Skip to content

Integration test for permissive mTLS#17205

Merged
pglass merged 4 commits intomainfrom
pglass/NET-3685/pmtls-tproxy-integration-test
May 23, 2023
Merged

Integration test for permissive mTLS#17205
pglass merged 4 commits intomainfrom
pglass/NET-3685/pmtls-tproxy-integration-test

Conversation

@pglass
Copy link

@pglass pglass commented May 1, 2023

Description

This builds on top of the tproxy integration test to validate the new permissive mTLS mode in Consul 1.16. When a service in permissive mTLS mode, incoming connections to the service's regular address/port are allowed through to the destination app.

This also fixes a config problem which meant the static-server was not actually running with tproxy enabled(!)

Testing & Reproduction steps

go test -v -timeout=30m ./test/tproxy/ \
    -target-image consul -target-version local \
    -latest-image consul -latest-version latest

Links

#17035

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@pglass pglass added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-docs PR does not include docs and should not trigger reminder for cherrypicking them. pr/no-backport labels May 1, 2023
@pglass pglass requested review from a team, eikenb and johnlanda and removed request for a team May 1, 2023 17:09
johnlanda
johnlanda reviewed May 15, 2023
View reviewed changes
Copy link
Contributor

@johnlanda johnlanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. A couple of minor comments on names and then a question on what each of the agents created in the test are used for.

johnlanda
johnlanda reviewed May 15, 2023
View reviewed changes
@pglass pglass requested a review from johnlanda May 18, 2023 19:39
@pglass pglass force-pushed the pglass/NET-3685/pmtls-tproxy-integration-test branch from af75461 to 34dfa0f Compare May 18, 2023 19:47
johnlanda
johnlanda approved these changes May 23, 2023
View reviewed changes
Copy link
Contributor

@johnlanda johnlanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@pglass pglass merged commit f0ba3f4 into main May 23, 2023
@pglass pglass deleted the pglass/NET-3685/pmtls-tproxy-integration-test branch May 23, 2023 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eikenb eikenb Awaiting requested review from eikenb

1 more reviewer

@johnlanda johnlanda johnlanda approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

pr/no-backport pr/no-changelog PR does not need a corresponding .changelog entry pr/no-docs PR does not include docs and should not trigger reminder for cherrypicking them.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pglass @johnlanda