Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[fix][query] Fix misconfiguration in TLS settings from using OTEL HTTP helper #6239

Merged
merged 3 commits into from
Nov 22, 2024
Merged

[fix][query] Fix misconfiguration in TLS settings from using OTEL HTTP helper #6239

merged 3 commits into from
Nov 22, 2024

Conversation

mahadzaryab1
Copy link
Collaborator

Which problem is this PR solving?

Description of the changes

  • This PR fixes an oversight that was made when migrating to OTEL's helpers for creating the HTTP server. OTEL's helper was adding TLS to the listener whereas we left the code to add TLS to the server. This was leading to the connection being in a weird state causing the bug in [Bug]: query: TLS handshake error #6230. This PR simplifies the flow by doing the following:
    • We do not need to add TLS to the server because its added when the listener is initialized using .ToListener()
    • We do not need to call ServeTLS and can simply call Serve and TLS will be used when the connection is configured to do so (which it will be if the TLSSetting is set on the server).

How was this change tested?

Start the server by doing the following

go run ./cmd/all-in-one \
    --query.http.tls.enabled=true \
    --query.http.tls.cert=./pkg/config/tlscfg/testdata/example-server-cert.pem \
    --query.http.tls.key=./pkg/config/tlscfg/testdata/example-server-key.pem

Send request with HTTP1.1

curl -k --http1.1 https://localhost:16686/ > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4454    0  4454    0     0   393k      0 --:--:-- --:--:-- --:--:--  869k

Send request with HTTP2 (default)

curl -k --http2 https://localhost:16686/ > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4454    0  4454    0     0   140k      0 --:--:-- --:--:-- --:--:--  173k

Checklist

mahadzaryab1 and others added 3 commits November 22, 2024 08:40
@mahadzaryab1
Remove ServeTLS And Add HTTP2 Next Protocol To Server TLS Setting
48c42ca 
Signed-off-by: Mahad Zaryab <mahadzaryab1@gmail.com>
@mahadzaryab1
Remove TLS From Server
fffa9b7 
Signed-off-by: Mahad Zaryab <mahadzaryab1@gmail.com>
@mahadzaryab1
Merge branch 'main' into fix-tls
93a4d07
@mahadzaryab1 mahadzaryab1 mentioned this pull request Nov 22, 2024
Closed
@mahadzaryab1
Copy link
Collaborator Author

TODO for myself:

  • Add a regression test for this and investigate why the initial change didn't fail the unit tests

@yurishkuro Let me know if we'd like the regression test in this PR or if we want to land this patch quickly and I can do it in a follow-up PR.

@codecov Codecov
Copy link

codecov bot commented Nov 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.42%. Comparing base (adbdf26) to head (93a4d07).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6239      +/-   ##
==========================================
- Coverage   96.45%   96.42%   -0.04%     
==========================================
  Files         355      355              
  Lines       20161    20149      -12     
==========================================
- Hits        19446    19428      -18     
- Misses        528      532       +4     
- Partials      187      189       +2
Flag Coverage Δ
badger_v1 8.31% <ø> (ø)
badger_v2 1.67% <ø> (ø)
cassandra-4.x-v1 14.39% <ø> (ø)
cassandra-4.x-v2 1.61% <ø> (ø)
cassandra-5.x-v1 14.39% <ø> (ø)
cassandra-5.x-v2 1.61% <ø> (ø)
elasticsearch-6.x-v1 18.59% <ø> (ø)
elasticsearch-7.x-v1 18.68% <ø> (ø)
elasticsearch-8.x-v1 18.84% <ø> (-0.01%) ⬇️
elasticsearch-8.x-v2 1.67% <ø> (+<0.01%) ⬆️
grpc_v1 9.44% <ø> (ø)
grpc_v2 6.98% <ø> (+<0.01%) ⬆️
kafka-v1 8.88% <ø> (ø)
kafka-v2 1.67% <ø> (ø)
memory_v2 1.67% <ø> (ø)
opensearch-1.x-v1 18.72% <ø> (-0.01%) ⬇️
opensearch-2.x-v1 18.72% <ø> (ø)
opensearch-2.x-v2 1.66% <ø> (-0.01%) ⬇️
tailsampling-processor 0.46% <ø> (ø)
unittests 95.33% <100.00%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚨 Try these New Features:

@mahadzaryab1 mahadzaryab1 marked this pull request as ready for review November 22, 2024 14:11
@mahadzaryab1 mahadzaryab1 requested a review from a team as a code owner November 22, 2024 14:11
@mahadzaryab1 mahadzaryab1 requested a review from jkowall November 22, 2024 14:11
@dosubot dosubot bot added the bug label Nov 22, 2024
mahadzaryab1
mahadzaryab1 commented Nov 22, 2024
View reviewed changes
cmd/query/app/server_test.go
Comment on lines +125 to +129
require.NoError(t, err)
require.Error(t, s.Start(context.Background()))
t.Cleanup(func() {
require.NoError(t, s.Close())
})
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this error will now be thrown at start when we initialize the listener rather than when we create the server

@yurishkuro yurishkuro merged commit edb896e into jaegertracing:main Nov 22, 2024
54 of 55 checks passed
yurishkuro
yurishkuro reviewed Nov 22, 2024
View reviewed changes
cmd/query/app/server.go
@@ -228,15 +228,6 @@ func createHTTPServer(
staticHandlerCloser: staticHandlerCloser,
}

// TODO why doesn't OTEL helper do that already?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hehe, my intuition was right at the time :-)

@yurishkuro
Copy link
Member

Thanks for fixing it!

@mahadzaryab1 mahadzaryab1 mentioned this pull request Nov 23, 2024
Merged
4 tasks
yurishkuro pushed a commit that referenced this pull request Nov 23, 2024
@mahadzaryab1
[fix][test] Fix query server unit tests to check for status code (#6241)
7b4631c 
## Which problem is this PR solving?
- Resolves #6230 

## Description of the changes
- We had a bug report come in #6230 which wasn't caught by our unit
tests. The reason here was because the test was not checking the status
code of the response received from the server but rather just the error
returned from doing `Client.Do`.
- - This PR also cleans up the tests to remove the manual dial call and
an unnecessary filter in the test body.

## How was this change tested?
- This test passes on main because of the patch that was landed in
#6239.
- To verify that this test would have caught the bug, I ran this test on
the v1.63.0 release. Running this test caused failures in the following
tests, all of which were returning `400` instead of `200`.
```
TestServerHTTPTLS/should_pass_with_TLS_client_to_trusted_TLS_server_with_correct_hostname
TestServerHTTPTLS/should_pass_with_TLS_client_with_cert_to_trusted_TLS_server_requiring_cert
TestServerHTTPTLS/should_pass_with_TLS_client_with_cert_to_trusted_TLS_HTTP_server_requiring_cert_and_insecure_GRPC_server
```
## Checklist
- [x] I have read
https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
- [x] I have signed all commits
- [x] I have added unit tests for the new functionality
- [x] I have run lint and test steps successfully
  - for `jaeger`: `make lint test`
  - for `jaeger-ui`: `yarn lint` and `yarn test`

---------

Signed-off-by: Mahad Zaryab <mahadzaryab1@gmail.com>
@mahadzaryab1 mahadzaryab1 deleted the fix-tls branch November 23, 2024 01:32
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@yurishkuro yurishkuro yurishkuro approved these changes

@jkowall jkowall Awaiting requested review from jkowall jkowall is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
bug changelog:bugfix-or-minor-feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: query: TLS handshake error
2 participants
@mahadzaryab1 @yurishkuro