-
Notifications
You must be signed in to change notification settings - Fork 148
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Feature] Secondary fallback for package signature verification (#3453)
Adds a capability to check for fleet server hosted PGP as the last resort in case elastic artifact API is unavailable. Fleet server will host this PGP per version. any snapshot flags or other version qualifiers are ignored. (cherry picked from commit cdca211)
- Loading branch information
1 parent
a3f132e
commit 18350a8
Showing
11 changed files
with
278 additions
and
45 deletions.
There are no files selected for viewing
31 changes: 31 additions & 0 deletions
31
changelog/fragments/1695289867-Secondary-fallback-for-package-signature-verification.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Kind can be one of: | ||
# - breaking-change: a change to previously-documented behavior | ||
# - deprecation: functionality that is being removed in a later release | ||
# - bug-fix: fixes a problem in a previous version | ||
# - enhancement: extends functionality but does not break or fix existing behavior | ||
# - feature: new functionality | ||
# - known-issue: problems that we are aware of in a given version | ||
# - security: impacts on the security of a product or a user’s deployment. | ||
# - upgrade: important information for someone upgrading from a prior version | ||
# - other: does not fit into any of the other categories | ||
kind: feature | ||
|
||
# Change summary; a 80ish characters long description of the change. | ||
summary: Secondary fallback for package signature verification | ||
|
||
# Long description; in case the summary is not enough to describe the change | ||
# this field accommodate a description without length limits. | ||
description: Ability to upgrade securely in Air gapped environment where fleet server is the only reachable URI. | ||
|
||
# Affected component; a word indicating the component this changeset affects. | ||
component: elastic-agent | ||
|
||
# PR number; optional; the PR number that added the changeset. | ||
# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. | ||
# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. | ||
# Please provide it if you are adding a fragment for a different PR. | ||
pr: https://github.com/elastic/elastic-agent/pull/3453 | ||
|
||
# Issue number; optional; the GitHub issue related to this changeset (either closes or is part of). | ||
# If not present is automatically filled by the tooling with the issue linked to the PR number. | ||
issue: https://github.com/elastic/elastic-agent/issues/3264 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
127 changes: 127 additions & 0 deletions
127
internal/pkg/agent/application/upgrade/artifact/download/verifier_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
// or more contributor license agreements. Licensed under the Elastic License; | ||
// you may not use this file except in compliance with the Elastic License. | ||
|
||
package download | ||
|
||
import ( | ||
"bytes" | ||
"io" | ||
"net/http" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
|
||
"github.com/elastic/elastic-agent/internal/pkg/agent/errors" | ||
"github.com/elastic/elastic-agent/pkg/core/logger" | ||
) | ||
|
||
func TestPgpBytesFromSource(t *testing.T) { | ||
testCases := []struct { | ||
Name string | ||
Source string | ||
ClientDoErr error | ||
ClientBody []byte | ||
ClientStatus int | ||
|
||
ExpectedPGP []byte | ||
ExpectedErr error | ||
ExpectedLogMessage string | ||
}{ | ||
{ | ||
"successful call", | ||
PgpSourceURIPrefix + "https://location/path", | ||
nil, | ||
[]byte("pgp-body"), | ||
200, | ||
[]byte("pgp-body"), | ||
nil, | ||
"", | ||
}, | ||
{ | ||
"unknown source call", | ||
"https://location/path", | ||
nil, | ||
[]byte("pgp-body"), | ||
200, | ||
nil, | ||
ErrUnknownPGPSource, | ||
"", | ||
}, | ||
{ | ||
"invalid location is filtered call", | ||
PgpSourceURIPrefix + "http://location/path", | ||
nil, | ||
[]byte("pgp-body"), | ||
200, | ||
nil, | ||
nil, | ||
"Skipped remote PGP located ", | ||
}, | ||
{ | ||
"do error is filtered", | ||
PgpSourceURIPrefix + "https://location/path", | ||
errors.New("error"), | ||
[]byte("pgp-body"), | ||
200, | ||
nil, | ||
nil, | ||
"Skipped remote PGP located", | ||
}, | ||
{ | ||
"invalid status code is filtered out", | ||
PgpSourceURIPrefix + "https://location/path", | ||
nil, | ||
[]byte("pgp-body"), | ||
500, | ||
nil, | ||
nil, | ||
"Failed to fetch remote PGP", | ||
}, | ||
{ | ||
"invalid status code is filtered out", | ||
PgpSourceURIPrefix + "https://location/path", | ||
nil, | ||
[]byte("pgp-body"), | ||
404, | ||
nil, | ||
nil, | ||
"Failed to fetch remote PGP", | ||
}, | ||
} | ||
|
||
for _, tc := range testCases { | ||
t.Run(tc.Name, func(t *testing.T) { | ||
log, obs := logger.NewTesting(tc.Name) | ||
mockClient := &MockClient{ | ||
DoFunc: func(req *http.Request) (*http.Response, error) { | ||
if tc.ClientDoErr != nil { | ||
return nil, tc.ClientDoErr | ||
} | ||
|
||
return &http.Response{ | ||
StatusCode: tc.ClientStatus, | ||
Body: io.NopCloser(bytes.NewReader(tc.ClientBody)), | ||
}, nil | ||
}, | ||
} | ||
|
||
resPgp, resErr := PgpBytesFromSource(log, tc.Source, mockClient) | ||
require.Equal(t, tc.ExpectedErr, resErr) | ||
require.Equal(t, tc.ExpectedPGP, resPgp) | ||
if tc.ExpectedLogMessage != "" { | ||
logs := obs.FilterMessageSnippet(tc.ExpectedLogMessage) | ||
require.NotEqual(t, 0, logs.Len()) | ||
} | ||
|
||
}) | ||
} | ||
} | ||
|
||
type MockClient struct { | ||
DoFunc func(req *http.Request) (*http.Response, error) | ||
} | ||
|
||
func (m *MockClient) Do(req *http.Request) (*http.Response, error) { | ||
return m.DoFunc(req) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.