The ClowderJsonPathPropertySource handles per-endpoint truststores incorrectly.

{
"kafka": {
 "brokers": [
   {
     "hostname": "localhost",
     "port": 9092
   }
 ],
 "topics": []
},
"endpoints": [
  {
    "app": "rbac",
    "name": "service",
    "hostname": "localhost",
    "port": 9000,
    "tlsPort": 9443,
    "trust-store-path": "/home/awood/devel/rhsm-subscriptions/config/certs/nonprod-insightsrhsm.jks",
    "trust-store-password": "blah"
  }
],
"metricsPath": "/metrics",
"metricsPort": 9000,
"privatePort": 10000,
"publicPort": 8000,
"webPort": 8000
}
 

That clowder configuration won't resolve the rbac-service's truststore correctly.  The issue is that the callbacks associated with the various endpoint section properties end up calling "getTruststorePath()".  However, that method is targeted to the global Clowder config entry of "tlsCAPath". That property is a little different because the value is meant to be a PEM file that has to be loaded into a proper PKCS12 type store.

Instead the endpoint's truststore path, password, and type should just be resolved and returned as they are written in the file.  Calling "initializeTrustStoreConfiguration()" is incorrect behavior as it invokes code that looks at tlsCAPath

Fortunately, this is not causing any major current issues as I don't believe any of our endpoints use the truststore-path property yet.  But the incorrect behavior results in the property not resolving and then our /info endpoint doesn't show the certificate information correctly.

The Quarkus Clowder config source appears to handle this confusing multiple truststore situation correctly so it's a good reference.