Export 'VESPA_TLS_ENABLED' environment variable

6 files changed, 6 insertions, 0 deletions

diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
index 996d2533ae1..ae18700246c 100644
--- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
+++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
@@ -52,6 +52,7 @@ public class Main {
             Map<OutputVariable, String> outputVariables = new TreeMap<>();
             Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars);
             if (options.isPresent()) {
+                outputVariables.put(OutputVariable.TLS_ENABLED, "1");
                 options.get().getCaCertificatesFile()
                         .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString()));
                 MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars);
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/OutputVariable.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/OutputVariable.java
index 9cd4cc1fc67..dd248d05aac 100644
--- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/OutputVariable.java
+++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/OutputVariable.java
@@ -7,6 +7,7 @@ package com.yahoo.vespa.security.tool.securityenv;
  * @author bjorncs
  */
 enum OutputVariable {
+    TLS_ENABLED("VESPA_TLS_ENABLED", "Set to '1' if TLS is enabled in Vespa"),
     CA_CERTIFICATE("VESPA_TLS_CA_CERT", "Path to CA certificates file"),
     CERTIFICATE("VESPA_TLS_CERT", "Path to certificate file"),
     PRIVATE_KEY("VESPA_TLS_PRIVATE_KEY", "Path to private key file");
diff --git a/security-tools/src/test/resources/bash-output.txt b/security-tools/src/test/resources/bash-output.txt
index 421320f82d5..c07c667af47 100644
--- a/security-tools/src/test/resources/bash-output.txt
+++ b/security-tools/src/test/resources/bash-output.txt
@@ -1,3 +1,4 @@
+VESPA_TLS_ENABLED="1"; export VESPA_TLS_ENABLED;
 VESPA_TLS_CA_CERT="/path/to/cacerts"; export VESPA_TLS_CA_CERT;
 VESPA_TLS_CERT="/path/to/certificate"; export VESPA_TLS_CERT;
 VESPA_TLS_PRIVATE_KEY="/path/to/key"; export VESPA_TLS_PRIVATE_KEY;
diff --git a/security-tools/src/test/resources/csh-output.txt b/security-tools/src/test/resources/csh-output.txt
index 47594af9339..2b6716de92b 100644
--- a/security-tools/src/test/resources/csh-output.txt
+++ b/security-tools/src/test/resources/csh-output.txt
@@ -1,3 +1,4 @@
+setenv VESPA_TLS_ENABLED "1";
 setenv VESPA_TLS_CA_CERT "/path/to/cacerts";
 setenv VESPA_TLS_CERT "/path/to/certificate";
 setenv VESPA_TLS_PRIVATE_KEY "/path/to/key";
diff --git a/security-tools/src/test/resources/expected-help-output.txt b/security-tools/src/test/resources/expected-help-output.txt
index e16f1b1dab0..7d125fe15a2 100644
--- a/security-tools/src/test/resources/expected-help-output.txt
+++ b/security-tools/src/test/resources/expected-help-output.txt
@@ -5,6 +5,7 @@ content of VESPA_TLS_CONFIG_FILE.
  -s,--shell <arg>   Shell type. Shell type is auto-detected if option not
                     present. Valid values: ['bourne', 'cshell'].
 The output may include the following variables:
+ - 'VESPA_TLS_ENABLED': Set to '1' if TLS is enabled in Vespa
  - 'VESPA_TLS_CA_CERT': Path to CA certificates file
  - 'VESPA_TLS_CERT': Path to certificate file
  - 'VESPA_TLS_PRIVATE_KEY': Path to private key file
diff --git a/security-tools/src/test/resources/no-security-output.txt b/security-tools/src/test/resources/no-security-output.txt
index 8ecd1e77902..3467f1316b5 100644
--- a/security-tools/src/test/resources/no-security-output.txt
+++ b/security-tools/src/test/resources/no-security-output.txt
@@ -1,3 +1,4 @@
+unset VESPA_TLS_ENABLED;
 unset VESPA_TLS_CA_CERT;
 unset VESPA_TLS_CERT;
 unset VESPA_TLS_PRIVATE_KEY;