test: Use Self-Signed Certificates to Use Exporter with TLS in E2E Tests (#12)

simek-m · web-flow · commit 612cef363d5b · 2025-01-03T08:50:04.000+01:00
diff --git a/internal/e2e/containers.go b/internal/e2e/containers.go
@@ -18,10 +18,12 @@ package e2e
 
 import (
 	"context"
+	"errors"
 	"log"
 	"path/filepath"
 	"time"
 
+	"github.com/mdelapenya/tlscert"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
 )
@@ -37,50 +39,91 @@ const (
 
 func runReceivingSolarWindsOTELCollector(
 	ctx context.Context,
+	certDir string,
 	networkName string,
 ) (testcontainers.Container, error) {
 	configPath, err := filepath.Abs(filepath.Join(".", "testdata", "receiving_collector.yaml"))
 	if err != nil {
 		return nil, err
 	}
 
-	container, err := runSolarWindsOTELCollector(ctx, networkName, receivingContainer, configPath)
-	return container, err
+	// Used by the OTLP/gRPC Receiver for TLS (see its config).
+	additionalFiles := []testcontainers.ContainerFile{
+		{
+			HostFilePath:      filepath.Join(certDir, "cert-server.pem"),
+			ContainerFilePath: "/opt/cert-server.pem",
+			FileMode:          0o644,
+		},
+		{
+			HostFilePath:      filepath.Join(certDir, "key-server.pem"),
+			ContainerFilePath: "/opt/key-server.pem",
+			FileMode:          0o644,
+		},
+	}
+
+	return runSolarWindsOTELCollector(
+		ctx,
+		networkName,
+		receivingContainer,
+		configPath,
+		additionalFiles,
+	)
 }
 
 func runTestedSolarWindsOTELCollector(
 	ctx context.Context,
+	certDir string,
 	networkName string,
 ) (testcontainers.Container, error) {
 	configPath, err := filepath.Abs(filepath.Join(".", "testdata", "emitting_collector.yaml"))
 	if err != nil {
 		return nil, err
 	}
 
-	container, err := runSolarWindsOTELCollector(ctx, networkName, testedContainer, configPath)
-	return container, err
+	// Add the root certificate for the self-signed certs as trusted.
+	// Warning: This actually replaces all root certificates in the container.
+	additionalFiles := []testcontainers.ContainerFile{
+		{
+			HostFilePath:      filepath.Join(certDir, "cert-ca.pem"),
+			ContainerFilePath: "/etc/ssl/certs/ca-certificates.crt",
+			FileMode:          0o644,
+		},
+	}
+
+	return runSolarWindsOTELCollector(
+		ctx,
+		networkName,
+		testedContainer,
+		configPath,
+		additionalFiles,
+	)
 }
 
 func runSolarWindsOTELCollector(
 	ctx context.Context,
 	networkName string,
 	containerName string,
 	configPath string,
+	additionalFiles []testcontainers.ContainerFile,
 ) (testcontainers.Container, error) {
 	lc := new(logConsumer)
 	lc.Prefix = containerName
+
+	files := []testcontainers.ContainerFile{
+		{
+			HostFilePath:      configPath,
+			ContainerFilePath: "/opt/default-config.yaml",
+			FileMode:          0o440,
+		},
+	}
+	files = append(files, additionalFiles...)
+
 	req := testcontainers.ContainerRequest{
 		Image: "solarwinds-otel-collector:latest",
 		LogConsumerCfg: &testcontainers.LogConsumerConfig{
 			Consumers: []testcontainers.LogConsumer{lc},
 		},
-		Files: []testcontainers.ContainerFile{
-			{
-				HostFilePath:      configPath,
-				ContainerFilePath: "/opt/default-config.yaml",
-				FileMode:          0o440,
-			},
-		},
+		Files:      files,
 		WaitingFor: wait.ForLog("Everything is ready. Begin running and processing data."),
 		Networks:   []string{networkName},
 		Name:       containerName,
@@ -94,6 +137,45 @@ func runSolarWindsOTELCollector(
 	return container, err
 }
 
+type CertPaths struct {
+	CaCertFile string
+	CertFile   string
+	KeyFile    string
+}
+
+// generateCertificates generates a new CA certificate and a server
+// key and certificate derived from it for a given `host`.
+// All files are stored in a `path`. All paths of files written are
+// returned in a CertPaths struct.
+func generateCertificates(host, path string) (*CertPaths, error) {
+	caCert := tlscert.SelfSignedFromRequest(tlscert.Request{
+		Name:      "ca",
+		Host:      host,
+		IsCA:      true,
+		ParentDir: path,
+	})
+	if caCert == nil {
+		return nil, errors.New("failed to generate ca certificate")
+	}
+
+	cert := tlscert.SelfSignedFromRequest(tlscert.Request{
+		Name:      "server",
+		Host:      host,
+		IsCA:      true,
+		Parent:    caCert,
+		ParentDir: path,
+	})
+	if cert == nil {
+		return nil, errors.New("failed to generate server certificate")
+	}
+
+	return &CertPaths{
+		CaCertFile: caCert.CertPath,
+		CertFile:   cert.CertPath,
+		KeyFile:    cert.KeyPath,
+	}, nil
+}
+
 func runGeneratorContainer(
 	ctx context.Context,
 	networkName string,
diff --git a/internal/e2e/go.mod b/internal/e2e/go.mod
@@ -3,6 +3,7 @@ module github.com/solarwinds/solarwinds-otel-collector/internal/e2e
 go 1.23.4
 
 require (
+	github.com/mdelapenya/tlscert v0.1.0
 	github.com/stretchr/testify v1.10.0
 	github.com/testcontainers/testcontainers-go v0.34.0
 	go.opentelemetry.io/collector/pdata v1.19.0
diff --git a/internal/e2e/go.sum b/internal/e2e/go.sum
@@ -66,6 +66,8 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mdelapenya/tlscert v0.1.0 h1:YTpF579PYUX475eOL+6zyEO3ngLTOUWck78NBuJVXaM=
+github.com/mdelapenya/tlscert v0.1.0/go.mod h1:wrbyM/DwbFCeCeqdPX/8c6hNOqQgbf0rUDErE1uD+64=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
diff --git a/internal/e2e/signals_processing_test.go b/internal/e2e/signals_processing_test.go
@@ -27,13 +27,12 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/require"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/network"
 	"go.opentelemetry.io/collector/pdata/pcommon"
 	"go.opentelemetry.io/collector/pdata/plog"
 	"go.opentelemetry.io/collector/pdata/pmetric"
 	"go.opentelemetry.io/collector/pdata/ptrace"
-
-	"github.com/testcontainers/testcontainers-go"
-	"github.com/testcontainers/testcontainers-go/network"
 )
 
 const (
@@ -48,11 +47,15 @@ func TestMetricStream(t *testing.T) {
 	require.NoError(t, err)
 	testcontainers.CleanupNetwork(t, net)
 
-	rContainer, err := runReceivingSolarWindsOTELCollector(ctx, net.Name)
+	certPath := t.TempDir()
+	_, err = generateCertificates(receivingContainer, certPath)
+	require.NoError(t, err)
+
+	rContainer, err := runReceivingSolarWindsOTELCollector(ctx, certPath, net.Name)
 	require.NoError(t, err)
 	testcontainers.CleanupContainer(t, rContainer)
 
-	eContainer, err := runTestedSolarWindsOTELCollector(ctx, net.Name)
+	eContainer, err := runTestedSolarWindsOTELCollector(ctx, certPath, net.Name)
 	require.NoError(t, err)
 	testcontainers.CleanupContainer(t, eContainer)
 
@@ -80,11 +83,15 @@ func TestTracesStream(t *testing.T) {
 	require.NoError(t, err)
 	testcontainers.CleanupNetwork(t, net)
 
-	rContainer, err := runReceivingSolarWindsOTELCollector(ctx, net.Name)
+	certPath := t.TempDir()
+	_, err = generateCertificates(receivingContainer, certPath)
+	require.NoError(t, err)
+
+	rContainer, err := runReceivingSolarWindsOTELCollector(ctx, certPath, net.Name)
 	require.NoError(t, err)
 	testcontainers.CleanupContainer(t, rContainer)
 
-	eContainer, err := runTestedSolarWindsOTELCollector(ctx, net.Name)
+	eContainer, err := runTestedSolarWindsOTELCollector(ctx, certPath, net.Name)
 	require.NoError(t, err)
 	testcontainers.CleanupContainer(t, eContainer)
 
@@ -114,11 +121,15 @@ func TestLogsStream(t *testing.T) {
 	require.NoError(t, err)
 	testcontainers.CleanupNetwork(t, net)
 
-	rContainer, err := runReceivingSolarWindsOTELCollector(ctx, net.Name)
+	certPath := t.TempDir()
+	_, err = generateCertificates(receivingContainer, certPath)
+	require.NoError(t, err)
+
+	rContainer, err := runReceivingSolarWindsOTELCollector(ctx, certPath, net.Name)
 	require.NoError(t, err)
 	testcontainers.CleanupContainer(t, rContainer)
 
-	eContainer, err := runTestedSolarWindsOTELCollector(ctx, net.Name)
+	eContainer, err := runTestedSolarWindsOTELCollector(ctx, certPath, net.Name)
 	require.NoError(t, err)
 	testcontainers.CleanupContainer(t, eContainer)
 
diff --git a/internal/e2e/testdata/emitting_collector.yaml b/internal/e2e/testdata/emitting_collector.yaml
@@ -22,7 +22,6 @@ extensions:
     token: <no-matter-in-test>
     collector_name: "testing_collector_name"
     endpoint_url_override: receiver:17016
-    insecure: true
 
 exporters:
   solarwinds:
diff --git a/internal/e2e/testdata/receiving_collector.yaml b/internal/e2e/testdata/receiving_collector.yaml
@@ -15,6 +15,9 @@ receivers:
     protocols:
       grpc: 
         endpoint: :17016
+        tls:
+          cert_file: /opt/cert-server.pem
+          key_file: /opt/key-server.pem
 exporters:
   file:
     path: /tmp/result.json
