Skip to content

Commit

Permalink
add integration tests for mTLS proxy with Defend installed
Browse files Browse the repository at this point in the history
  • Loading branch information
AndersonQ committed Oct 30, 2024
1 parent e6f281a commit 2ffe8aa
Show file tree
Hide file tree
Showing 12 changed files with 598 additions and 77 deletions.
6 changes: 3 additions & 3 deletions NOTICE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1263,12 +1263,12 @@ SOFTWARE


--------------------------------------------------------------------------------
Dependency : github.com/elastic/elastic-agent-libs
Version: v0.15.0
Dependency : github.com/AndersonQ/elastic-agent-libs
Version: v0.0.0-20241030142444-2c550e81aca1
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-libs@v0.15.0/LICENSE:
Contents of probable licence file $GOMODCACHE/github.com/!anderson!q/elastic-agent-libs@v0.0.0-20241030142444-2c550e81aca1/LICENSE:

Apache License
Version 2.0, January 2004
Expand Down
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -488,3 +488,5 @@ replace (
// See https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/12d41f40b0d408b0167633d8095160d3343d46ac/go.mod#L38
github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api v0.0.0-20180801171038-322a19404e37
)

replace github.com/elastic/elastic-agent-libs => github.com/AndersonQ/elastic-agent-libs v0.0.0-20241030142444-2c550e81aca1
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AndersonQ/elastic-agent-libs v0.0.0-20241030142444-2c550e81aca1 h1:4MbKIqvy4z/xCe4NG80qqZqGUCEHEQgHY8xY4BoRwCc=
github.com/AndersonQ/elastic-agent-libs v0.0.0-20241030142444-2c550e81aca1/go.mod h1:5CR02awPrBr+tfmjBBK+JI+dMmHNQjpVY24J0wjbC7M=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
Expand Down Expand Up @@ -264,8 +266,6 @@ github.com/elastic/elastic-agent-autodiscover v0.9.0 h1:+iWIKh0u3e8I+CJa3FfWe9h0
github.com/elastic/elastic-agent-autodiscover v0.9.0/go.mod h1:5iUxLHhVdaGSWYTveSwfJEY4RqPXTG13LPiFoxcpFd4=
github.com/elastic/elastic-agent-client/v7 v7.16.0 h1:yKGq2+CxAuW8Kh0EoNl202tqAyQKfBcPRawVKs2Jve0=
github.com/elastic/elastic-agent-client/v7 v7.16.0/go.mod h1:6h+f9QdIr3GO2ODC0Y8+aEXRwzbA5W4eV4dd/67z7nI=
github.com/elastic/elastic-agent-libs v0.15.0 h1:MGl6vFu5YAxFHA+wDhXbQl2OvSk/MRgezxBCD5kCwIg=
github.com/elastic/elastic-agent-libs v0.15.0/go.mod h1:5CR02awPrBr+tfmjBBK+JI+dMmHNQjpVY24J0wjbC7M=
github.com/elastic/elastic-agent-system-metrics v0.11.3 h1:LDzRwP8kxvsYEtMDgMSKZs1TgPcSEukit+/EAP5Y28A=
github.com/elastic/elastic-agent-system-metrics v0.11.3/go.mod h1:saqLKe9fuyuAo6IADAnnuy1kaBI7VNlxfwMo8KzSRyQ=
github.com/elastic/elastic-transport-go/v8 v8.6.0 h1:Y2S/FBjx1LlCv5m6pWAF2kDJAHoSjSRSJCApolgfthA=
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,6 @@ func (h *PolicyChangeHandler) Handle(ctx context.Context, a fleetapi.Action, ack
return errors.New(err, "could not parse the configuration from the policy", errors.TypeConfig)
}

h.log.Debugf("handlerPolicyChange: emit configuration for action %+v", a)
err = h.handlePolicyChange(ctx, c)
if err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion pkg/testing/define/define.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@ import (
"github.com/gofrs/uuid/v5"

"github.com/elastic/elastic-agent-libs/kibana"
"github.com/elastic/elastic-agent/pkg/utils"
"github.com/elastic/go-elasticsearch/v8"
"github.com/elastic/go-sysinfo"
"github.com/elastic/go-sysinfo/types"

atesting "github.com/elastic/elastic-agent/pkg/testing"
"github.com/elastic/elastic-agent/pkg/utils"
semver "github.com/elastic/elastic-agent/pkg/version"
"github.com/elastic/elastic-agent/version"

Expand Down
8 changes: 6 additions & 2 deletions pkg/testing/fixture.go
Original file line number Diff line number Diff line change
Expand Up @@ -1376,8 +1376,12 @@ type AgentInspectOutput struct {
Threshold int `yaml:"threshold"`
} `yaml:"reporting"`
Ssl struct {
Renegotiation string `yaml:"renegotiation"`
VerificationMode string `yaml:"verification_mode"`
Renegotiation string `yaml:"renegotiation"`
VerificationMode string `yaml:"verification_mode"`
Certificate string `yaml:"certificate"`
CertificateAuthorities []string `yaml:"certificate_authorities"`
Key string `yaml:"key"`
KeyPassphrasePath string `yaml:"key_passphrase_path"`
} `yaml:"ssl"`
Timeout string `yaml:"timeout"`
} `yaml:"fleet"`
Expand Down
16 changes: 8 additions & 8 deletions pkg/testing/fixture_install.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ type EnrollOpts struct {
CertificateAuthorities []string // --certificate-authorities
Certificate string // --elastic-agent-cert
Key string // --elastic-agent-cert-key
KeyPassphrasePath string // --elastic-agent-cert-key-passphrase
}

func (e EnrollOpts) toCmdArgs() []string {
Expand All @@ -65,10 +66,13 @@ func (e EnrollOpts) toCmdArgs() []string {
if e.Certificate != "" {
args = append(args, "--elastic-agent-cert="+e.Certificate)
}

if e.Key != "" {
args = append(args, "--elastic-agent-cert-key="+e.Key)
}
if e.KeyPassphrasePath != "" {
args = append(args, "--elastic-agent-cert-key-passphrase="+e.KeyPassphrasePath)
}

return args
}

Expand Down Expand Up @@ -113,7 +117,7 @@ type InstallOpts struct {
FleetBootstrapOpts
}

func (i *InstallOpts) toCmdArgs(operatingSystem string) ([]string, error) {
func (i *InstallOpts) ToCmdArgs() []string {
var args []string
if i.BasePath != "" {
args = append(args, "--base-path", i.BasePath)
Expand Down Expand Up @@ -150,7 +154,7 @@ func (i *InstallOpts) toCmdArgs(operatingSystem string) ([]string, error) {
args = append(args, i.EnrollOpts.toCmdArgs()...)
args = append(args, i.FleetBootstrapOpts.toCmdArgs()...)

return args, nil
return args
}

// Install installs the prepared Elastic Agent binary and registers a t.Cleanup
Expand Down Expand Up @@ -196,11 +200,7 @@ func (f *Fixture) installNoPkgManager(ctx context.Context, installOpts *InstallO
}

installArgs := []string{"install"}
installOptsArgs, err := installOpts.toCmdArgs(f.operatingSystem)
if err != nil {
return nil, err
}
installArgs = append(installArgs, installOptsArgs...)
installArgs = append(installArgs, installOpts.ToCmdArgs()...)
out, err := f.Exec(ctx, installArgs, opts...)
if err != nil {
f.DumpProcesses("-install")
Expand Down
50 changes: 21 additions & 29 deletions pkg/testing/tools/tools.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,53 +70,45 @@ func InstallAgentWithPolicy(ctx context.Context, t *testing.T,
agentFixture.SetUninstallToken(uninstallToken)
}

err = InstallAgentForPolicy(ctx, t, installOpts, agentFixture, kibClient, policy.ID)
return policy, err
InstallAgentForPolicy(ctx, t, installOpts, agentFixture, kibClient, policy.ID)
return policy, nil
}

// InstallAgentForPolicy enrolls the provided agent fixture in Fleet using the
// default Fleet Server, waits for the agent to come online, and returns either
// an error or nil.
// InstallAgentForPolicy enrolls the provided agent fixture with Fleet. If
// either the enroll URL or the enrollmentToken is empty, they'll be generated
// using the default fleet-server. Then if delay enroll isn't set it waits for
// the agent to come online, otherwise it returns immediately.
// If the context (ctx) has a deadline, it will wait for the agent to become
// online until the deadline of the context, or if not, a default 5-minute
// deadline will be applied.
func InstallAgentForPolicy(ctx context.Context, t *testing.T,
installOpts atesting.InstallOpts,
agentFixture *atesting.Fixture,
kibClient *kibana.Client,
policyID string) error {
func InstallAgentForPolicy(ctx context.Context, t *testing.T, installOpts atesting.InstallOpts, agentFixture *atesting.Fixture, kibClient *kibana.Client, policyID string) {
t.Helper()

// Create enrollment API key
createEnrollmentAPIKeyReq := kibana.CreateEnrollmentAPIKeyRequest{
PolicyID: policyID,
}

t.Logf("Creating enrollment API key...")
enrollmentToken, err := kibClient.CreateEnrollmentAPIKey(ctx, createEnrollmentAPIKeyReq)
if err != nil {
return fmt.Errorf("unable to create enrollment API key: %w", err)
}

// Get default Fleet Server URL
fleetServerURL, err := fleettools.DefaultURL(ctx, kibClient)
if err != nil {
return fmt.Errorf("unable to get default Fleet Server URL: %w", err)
if installOpts.EnrollmentToken == "" {
t.Logf("Creating enrollment API key...")
enrollmentToken, err := kibClient.CreateEnrollmentAPIKey(ctx, createEnrollmentAPIKeyReq)
require.NoError(t, err, "failed creating enrollment API key")
installOpts.EnrollmentToken = enrollmentToken.APIKey
}

// Enroll agent
t.Logf("Unpacking and installing Elastic Agent")
installOpts.EnrollOpts = atesting.EnrollOpts{
URL: fleetServerURL,
EnrollmentToken: enrollmentToken.APIKey,
if installOpts.URL == "" {
fleetServerURL, err := fleettools.DefaultURL(ctx, kibClient)
require.NoError(t, err, "failed getting fleet server URL")
installOpts.URL = fleetServerURL
}

output, err := agentFixture.Install(ctx, &installOpts)
if err != nil {
t.Log(string(output))
return fmt.Errorf("unable to enroll Elastic Agent: %w", err)
require.NoError(t, err, "failed installing the agent")
}
t.Logf(">>> Ran Enroll. Output: %s", output)

t.Logf(">>> Enroll suceeded. Output: %s", output)

Check failure on line 111 in pkg/testing/tools/tools.go

View workflow job for this annotation

GitHub Actions / lint (ubuntu-latest)

`suceeded` is a misspelling of `succeeded` (misspell)

timeout := 10 * time.Minute
if deadline, ok := ctx.Deadline(); ok {
Expand All @@ -125,7 +117,7 @@ func InstallAgentForPolicy(ctx context.Context, t *testing.T,

// Don't check fleet status if --delay-enroll
if installOpts.DelayEnroll {
return nil
return
}

// Wait for Agent to be healthy
Expand All @@ -137,5 +129,5 @@ func InstallAgentForPolicy(ctx context.Context, t *testing.T,
"Elastic Agent status is not online",
)

return nil
return

Check failure on line 132 in pkg/testing/tools/tools.go

View workflow job for this annotation

GitHub Actions / lint (ubuntu-latest)

S1023: redundant `return` statement (gosimple)
}
Loading

0 comments on commit 2ffe8aa

Please sign in to comment.