Properly fail when TLS reload config is invalid

This now means that Quarkus will exit completely even in dev-mode when the first start contains the invalid reload configuration. This might not be ideal, but it's far better than the previous behavior where the application was stuck and had to be killed with `kill -9` Fixes :quarkusio#43247
bschuhmann · Nov 16, 2024 · 8d89eba · 8d89eba
1 parent 76057e0
commit 8d89eba
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 10 deletions.
diff --git a/...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java b/...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java
@@ -694,11 +694,16 @@ private static CompletableFuture<HttpServer> initializeManagementInterface(Vertx
                         } else {
                             if (httpManagementServerOptions.isSsl()
                                     && (managementConfig.ssl.certificate.reloadPeriod.isPresent())) {
-                                long l = TlsCertificateReloader.initCertReloadingAction(
-                                        vertx, ar.result(), httpManagementServerOptions, managementConfig.ssl, registry,
-                                        managementConfig.tlsConfigurationName);
-                                if (l != -1) {
-                                    refresTaskIds.add(l);
+                                try {
+                                    long l = TlsCertificateReloader.initCertReloadingAction(
+                                            vertx, ar.result(), httpManagementServerOptions, managementConfig.ssl, registry,
+                                            managementConfig.tlsConfigurationName);
+                                    if (l != -1) {
+                                        refresTaskIds.add(l);
+                                    }
+                                } catch (IllegalArgumentException e) {
+                                    managementInterfaceFuture.completeExceptionally(e);
+                                    return;
                                 }
                             }
 
@@ -1332,11 +1337,16 @@ public void handle(AsyncResult<HttpServer> event) {
                         }
 
                         if (https && (quarkusConfig.ssl.certificate.reloadPeriod.isPresent())) {
-                            long l = TlsCertificateReloader.initCertReloadingAction(
-                                    vertx, httpsServer, httpsOptions, quarkusConfig.ssl, registry,
-                                    quarkusConfig.tlsConfigurationName);
-                            if (l != -1) {
-                                reloadingTasks.add(l);
+                            try {
+                                long l = TlsCertificateReloader.initCertReloadingAction(
+                                        vertx, httpsServer, httpsOptions, quarkusConfig.ssl, registry,
+                                        quarkusConfig.tlsConfigurationName);
+                                if (l != -1) {
+                                    reloadingTasks.add(l);
+                                }
+                            } catch (IllegalArgumentException e) {
+                                startFuture.fail(e);
+                                return;
                             }
                         }
 

diff --git a/...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java b/...p/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java
@@ -43,6 +43,9 @@ public class TlsCertificateReloader {
 
     private static final Logger LOGGER = Logger.getLogger(TlsCertificateReloader.class);
 
+    /**
+     * @throws IllegalArgumentException if any of the configuration is invalid
+     */
     public static long initCertReloadingAction(Vertx vertx, HttpServer server,
             HttpServerOptions options, ServerSslConfig configuration,
             TlsConfigurationRegistry registry, Optional<String> tlsConfigurationName) {