Skip to content

Commit

Permalink
Add support for custom proxy ca (stolostron#1293)
Browse files Browse the repository at this point in the history
* add support for proxy ca

Signed-off-by: Coleen Iona Quadros <[email protected]>

* refactor proxy ca parsing

Signed-off-by: Coleen Iona Quadros <[email protected]>

---------

Signed-off-by: Coleen Iona Quadros <[email protected]>
  • Loading branch information
coleenquadros committed Jan 24, 2024
1 parent 4d9d8fd commit 5b87a27
Show file tree
Hide file tree
Showing 9 changed files with 130 additions and 24 deletions.
16 changes: 16 additions & 0 deletions collectors/metrics/pkg/forwarder/forwarder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ import (
"github.com/prometheus/client_golang/prometheus"
)

// Base64 encoded CA cert string
var customCA = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXVENDQWtHZ0F3SUJBZ0lVWTRHWjZPWk5uTnZySjFjNUk1RjNYZzQrRTFjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BERUxNQWtHQTFVRUJoTUNSRVV4RHpBTkJnTlZCQWdNQm1KbGNteHBiakVQTUEwR0ExVUVCd3dHWW1WeQpiR2x1TVFzd0NRWURWUVFLREFKeWFEQWVGdzB5TXpFeU1URXhNelF6TURaYUZ3MHpNekV5TURneE16UXpNRFphCk1Ed3hDekFKQmdOVkJBWVRBa1JGTVE4d0RRWURWUVFJREFaaVpYSnNhVzR4RHpBTkJnTlZCQWNNQm1KbGNteHAKYmpFTE1Ba0dBMVVFQ2d3Q2NtZ3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdwprNEhLV3VBOFptN0JQR2IvZEJjaGtNUFZhWGw0dzJlVHhxRG14OVhYaGVCRFZva0lKZkFGTGZ6a3YwYUd0NWV4ClprenQxc0tQVHk0NEY5ckRKSEg2dWpEODA4U1FPV0p3WFJCakI4Tk1zSjhTTVRCUm5KUE5YNTJ0akdQNjc3UEUKNWpINnc2OW9hMG9tcGVvRDk2eUM2RTZmWU9pbFl0cVF5UFdsT0MzNEQ3TnNXU1gxdnN4cmx3VTBsQXJCbWdQYQpuZURFMnQ1cU1aK1F5TXBhQi80SFh4L2NLYU5XYXJWN3FzV3ZwSE9mOGN2OUNKd1c3VkhWdjJvNUVReVI1MkcrCitOYXE4bTduSVBzaFJSMjBHMjRsR01sVUFaTjFaMkl6VjN3UExUUmZNTXRYdGtIMFVKT3pnZTQvaExSWVJBSzMKTnhZU0xJYmFscWJsa2lUTWxFbEpBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlNJVFZVY2s2Wmg2WTZkY2RxZwo0VHVYRjMxcjFqQWZCZ05WSFNNRUdEQVdnQlNJVFZVY2s2Wmg2WTZkY2RxZzRUdVhGMzFyMWpBUEJnTlZIUk1CCkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0FKUWFKM2RkYVkvNVMydHU0TnNVeXNiVG8KY3BrL3YyZkxpUkthdmtiZk1kTjBFdkV6K2gwd3FqOUpQdGJjUm5Md2tlQWdmQ3Uzb29zSG4rOXc4SkFaRjJNcwpEM1FucVovaVNNVjVHSDdQTjlIK0h0M1lVQTIwWWh3QkY0RFVXYm5wS0lnL2p4NWdmVTFYZEljK2JpUWJhdHk3CmxUL0hVOVhPRmlqM3VwbWRFakgrQVlJT2QxSFh4M3dsZlFhNHFrdWhHeUMwWXNkeldidWFxaE1tdnJkQksrSDAKUUxPcnAzN3l2OHVwUFVlMXhwTzZTeUg5QjVEeXhEWkVjMXN6WVpSVXdNVzZxc3NkWEZvWGZ0SjYxZmo3S05XagoyamcwZkQ1ZEhFT1RObDFDT3p3Q1lvR1k5ejVWOHNhYy9sSDg3UkxYWXdBcXdvcEdpanM4QXBCeklURm8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="

func init() {
os.Setenv("UNIT_TEST", "true")
}
Expand Down Expand Up @@ -125,10 +128,23 @@ func TestNew(t *testing.T) {
},
err: true,
},
{
// Providing CustomCA should not error.
c: Config{
From: from,
ToUpload: toUpload,
ToUploadCA: customCA,
Logger: log.NewNopLogger(),
},
err: false,
},
}

for i := range tc {
tc[i].c.Metrics = NewWorkerMetrics(prometheus.NewRegistry())
if tc[i].c.ToUploadCA == customCA {
os.Setenv("HTTPS_PROXY_CA_BUNDLE", customCA)
}
if _, err := New(tc[i].c); (err != nil) != tc[i].err {
no := "no"
if tc[i].err {
Expand Down
18 changes: 16 additions & 2 deletions collectors/metrics/pkg/metricsclient/metricsclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -373,18 +374,31 @@ func MTLSTransport(logger log.Logger, caCertFile, tlsCrtFile, tlsKeyFile string)
tlsCrtFile = "../../testdata/tls/tls.crt"
}
// Load Server CA cert
caCert, err := os.ReadFile(filepath.Clean(caCertFile))
var caCert []byte
var err error

caCert, err = os.ReadFile(filepath.Clean(caCertFile))
if err != nil {
return nil, fmt.Errorf("failed to load server ca cert file: %w", err)
}

// Load client cert signed by Client CA
cert, err := tls.LoadX509KeyPair(tlsCrtFile, tlsKeyFile)
if err != nil {
return nil, fmt.Errorf("failed to load client ca cert: %w", err)
}

caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)

if os.Getenv("HTTPS_PROXY_CA_BUNDLE") != "" {
customCaCert, err := base64.StdEncoding.DecodeString(os.Getenv("HTTPS_PROXY_CA_BUNDLE"))
logger.Log(logger, logger.Log("msg", "caCert", "caCert", caCert))
if err != nil {
return nil, fmt.Errorf("failed to decode server ca cert: %w", err)
}
caCertPool.AppendCertsFromPEM(customCaCert)
}

// Setup HTTPS client
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
Expand Down
20 changes: 20 additions & 0 deletions collectors/metrics/testdata/tls/custom_ca.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIUY4GZ6OZNnNvrJ1c5I5F3Xg4+E1cwDQYJKoZIhvcNAQEL
BQAwPDELMAkGA1UEBhMCREUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVy
bGluMQswCQYDVQQKDAJyaDAeFw0yMzEyMTExMzQzMDZaFw0zMzEyMDgxMzQzMDZa
MDwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZiZXJsaW4xDzANBgNVBAcMBmJlcmxp
bjELMAkGA1UECgwCcmgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw
k4HKWuA8Zm7BPGb/dBchkMPVaXl4w2eTxqDmx9XXheBDVokIJfAFLfzkv0aGt5ex
Zkzt1sKPTy44F9rDJHH6ujD808SQOWJwXRBjB8NMsJ8SMTBRnJPNX52tjGP677PE
5jH6w69oa0ompeoD96yC6E6fYOilYtqQyPWlOC34D7NsWSX1vsxrlwU0lArBmgPa
neDE2t5qMZ+QyMpaB/4HXx/cKaNWarV7qsWvpHOf8cv9CJwW7VHVv2o5EQyR52G+
+Naq8m7nIPshRR20G24lGMlUAZN1Z2IzV3wPLTRfMMtXtkH0UJOzge4/hLRYRAK3
NxYSLIbalqblkiTMlElJAgMBAAGjUzBRMB0GA1UdDgQWBBSITVUck6Zh6Y6dcdqg
4TuXF31r1jAfBgNVHSMEGDAWgBSITVUck6Zh6Y6dcdqg4TuXF31r1jAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCAJQaJ3ddaY/5S2tu4NsUysbTo
cpk/v2fLiRKavkbfMdN0EvEz+h0wqj9JPtbcRnLwkeAgfCu3oosHn+9w8JAZF2Ms
D3QnqZ/iSMV5GH7PN9H+Ht3YUA20YhwBF4DUWbnpKIg/jx5gfU1XdIc+biQbaty7
lT/HU9XOFij3upmdEjH+AYIOd1HXx3wlfQa4qkuhGyC0YsdzWbuaqhMmvrdBK+H0
QLOrp37yv8upPUe1xpO6SyH9B5DyxDZEc1szYZRUwMW6qssdXFoXftJ61fj7KNWj
2jg0fD5dHEOTNl1COzwCYoGY9z5V8sac/lH87RLXYwAqwopGijs8ApBzITFo
-----END CERTIFICATE-----
18 changes: 9 additions & 9 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ require (
github.com/stolostron/observatorium-operator v0.0.0-20230411203847-4514321263d1
github.com/stretchr/testify v1.8.4
github.com/thanos-io/thanos v0.30.0
go.uber.org/zap v1.24.0
go.uber.org/zap v1.26.0
golang.org/x/exp v0.0.0-20221212164502-fae10dda9338
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.28.2
Expand All @@ -44,8 +44,8 @@ require (
k8s.io/client-go v12.0.0+incompatible
k8s.io/klog v1.0.0
k8s.io/kubectl v0.27.2
open-cluster-management.io/addon-framework v0.8.0
open-cluster-management.io/api v0.12.0
open-cluster-management.io/addon-framework v0.8.1-0.20231128122622-3bfdbffb237c
open-cluster-management.io/api v0.12.1-0.20231130134655-97a8a92a7f30
sigs.k8s.io/controller-runtime v0.15.1
sigs.k8s.io/kube-storage-version-migrator v0.0.4
sigs.k8s.io/kustomize/api v0.13.4
Expand Down Expand Up @@ -141,15 +141,15 @@ require (
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/goleak v1.2.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.13.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.10.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.3 // indirect
gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
Expand Down
29 changes: 16 additions & 13 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,6 @@ github.com/baidubce/bce-sdk-go v0.9.81/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFT
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
Expand Down Expand Up @@ -2031,8 +2030,8 @@ go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+
go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
Expand All @@ -2042,8 +2041,9 @@ go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
golang.org/x/crypto v0.0.0-20180608092829-8ac0e0d97ce4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
Expand Down Expand Up @@ -2202,8 +2202,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
Expand Down Expand Up @@ -2351,17 +2351,19 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand All @@ -2379,8 +2381,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Expand Down Expand Up @@ -2883,10 +2886,10 @@ k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU=
k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
open-cluster-management.io/addon-framework v0.8.0 h1:i1OReMHuZIoAw2Q04SLjkieU25DnxYilzVZzBNyROwU=
open-cluster-management.io/addon-framework v0.8.0/go.mod h1:20DP06VXhJ9RE1PetAMEQyeFCP7+nhs92pCAkqbWUOg=
open-cluster-management.io/api v0.12.0 h1:sNkj4k2XyWA/GLsTiFg82bLIZ7JDZKkLLLyZjJUlJMs=
open-cluster-management.io/api v0.12.0/go.mod h1:/CZhelEH+30/pX7vXGSZOzLMX0zvjthYOkT/5ZTzVTQ=
open-cluster-management.io/addon-framework v0.8.1-0.20231128122622-3bfdbffb237c h1:s/xo9ggmrc0z4qdHdZU3q0E6vuyfu9JA0X8IQ17p1aQ=
open-cluster-management.io/addon-framework v0.8.1-0.20231128122622-3bfdbffb237c/go.mod h1:aj97pgpGJ0/LpQzBVtU2oDFqqIiZLOPnsjLKG/sVkFw=
open-cluster-management.io/api v0.12.1-0.20231130134655-97a8a92a7f30 h1:qzkatL1pCsMvA2KkuJ0ywWUqJ0ZI13ouMRVuAPTrhWk=
open-cluster-management.io/api v0.12.1-0.20231130134655-97a8a92a7f30/go.mod h1:fnoEBW9pbikOWOzF4zuT9DQAgWbY3PpPT/MSDZ/4bxw=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ type CollectorParams struct {
httpProxy string
httpsProxy string
noProxy string
CABundle string
replicaCount int32
}

Expand Down Expand Up @@ -305,6 +306,13 @@ func createDeployment(params CollectorParams) *appsv1.Deployment {
Value: params.noProxy,
})
}
if params.httpsProxy != "" && params.CABundle != "" {
metricsCollectorDep.Spec.Template.Spec.Containers[0].Env = append(metricsCollectorDep.Spec.Template.Spec.Containers[0].Env,
corev1.EnvVar{
Name: "HTTPS_PROXY_CA_BUNDLE",
Value: params.CABundle,
})
}

if params.obsAddonSpec.Resources != nil {
metricsCollectorDep.Spec.Template.Spec.Containers[0].Resources = *params.obsAddonSpec.Resources
Expand Down Expand Up @@ -343,6 +351,8 @@ func updateMetricsCollectors(ctx context.Context, c client.Client, obsAddonSpec
params.httpsProxy = env.Value
} else if env.Name == "NO_PROXY" {
params.noProxy = env.Value
} else if env.Name == "HTTPS_PROXY_CA_BUNDLE" {
params.CABundle = env.Value
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ func checkAnnotationsAndProxySettings(
foundHTTPProxy := false
foundHTTPSProxy := false
foundNOProxy := false
foundCABundle := false
for _, e := range env {
if e.Name == "HTTP_PROXY" {
foundHTTPProxy = true
Expand All @@ -131,6 +132,11 @@ func checkAnnotationsAndProxySettings(
if e.Value != "bar.com" {
t.Fatalf("NO_PROXY is not set correctly: expected %s, got %s", "bar.com", e.Value)
}
} else if e.Name == "HTTPS_PROXY_CA_BUNDLE" {
foundCABundle = true
if e.Value != "custom-ca.crt" {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not set correctly: expected %s, got %s", "custom-ca.crt", e.Value)
}
}
}
if !foundHTTPProxy {
Expand All @@ -142,6 +148,9 @@ func checkAnnotationsAndProxySettings(
if !foundNOProxy {
t.Fatalf("NO_PROXY is not present in env")
}
if !foundCABundle {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not present in env")
}
}

func TestMetricsCollector(t *testing.T) {
Expand Down Expand Up @@ -174,6 +183,7 @@ func TestMetricsCollector(t *testing.T) {
httpProxy: "http://foo.com",
httpsProxy: "https://foo.com",
noProxy: "bar.com",
CABundle: "custom-ca.crt",
}

_, err = updateMetricsCollector(ctx, c, params, false)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package placementrule

import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -314,6 +315,7 @@ func createManifestWorks(
spec.NodeSelector = map[string]string{}
spec.Tolerations = []corev1.Toleration{}
}
CustomCABundle := false
for i, container := range spec.Containers {
if container.Name == "endpoint-observability-operator" {
for j, env := range container.Env {
Expand All @@ -340,6 +342,14 @@ func createManifestWorks(
Name: "HTTPS_PROXY",
Value: addonConfig.Spec.ProxyConfig.HTTPSProxy,
})
//CA is allowed only when HTTPS proxy is set
if addonConfig.Spec.ProxyConfig.CABundle != nil {
CustomCABundle = true
container.Env = append(container.Env, corev1.EnvVar{
Name: "HTTPS_PROXY_CA_BUNDLE",
Value: base64.StdEncoding.EncodeToString(addonConfig.Spec.ProxyConfig.CABundle),
})
}
}
if addonConfig.Spec.ProxyConfig.NoProxy != "" {
container.Env = append(container.Env, corev1.EnvVar{
Expand All @@ -360,6 +370,19 @@ func createManifestWorks(
}
}
}
if CustomCABundle {
for i, manifest := range manifests {
if manifest.RawExtension.Object.GetObjectKind().GroupVersionKind().Kind == "Secret" {
secret := manifest.RawExtension.Object.DeepCopyObject().(*corev1.Secret)
if secret.Name == managedClusterObsCertName {
secret.Data["customCa.crt"] = addonConfig.Spec.ProxyConfig.CABundle
manifests[i].RawExtension.Object = secret
break
}
}
}
}

log.Info(fmt.Sprintf("Cluster: %+v, Spec.NodeSelector (after): %+v", clusterName, spec.NodeSelector))
log.Info(fmt.Sprintf("Cluster: %+v, Spec.Tolerations (after): %+v", clusterName, spec.Tolerations))
dep.Spec.Template.Spec = spec
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@ func TestManifestWork(t *testing.T) {
HTTPProxy: "http://foo.com",
HTTPSProxy: "https://foo.com",
NoProxy: "bar.com",
CABundle: []byte{0x01, 0x02, 0x03, 0xAB, 0xCD, 0xEF},
},
},
}
Expand Down Expand Up @@ -361,6 +362,7 @@ func TestManifestWork(t *testing.T) {
foundHTTPProxy := false
foundHTTPSProxy := false
foundNOProxy := false
foundCABundle := false
for _, e := range env {
if e.Name == "HTTP_PROXY" {
foundHTTPProxy = true
Expand All @@ -377,6 +379,11 @@ func TestManifestWork(t *testing.T) {
if e.Value != "bar.com" {
t.Fatalf("NO_PROXY is not set correctly: expected %s, got %s", "bar.com", e.Value)
}
} else if e.Name == "HTTPS_PROXY_CA_BUNDLE" {
foundCABundle = true
if e.Value != base64.StdEncoding.EncodeToString([]byte{0x01, 0x02, 0x03, 0xAB, 0xCD, 0xEF}) {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not set correctly")
}
}
}
if !foundHTTPProxy {
Expand All @@ -388,6 +395,9 @@ func TestManifestWork(t *testing.T) {
if !foundNOProxy {
t.Fatalf("NO_PROXY is not present in env")
}
if !foundCABundle {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not present in env")
}
}
}

Expand Down

0 comments on commit 5b87a27

Please sign in to comment.