Feat/grpc tls #462
Feat/grpc tls #462
Conversation
fabriziomoscon
force-pushed
the
feat/grpc-tls
branch
2 times, most recently
from
ac64949 to
fdb2d00
Compare
|
Hello, |
|
CDS Report build-venom-a#706.0 ✘
|
|
@fsamin yes I will add tests. Thanks. |
fabriziomoscon
force-pushed
the
feat/grpc-tls
branch
from
fdb2d00 to
44b2bfe
Compare
|
@fsamin I had a look at the other tests, and it is not clear to me how I would add this test, could you please suggest your preferred way. |
fabriziomoscon
force-pushed
the
feat/grpc-tls
branch
from
19c2ffd to
8569656
Compare
|
@fsamin @yesnault I have added a docker grpc server with TLS as Please let me know how would I run this test |
fabriziomoscon
force-pushed
the
feat/grpc-tls
branch
3 times, most recently
from
9a01d53 to
382c4dd
Compare
|
Our integration tests follows the following process: To starts all tests dependencies. We are using Once all the dependencies are up and running, we compile a specific binary of venom (with the golang tests intrumentation to be able to gather code coverage). We are using To run the tests we are using |
|
Thanks @fsamin for the instructions, the integration tests for grpc TLS are working fine from our perspective. |
fabriziomoscon
force-pushed
the
feat/grpc-tls
branch
3 times, most recently
from
719d21d to
be1aaf6
Compare
| VENOM_VAR_MY_ENVAR=foo ./venom_wrapper.sh run -vv --format=xml --output-dir=. --lib-dir=./lib_custom --var='array_from_var=["biz","buz"]' --var-from-file ./kafka/testVariables.yml --var-from-file ./vars/vars.yml ./*.yml ./assertions/*.yml && \ | ||
| run-test: generate-venom-pki | ||
| VENOM_VAR_MY_ENVAR=foo ./venom_wrapper.sh run \ | ||
| -vv --format=xml --output-dir=. --lib-dir=./lib_custom --var='array_from_var=["biz","buz"]' --var-from-file ./kafka/testVariables.yml --var-from-file=$(PKI_VAR_FILE) --var-from-file ./vars/vars.yml ./*.yml ./assertions/*.yml && \ |
There was a problem hiding this comment.
this --var-from-file=$(PKI_VAR_FILE) is needed to generate the yaml formatted PEM import file used in the test.
|
@fsamin just wanted to confirm that, as far as we can tell, we completed all the fixes for this PR. We are looking forward to read your new instructions. |
|
CDS Report build-venom-a#792.0 ✘
|
| openssl genrsa \ | ||
| -out $(PKI_DIR)/server.key 2048 | ||
|
|
||
| # create a server Certificate Signing Request |
There was a problem hiding this comment.
This step fails with the following error:
mkdir -p ./grpc/pki
# create a certificate authority (CA) that both the client and server trust.
# The CA is just a public and private key with the public key wrapped up in a self-signed X.509 certificate.
openssl req \
-new \
-x509 \
-nodes \
-days 365 \
-subj '/C=GB/O=Example/OU=TeamA/CN=ca.example.com' \
-keyout ./grpc/pki/ca.key \
-out ./grpc/pki/ca.crt
3m54s234ms
Generating a RSA private key
..........................................+++++
...+++++
writing new private key to './grpc/pki/ca.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
139874421728576:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=req name=distinguished_name
make: *** [pki.mk:5: grpc/pki] Error 1
Could you handle this ?
There was a problem hiding this comment.
Is the CI on linux?
There was a problem hiding this comment.
I quickly searched and found this: https://superuser.com/questions/947061/openssl-unable-to-find-distinguished-name-in-config
It looks like openssl req is not able to find a config value...
could you please let me know which openSSL version you run on ubuntu?
There was a problem hiding this comment.
Also, we don't use -subj in test, so perhaps that could be removed and see if the distinguished_name issue goes away
There was a problem hiding this comment.
I have tried to:
- Run in Docker ubuntu:20.04
- Install openssl with
apt update && apt install --yes openssl - Run 2 commands and they were successful:
root@7bd2261de939:~# mkdir -p ./grpc/pki
root@7bd2261de939:~# openssl req \
> -new \
> -x509 \
> -nodes \
> -days 365 \
> -subj '/C=GB/O=Example/OU=TeamA/CN=ca.example.com' \
> -keyout ./grpc/pki/ca.key \
> -out ./grpc/pki/ca.crt
Generating a RSA private key
.........................+++++
...................................................................................................................+++++
writing new private key to './grpc/pki/ca.key'
-----
Question would be: Are you using vanilla Ubuntu 20.04 Docker image? Does it have openssl installed ? Or you use some other custom Docker image with openssl installed in some other way ?
There was a problem hiding this comment.
It seems your openssl can't find /usr/lib/ssl/openssl.cnf thus question is - is this file available on your Docker image?
There was a problem hiding this comment.
@sarunask @fabriziomoscon openssl fixed on your worker model. Tests are now ok. Can you rebase your PR please?
|
CDS Report build-venom-a#792.1 ✘
|
|
CDS Report build-venom-a#795.0 ✘
|
|
CDS Report build-venom-a#792.2 ■
|
1 similar comment
|
CDS Report build-venom-a#792.2 ■
|
Fix: tidy up modules. Remove unused option plaintext. Add move options to grpc executor for TLS connections: - tls_root_ca - tls_client_cert - tls_client_key - ignore_verify_ssl - grpc TLS add integration tests - grpc TLS with PEM files support Signed-off-by: Fabrizio Moscon <mosconfabrizio@gmail.com>
fabriziomoscon
force-pushed
the
feat/grpc-tls
branch
from
6aab2dd to
a08a45d
Compare
|
Thank you |
Adding TLS for grpc executor.
Remove unused option plaintext.
Add move options to grpc executor for TLS connections:
Is there any existing test for grpc? I didn't find it.