Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Enable process deployment with client authentication / mutual TLS
See original GitHub issueEven though it is possible to secure a Camunda Platform instance with client authentication / mutual TLS the modeler is unable to connect to this instance to deploy / start processes. In context of enterprise solutions this is often a requirement and thus should be considered as a feature.
In camunda-modeler\client\src\plugins\camunda-plugin\shared\CamundaAPI.js there is a central fetch implementation that should be extended to allow passing a client certificate. See https://github.com/arantes555/electron-fetch/issues/18 for a rough idea.
I had a go at a pull-request however hit a wall since JavaScript is not my natural habitat 😉
I seemed to have trouble with the React implementation of fetch and importing the required modules.
Having a proper selection / configuration of a client certificate similar to any browser (see below) would be desired as well which again is out of my league.
Most companies will have their client certificates ‘burnt-into’ the browsers or will use the certificate store of the OS so you would get around any ‘local’ configuration - however I would not know how to access this from the context of the modeler.
Since I do require a solution here is what I did: I created a small webapp that allows uploading a file and deploy / start a process using the Process Engines REST API and put it right next to the Camunda Platform. For the modeler I created a small plugin (more a menu extension to be honest) that will open a browser with the URL of my webapp. Since the browser takes care of the selection of an certificate this is a fairly simple however effective solution.
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
A customer reported this, too. Here are the details from the customer request:
Camunda modeler cannot deploy to Zeebe anymore. We have activated a secure HTTPS connection to access the Zeebe Gateways, it might be that camunda modeler doesn’t support TLS.
What are the steps to reproduce your problem?
kubectl port-forward -n zeebe-caseflow service/zeebe-gateway 26500Context:
Which product and version do you currently use? Desktop Modeler 5.0.
In which environments (staging, production, etc.) do you need the feature? Development
Please describe the missing / desired functionality: Add HTTPS / TLS support to Modeler.
What problem would the feature solve? Cannot deploy models to TLS secured Zeebe instance (after we got the TLS security in SUPPORT-12080)
What effort would be required without the feature? Reduced development speed as it is not possible to fix BPMN models in DEV in an iterative fashion.
Do you have a deadline by which you need the feature? Q3. Unless there is a workaround, like using zbctl? Does it support deployment with TLS? If there is a workaround, Q4 is acceptable for us.
Why do you need the feature? Fast iteration / bug fixes in a secure development environment. If we cannot deploy directly to test things out, then we need to do git branch, MR, validation, merge in master and CD to dev.
So a 2 minute test becomes a 2 hour test and that negatively impacts the velocity of the whole team.
Who benefits from the feature (developers, end users, management) and how big are the respective benefiting groups? Developers and consultants
If this feature is not implemented, what impact would it have on you and / or your business? Reduced velocity, longer projects with customers.
@CatalinaMoisuc due to a customer request, I would like us to work on this item in one of the following iterations. I moved it into “ready” therefore. TLS support for a local Zeebe dev cluster was added due to a request of this customer, but unfortunately, the Desktop Modeler is not able to connect to this cluster, so it felt for the customer like a “half-baked” solution, and for their development cycle it is crucial (and I think for others, too). Maybe the problem could be mitigated by the Web Modeler Self-Managed (can you confirm it?), but we shouldn’t wait for this long.