From 927f4d600920edc3bdcb37f842a2e3bbc60c72fd Mon Sep 17 00:00:00 2001 From: Mihail Stoykov Date: Fri, 8 Apr 2022 10:48:48 +0300 Subject: [PATCH] Add SSLKEYLOGFILE support to k6 fixes #1043 --- cmd/integration_test.go | 33 ++++++++++++++++++++++++++ cmd/run.go | 5 ++++ cmd/runtime_options.go | 6 +++++ cmd/test_load.go | 52 +++++++++++++++++++++++++++++++++++++---- js/runner.go | 4 ++++ lib/runtime_state.go | 3 +++ 6 files changed, 99 insertions(+), 4 deletions(-) diff --git a/cmd/integration_test.go b/cmd/integration_test.go index de919c2db204..4169c662db2a 100644 --- a/cmd/integration_test.go +++ b/cmd/integration_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.k6.io/k6/lib/testutils" + "go.k6.io/k6/lib/testutils/httpmultibin" ) const ( @@ -229,6 +230,38 @@ func TestMetricsAndThresholds(t *testing.T) { require.Equal(t, expected, teardownThresholds) } +func TestSSLKEYLOGFILE(t *testing.T) { + t.Parallel() + + // TODO don't use insecureSkipTLSVerify when/if tlsConfig is given to the runner from outside + tb := httpmultibin.NewHTTPMultiBin(t) + ts := newGlobalTestState(t) + ts.args = []string{"k6", "run", "-"} + ts.envVars = map[string]string{"SSLKEYLOGFILE": "./ssl.log"} + ts.stdIn = bytes.NewReader([]byte(tb.Replacer.Replace(` + import http from "k6/http" + export const options = { + hosts: { + "HTTPSBIN_DOMAIN": "HTTPSBIN_IP", + }, + insecureSkipTLSVerify: true, + } + + export default () => { + http.get("HTTPSBIN_URL/get"); + } + `))) + + newRootCommand(ts.globalState).execute() + + assert.Empty(t, ts.stdErr.String()) + assert.Empty(t, ts.loggerHook.Drain()) + sslloglines, err := afero.ReadFile(ts.fs, filepath.Join(ts.cwd, "ssl.log")) + require.NoError(t, err) + // TODO maybe have multiple depending on the ciphers used as that seems to change it + require.Regexp(t, "^CLIENT_[A-Z_]+ [0-9a-f]+ [0-9a-f]+\n", string(sslloglines)) +} + // TODO: add a hell of a lot more integration tests, including some that spin up // a test HTTP server and actually check if k6 hits it diff --git a/cmd/run.go b/cmd/run.go index 27f8555277fb..8eda146ddf7b 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -268,6 +268,11 @@ func (c *cmdRun) run(cmd *cobra.Command, args []string) error { logger.Debug("Waiting for engine processes to finish...") engineWait() logger.Debug("Everything has finished, exiting k6!") + if test.keywriter != nil { + if err := test.keywriter.Close(); err != nil { + logger.WithError(err).Warn("error while closing the SSLKEYLOGFILE") + } + } if interrupt != nil { return interrupt } diff --git a/cmd/runtime_options.go b/cmd/runtime_options.go index 79ca302e7bdc..8884df28a412 100644 --- a/cmd/runtime_options.go +++ b/cmd/runtime_options.go @@ -117,6 +117,12 @@ func getRuntimeOptions(flags *pflag.FlagSet, environment map[string]string) (lib } } + if envVar, ok := environment["SSLKEYLOGFILE"]; ok { + if !opts.KeyWriter.Valid { + opts.KeyWriter = null.StringFrom(envVar) + } + } + if opts.IncludeSystemEnvVars.Bool { // If enabled, gather the actual system environment variables opts.Env = environment } diff --git a/cmd/test_load.go b/cmd/test_load.go index 780fde402001..6f19e1cebe29 100644 --- a/cmd/test_load.go +++ b/cmd/test_load.go @@ -4,6 +4,10 @@ import ( "archive/tar" "bytes" "fmt" + "io" + "os" + "path/filepath" + "sync" "github.com/spf13/afero" "github.com/spf13/cobra" @@ -25,12 +29,14 @@ const ( // and configured k6 test. type loadedTest struct { sourceRootPath string // contains the raw string the user supplied + pwd string source *loader.SourceData fileSystems map[string]afero.Fs runtimeOptions lib.RuntimeOptions metricsRegistry *metrics.Registry builtInMetrics *metrics.BuiltinMetrics initRunner lib.Runner // TODO: rename to something more appropriate + keywriter io.Closer // Only set if cliConfigGetter is supplied to loadAndConfigureTest() or if // consolidateDeriveAndValidateConfig() is manually called. @@ -49,7 +55,7 @@ func loadAndConfigureTest( sourceRootPath := args[0] gs.logger.Debugf("Resolving and reading test '%s'...", sourceRootPath) - src, fileSystems, err := readSource(gs, sourceRootPath) + src, fileSystems, pwd, err := readSource(gs, sourceRootPath) if err != nil { return nil, err } @@ -67,6 +73,7 @@ func loadAndConfigureTest( registry := metrics.NewRegistry() test := &loadedTest{ + pwd: pwd, sourceRootPath: sourceRootPath, source: src, fileSystems: fileSystems, @@ -106,6 +113,15 @@ func (lt *loadedTest) initializeFirstRunner(gs *globalState) error { BuiltinMetrics: lt.builtInMetrics, Registry: lt.metricsRegistry, } + if lt.runtimeOptions.KeyWriter.Valid { + keyfileName := filepath.Join(lt.pwd, lt.runtimeOptions.KeyWriter.String) + f, err := lt.createFileForAppend(keyfileName) + if err != nil { + return err + } + lt.keywriter = f + state.KeyLogger = &syncWriter{w: f} + } switch testType { case testTypeJS: logger.Debug("Trying to load as a JS test...") @@ -145,15 +161,15 @@ func (lt *loadedTest) initializeFirstRunner(gs *globalState) error { // readSource is a small wrapper around loader.ReadSource returning // result of the load and filesystems map -func readSource(globalState *globalState, filename string) (*loader.SourceData, map[string]afero.Fs, error) { +func readSource(globalState *globalState, filename string) (*loader.SourceData, map[string]afero.Fs, string, error) { pwd, err := globalState.getwd() if err != nil { - return nil, nil, err + return nil, nil, "", err } filesystems := loader.CreateFilesystems(globalState.fs) src, err := loader.ReadSource(globalState.logger, filename, pwd, filesystems, globalState.stdIn) - return src, filesystems, err + return src, filesystems, pwd, err } func detectTestType(data []byte) string { @@ -206,3 +222,31 @@ func (lt *loadedTest) consolidateDeriveAndValidateConfig( return nil } + +type syncWriter struct { + w io.Writer + m sync.Mutex +} + +func (cw *syncWriter) Write(b []byte) (int, error) { + cw.m.Lock() + defer cw.m.Unlock() + return cw.w.Write(b) +} + +func (lt *loadedTest) createFileForAppend(filename string) (io.WriteCloser, error) { + fs := lt.fileSystems["file"] + if ok, err := afero.Exists(fs, filename); !ok { + // This whole parts is because afero has problems creating files with OpenFile. + // And while the latest version fixes those for MemMapFS, it doesn't for OsFs. + if err != nil { + return nil, err + } + + if _, err = fs.Create(filename); err != nil { // this unfortunately defaults to 664, but nothing else works + return nil, err + } + } + + return fs.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0o600) +} diff --git a/js/runner.go b/js/runner.go index 7c3e12b489ca..f7899603a4ba 100644 --- a/js/runner.go +++ b/js/runner.go @@ -79,6 +79,8 @@ type Runner struct { console *console setupData []byte + + keylogger io.Writer } // New returns a new Runner for the provide source @@ -126,6 +128,7 @@ func NewFromBundle(rs *lib.RuntimeState, b *Bundle) (*Runner, error) { ActualResolver: net.LookupIP, builtinMetrics: rs.BuiltinMetrics, registry: rs.Registry, + keylogger: rs.KeyLogger, } err = r.SetOptions(r.Bundle.Options) @@ -201,6 +204,7 @@ func (r *Runner) newVU(idLocal, idGlobal uint64, samplesOut chan<- metrics.Sampl MaxVersion: uint16(tlsVersions.Max), Certificates: certs, Renegotiation: tls.RenegotiateFreelyAsClient, + KeyLogWriter: r.keylogger, } // Follow NameToCertificate in https://pkg.go.dev/crypto/tls@go1.17.6#Config, leave this field nil // when it is empty diff --git a/lib/runtime_state.go b/lib/runtime_state.go index a89c5cb1fe61..d32e6c8e2eee 100644 --- a/lib/runtime_state.go +++ b/lib/runtime_state.go @@ -1,6 +1,8 @@ package lib import ( + "io" + "github.com/sirupsen/logrus" "go.k6.io/k6/metrics" ) @@ -11,5 +13,6 @@ type RuntimeState struct { // TODO maybe have a struct `Metrics` with `Registry` and `Builtin` ? Registry *metrics.Registry BuiltinMetrics *metrics.BuiltinMetrics + KeyLogger io.Writer Logger *logrus.Logger }