Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix internal/pkg/agent/cmd.TestEnroll #5741

Merged
merged 3 commits into from
Oct 8, 2024
Merged

Fix internal/pkg/agent/cmd.TestEnroll #5741

merged 3 commits into from
Oct 8, 2024

Conversation

AndersonQ
Copy link
Member

fix the mock fleet server used on TestEnroll. It was using the root certificate instead its own certificate.

What does this PR do?

It fixes internal/pkg/agent/cmd.TestEnroll by starting the mock fleet-server with the intended TLS certificate istead of using the CA as its certificate.

Why is it important?

The TLS server mocking fleet-server is using the root certificate as its own certificate. It has worked so far because elasitc-agent-libs was adding SANs and IPs to the root certificates. However from elasitc-agent-libs v1.12.0 onwards the root certificates do not include IPs and SANs. This change makes internal/pkg/agent/cmd.TestEnroll to fail as the agent cannot validate the mock fleet-server certificate as it does not contain any IP or SANs if elasitc-agent-libs is updated. Which is happening in at least 2 PRs:

Checklist

  • My code follows the style guidelines of this project
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added an entry in ./changelog/fragments using the changelog tool
  • [ ] I have added an integration test or an E2E test

Disruptive User Impact

N/A

How to test this PR locally

go get github.com/elastic/elastic-agent-libs@v0.12.0
go test -v -run TestEnroll$ ./internal/pkg/agent/cmd

Related issues

Questions to ask yourself

  • How are we going to support this in production?
  • How are we going to measure its adoption?
  • How are we going to debug this?
  • What are the metrics I should take care of?
  • ...

@AndersonQ
fix nternal/pkg/agent/cmd TestEnroll
f5e571a 
fix the mock fleet server used on TestEnroll. It was using the root certificate instead its own certificate.
@AndersonQ AndersonQ requested a review from a team as a code owner October 8, 2024 13:31
@AndersonQ AndersonQ requested review from blakerouse and pchila October 8, 2024 13:31
@mergify Mergify
Copy link
Contributor

mergify bot commented Oct 8, 2024

This pull request does not have a backport label. Could you fix it @AndersonQ? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit

@mergify Mergify
Copy link
Contributor

mergify bot commented Oct 8, 2024

backport-v8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Oct 8, 2024
This was referenced Oct 8, 2024
Merged
Merged
@AndersonQ AndersonQ enabled auto-merge (squash) October 8, 2024 13:37
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@AndersonQ AndersonQ merged commit ae48b95 into elastic:main Oct 8, 2024
14 checks passed
mergify bot pushed a commit that referenced this pull request Oct 8, 2024
@AndersonQ @mergify
fix internal/pkg/agent/cmd.TestEnroll (#5741)
708ce01 
fix the mock fleet server used on internal/pkg/agent/cmd.TestEnroll was using the root certificate instead its own TLS certificate.
As soon as elasitc-agent-libs is updated to v1.12.0+ it becomes a problem as the root certificates do not come with IPs and SANs anymore. Therefore the client cannot verify the certificate indeed belongs to the server.

(cherry picked from commit ae48b95)
@mergify mergify bot mentioned this pull request Oct 8, 2024
Merged
1 task
pierrehilbert pushed a commit that referenced this pull request Oct 9, 2024
@mergify @AndersonQ
fix internal/pkg/agent/cmd.TestEnroll (#5741) (#5744)
5de1957 
fix the mock fleet server used on internal/pkg/agent/cmd.TestEnroll was using the root certificate instead its own TLS certificate.
As soon as elasitc-agent-libs is updated to v1.12.0+ it becomes a problem as the root certificates do not come with IPs and SANs anymore. Therefore the client cannot verify the certificate indeed belongs to the server.

(cherry picked from commit ae48b95)

Co-authored-by: Anderson Queiroz <anderson.queiroz@elastic.co>
@AndersonQ AndersonQ deleted the flakytest-fix-TestEnroll branch October 9, 2024 08:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlind23 jlind23 jlind23 approved these changes

@pchila pchila pchila approved these changes

@VihasMakwana VihasMakwana VihasMakwana approved these changes

@blakerouse blakerouse Awaiting requested review from blakerouse blakerouse is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@AndersonQ AndersonQ

Labels
backport-8.x Automated backport to the 8.x branch with mergify skip-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AndersonQ @jlind23 @pchila @VihasMakwana