Closed gastaldi closed 1 year ago
AFAIR @aloubyansky asked for this not to be exposed in production deployments, so let's hear his opinion.
One of the concerns that @maxandersen raised in Jan's PR was that it reveals details of the internal infrastructure, which isn't desired in prod.
AFAIK the URL returned in the YAML is the same used to access it and it's configured via QUARKUS_REGISTRY_MAVEN_REPO_URL
environment. Can you elaborate?
The same URL is also returned when the registry descriptor artifact is requested: https://github.com/quarkusio/registry.quarkus.io/blob/main/src/main/java/io/quarkus/registry/app/maven/RegistryDescriptorContentProvider.java#L93
In that case, it's fine, thanks for checking. A possible concern could be we expose an endpoint w/o a requirement in production. Somebody may discover it and start relying it, while we may for some reason change or remove it.
A possible concern could be we expose an endpoint w/o a requirement in production. Somebody may discover it and start relying it, while we may for some reason change or remove it.
I don't think that's the case here, we're just presenting a valid client configuration for the requested registry :)
Also, if that's the case, we don't necessarily need to expose it in the OpenAPI descriptor
@jmartisk I have played with it and I don't think we need to introduce a new property to expose this configuration. IMHO it doesn't do any harm if it is always exposed.
I have refactored the tests a bit and used the model classes instead of relying on the String output. Let me know what you think about it