fix(jmxauth): tolerate JMX auth failures at discovery, re-attempt if new matching Credentials added #329
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Welcome to Cryostat3! 👋
Before contributing, make sure you have:
main
branch[chore, ci, docs, feat, fix, test]
To recreate commits with GPG signature
git fetch upstream && git rebase --force --gpg-sign upstream/main
Related to #2
Related to #71
Depends on #337
Description of the change:
Cryostat 3 tolerates connection failures when attempting to determine newly discovered targets' JVM IDs. When new Credentials are added, Cryostat looks in the database for any targets with null JVM IDs (signifying the initial connection failure), checks if the new credential matches the target, and then re-attempts to determine the JVM hash ID and persist this update to the database.
Motivation for the change:
Prior to this change, Cryostat 3 would always try to connect to newly discovered JVMs to determine their hash IDs. If this connection attempt failed for any reason then the discovery would be ignored and the JVM would not be registered in the target database. This means that target JVMs which require JMX authentication, and/or which use JMX with TLS, may not be discoverable unless Cryostat 3 is pre-configured with the correct credentials and certificates.
JMX SSL/TLS cert handling is not implemented here. See #330.
How to manually test:
sample-app-2
andsample-app-3
JDP targets should now appear with ports9094
and9095
respectively.target.alias.contains('andrew')
and credentialsadmin:adminpass123
.sample-app-2:9094
should now be connectable and usable in all the usual ways.sample-app-3:9095
still will not be since it also requires SSL/TLS.