diff --git a/pkg/scalers/artemis_scaler.go b/pkg/scalers/artemis_scaler.go index c845beae037..ec27b34a12f 100644 --- a/pkg/scalers/artemis_scaler.go +++ b/pkg/scalers/artemis_scaler.go @@ -37,6 +37,12 @@ type artemisMetadata struct { QueueLength int64 `keda:"name=queueLength, order=triggerMetadata, optional, default=10"` ActivationQueueLength int64 `keda:"name=activationQueueLength, order=triggerMetadata, optional, default=10"` CorsHeader string `keda:"name=corsHeader, order=triggerMetadata, optional"` + UnsafeSsl bool `keda:"name=unsafeSsl, order=triggerMetadata, optional, default=false"` + TLS bool `keda:"name=tls, order=triggerMetadata, optional, default=false"` + CA string `keda:"name=ca, order=triggerMetadata, optional"` + Cert string `keda:"name=cert, order=triggerMetadata, optional"` + Key string `keda:"name=key, order=triggerMetadata, optional"` + KeyPassword string `keda:"name=keyPassword, order=triggerMetadata, optional"` } //revive:enable:var-naming @@ -77,15 +83,24 @@ func (a *artemisMetadata) Validate() error { if a.CorsHeader == "" { a.CorsHeader = fmt.Sprintf(defaultCorsHeader, a.ManagementEndpoint) } + + if (a.Cert == "") != (a.Key == "") { + return fmt.Errorf("both cert and key must be provided when using TLS") + } + + if a.TLS && a.CA == "" { + return fmt.Errorf("CA certificate must be provided when using TLS") + } + + if a.TLS && a.UnsafeSsl { + return fmt.Errorf("'tls' and 'unsafeSsl' cannot both be specified") + } + return nil } // NewArtemisQueueScaler creates a new artemis queue Scaler func NewArtemisQueueScaler(config *scalersconfig.ScalerConfig) (Scaler, error) { - // do we need to guarantee this timeout for a specific - // reason? if not, we can have buildScaler pass in - // the global client - httpClient := kedautil.CreateHTTPClient(config.GlobalHTTPTimeout, false) metricType, err := GetMetricTargetType(config) if err != nil { @@ -96,6 +111,24 @@ func NewArtemisQueueScaler(config *scalersconfig.ScalerConfig) (Scaler, error) { if err != nil { return nil, fmt.Errorf("error parsing artemis metadata: %w", err) } + // do we need to guarantee this timeout for a specific + // reason? if not, we can have buildScaler pass in + // the global client + httpClient := kedautil.CreateHTTPClient(config.GlobalHTTPTimeout, artemisMetadata.UnsafeSsl) + + if artemisMetadata.TLS { + tlsConfig, err := kedautil.NewTLSConfigWithPassword( + artemisMetadata.Cert, + artemisMetadata.Key, + artemisMetadata.KeyPassword, + artemisMetadata.CA, + artemisMetadata.UnsafeSsl, + ) + if err != nil { + return nil, fmt.Errorf("failed to configure TLS: %w", err) + } + httpClient.Transport = kedautil.CreateHTTPTransportWithTLSConfig(tlsConfig) + } return &artemisScaler{ metricType: metricType, @@ -149,7 +182,13 @@ func getAPIParameters(meta artemisMetadata) (artemisMetadata, error) { } func (s *artemisScaler) getMonitoringEndpoint() string { - replacer := strings.NewReplacer("<>", s.metadata.ManagementEndpoint, + scheme := "http" + + if s.metadata.TLS { + scheme = "https" + } + replacer := strings.NewReplacer( + "<>", fmt.Sprintf("%s://%s", scheme, s.metadata.ManagementEndpoint), "<>", s.metadata.QueueName, "<>", s.metadata.BrokerName, "<>", s.metadata.BrokerAddress) diff --git a/pkg/scalers/artemis_scaler_test.go b/pkg/scalers/artemis_scaler_test.go index 4140d8d3f63..af90f9d759b 100644 --- a/pkg/scalers/artemis_scaler_test.go +++ b/pkg/scalers/artemis_scaler_test.go @@ -163,3 +163,30 @@ func TestArtemisGetMetricSpecForScaling(t *testing.T) { } } } + +func TestArtemisTLSConfiguration(t *testing.T) { + metadata := map[string]string{ + "managementEndpoint": "localhost:8161", + "queueName": "queue1", + "brokerName": "broker-activemq", + "brokerAddress": "test", + "ca": "/path/to/ca.pem", + "cert": "/path/to/cert.pem", + "key": "/path/to/key.pem", + } + + resolvedEnv := map[string]string{ + "username": "admin", + "password": "admin", + } + + _, err := parseArtemisMetadata(&scalersconfig.ScalerConfig{ + ResolvedEnv: resolvedEnv, + TriggerMetadata: metadata, + AuthParams: artemisAuthParams, // Ensure valid AuthParams are provided + }) + + if err != nil { + t.Errorf("Expected success but got error: %v", err) + } +}