MCPcopy
hub / github.com/grafana/tempo / TestHTTPS

Function TestHTTPS

integration/operations/https_test.go:41–85  ·  integration/operations/https_test.go::TestHTTPS

TestHTTPS tests the use of unsigned certs with Tempo. Due to this we run the special "internal server" on port 3201 which requires us to pass custome readiness probe. Additionally we have to create custom a custom API client that uses https, but doesn't validate the certs. Finally note that we actua

(t *testing.T)

Source from the content-addressed store, hash-verified

39// Finally note that we actually push over an unencrypted connection, using the default harness functions.
40// This works b/c the TLS configuration for ingestion is configured through the OTEL receiver config.
41func TestHTTPS(t *testing.T) {
42 km := setupCertificates(t)
43
44 util.RunIntegrationTests(t, util.TestHarnessConfig{
45 ConfigOverlay: configHTTPS,
46 ReadinessProbe: e2e.NewHTTPReadinessProbe(3201, "/ready", 200, 299), // this works b/c the service creation code in ../util/services.go adds a 3201 port to the services. we could also use a custom readiness probe.
47 PreStartHook: func(s *e2e.Scenario, _ map[string]any) error {
48 require.NoError(t, util.CopyFileToSharedDir(s, km.ServerCertFile, "tls.crt"))
49 require.NoError(t, util.CopyFileToSharedDir(s, km.ServerKeyFile, "tls.key"))
50 require.NoError(t, util.CopyFileToSharedDir(s, km.CaCertFile, "ca.crt"))
51
52 return nil
53 },
54 }, func(h *util.TempoHarness) {
55 // wait for traces to be writable
56 require.True(t, scrapeMetrics(t, h.Services[util.ServiceDistributor], tempoPort, "tempo_partition_ring_partitions{name=\"livestore-partitions\",state=\"Active\"} 1"))
57
58 // write a trace
59 info := tempoUtil.NewTraceInfo(time.Now(), "")
60 require.NoError(t, h.WriteTraceInfo(info, ""))
61
62 queryFrontend := h.Services[util.ServiceQueryFrontend]
63 apiClient := httpclient.New("https://"+queryFrontend.Endpoint(tempoPort), "")
64
65 // trust bad certs
66 defaultTransport := http.DefaultTransport.(*http.Transport).Clone()
67 defaultTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
68 apiClient.WithTransport(defaultTransport)
69
70 util.QueryAndAssertTrace(t, apiClient, info)
71
72 // wait for the traces to be queryable
73 require.True(t, scrapeMetrics(t, h.Services[util.ServiceLiveStoreZoneA], tempoPort, "tempo_live_store_traces_created_total{tenant=\"single-tenant\"} 1"))
74 require.True(t, scrapeMetrics(t, h.Services[util.ServiceLiveStoreZoneB], tempoPort, "tempo_live_store_traces_created_total{tenant=\"single-tenant\"} 1"))
75
76 util.SearchTraceQLAndAssertTrace(t, apiClient, info)
77
78 creds := credentials.NewTLS(&tls.Config{InsecureSkipVerify: true})
79 grpcClient, err := util.NewSearchGRPCClient(queryFrontend.Endpoint(tempoPort), creds)
80 require.NoError(t, err)
81
82 now := time.Now()
83 util.SearchStreamAndAssertTrace(t, context.Background(), grpcClient, info, now.Add(-time.Hour).Unix(), now.Unix())
84 })
85}
86
87type keyMaterial struct {
88 CaCertFile string

Callers

nothing calls this directly

Calls 8

NewFunction · 0.92
setupCertificatesFunction · 0.85
scrapeMetricsFunction · 0.85
WriteTraceInfoMethod · 0.80
CloneMethod · 0.80
NowMethod · 0.65
WithTransportMethod · 0.65
AddMethod · 0.65

Tested by

no test coverage detected