Skip to content

CAMEL-23250: Security policy enforcement with profile-aware defaults#22269

Open
gnodet wants to merge 3 commits intomainfrom
CAMEL-23250-security-policy-enforcement
Open

CAMEL-23250: Security policy enforcement with profile-aware defaults#22269
gnodet wants to merge 3 commits intomainfrom
CAMEL-23250-security-policy-enforcement

Conversation

@gnodet
Copy link
Copy Markdown
Contributor

@gnodet gnodet commented Mar 26, 2026
edited
Loading

CAMEL-23250

Summary

Add a security policy enforcement framework that enables runtime detection and enforcement of security-sensitive configuration options in Apache Camel.

Commit structure (for easier review)

  1. Security policy framework (37 files) — Core framework: annotations, tooling generators, enforcement engine, health check, tests, design proposal, build-time validation of security categories
  2. Component annotation changes (75 files) — security = "insecure:ssl" / "insecure:serialization" / "insecure:dev" / "secret" annotations on affected components; migrates secret = true to security = "secret" on all touched files
  3. Regenerated files (442 files) — Regenerated JSON metadata and catalog files

Key changes

  • New security attribute on @Metadata, @UriParam, @UriPath with categories: "secret", "insecure:ssl", "insecure:serialization", "insecure:dev"
  • New insecureValue attribute to flag the specific value that triggers a security concern
  • SecurityConfigurationProperties for policy configuration (camel.security.insecureSslPolicy, etc.)
  • SecurityUtils / SecurityViolation in camel-util for violation scanning
  • SecurityPolicyResult in camel-main for startup enforcement (fail/warn/allow)
  • SecurityPolicyHealthCheck for runtime monitoring via health API
  • Profile-aware defaults: dev/test profiles default to warn, prod defaults to fail
  • Bidirectional derivation: secret=true implies security="secret" and vice versa
  • All metadata generators updated to emit the security field in JSON schemas
  • Deprecate secret attribute in favor of security = "secret"
  • Migrate all @UriParam(secret = true) / @Metadata(secret = true) usages in touched files to security = "secret"
  • Build-time validation: BaseOptionModel.setSecurity() validates categories at build time — typos like security = "sercet" cause an immediate IllegalArgumentException with a clear message listing valid values
  • Design proposal: proposals/security.adoc

Test plan

  • MainSecurityPolicyTest — parameterized tests for policy enforcement (fail/warn/allow) across profiles
  • MainSecurityPolicyHealthCheckTest — health check reports violations
  • SecurityUtilsTest — violation scanning logic
  • Verify generated metadata includes security field
  • CI build passes

🤖 Generated with Claude Code

Claude Code on behalf of Guillaume Nodet

@gnodet gnodet requested review from davsclaus and oscerd March 26, 2026 00:46
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 26, 2026

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using build-all, build-dependents, skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@gnodet gnodet marked this pull request as draft March 26, 2026 06:24
@gnodet gnodet changed the title CAMEL-23250: Warn or prevent plain-text secrets and insecure configuration CAMEL-23250: Security policy enforcement with profile-aware defaults Mar 26, 2026
@gnodet gnodet mentioned this pull request Mar 26, 2026
Open
5 tasks
@gnodet gnodet marked this pull request as ready for review March 27, 2026 07:43
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch 3 times, most recently from 7d1ca40 to d186bfb Compare April 2, 2026 15:34
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 7, 2026

Quality Gate Passed Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.6% Coverage on New Code
2.7% Duplication on New Code

See analysis details on SonarQube Cloud

@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch 6 times, most recently from acc9a34 to 7ce2eb7 Compare April 8, 2026 16:32
@gnodet gnodet closed this Apr 8, 2026
@gnodet gnodet reopened this Apr 8, 2026
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch from b6ed4ab to 7ce2eb7 Compare April 8, 2026 16:40
@gnodet gnodet closed this Apr 8, 2026
@gnodet gnodet reopened this Apr 8, 2026
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch 4 times, most recently from 5fe8a95 to 6c604f4 Compare April 8, 2026 17:10
@gnodet gnodet marked this pull request as draft April 8, 2026 17:12
@gnodet gnodet marked this pull request as ready for review April 8, 2026 17:12
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch from 6c604f4 to 8fbeb08 Compare April 8, 2026 17:18
gnodet and others added 3 commits April 8, 2026 20:50
@gnodet @claude
CAMEL-23250: Add security policy enforcement framework
ce60148 
Introduce a security policy framework that enables runtime enforcement
of security-sensitive configuration options. This adds:

- New `security` attribute on @metadata, @UriParam, @UriPath annotations
  with categories: "secret", "insecure:ssl", "insecure:serialization",
  "insecure:dev"
- SecurityConfigurationProperties for policy configuration
  (camel.security.insecureSslPolicy, etc.)
- SecurityUtils/SecurityViolation in camel-util for violation scanning
- SecurityPolicyResult in camel-main for startup enforcement
- SecurityPolicyHealthCheck for runtime monitoring
- Updated all metadata generators (EndpointSchemaGeneratorMojo,
  PrepareCamelMainMojo, GeneratePojoBeanMojo, SchemaGeneratorMojo,
  PackageLanguageMojo) to emit the security field in JSON metadata
- Bidirectional derivation: secret=true implies security="secret"
  and security="secret" implies secret=true
- Profile-aware defaults: dev/test profiles default to "warn",
  prod defaults to "fail" for insecure options
- Design proposal document (proposals/security.adoc)
- Deprecate `secret` attribute in favor of `security = "secret"`

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
CAMEL-23250: Annotate components with security policy categories
eef402b 
Add `security = "insecure:ssl"` to trustAllCertificates and similar
SSL-bypass parameters across all affected components (HTTP, Netty,
Undertow, Vert.x HTTP, Mina, Paho, SJMS, JMS, ActiveMQ, Splunk, etc.).

Add `security = "insecure:serialization"` to allowJavaSerializedObject
and similar deserialization-bypass parameters.

Migrate `@UriParam(secret = true)` to `@UriParam(security = "secret")`
and `@Metadata(secret = true)` to `@Metadata(security = "secret")`
on all component and core configuration fields touched by this PR,
removing usage of the now-deprecated `secret` attribute.

Add `security = "insecure:dev"` to devConsoleEnabled, downloadEnabled,
sendEnabled, uploadEnabled on main configuration properties.

Add `insecureValue` attribute where applicable to flag the specific
value that triggers a security concern (e.g., insecureValue = "true"
for boolean flags).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
CAMEL-23250: Regenerate catalog and generated files
6da130a 
Regenerate all component JSON metadata, catalog files, and
camel-main configuration metadata to include the new security
field in component/bean/language JSON schemas.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch from 8fbeb08 to 6da130a Compare April 8, 2026 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oscerd oscerd oscerd approved these changes

@davsclaus davsclaus Awaiting requested review from davsclaus

Assignees

No one assigned

Labels

catalog components components-ai components-aws components-azure components-jms components-kafka core docs dsl tooling tooling-maven

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gnodet @oscerd @mcg