Adds new proxy tests and manual proxy tester #138071
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 tasks
|
buildkite test this |
partially addresses elastic#102935 The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments.
pmuellr
force-pushed
the
actions/proxy-tests-2
branch
from
5ec9776
to
ff6f31b
Compare
pmuellr
added
Feature:Actions
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
ymao1
approved these changes
Aug 10, 2022
| + | ||
| Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunnelling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. | ||
| + | ||
| If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publically available certificate authority. |
There was a problem hiding this comment.
Suggested change
| If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publically available certificate authority. | |
| If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publicly available certificate authority. |
| @@ -143,6 +143,22 @@ Specifies preconfigured connector IDs and configs. Default: {}. | |||
|
|
|||
| `xpack.actions.proxyUrl` {ess-icon}:: | |||
| Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used. | |||
| + | |||
| Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunnelling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. | |||
There was a problem hiding this comment.
Suggested change
| Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunnelling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. | |
| Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunneling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. |
| There is currently no support for using basic authentication with a proxy (authentication for the proxy itself, not the URL being requested through the proxy). | ||
| + | ||
| To help diagnose problems using a proxy, you can use the `curl` command with options to use your proxy, and log debug information, with the following command, replacing the proxy and target URLs as appropriate. This will force the request to be made to the | ||
| proxy in tunnelling mode, and display some of the interaction between the client and the proxy. |
There was a problem hiding this comment.
Suggested change
| proxy in tunnelling mode, and display some of the interaction between the client and the proxy. | |
| proxy in tunneling mode, and display some of the interaction between the client and the proxy. |
mikecote
approved these changes
Aug 15, 2022
pmuellr
added
the
release_note:skip
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 16, 2022
The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments. (cherry picked from commit 9631649)
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Aug 16, 2022
The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments. (cherry picked from commit 9631649) # Conflicts: # package.json # x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils_connection.test.ts # yarn.lock
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 16, 2022
…c#138919) The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments. (cherry picked from commit 9631649) Co-authored-by: Patrick Mueller <patrick.mueller@elastic.co>
clintandrewhall
pushed a commit
to clintandrewhall/kibana
that referenced
this pull request
Aug 16, 2022
The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments.
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 18, 2022
…lastic#138920) * Adds new proxy tests and manual proxy tester (elastic#138071) The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments. (cherry picked from commit 9631649) # Conflicts: # package.json # x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils_connection.test.ts # yarn.lock * fix backport changes Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Mpdreamz
pushed a commit
to Mpdreamz/kibana
that referenced
this pull request
Sep 6, 2022
The new proxy tests added can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. Hopefully to be fixed by replacing with hpagent instead. In the meantime, we wanted to get the basic test framework in as well. In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server, `proxy`. The existing proxy server `http-proxy` does not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using the stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in _some_ environments.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Partially addresses #102935 (adds the test framework, but not all the tests since some fail)
Part of proxy meta issue #138319
Summary
All the code here is for testing, no production-level code is changed.
Adds new proxy tests that can test a variety of different proxy and target server configurations, however many of those tests are broken with our current proxy agents. As we fix those, we can update the test here to test those additional scenarios
Adds some documentation regarding proxy settings, for some conditions that we know to be true today using the current proxy support.
In addition to tests, the stand-alone forward proxy has been enhanced to use a better proxy server,
proxy. This proxy may be useful in helping to diagnose proxy issues customers are running into. The existing proxy serverhttp-proxydoes not support HTTPS out of the box, and so any HTTPS testing with it is going to be a little sketchy. Using this stand-alone forward proxy, I was able to post to Slack through http/https proxies with and without auth, with proxyRequestUnauthorized set to false. Which shows the existing proxy agents do work in some environments.