Describe the bug
In pkg/connectors/microcks_client.go, the NewClient function incorrectly assigns configCtx.Server.KeycloackEnable (a boolean flag indicating whether Keycloak authentication is enabled) to the c.Insecure field (which semantically should represent TLS insecurity, i.e., skip-verify).
// pkg/connectors/microcks_client.go, lines 127-129
c.ServerAddr = configCtx.Server.Server
c.Insecure = configCtx.Server.KeycloackEnable // ← BUG: assigns Keycloak-enabled flag to Insecure
c.InsecureTLS = configCtx.Server.InsecureTLS
The microcksClient struct has two separate boolean fields for TLS-related concerns:
type microcksClient struct {
// ...
InsecureTLS bool // skip TLS verification
Insecure bool // field with ambiguous purpose, incorrectly populated
// ...
}KeycloackEnable indicates whether the server uses Keycloak for authentication - it has nothing to do with TLS security posture. Setting c.Insecure = configCtx.Server.KeycloackEnable means:
- When Keycloak is enabled,
c.Insecure is set to true
- When Keycloak is disabled,
c.Insecure is set to false
This is semantically backwards and incorrect.
Proposed fix:
// Before (incorrect):
c.Insecure = configCtx.Server.KeycloackEnable
// After (correct):
c.InsecureTLS = configCtx.Server.InsecureTLS
// Remove c.Insecure entirely if it is unused, or assign correctly:
// c.Insecure = configCtx.Server.InsecureTLS
Expected behavior
c.Insecure should either:
- Be assigned from
configCtx.Server.InsecureTLS (same as c.InsecureTLS), OR
- Be removed if it is redundant with
InsecureTLS
Actual behavior
c.Insecure is set based on whether Keycloak is enabled - a completely unrelated concern.
How to Reproduce?
- Login to a Microcks server that has Keycloak enabled:
microcks login http://localhost:8080
- Observe the saved config -
keycloakEnable: true is persisted for this server context.
- Run any command using the saved context (e.g.,
microcks import):
NewClient is called and reads the contextc.Insecure is set to true (from KeycloackEnable: true) - even if no --insecure-tls flag was used
Microcks version or git rev
Install method (docker-compose, helm chart, operator, docker-desktop extension,...)
No response
Additional information
The c.Insecure field is declared in the microcksClient struct but is never subsequently read in any method - making this either dead assignment or a field that was intended to propagate TLS config but is being set from the wrong source.
Describe the bug
In
pkg/connectors/microcks_client.go, theNewClientfunction incorrectly assignsconfigCtx.Server.KeycloackEnable(a boolean flag indicating whether Keycloak authentication is enabled) to thec.Insecurefield (which semantically should represent TLS insecurity, i.e., skip-verify).The
microcksClientstruct has two separate boolean fields for TLS-related concerns:KeycloackEnableindicates whether the server uses Keycloak for authentication - it has nothing to do with TLS security posture. Settingc.Insecure = configCtx.Server.KeycloackEnablemeans:c.Insecureis set totruec.Insecureis set tofalseThis is semantically backwards and incorrect.
Proposed fix:
Expected behavior
c.Insecureshould either:configCtx.Server.InsecureTLS(same asc.InsecureTLS), ORInsecureTLSActual behavior
c.Insecureis set based on whether Keycloak is enabled - a completely unrelated concern.How to Reproduce?
keycloakEnable: trueis persisted for this server context.microcks import):NewClientis called and reads the contextc.Insecureis set totrue(fromKeycloackEnable: true) - even if no--insecure-tlsflag was usedMicrocks version or git rev
Install method (
docker-compose,helm chart,operator,docker-desktop extension,...)No response
Additional information
The
c.Insecurefield is declared in themicrocksClientstruct but is never subsequently read in any method - making this either dead assignment or a field that was intended to propagate TLS config but is being set from the wrong source.