-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add client TLS auth to gRPC reporter #1591
Conversation
The option names in the agent probably aren't optimal. Need docs too I guess. |
Is it possible to add tests? I think we already have tests for TLS & certificates in other parts of the code |
yep, the existing tests should make this reasonably easy I think, I'll get started. I'll need to update the docs too. |
Codecov Report
@@ Coverage Diff @@
## master #1591 +/- ##
==========================================
- Coverage 98.71% 98.49% -0.23%
==========================================
Files 193 193
Lines 9243 9284 +41
==========================================
+ Hits 9124 9144 +20
- Misses 91 111 +20
- Partials 28 29 +1
Continue to review full report at Codecov.
|
@yurishkuro added tests that check the various combinations of agent/client TLS misconfiguration |
09ff05f
to
6afc5d4
Compare
I'm not sure why the CI tests failed there, I don't think it's related to my PR. |
@yurishkuro any more thoughts on this PR? |
Why not take an optional tls.Config when tls configuration is required? |
@freeformz I'm not sure what you are suggesting, do you mean have a tls.Config in a user configurable config object? (I don't think that could work, most of that type is not configurable by literals, and none of the fields have the appropirate annotations). |
cmd/agent/app/reporter/grpc/flags.go
Outdated
@@ -39,6 +41,8 @@ func AddFlags(flags *flag.FlagSet) { | |||
flags.Bool(collectorTLS, false, "Enable TLS.") | |||
flags.String(collectorTLSCA, "", "Path to a TLS CA file. (default use the systems truststore)") | |||
flags.String(collectorTLSServerName, "", "Override the TLS server name.") | |||
flags.String(agentCert, "", "Path to a TLS client certificate file.") | |||
flags.String(agentKey, "", "Path to a TLS client key file.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please expand the flag descriptions (starting from --tls
) to explain in more details what they enable? For example, what collectorTLS
means after this PR, etc. Pretend someone is reading https://www.jaegertracing.io/docs/1.13/cli/#jaeger-collector-cassandra, is there enough information to understand what's going to happen with various combinations of the flags?
cmd/collector/main.go
Outdated
opts.CollectorGRPCKey, | ||
) | ||
|
||
tlsCfg := &tls.Config{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this code should not be in main, but somewhere in the server factory, maybe similar to grpcserver.StartGRPCCollector()
function. Right now it appears that similar code is repeated in the unit tests. Can you move it to grpcserver
and reuse in unit tests so that it's also tested? We can't really test main()
@yurishkuro rebased, squashed, updated args, and moved the TLS setup. |
f73750e
to
cfc2a8e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating flag descriptions, they read much better now!
Just a few minor corrections, lgtm otherwise.
Signed-off-by: Tristan Colgate <tristan@qubit.com>
@yurishkuro pushed fixes |
No description provided.