@camunda8/sdk
    Preparing search index...

    Function validateTlsSettings

    • Validates settings consistency and logs warnings for conflicting TLS configuration.

      Parameters

      • config: {
            CAMUNDA_AUTH_STRATEGY: "BASIC" | "OAUTH" | "BEARER" | "COOKIE" | "NONE";
            CAMUNDA_BASIC_AUTH_PASSWORD: undefined | string;
            CAMUNDA_BASIC_AUTH_USERNAME: undefined | string;
            CAMUNDA_CONSOLE_BASE_URL: undefined | string;
            CAMUNDA_CONSOLE_CLIENT_ID: undefined | string;
            CAMUNDA_CONSOLE_CLIENT_SECRET: undefined | string;
            CAMUNDA_CONSOLE_OAUTH_AUDIENCE: string;
            CAMUNDA_COOKIE_AUTH_PASSWORD: string;
            CAMUNDA_COOKIE_AUTH_URL: string;
            CAMUNDA_COOKIE_AUTH_USERNAME: string;
            CAMUNDA_CUSTOM_CERT_CHAIN_PATH: undefined | string;
            CAMUNDA_CUSTOM_PRIVATE_KEY_PATH: undefined | string;
            CAMUNDA_CUSTOM_ROOT_CERT_PATH: undefined | string;
            CAMUNDA_CUSTOM_ROOT_CERT_STRING: undefined | string;
            CAMUNDA_CUSTOM_USER_AGENT_STRING: undefined | string;
            CAMUNDA_JOB_WORKER_MAX_BACKOFF_MS: number;
            CAMUNDA_LOG_LEVEL:
                | "none"
                | "error"
                | "http"
                | "warn"
                | "info"
                | "verbose"
                | "debug"
                | "silly";
            CAMUNDA_MODELER_BASE_URL: string;
            CAMUNDA_MODELER_OAUTH_AUDIENCE: undefined
            | string;
            CAMUNDA_OAUTH_DISABLED: boolean;
            CAMUNDA_OAUTH_TOKEN: undefined | string;
            CAMUNDA_OAUTH_TOKEN_REFRESH_THRESHOLD_MS: number;
            CAMUNDA_OAUTH_URL: undefined | string;
            CAMUNDA_OPERATE_BASE_URL: undefined | string;
            CAMUNDA_OPERATE_OAUTH_AUDIENCE: string;
            CAMUNDA_OPTIMIZE_BASE_URL: undefined | string;
            CAMUNDA_OPTIMIZE_OAUTH_AUDIENCE: string;
            CAMUNDA_SECURE_CONNECTION: undefined | boolean;
            CAMUNDA_SUPPORT_LOG_ENABLED: boolean;
            CAMUNDA_SUPPORT_LOG_FILE_PATH: undefined | string;
            CAMUNDA_TASKLIST_BASE_URL: undefined | string;
            CAMUNDA_TASKLIST_OAUTH_AUDIENCE: string;
            CAMUNDA_TENANT_ID: undefined | string;
            CAMUNDA_TOKEN_CACHE_DIR: undefined | string;
            CAMUNDA_TOKEN_DISK_CACHE_DISABLE: boolean;
            CAMUNDA_TOKEN_SCOPE: undefined | string;
            CAMUNDA_ZEEBE_OAUTH_AUDIENCE: undefined | string;
            ZEEBE_ADDRESS: undefined | string;
            ZEEBE_CLIENT_ID: undefined | string;
            ZEEBE_CLIENT_SECRET: undefined | string;
            ZEEBE_GRPC_ADDRESS: string;
            ZEEBE_REST_ADDRESS: string;
            ZEEBE_TOKEN_AUDIENCE: string;
            zeebeGrpcSettings: {
                GRPC_HTTP2_MAX_PINGS_WITHOUT_DATA: number;
                GRPC_HTTP2_MIN_PING_INTERVAL_WITHOUT_DATA_MS: number;
                GRPC_HTTP2_MIN_TIME_BETWEEN_PINGS_MS: number;
                GRPC_INITIAL_RECONNECT_BACKOFF_MS: string | 1000;
                GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS: number;
                GRPC_KEEPALIVE_TIME_MS: number;
                GRPC_KEEPALIVE_TIMEOUT_MS: number;
                GRPC_MAX_RECONNECT_BACKOFF_MS: string | 10000;
                GRPC_MIN_RECONNECT_BACKOFF_MS: string | 5000;
                ZEEBE_CLIENT_LOG_LEVEL: "NONE" | "DEBUG" | "INFO";
                ZEEBE_CLIENT_LOG_TYPE: "JSON" | "SIMPLE";
                ZEEBE_GRPC_CLIENT_CONNECTION_TOLERANCE_MS: number;
                ZEEBE_GRPC_CLIENT_EAGER_CONNECT: boolean;
                ZEEBE_GRPC_CLIENT_INITIAL_CONNECTION_TOLERANCE_MS: undefined | number;
                ZEEBE_GRPC_CLIENT_MAX_RETRIES: number;
                ZEEBE_GRPC_CLIENT_MAX_RETRY_TIMEOUT_SECONDS: number;
                ZEEBE_GRPC_CLIENT_RETRY: boolean;
                ZEEBE_GRPC_WORKER_LONGPOLL_SECONDS: number;
                ZEEBE_GRPC_WORKER_POLL_INTERVAL_MS: number;
                ZEEBE_INSECURE_CONNECTION: undefined | boolean;
            };
        }

        The Camunda Platform 8 configuration

        • CAMUNDA_AUTH_STRATEGY: "BASIC" | "OAUTH" | "BEARER" | "COOKIE" | "NONE"

          The authentication strategy to use for the Camunda 8 SDK. Defaults to 'OAUTH'.

          • 'BASIC' - Basic authentication
          • 'OAUTH' - OAuth authentication
          • 'BEARER' - Bearer token authentication
          • 'COOKIE' - Cookie authentication
          • 'NONE' - No authentication

          If you are passing in a custom IHeadersProvider implementation, you can set this to 'NONE' to disable the default authentication.

        • CAMUNDA_BASIC_AUTH_PASSWORD: undefined | string

          Password for Basic Auth. Set this when using the BASIC auth strategy with CAMUNDA_AUTH_STRATEGY.

        • CAMUNDA_BASIC_AUTH_USERNAME: undefined | string

          Username for Basic Auth. Set this when using the BASIC auth strategy with CAMUNDA_AUTH_STRATEGY.

        • CAMUNDA_CONSOLE_BASE_URL: undefined | string

          The base url for the Admin Console API.

        • CAMUNDA_CONSOLE_CLIENT_ID: undefined | string

          Credentials id for Admin Console and Modeler API

        • CAMUNDA_CONSOLE_CLIENT_SECRET: undefined | string

          Credentials secret for Admin Console and Modeler API

        • CAMUNDA_CONSOLE_OAUTH_AUDIENCE: string

          The audience parameter for an Admin Console OAuth token request. Defaults to api.cloud.camunda.io when connecting to Camunda SaaS, and '' otherwise

        • CAMUNDA_COOKIE_AUTH_PASSWORD: string

          The password for Cookie authentication when CAMUNDA_AUTH_STRATEGY is set to COOKIE. Defaults to 'demo'

        • CAMUNDA_COOKIE_AUTH_URL: string

          The login endpoint for Cookie authentication (for use with C8Run in 8.7). Defaults to http://localhost:8080/api/login

        • CAMUNDA_COOKIE_AUTH_USERNAME: string

          The username for Cookie authentication when CAMUNDA_AUTH_STRATEGY is set to COOKIE. Defaults to 'demo'

        • CAMUNDA_CUSTOM_CERT_CHAIN_PATH: undefined | string

          When using custom or self-signed certificates with mTLS, provide the path to the client certificate chain. Works with Zeebe gRPC.

        • CAMUNDA_CUSTOM_PRIVATE_KEY_PATH: undefined | string

          When using custom or self-signed certificates with mTLS, provide the path to the client private key. Works with Zeebe gRPC.

        • CAMUNDA_CUSTOM_ROOT_CERT_PATH: undefined | string

          In an environment using self-signed certificates, provide the path to the server certificate. Provide this to allow the client to connect to a server secured with this cert.

        • CAMUNDA_CUSTOM_ROOT_CERT_STRING: undefined | string

          In an environment using self-signed certificates, provide the server certificate as a string. Provide this to allow the client to connect to a server secured with this cert.

        • CAMUNDA_CUSTOM_USER_AGENT_STRING: undefined | string

          Custom user agent

        • CAMUNDA_JOB_WORKER_MAX_BACKOFF_MS: number

          Maximum polling backoff time in milliseconds for Job Workers when an error is encountered. Defaults to 16000 (16 seconds).

        • CAMUNDA_LOG_LEVEL: "none" | "error" | "http" | "warn" | "info" | "verbose" | "debug" | "silly"

          The log level for logging. Defaults to 'info'. Values (in order of priority): 'error', 'warn', 'info', 'http', 'verbose', 'debug', 'silly'. Set to 'none' to suppress logging.

        • CAMUNDA_MODELER_BASE_URL: string

          The base url for the Modeler API. Defaults to Camunda Saas - https://modeler.camunda.io/api

          See: https://github.com/camunda/camunda-8-js-sdk/issues/203

        • CAMUNDA_MODELER_OAUTH_AUDIENCE: undefined | string

          The audience parameter for a Modeler OAuth token request. Defaults to api.cloud.camunda.io when connecting to Camunda SaaS, and '' otherwise See: https://github.com/camunda/camunda-8-js-sdk/issues/60

        • CAMUNDA_OAUTH_DISABLED: boolean

          Set to true to disable OAuth completely

        • CAMUNDA_OAUTH_TOKEN: undefined | string

          The OAuth token (used for CAMUNDA_AUTH_STRATEGY "BEARER")

        • CAMUNDA_OAUTH_TOKEN_REFRESH_THRESHOLD_MS: number

          How soon in milliseconds before its expiration time a cached OAuth token should be considered expired. Defaults to 1000

        • CAMUNDA_OAUTH_URL: undefined | string

          The OAuth token exchange endpoint url

        • CAMUNDA_OPERATE_BASE_URL: undefined | string

          The base url for the Operate API

        • CAMUNDA_OPERATE_OAUTH_AUDIENCE: string

          The audience parameter for an Operate OAuth token request. Defaults to operate.camunda.io

        • CAMUNDA_OPTIMIZE_BASE_URL: undefined | string

          The base url for the Optimize API

        • CAMUNDA_OPTIMIZE_OAUTH_AUDIENCE: string

          The audience parameter for an Optimize OAuth token request. Defaults to optimize.camunda.io

        • CAMUNDA_SECURE_CONNECTION: undefined | boolean

          Control TLS for Zeebe GRPC connections. Defaults to true.

          Note: This setting interacts with the ZEEBE_INSECURE_CONNECTION setting in zeebeGrpcSettings.

          • If CAMUNDA_SECURE_CONNECTION is true and ZEEBE_INSECURE_CONNECTION is false, a secure TLS connection will be used.
          • If CAMUNDA_SECURE_CONNECTION is false or ZEEBE_INSECURE_CONNECTION is true, an insecure connection will be used.
          • Setting both CAMUNDA_SECURE_CONNECTION to true and ZEEBE_INSECURE_CONNECTION to true will result in a warning and an insecure connection will be used.
          • Setting both CAMUNDA_SECURE_CONNECTION to false and ZEEBE_INSECURE_CONNECTION to false will result in a warning and an insecure connection will be used.
          true
          
        • CAMUNDA_SUPPORT_LOG_ENABLED: boolean

          Set to true to enable an output log file with debugging information and diagnostic traces to assist Camunda Support in technical support.

        • CAMUNDA_SUPPORT_LOG_FILE_PATH: undefined | string

          Optionally provide a file path for the support log. By default it will be emitted as camunda-support.log

        • CAMUNDA_TASKLIST_BASE_URL: undefined | string

          The base url for the Tasklist API

        • CAMUNDA_TASKLIST_OAUTH_AUDIENCE: string

          The audience parameter for a Tasklist OAuth token request. Defaults to tasklist.camunda.io

        • CAMUNDA_TENANT_ID: undefined | string

          The tenant id when multi-tenancy is enabled

        • CAMUNDA_TOKEN_CACHE_DIR: undefined | string

          The directory to cache OAuth tokens on-disk. Defaults to $HOME/.camunda

        • CAMUNDA_TOKEN_DISK_CACHE_DISABLE: boolean

          Set to true to disable disk caching of OAuth tokens and use memory caching only

        • CAMUNDA_TOKEN_SCOPE: undefined | string

          Optional scope parameter for OAuth (needed by some OIDC, such as Microsoft Entra)

        • CAMUNDA_ZEEBE_OAUTH_AUDIENCE: undefined | string

          The audience parameter for a Zeebe OAuth token request. This is a synonym for and has precedence over ZEEBE_TOKEN_AUDIENCE. If this value is not set, ZEEBE_TOKEN_AUDIENCE will be used.

        • ZEEBE_ADDRESS: undefined | string

          The address for the Zeebe gRPC Gateway. Defaults to localhost:26500

        • ZEEBE_CLIENT_ID: undefined | string

          This is the client ID for the client credentials

        • ZEEBE_CLIENT_SECRET: undefined | string

          This is the client secret for the client credentials

        • ZEEBE_GRPC_ADDRESS: string

          The address for the Zeebe gRPC Gateway. Defaults to localhost:26500. If a value is also provided for ZEEBE_ADDRESS, that value will be used preferentially.

        • ZEEBE_REST_ADDRESS: string

          The address for the Zeebe REST API. Defaults to localhost:8080

        • ZEEBE_TOKEN_AUDIENCE: string

          The audience parameter for a Zeebe OAuth token request. Defaults to zeebe.camunda.io

        • zeebeGrpcSettings: {
              GRPC_HTTP2_MAX_PINGS_WITHOUT_DATA: number;
              GRPC_HTTP2_MIN_PING_INTERVAL_WITHOUT_DATA_MS: number;
              GRPC_HTTP2_MIN_TIME_BETWEEN_PINGS_MS: number;
              GRPC_INITIAL_RECONNECT_BACKOFF_MS: string | 1000;
              GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS: number;
              GRPC_KEEPALIVE_TIME_MS: number;
              GRPC_KEEPALIVE_TIMEOUT_MS: number;
              GRPC_MAX_RECONNECT_BACKOFF_MS: string | 10000;
              GRPC_MIN_RECONNECT_BACKOFF_MS: string | 5000;
              ZEEBE_CLIENT_LOG_LEVEL: "NONE" | "DEBUG" | "INFO";
              ZEEBE_CLIENT_LOG_TYPE: "JSON" | "SIMPLE";
              ZEEBE_GRPC_CLIENT_CONNECTION_TOLERANCE_MS: number;
              ZEEBE_GRPC_CLIENT_EAGER_CONNECT: boolean;
              ZEEBE_GRPC_CLIENT_INITIAL_CONNECTION_TOLERANCE_MS: undefined | number;
              ZEEBE_GRPC_CLIENT_MAX_RETRIES: number;
              ZEEBE_GRPC_CLIENT_MAX_RETRY_TIMEOUT_SECONDS: number;
              ZEEBE_GRPC_CLIENT_RETRY: boolean;
              ZEEBE_GRPC_WORKER_LONGPOLL_SECONDS: number;
              ZEEBE_GRPC_WORKER_POLL_INTERVAL_MS: number;
              ZEEBE_INSECURE_CONNECTION: undefined | boolean;
          }
          • GRPC_HTTP2_MAX_PINGS_WITHOUT_DATA: number

            This channel argument controls the maximum number of pings that can be sent when there is no other data (data frame or header frame) to be sent. GRPC Core will not continue sending pings if we run over the limit. Setting it to 0 allows sending pings without sending data.

          • GRPC_HTTP2_MIN_PING_INTERVAL_WITHOUT_DATA_MS: number

            Minimum allowed time between a server receiving successive ping frames without sending any data frame. Int valued, milliseconds. Default: 90000

          • GRPC_HTTP2_MIN_TIME_BETWEEN_PINGS_MS: number

            Defaults to 90000.

          • GRPC_INITIAL_RECONNECT_BACKOFF_MS: string | 1000

            The time between the first and second connection attempts, in ms. Defaults to 1000.

          • GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS: number

            This channel argument if set to 1 (0 : false; 1 : true), allows keepalive pings to be sent even if there are no calls in flight. Defaults to 1.

          • GRPC_KEEPALIVE_TIME_MS: number

            After a duration of this time the client/server pings its peer to see if the transport is still alive. Int valued, milliseconds. Defaults to 360000.

          • GRPC_KEEPALIVE_TIMEOUT_MS: number

            After waiting for a duration of this time, if the keepalive ping sender does not receive the ping ack, it will close the transport. Int valued, milliseconds. Defaults to 120000.

          • GRPC_MAX_RECONNECT_BACKOFF_MS: string | 10000

            The maximum time between subsequent connection attempts, in ms. Defaults to 10000.

          • GRPC_MIN_RECONNECT_BACKOFF_MS: string | 5000

            The minimum time between subsequent connection attempts, in ms. Default is 1000ms, but this can cause an SSL Handshake failure. This causes an intermittent failure in the Worker-LongPoll test when run against Camunda Cloud. Raised to 5000ms. See: https://github.com/grpc/grpc/issues/8382#issuecomment-259482949

          • ZEEBE_CLIENT_LOG_LEVEL: "NONE" | "DEBUG" | "INFO"

            Log level of Zeebe Client and Workers - 'DEBUG' | 'INFO' | 'NONE'. Defaults to 'INFO'

          • ZEEBE_CLIENT_LOG_TYPE: "JSON" | "SIMPLE"

            Zeebe client log output can be human-readable 'SIMPLE' or structured 'JSON'. Defaults to 'SIMPLE'

          • ZEEBE_GRPC_CLIENT_CONNECTION_TOLERANCE_MS: number

            The gRPC channel can "jitter". This suppresses a connection error message if the channel comes back within this window in milliseconds. Defaults to 3000

          • ZEEBE_GRPC_CLIENT_EAGER_CONNECT: boolean

            Immediately connect to the Zeebe Gateway (issues a silent topology request). Defaults to false

          • ZEEBE_GRPC_CLIENT_INITIAL_CONNECTION_TOLERANCE_MS: undefined | number

            This suppresses intermediate errors during initial connection negotiation. On Camunda SaaS this defaults to 6000, on Self-Managed to 0

          • ZEEBE_GRPC_CLIENT_MAX_RETRIES: number

            Maximum number of retries of network operations before failing. Defaults to -1 (infinite retries)

          • ZEEBE_GRPC_CLIENT_MAX_RETRY_TIMEOUT_SECONDS: number

            When retrying failed network operations, retries back off to this maximum period. Defaults to 10s

          • ZEEBE_GRPC_CLIENT_RETRY: boolean

            Automate retrying operations that fail due to network conditions or broker backpressure. Defaults to true

          • ZEEBE_GRPC_WORKER_LONGPOLL_SECONDS: number

            How long in seconds the long poll Job Activation request is held open by a worker. Defaults to 60

          • ZEEBE_GRPC_WORKER_POLL_INTERVAL_MS: number

            After a long poll Job Activation request, this is the cool-off period in milliseconds before the worker requests more work. Defaults to 300

          • ZEEBE_INSECURE_CONNECTION: undefined | boolean

            Use an insecure connection for Zeebe GRPC.

            Note: This setting interacts with the CAMUNDA_SECURE_CONNECTION setting.

            • If ZEEBE_INSECURE_CONNECTION is false and CAMUNDA_SECURE_CONNECTION is true, a secure TLS connection will be used (recommended).
            • If ZEEBE_INSECURE_CONNECTION is true or CAMUNDA_SECURE_CONNECTION is false, an insecure connection will be used.
            • Setting both ZEEBE_INSECURE_CONNECTION to true and CAMUNDA_SECURE_CONNECTION to true will result in a warning and an insecure connection will be used.
            • Setting both ZEEBE_INSECURE_CONNECTION to false and CAMUNDA_SECURE_CONNECTION to false will result in a warning and an insecure connection will be used.
            false
            

      Returns void