Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend testing/proxytest to support mTLS #4497

Closed
AndersonQ opened this issue Mar 28, 2024 · 2 comments · Fixed by #4745
Closed

Extend testing/proxytest to support mTLS #4497

AndersonQ opened this issue Mar 28, 2024 · 2 comments · Fixed by #4745
Assignees
@pchila
Labels
Team:Elastic-Agent Label for the Agent team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Testing

Comments

@AndersonQ
Copy link
Member

Describe the enhancement:

Extend the testing/proxytest to support mTLS. It should be possible to configure:

  • the CA the proxy will use for its own requests to other servers
  • the CA to validate the clients' TLS certificate
  • the TLS certificate to present to its clients
  • the key for the certificate presented to its clients

Describe a specific use case for the enhancement or feature:

Test the Elastic Agent support for mTLS between itself and fleet-server or a proxy. More specifically, to do an integration test for test

What is the definition of done?

cURL can use the testproxy when it requires mTLS. The request will only succeed if cURL is correctly configured to present TLS certificates and with the proxy's CA.

The proxy is configured with:

  • cURL CA's
  • proxy-cert.pem
  • procy-cert-key.pem

cURL is used to reach https://elastic.co as follows:

curl --cacert proxy-ca.pem \
     --cert cRUL-cert.pem \
     --key cRUL-cert-key.pem \
     https://elastic.co
@AndersonQ AndersonQ added Team:Elastic-Agent Label for the Agent team Testing labels Mar 28, 2024
@AndersonQ AndersonQ self-assigned this Mar 28, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

@pierrehilbert pierrehilbert assigned pchila and unassigned AndersonQ Apr 25, 2024
@ycombinator ycombinator added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Apr 26, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

This was referenced May 10, 2024
Draft
Open
Open
@pchila pchila mentioned this issue May 14, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pchila pchila

Labels
Team:Elastic-Agent Label for the Agent team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add TLS support for proxytest pchila/elastic-agent
4 participants
@ycombinator @AndersonQ @elasticmachine @pchila