Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

skip tls verification for javascript import statements #2697

Open
mhewedy opened this issue Sep 28, 2022 · 1 comment
Open

skip tls verification for javascript import statements #2697

mhewedy opened this issue Sep 28, 2022 · 1 comment
Labels
evaluation needed proposal needs to be validated or tested before fully implementing it in k6 feature lower prio refactor ux

Comments

@mhewedy
Copy link

mhewedy commented Sep 28, 2022

Feature Description

I am trying to run k6 inside some environment with a custom tls setup.
this leads to getting such errors when trying to run k6 run command:

time="2022-09-28T10:53:46+03:00" level=error msg="The moduleSpecifier \"https://jslib.k6.io/k6chaijs/4.3.4.1/index.js\" couldn't be retrieved from the resolved url \"https://jslib.k6.io/k6chaijs/4.3.4.1/index.js\". Error : \"Get \"https://jslib.k6.io/k6chaijs/4.3.4.1/index.js\": x509: certificate signed by unknown authority\"\n\tat go.k6.io/k6/js.(*InitContext).Require-fm (native)\n\tat file:///load_test.js:4:0(42)\n\tat native\n" hint="script exception"

Is there any way I can overcome this?

I tried --insecure-skip-tls-verify flag, but it seems it works for HTTP requests going out of the test script itself, not the imports.
(should I open this feature request at goja instead?)

Suggested Solution (optional)

No response

Already existing or connected issues / PRs (optional)

No response
@mhewedy mhewedy changed the title skip tls verification for imports skip tls verification for javascript import statements Sep 28, 2022
@na--
Copy link
Member

na-- commented Sep 28, 2022

Yeah, --insecure-skip-tls-verify should probably disable TLS checks for imports too 🤔 The problem is that you can also specify that same option as insecureSkipTLSVerify from the exported script options... However, to resolve and export these JS options, k6 needs to have imported all of the files and executed the script init context once... So it's a bit of a chicken-and-egg problem 😞

We have had other similar issues and there is a way to actually fix this, it's just going to be complex to implement because of the how the k6 configuration handling has been implemented - it really needs to be refactored, see #883... 😞

But this use case can eventually be handled because options that are specified as CLI flags or environment variables have a higher priority than the exported script options and the config.json options. So, if someone specified --insecure-skip-tls-verify or K6_INSECURE_SKIP_TLS_VERIFY=true, even if they specified something else in the script or config JSON file, it won't matter. So, we can use that assurance to ignore TLS verification when importing files in the init context.

If anyone else has hit this issue, please 👍 the OP ⬆️ . Right now, I'd say that the priority of this issue is relatively low, because I'd really prefer to not change these things with the current config implementation.

@na-- na-- added ux refactor evaluation needed proposal needs to be validated or tested before fully implementing it in k6 lower prio labels Sep 28, 2022
@mstoykov mstoykov mentioned this issue Jan 13, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
evaluation needed proposal needs to be validated or tested before fully implementing it in k6 feature lower prio refactor ux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mhewedy @na--