opensearch kamelets: Advanced TLS/mTLS configuration options

[oscerd]

Description

The OpenSearch Kamelets (opensearch-index-sink and opensearch-search-source) currently expose only basic TLS configuration:

• enableSSL (boolean)
• certificate (base64-encoded certificate)

Users with enterprise security requirements need additional TLS/mTLS capabilities that are available on the underlying camel-opensearch component but not surfaced by these Kamelets:

• TLS version specification (TLS 1.2 / 1.3)
• Custom cipher suites
• Client certificate authentication (mTLS)
• Custom trust stores / key stores
• Certificate validation options (hostname verification, etc.)

Originally requested against the camel-opensearch-index-sink-kafka-connector: apache/camel-kafka-connector#1723. The same gap exists in the Kamelets shipped by this repository.

Expected Behavior

The OpenSearch Kamelets should expose the advanced TLS/mTLS options supported by the camel-opensearch component (or a SSLContextParameters bean reference) so that users can configure:

• mTLS via client keystore (path/content, password, type)
• Trust store configuration (path/content, password, type)
• TLS protocol version and cipher suite selection
• Hostname verification / certificate validation toggles

One approach is to add Kamelet properties mapped to the component's SSL parameters; another is to allow referencing a pre-configured SSLContextParameters bean.

Additional Context

• Affected Kamelets:
  • kamelets/opensearch-index-sink.kamelet.yaml
  • kamelets/opensearch-search-source.kamelet.yaml
• Underlying component: camel:opensearch
• Reference issue: [OpenSearch Connector] OpenSearch Connector: Advanced TLS/mTLS configuration options? camel-kafka-connector#1723

[oscerd]

It needs this: apache/camel#22578