Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add gencert function #802

Merged
merged 10 commits into from
Sep 23, 2024
Merged

Add gencert function #802

merged 10 commits into from
Sep 23, 2024

Conversation

CVanF5
Copy link
Collaborator

@CVanF5 CVanF5 commented Aug 23, 2024
edited
Loading

Proposed changes

Feature to allow users to configure Agent to generate self-signed TLS certificates for the OTEL Collector receiver.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • I have run make install-tools and have attached any dependency changes to this pull request
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • If applicable, I have updated any relevant documentation (README.md)
  • If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

@github-actions github-actions bot added chore Pull requests for routine tasks enhancement New feature or request labels Aug 23, 2024
@CVanF5 CVanF5 force-pushed the gencert branch 4 times, most recently from a152ba1 to 3d6c6a4 Compare August 23, 2024 14:19
@CVanF5 CVanF5 changed the title feat: WIP add gencert function feat: add gencert function Aug 23, 2024
@CVanF5 CVanF5 marked this pull request as ready for review August 23, 2024 14:49
@oliveromahony oliveromahony added the v3.x Issues and Pull Requests related to the major version v3 label Aug 23, 2024
@CVanF5 CVanF5 force-pushed the gencert branch 5 times, most recently from 52fe37a to a9fdf3e Compare August 24, 2024 15:55
dhurley
dhurley reviewed Aug 26, 2024
View reviewed changes
Copy link
Collaborator

@dhurley dhurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just on the title of the PR. There is no need for the feat: prefix in the title. We use labels on the PR to identify if the change is a bug fix, enhancement, documentation update, etc.

pkg/tls/self_signed_cert.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert_test.go Outdated Show resolved Hide resolved
@CVanF5 CVanF5 changed the title feat: add gencert function Add gencert function Aug 26, 2024
@CVanF5 CVanF5 force-pushed the gencert branch 3 times, most recently from 2d81e1c to 748e25e Compare August 26, 2024 16:12
@CVanF5 CVanF5 marked this pull request as draft August 29, 2024 09:45
@CVanF5 CVanF5 marked this pull request as ready for review September 2, 2024 10:38
@CVanF5 CVanF5 force-pushed the gencert branch 4 times, most recently from f121989 to 942bd52 Compare September 19, 2024 10:28
dhurley
dhurley reviewed Sep 19, 2024
View reviewed changes
internal/collector/otel_collector_plugin.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert.go Outdated Show resolved Hide resolved
pkg/tls/self_signed_cert.go Show resolved Hide resolved
Makefile.containers Show resolved Hide resolved
pkg/tls/self_signed_cert.go Show resolved Hide resolved
@CVanF5 CVanF5 requested a review from a team as a code owner September 19, 2024 17:38
@RRashmit
Copy link

Branch testing looks good with the following scenarios:

  • Generates the certs sucessfully based on the config path mentioned in the nginx-agent.conf.
  • If the config path is not mentioned and the generate_self_signed_cert: true then the certs are generated in the default path i.e /var/lib/nginx-agent
  • When the certs are already applied, the log gets updated that “"Certificate file already exists, skipping self-signed certificate generation"

Pending Scenario: Logging when the generate_self_signed_cert: false

@CVanF5
Copy link
Collaborator Author

CVanF5 commented Sep 20, 2024
edited
Loading

Pending Scenario: Logging when the generate_self_signed_cert: false

Added warning for the default unencrypted receiver configuration

@dhurley
Copy link
Collaborator

dhurley commented Sep 23, 2024

@CVanF5 Maybe update the PR title so that it is more descriptive about the feature you are adding

RRashmit
RRashmit approved these changes Sep 23, 2024
View reviewed changes
Copy link

@RRashmit RRashmit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good with all the test scenarios.

@RRashmit
Copy link

when the generate_self_signed_cert: false
image

@CVanF5 CVanF5 merged commit 13f1b19 into nginx:v3 Sep 23, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliveromahony oliveromahony oliveromahony left review comments

@RRashmit RRashmit RRashmit approved these changes

@aphralG aphralG aphralG approved these changes

@sean-breen sean-breen sean-breen approved these changes

@dhurley dhurley dhurley approved these changes

@craigell craigell Awaiting requested review from craigell

Assignees
No one assigned
Labels
chore Pull requests for routine tasks enhancement New feature or request v3.x Issues and Pull Requests related to the major version v3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@CVanF5 @RRashmit @dhurley @oliveromahony @sean-breen @aphralG