-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS support for proxytest #4745
Conversation
This pull request does not have a backport label. Could you fix it @pchila? 🙏
NOTE: |
c199b8e
to
81ebe66
Compare
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Just a questions on the panic not a blocker.
testing/proxytest/proxytest.go
Outdated
p.Server.Start() | ||
u, err := url.Parse(p.URL) | ||
if err != nil { | ||
panic(fmt.Sprintf("could parse fleet-server URL: %v", err)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not make this return an error and let the caller handle it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally the Start() and StartTLS() methods were not defined for the Proxy
struct as it exposed the ones from *httptest.Server
. It wasn't even used in tests as the server was created and started in one go.
Now that we are overriding those methods we can return what we want, will add a small commit for that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in 979217c
testing/proxytest/proxytest.go
Outdated
p.Server.StartTLS() | ||
u, err := url.Parse(p.URL) | ||
if err != nil { | ||
panic(fmt.Sprintf("could parse fleet-server URL: %v", err)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in 979217c
Quality Gate passedIssues Measures |
What does this PR do?
This PR introduces TLS configuration for
testing/proxytest
in order to be able to configure mTLS.No TLS, basic TLS (certificate server-side, no client auth) and mTLS (certificates for both client and server, common trusted CA) are tested via unit tests
Why is it important?
testing/proxytest
is going to be used to test (m)TLS proxy settings forelastic-agent
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[ ] I have added an entry in./changelog/fragments
using the changelog tool[ ] I have added an integration test or an E2E testDisruptive User Impact
How to test this PR locally
Related issues
testing/proxytest
to support mTLS #4497Questions to ask yourself