test: update otel integration tests

Signed-off-by: Fabrizio Sestito <[email protected]>

tests/common/mod.rs

@@ -121,6 +121,7 @@ pub(crate) fn default_test_config() -> Config {
         log_fmt: "json".to_owned(),
         log_no_color: false,
         otlp_endpoint: None,
+        otlp_tls_config: Default::default(),
         daemon: false,
         daemon_pid_file: "policy_server.pid".to_owned(),
         daemon_stdout_file: None,

tests/data/ca.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUelYKxNE+hEOUDY9vF4oSJ567zzEwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEyMDkxNzA2NTVaFw0yOTEy
+MDgxNzA2NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDb2HiIf1RaWJqua83AedtjkGe9x8TLy1cXE/W6w4Ia
+FYtufzNGUZpBmrv6MmUJNB3RRxtYTT2TTwSsAykxXaVtNle48XYOE4mBJOroNa65
+F8bSe64kn10bHwy3QM5CxcTLpJoFfB+fyuYUoYCeLriZ3fZU69gZSsbluIJmnH81
+gee+xO/Pue6mPUbZhOPYd6K3+Q5Vw1LJnLO5aNa5xTbAcko9tizmSxTmfRDGlzgx
+6uO3tzsrvo9Hev6Ygpce/zWddr64MRX72E5ToVBfvK8EbpPSwA6NQtaJtv9UXUQL
+JShzq4kud2e949unEg3ZAMZTus+3DGUmLaai79XkG3QZAgMBAAGjUzBRMB0GA1Ud
+DgQWBBTLjPkOsIvZ8FUnWePvpmxDyEYhPDAfBgNVHSMEGDAWgBTLjPkOsIvZ8FUn
+WePvpmxDyEYhPDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA4
+3xhMYZ9/0AqEHNuc/yWIvUfsKryvLMIJ/oU/Ko1ixXdPH+49sUw+aSBEjKOJVIyf
+2jTKHvFUzQOhA+939O+Vesf5Avitc7V/USUB6smgYVE9+0mLwD8koq7punNEUy8N
+nXBxfncl1/5C8W2pZg+El3GWL6Z6BqyhWXNB7dWvVaJO51g50Kti8Re7NE6TbNtQ
+8Znsp3W6MJg6n19Tl7ZJiamzHtojCKrqc7a69rxln92W41K2XTTBjJL4eHB/Ph4Q
+v+kUzFgbhzoI94ix1wKLu7U4EF11IA1R0i5lJ9vHo6YYyJB40/w+J5bG6dGOybBE
++uBiBir2rDQ6R410yfqG
+-----END CERTIFICATE-----

tests/data/client-cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8DCCAdigAwIBAgIUOeERiSqnvvahNnd5dWIZdbYHDSYwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwETXlDQTAeFw0yNDEyMDkxNTM0NTZaFw0yNTEyMDkxNTM0
+NTZaMBExDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALj5LVWAAq5ALh/rPO3xK+DgVT/pYSoTRJlT8UAGMVJonX3mraXVDXAz
+TfS29r9xQJwZjbfkxbrBwR4RsDugkOTpoxlbngYFsKn4Yq0Kyuc3maEguVyVWWQX
+GEzzhoe6ivOnCcNJNwf2M+4ZZhUQ8+m43eYg2mtJIYqEv7/6tH7JuprJ28iuypoL
+qEiRY5/d70wYWIpMCV3LnavUJvH6OB23cfhQ1NYyjylOOlk7mlVFfONNsdg26NTV
+xVVt1XWrjl6QieTnwwl8D0JeK7A3FX5d7n1tVVTLYMBs7UwBeEH33ELsuGBhPv+r
+t1g6Sp3380lrFFwvVw+2b3rkF9VBdEsCAwEAAaNCMEAwHQYDVR0OBBYEFKR8DvjY
+HIZzQlSS7bPRUfixr7kgMB8GA1UdIwQYMBaAFM++ZOTaTt+mh5E7goRMwKw0/5gr
+MA0GCSqGSIb3DQEBCwUAA4ICAQCSy6vC0np3eoKDgWGBgsd7khurcCGpaudx5ZjM
+bLznfGNR00B5B9zkuBQsCrqSzqFkINnSNz170vH5zBOdD6iTHB4NUizom1cdbet5
+zydvbDBah07GjbYluiqjaw56XoAcOzyGSIQTK1ZnS2QNlspzBPHqwBcbFY8qRjvH
+AoXV1sGaPJM+szQBY0UQnrwHMLD8PyWuWxJzuZFsDXwxKJHii3wcFUTmwPToZgga
+npwNFIEdijT6A13VbN3BQlhQzs5NWolKQXHkzX00wZyBjFucuA0eHqXJR9P/W+n0
+3Dd6LXRWL3JDhuffkTPABJ4zcsPHdkL2cf5MDF2PoU925pJ5Tee5MzJU6089MfDA
+RMUh0JGzBGuM29dAchY/tWbEcHJC2OWb1PEuy6mAjw4HH3jMAvWQlTroIGf/1hva
+mdLPEBxEykIxS/9QbWnvAYuxrW5wQ+mt8wWf3MivCjHGUv7MaWH2pj7WzRB482Pk
+yMO6jjnpmVutr3sRyoOo/iVTaTP80tu/3Mysx42L//oOOy4Yp77J6daEJDa25BGy
+XI+PrkygXiUe1wtvV1pgUrEQtiZP1nIEELiWXtDrj8wj4ma149fkHpmtFU/AurxT
+CMCHi1mcq96tS3XmSU4fkZtUCieqo8bauS04Kp2fgomfUJngdH8KQ7lOCAdXJxsr
+WurNfQ==
+-----END CERTIFICATE-----

tests/data/client-key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4+S1VgAKuQC4f
+6zzt8Svg4FU/6WEqE0SZU/FABjFSaJ195q2l1Q1wM030tva/cUCcGY235MW6wcEe
+EbA7oJDk6aMZW54GBbCp+GKtCsrnN5mhILlclVlkFxhM84aHuorzpwnDSTcH9jPu
+GWYVEPPpuN3mINprSSGKhL+/+rR+ybqaydvIrsqaC6hIkWOf3e9MGFiKTAldy52r
+1Cbx+jgdt3H4UNTWMo8pTjpZO5pVRXzjTbHYNujU1cVVbdV1q45ekInk58MJfA9C
+XiuwNxV+Xe59bVVUy2DAbO1MAXhB99xC7LhgYT7/q7dYOkqd9/NJaxRcL1cPtm96
+5BfVQXRLAgMBAAECggEANZ+PA+VbYZabiIdSn4w18zg1npSSpXb2gRizrKLe84v+
+dDxGhPexsKA+7j2IZNF5MIe77N62b8CxsnzgQTj4KFSPAs/rjMVjhLLMMGwbjFIz
+CGILOorVYk3Lrqs+ieSLWb1H+EQmXvmB7nmQfXTvsQb11Twa9dU6kwSO7iHI56Ql
+/bp+eY5+gYs40q+J7a3bp3+ZN/0SiMrDf08YcxXzfhVUC2coRdbNSFnh4kbFAIQK
+35H54T7PloOBpJN98FOEPJZhVUbztXWNA0iHG05qLEXELXRoT39T5VDzF55DIgSl
+9HawpqDDYtm3SsPwp8TEelL6VpHFwjKgeTacoBLnEQKBgQD9kZudpiTtOXGP0VQi
+ebsEbkjKkwmXvvLDDhJij3vBfE1mKxwQ8BzeupDtlOAIgR7zoOo7KiVaDhU+lWiC
+Qr1ikH0pRCrUNGXfVzAkhMAPBbnIFiA64Kx1ee8E11g8XJweBMNypd4ClLjHd83o
+3ouGfhvODYy65StGa8UUEscPOQKBgQC6vzMeIe6/J13K73PzxqxWmldQGNV0tTzN
+mVfA/JvUbOFHfyxVqjCmWgbvK/eLo98Ftsu8YUg9MrGz0iDp4rKbUVJKW/zh8f/M
+w0nOlF6abJ90cbj0nmiGPFWPaMWZ1etvNsgziKpPwjwWa5/LYKAfdqFkY1t5aoc+
+Z5fGPWXbowKBgGiS6G632nrLOf5qAhzFv08wfGyu/0HJyiyPXR2wtwUw0mrUVJrX
+q9BfeO3CfDKFrdIkBvWniAf/ztskmxk9lQVVOYkPR+qEQY8+Ueh9pweLAPd3yIr/
+paA9TUnd1dHvD6OBq2lY5pqB40LAMfdb8Ibi82yjQerCIHrGb1y78cRhAoGBAJo1
+ZRrO3n3PHi6ECXYWax2gmdU0jJ+xQaJtq/9bGbsSpf0KUSv0O/RCh1NdNS+EhJgN
+WLQYiTSv9foN3MwGPYLwZkmtKGfUFG2cHgiOkIhohkv71MV7QckHbYfc9r+P3Lib
+vjp/8lOmi0PgX7Xr9o3EwoVJXrIme8PWe4hiDwiNAoGASJAsHUQ9LCg3i0mKF/Qp
+u0oKi6iW5xSIVSuzazBaqQyM3RAAcymbGbQ1oWMFNDwWkkxpDLOYaBvGkQBk2JXU
+5p8EYJZY+KOUgZ+IKt/Ibqbmsl/Z9JxYWhLvKAs4iHjPNr+yIsZ4/RCyss+pNEyb
+C+DqJyhNSVGeeMqshLkwRVs=
+-----END PRIVATE KEY-----

tests/data/otel-collector-config.yaml

@@ -5,6 +5,10 @@ receivers:
   otlp:
     protocols:
       grpc:
+        tls:
+          ca_file: "certs/ca.pem"
+          cert_file: "certs/server-cert.pem"
+          key_file: "certs/server-key.pem"
 
 exporters:
   file/metrics:

tests/data/server-cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIUCph+VxBXp4p8lHfk1+kfgcrdaHwwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEyMDkxNzA3MTRaFw0yNTEy
+MDkxNzA3MTRaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDNkhFV13bj/nlDzRg86sJsA57k0ggCDoWAFFbIWnti
+nMhZY4BqU6xJ42V7Sqr+RdTdMU5c0xjBX62zf6aEiSebwvrs5tjB6y/00UsZUmCB
+WQBkkzDAYPKyoX7euoPnn7BUBxBdbt1ZUWZEuxWHj171QiEt/IAmlJgxkMmaBQf/
+PQEXLXAlIohZXcUu+KR7QB5rAB2gYl3bl5iToyP44KgiBMX+nR4N80bJ4mcHPNqR
+ZXkdxWCJXb8VPVX3lfbceKc08iD3zhb9dY/tj/8kPOXZOwMQlLdwkY+nGRVmEPnP
+AfClVlIPAk6vgz4Vh6evwTXPwNJXBOOwW3of35W8jSBVAgMBAAGjYzBhMB8GA1Ud
+IwQYMBaAFMuM+Q6wi9nwVSdZ4++mbEPIRiE8MAkGA1UdEwQCMAAwFAYDVR0RBA0w
+C4IJbG9jYWxob3N0MB0GA1UdDgQWBBTWFzOksM1kDCtKtShGTQ2R0TxN3TANBgkq
+hkiG9w0BAQsFAAOCAQEA2W9IwSWAiNbPYRa9TqhW+W5nMQVIbcYTzk57GQ04m37W
+M7zhd7eGanPtKj3mdr6dp8/3bMp5U98bPaFL04vNHPr8aYv5ODiqHhSwaxvE9hI3
+usuIwvfr2+LfIgrwyzxSB3NaRDYxGRkny1zkn0Tk4nyUNw2jXUmP0RkFMiUzHfsw
+FS6dHUopSWM/U9NAZviUzMGzHPaEvXfBZavaMSkC7jc0Er8XCxRDssURHOmT0Cky
+84pbKGMrTtxuASkIatN09Ou8aWiBv2m+iwd/ck3MFk86mtjKIftXdh2Mhv9U0eH+
+1uF/cGTTUl21hsAji4lZHsB90AXC+9lBOEsID8P+zg==
+-----END CERTIFICATE-----

tests/data/server-key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNkhFV13bj/nlD
+zRg86sJsA57k0ggCDoWAFFbIWntinMhZY4BqU6xJ42V7Sqr+RdTdMU5c0xjBX62z
+f6aEiSebwvrs5tjB6y/00UsZUmCBWQBkkzDAYPKyoX7euoPnn7BUBxBdbt1ZUWZE
+uxWHj171QiEt/IAmlJgxkMmaBQf/PQEXLXAlIohZXcUu+KR7QB5rAB2gYl3bl5iT
+oyP44KgiBMX+nR4N80bJ4mcHPNqRZXkdxWCJXb8VPVX3lfbceKc08iD3zhb9dY/t
+j/8kPOXZOwMQlLdwkY+nGRVmEPnPAfClVlIPAk6vgz4Vh6evwTXPwNJXBOOwW3of
+35W8jSBVAgMBAAECggEAFh/x8LC7cYdqasMwqCHGIhTzrYHzbbE9ag8GVhLy86aX
+I5PDdu4hfWRVgEMFi09dvR645eGsaOeQzOBgviP62NdP5V5lFt3mr+00rXmBvHol
+Qi3bUeE9Tb925abiWnQD6M9H0h6EAUBzBtOx2gCywifHZWknK7/Tb4Y7RHHlLfGj
+xPYGWyQFp8iLjS9uYMExyaFULM/VfQHzOnZo3gknD9MOoHRvsyXRlIefpOGZybGN
+aqpUDe3dcKAzGJeW1eS2DwYGa4wpwGGZAW9RlSBTTkIe5bsTrLpxeEMtGcxeVSMq
+5//vQCEwmNIv/ZWW+G3H2yoLdCKOIJJRekm0mb1OcwKBgQD9L2z7alPFEoDiOOpC
+NJmRsyAjibj3H3J4YiTsPzbe0q9OWZ0tBu5gW5QmMgqRN+uyQahuo33wAyVTBJUU
+nKnlZ8MrF0SBZQEfK2ucVmbnUB+JoXj2wG/A5rebAmVxBW/YuFhdAfYpnyB80gfi
+uiZm5dBKTohwwBWzuDM93ckPjwKBgQDP2yEBN8plkpnpcw2xJ4H2uKtNnTi3L7nC
+aacugi/jqQMZjULcsx/y9TQGRa5QtN6wOPsJzm5lDl5cBbl1scTsT7rk6DFFJe86
+MGjokVZL0hjo8+1onAVYjW/RtrZBJIqrdHcdpL2T/xAsuG+B9b2j46VqpYe1cVqy
+XedJ722f2wKBgGBUdgumZd76bk0kSIUODEvyMk0zLkvgDCafeNrmJlNbJ9YQpIuo
+MnQ5A8IQkhK0ixnUf2gxDk6Oc9oFSU+BV+bvtsMjZC4zJt0cISJngVmLE6TC6gpA
+J4Tmg38Xx07cObTkVsJ0Z5tobuzu4I80Mj4+PCS5gpIbk2ZAtEZapxAjAoGAb98H
+14j4lUyfLCexgdy6tVjVUjPBl87HEx0cTwrgzY5kzbba+sAp/PD+bDXKyUNf68bv
+TmrdveRK4wpttCvWyj1rYNKb2hS9ujrd6/Z1VN+iapcG+1umAPA28898LnmFbRyF
+E95b7rDEOt2VnoPt6qyWlly7OuvkncWuu3tzLCsCgYBpIIdfH60Mdt9Bp+IKrIJY
+3irYyi8TLTWp157ksIsr1orzVHFB8OMKas7EQQTLSxlb7v23OT0r3eL2XRvNOyCr
+evKIO+B0bVxxsN+O16ldaElrwLyoZTJolCyMWQuQt3Zigm/VGaZiAD7er0qg6s/4
+hjUCBY6dmVTP8l6afx5d/w==
+-----END PRIVATE KEY-----

tests/integration_test.rs

@@ -23,6 +23,7 @@ use policy_evaluator::{
     admission_response::AdmissionResponseStatus,
     policy_fetcher::verify::config::VerificationConfigV1,
 };
+use policy_server::config::OtlpTlsConfig;
 use policy_server::{
     api::admission_review::AdmissionReviewResponse,
     config::{PolicyMode, PolicyOrPolicyGroup},
@@ -746,8 +747,18 @@ async fn test_detect_certificate_rotation() {
 async fn test_otel() {
     setup();
 
-    let mut otelc_config_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-    otelc_config_path.push("tests/data/otel-collector-config.yaml");
+    let otelc_config_path =
+        PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/data/otel-collector-config.yaml");
+
+    let ca_path = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/data/ca.pem");
+    let server_cert_path =
+        PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/data/server-cert.pem");
+    let server_key_path =
+        PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/data/server-key.pem");
+    let client_cert_path =
+        PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/data/client-cert.pem");
+    let client_key_path =
+        PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/data/client-key.pem");
 
     let metrics_output_file = NamedTempFile::new().unwrap();
     let metrics_output_file_path = metrics_output_file.path();
@@ -757,7 +768,7 @@ async fn test_otel() {
 
     let permissions = Permissions::from_mode(0o666);
     set_permissions(metrics_output_file_path, permissions.clone()).unwrap();
-    set_permissions(traces_output_file_path, permissions).unwrap();
+    set_permissions(traces_output_file_path, permissions.clone()).unwrap();
 
     let otelc = GenericImage::new("otel/opentelemetry-collector", "0.98.0")
         .with_wait_for(WaitFor::message_on_stderr("Everything is ready"))
@@ -773,6 +784,18 @@ async fn test_otel() {
             traces_output_file_path.to_str().unwrap(),
             "/tmp/traces.json",
         ))
+        .with_mount(Mount::bind_mount(
+            ca_path.to_str().unwrap(),
+            "/certs/ca.pem",
+        ))
+        .with_mount(Mount::bind_mount(
+            server_cert_path.to_str().unwrap(),
+            "/certs/server-cert.pem",
+        ))
+        .with_mount(Mount::bind_mount(
+            server_key_path.to_str().unwrap(),
+            "/certs/server-key.pem",
+        ))
         .with_mapped_port(1337, 4317.into())
         .with_cmd(vec!["--config=/etc/otel-collector-config.yaml"])
         .with_startup_timeout(Duration::from_secs(30))
@@ -783,13 +806,24 @@ async fn test_otel() {
     let mut config = default_test_config();
     config.metrics_enabled = true;
     config.log_fmt = "otlp".to_string();
-    config.otlp_endpoint = Some("http://localhost:1337".to_string());
-    setup_metrics(config.otlp_endpoint.as_deref()).unwrap();
+    config.otlp_endpoint = Some("https://localhost:1337".to_string());
+    config.otlp_tls_config = OtlpTlsConfig {
+        ca_file: Some(ca_path),
+        cert_file: Some(client_cert_path),
+        key_file: Some(client_key_path),
+    };
+
+    setup_metrics(
+        config.otlp_endpoint.as_deref(),
+        config.otlp_tls_config.clone(),
+    )
+    .unwrap();
     setup_tracing(
         &config.log_level,
         &config.log_fmt,
         config.log_no_color,
         config.otlp_endpoint.as_deref(),
+        config.otlp_tls_config.clone(),
     )
     .unwrap();