Adds new proxy tests and manual proxy tester (#138071)

The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments.
elastic · Aug 16, 2022 · 9631649 · 9631649
1 parent 51dc347
commit 9631649
Show file tree

Hide file tree

Showing 8 changed files with 1,397 additions and 368 deletions.
diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc
@@ -143,6 +143,22 @@ Specifies preconfigured connector IDs and configs. Default: {}.
 
 `xpack.actions.proxyUrl` {ess-icon}::
 Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used.
++
+Proxies may be used to proxy http or https requests through a proxy using the http or https protocol.  Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunneling" TCP mode, compared to HTTP mode).  That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method.
++
+If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publicly available certificate authority.
++
+There is currently no support for using basic authentication with a proxy (authentication for the proxy itself, not the URL being requested through the proxy).
++
+To help diagnose problems using a proxy, you can use the `curl` command with options to use your proxy, and log debug information, with the following command, replacing the proxy and target URLs as appropriate.  This will force the request to be made to the
+proxy in tunneling mode, and display some of the interaction between the client and the proxy.
++
+[source,sh]
+--
+curl --verbose --proxytunnel --proxy http://localhost:8080 http://example.com
+--
++
+
 
 `xpack.actions.proxyBypassHosts` {ess-icon}::
 Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings.  By default, all hosts will use the proxy, but if an action's hostname is in this list, the proxy will not be used.  The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time.

diff --git a/package.json b/package.json
@@ -1242,6 +1242,7 @@
     "postcss-scss": "^4.0.4",
     "prettier": "^2.7.1",
     "pretty-format": "^27.5.1",
+    "proxy": "^1.0.2",
     "q": "^1.5.1",
     "raw-loader": "^3.1.0",
     "react-test-renderer": "^16.14.0",

diff --git a/x-pack/plugins/actions/jest.integration.config.js b/x-pack/plugins/actions/jest.integration.config.js
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test/jest_integration_node',
+  rootDir: '../../..',
+  roots: ['<rootDir>/x-pack/plugins/actions'],
+};
diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils_connection.test.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils_connection.test.ts