-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proxytest: proxy HTTPS request using MITM #5802
Conversation
This pull request does not have a backport label. Could you fix it @AndersonQ? 🙏
|
|
34296a6
to
5cb739b
Compare
go.mod
Outdated
@@ -14,7 +14,7 @@ require ( | |||
github.com/dolmen-go/contextio v0.0.0-20200217195037-68fc5150bcd5 | |||
github.com/elastic/elastic-agent-autodiscover v0.9.0 | |||
github.com/elastic/elastic-agent-client/v7 v7.16.0 | |||
github.com/elastic/elastic-agent-libs v0.12.1 | |||
github.com/elastic/elastic-agent-libs v0.12.2-0.20241016085313-16569381887f |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
once elastic/elastic-agent-libs#240 is merged it will be updated to v0.12.2
b80b705
to
89f4a5d
Compare
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
fd3a299
to
eddcaab
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks correct overall, had some questions about writing HTTP requests by hand.
testing/proxytest/https.go
Outdated
resp := bytes.Buffer{} | ||
resp.WriteString(fmt.Sprintf("HTTP/1.1 %d %s\r\n", | ||
statusCode, http.StatusText(statusCode))) | ||
resp.WriteString("Content-Type: text/plain\r\n") | ||
resp.WriteString(fmt.Sprintf("Content-Length: %d\r\n", len(body))) | ||
resp.WriteString("\r\n") | ||
if len(body) > 0 { | ||
resp.Write(body) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would look better if we instead created a http.Response
and written it to the buffer.
b295b2a
to
b2614b4
Compare
@swiatekm I've |
The proxytest now can proxy HTTPS requests using a men in the middle (MITM) approach to allow to fully control the requests between the proxy and the target server.
b2614b4
to
a53b932
Compare
Quality Gate passedIssues Measures |
The proxytest now can proxy HTTPS requests using a men in the middle (MITM) approach to allow to fully control the requests between the proxy and the target server. (cherry picked from commit ad041d4)
What does this PR do?
It extends
proxytest
to support proxying HTTPS requests.Why is it important?
It'll allow us to create integration tests for mTLS scenarios
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[ ] I have added an entry in./changelog/fragments
using the changelog tool[ ] I have added an integration test or an E2E testDisruptive User Impact
How to test this PR locally
Run
TestRunHTTPSProxy
passing theexample
build tag and follow the instructions to perform acRUL
request using the proxytest:go test -tags example -v -run TestRunHTTPSProxy$ ./testing/proxytest
Example:
$ curl \ --proxy-cacert /tmp/TestRunHTTPSProxy3155179289/001/proxyCA.crt \ --proxy-cert /tmp/TestRunHTTPSProxy3155179289/001/clientCert.crt \ --proxy-key /tmp/TestRunHTTPSProxy3155179289/001/clientCert.key \ --cacert /tmp/TestRunHTTPSProxy3155179289/001/proxyCA.crt \ --proxy https://127.0.0.1:40241 \ https://not-a-server.co It works!
Related issues
Questions to ask yourself