryptionPasswords, "ENCRYPTION_PASSWORDS")
 	_ = viper.BindEnv(encryptionEnabled, "ENCRYPTION_ENABLED")
-	_ = viper.BindEnv(tlsCertCaBundleProp, "TLS_CERT_CHAIN")
+	_ = viper.BindEnv(tlsCertProp, "TLS_CERT")
 	_ = viper.BindEnv(tlsKeyProp, "TLS_PRIVATE_KEY")
 }
 
@@ -230,10 +230,10 @@ func startServer(registry pakBroker.BrokerRegistry, db *sql.DB, brokerapi http.H
 	host := viper.GetString(apiHostProp)
 	logger.Info("Serving", lager.Data{"port": port})
 
-	tlsCertCaBundleFilePath := viper.GetString(tlsCertCaBundleProp)
+	tlsCertFilePath := viper.GetString(tlsCertProp)
 	tlsKeyFilePath := viper.GetString(tlsKeyProp)
 
-	logger.Info("tlsCertCaBundle", lager.Data{"tlsCertCaBundle": tlsCertCaBundleFilePath})
+	logger.Info("tlsCert", lager.Data{"tlsCert": tlsCertFilePath})
 	logger.Info("tlsKey", lager.Data{"tlsKey": tlsKeyFilePath})
 
 	httpServer := &http.Server{
@@ -243,8 +243,8 @@ func startServer(registry pakBroker.BrokerRegistry, db *sql.DB, brokerapi http.H
 	go func() {
 		var err error
 		switch {
-		case tlsCertCaBundleFilePath != "" && tlsKeyFilePath != "":
-			err = httpServer.ListenAndServeTLS(tlsCertCaBundleFilePath, tlsKeyFilePath)
+		case tlsCertFilePath != "" && tlsKeyFilePath != "":
+			err = httpServer.ListenAndServeTLS(tlsCertFilePath, tlsKeyFilePath)
 		default:
 			err = httpServer.ListenAndServe()
 		}

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -84,7 +84,7 @@ Broker service configuration values:
 | <tt>SECURITY_USER_NAME</tt> <b>*</b> | api.user | string | <p>Broker authentication username</p>|
 | <tt>SECURITY_USER_PASSWORD</tt> <b>*</b> | api.password | string | <p>Broker authentication password</p>|
 | <tt>PORT</tt> | api.port | string | <p>Port to bind broker to</p>|
-| <tt>TLS_CERT_CHAIN</tt> | api.certCaBundle | string | <p>File path to a pem encoded certificate chain</p>|
+| <tt>TLS_CERT</tt> | api.tlsCert | string | <p>File path to a pem encoded certificate</p>|
 | <tt>TLS_PRIVATE_KEY</tt> | api.tlsKey | string | <p>File path to a pem encoded private key</p>|
 
 

diff --git a/internal/testdrive/broker_start.go b/internal/testdrive/broker_start.go
@@ -217,7 +217,7 @@ func tlsConfig(cfg *startBrokerConfig, valid bool) {
 
 	Expect(os.WriteFile(certFileBuf.Name(), serverCert, 0o644)).To(Succeed())
 
-	cfg.env = append(cfg.env, fmt.Sprintf("TLS_CERT_CHAIN=%s", certFileBuf.Name()))
+	cfg.env = append(cfg.env, fmt.Sprintf("TLS_CERT=%s", certFileBuf.Name()))
 	cfg.env = append(cfg.env, fmt.Sprintf("TLS_PRIVATE_KEY=%s", privKeyFileBuf.Name()))
 }