From 9a16b7016a943a0c2817ab2151eaa81f5ea19760 Mon Sep 17 00:00:00 2001 From: James Sumners Date: Mon, 12 Aug 2024 10:39:36 -0400 Subject: [PATCH] chore: Added TLS verification for Redis (#2446) --- docker-compose.yml | 13 +++- docker/redis/.gitignore | 3 + docker/redis/ca.crt | 31 ++++++++ docker/redis/ca.key | 52 +++++++++++++ docker/redis/ca.txt | 1 + docker/redis/gen-cert.sh | 27 +++++++ docker/redis/redis.crt | 25 +++++++ docker/redis/redis.key | 28 +++++++ lib/instrumentation/@node-redis/client.js | 2 +- test/lib/params.js | 2 + test/versioned/redis/package.json | 3 +- test/versioned/redis/tls.tap.js | 91 +++++++++++++++++++++++ 12 files changed, 275 insertions(+), 3 deletions(-) create mode 100644 docker/redis/.gitignore create mode 100644 docker/redis/ca.crt create mode 100644 docker/redis/ca.key create mode 100644 docker/redis/ca.txt create mode 100755 docker/redis/gen-cert.sh create mode 100644 docker/redis/redis.crt create mode 100644 docker/redis/redis.key create mode 100644 test/versioned/redis/tls.tap.js diff --git a/docker-compose.yml b/docker-compose.yml index 849bb27f5f..463b986c72 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,9 +94,20 @@ services: redis: container_name: nr_node_redis - image: redis + image: bitnami/redis ports: - "6379:6379" + - "6380:6380" + environment: + - ALLOW_EMPTY_PASSWORD=yes + - REDIS_TLS_ENABLED=yes + - REDIS_TLS_PORT=6380 + - REDIS_TLS_CERT_FILE=/tls/redis.crt + - REDIS_TLS_KEY_FILE=/tls/redis.key + - REDIS_TLS_CA_FILE=/tls/ca.crt + - REDIS_TLS_AUTH_CLIENTS=no + volumes: + - "./docker/redis:/tls" healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 1s diff --git a/docker/redis/.gitignore b/docker/redis/.gitignore new file mode 100644 index 0000000000..56f124efd5 --- /dev/null +++ b/docker/redis/.gitignore @@ -0,0 +1,3 @@ +*.req +!*.key +!*.crt diff --git a/docker/redis/ca.crt b/docker/redis/ca.crt new file mode 100644 index 0000000000..d6137f2a8f --- /dev/null +++ b/docker/redis/ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgIUIkqwOT8o/3S7bbBCBiBlug41jY4wDQYJKoZIhvcNAQEL +BQAwMDEOMAwGA1UECgwFUmVkaXMxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhv +cml0eTAeFw0yNDA4MDgxNDI4MzNaFw0zNDA4MDYxNDI4MzNaMDAxDjAMBgNVBAoM +BVJlZGlzMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDeOcmk8R0d7R2/rFbfBgQFAsPolCSugUBT +FAnnpFCYAVvmadc+BpdUv7/tEHdvZOdOdZa9f9b1Xprq1AcZMeZsmZrKRHCkx6YW +bWtea0qWL73gEbkDnE2YbdOKZx0H1+nblpp10ywwtvCupL6off4Cdwy8wLXJiPth +K1MoOCgTL3I0elNl5AGv/ccnoz8BHQ59TY5+t25B9wO67pm7LdppJXYgqx2LQ9QH +Jfw7KGAsfoo0ujZ6F9VnqvqU8oIJ8iqn/dF5YTzDvzB0M79dbdL863Rk+0J0wTzP +FCZuuqwZYXMJf1tZnTNyRGCrcffF5qw1+wzvW0aGsyz6nQoA9CDSL8JTE3WqeFIH +Ltq6Naa60CpdDqxl19lYNjt4oVrfoK9bU87+z1GftVFl7ljZIsWn9XZH+MscUobs +Olhw2iVpYngC96xxDXwL/Q6gFiGhDdkdlbDq+TgTfjSaXyW6Xqhz93dNDEXjNT9H +7u8iWi13Z+w0C4KyPGioHb9Skvb85mfDiKz0c/gbPIkO9FuXDPlLZBcBOnYFoTL3 +k+XLJ0I4eBXIfJXZ6PZkdWpw3fjpRxYSh43tKk3MoMGM+R4pASMiE618fZ8drBec +zSkiAsJaD3gzs5TlRrPQlNA2VibLvsYOmYHGcRImcrQorIF+2ICMLGMCfq+f3DDb +UBfJF2iGGwIDAQABo1MwUTAdBgNVHQ4EFgQUM1iXaB+TOowF4Jfza+KrX3pikmAw +HwYDVR0jBBgwFoAUM1iXaB+TOowF4Jfza+KrX3pikmAwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAUmcwZvT0feYkDDbFnHGytL56Pfoncs2hy4j/ +SW8aQ1USwXScYetNwsapSu2g/0ThBKaGDH/zPlNwicAiY2MzdyAAEFhqGXDhovIL +zc6gLbAITfy3m7uvmuBJolSuwIn8aqMvxXLmORNH7bcw6Nn0V9RUMmqicwlV6281 +wLsbxeW5YW7VQgxlus3THkjd+QozdplqQFSLG6uxhgOvBPJFNunynJxanuZGnY/j +9NYHcD5l5ADr0JpeiecJxKTM7HCOSiBjass6h6KFfqFz8e5yti6DPt/eRswkSQ/W +58O2QbThmEbJ7OubzfvSX/fJhoxlJiCc6ZTY8qWeGl0V5LdW6dIGA1Ds2kguVVrb +nktjeekIiINcSetNyXeNqeWVm0htXDzXPsScEeCDqPPq41n7ktGH0W6FqChiqYCf +e9NlQhcz61exXa0Rn1vua5cHZLxZ/5n/1lHNTyfZi0Py+1cdmxn1XFRltrVWMm67 +wGsdVKU93y7Zh+/djPIShcB3Auful1aC4PeNya49cKracnoAx0kRx6SPmssCfhbu +JNqpAWbpP4tA/+r8ti/84l7pXFTL9n6OJi2vvUdndLXeK92K+T3+m+sl2u2x9NHk +C931gMu5/WEzP7fsC9WDXw3t2alG9BRvA2AUUiECVT1v/Ktb3QO1clozv9+pZupD +U0oITpQ= +-----END CERTIFICATE----- diff --git a/docker/redis/ca.key b/docker/redis/ca.key new file mode 100644 index 0000000000..23614cc550 --- /dev/null +++ b/docker/redis/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeOcmk8R0d7R2/ +rFbfBgQFAsPolCSugUBTFAnnpFCYAVvmadc+BpdUv7/tEHdvZOdOdZa9f9b1Xprq +1AcZMeZsmZrKRHCkx6YWbWtea0qWL73gEbkDnE2YbdOKZx0H1+nblpp10ywwtvCu +pL6off4Cdwy8wLXJiPthK1MoOCgTL3I0elNl5AGv/ccnoz8BHQ59TY5+t25B9wO6 +7pm7LdppJXYgqx2LQ9QHJfw7KGAsfoo0ujZ6F9VnqvqU8oIJ8iqn/dF5YTzDvzB0 +M79dbdL863Rk+0J0wTzPFCZuuqwZYXMJf1tZnTNyRGCrcffF5qw1+wzvW0aGsyz6 +nQoA9CDSL8JTE3WqeFIHLtq6Naa60CpdDqxl19lYNjt4oVrfoK9bU87+z1GftVFl +7ljZIsWn9XZH+MscUobsOlhw2iVpYngC96xxDXwL/Q6gFiGhDdkdlbDq+TgTfjSa +XyW6Xqhz93dNDEXjNT9H7u8iWi13Z+w0C4KyPGioHb9Skvb85mfDiKz0c/gbPIkO +9FuXDPlLZBcBOnYFoTL3k+XLJ0I4eBXIfJXZ6PZkdWpw3fjpRxYSh43tKk3MoMGM ++R4pASMiE618fZ8drBeczSkiAsJaD3gzs5TlRrPQlNA2VibLvsYOmYHGcRImcrQo +rIF+2ICMLGMCfq+f3DDbUBfJF2iGGwIDAQABAoICAG1TbaXVLtdlq1B8JwKyUXDr +oti9ZOxqzuvwPE0286VMadtJr6gmkvWRHgkxJCjrsbXSOLYCegydncYwSEu3Vl6Q +FOw0TlxqkgWPkBZT305Sr21YGraxgyUdxsfcoZYVvUmX5mZX3PIcVfz9NITs8vVg +fyYvAl/jIZR0vYTYV7LUkTFLCtNiIAhmZ79S2vCfzFyNtrAVastODAo/TucckEpR +MTOyKycz19AqelPaMbJCEJkPETTwm77UCVIUmi/tcNnTj2XRFhVQ7jQErzz2BioC +ZfE2AUQyOsm/ZobsFDWqUO9Xtee45DHvfMVrnJNCP++QkhUBSQmEhXjHoD/G2ovR +2hlmgvzPr8H+/ZwlLd8+H6wMUyKevIvvo2nyJOFE1xqZky4YeuOWiv/VBxRKb/wV +xYV7XbIqfScex1lm1yy9Awo28x60YYAOew73wmIBTKVLGyhgSG8PhS652l46owl+ +3V3bqZ8H8rWt78h3/1KBatH+lUseIgOL1GHcFcEroRW2Vw643ZqgAfzZEq6trIM0 +uA4f/gkkYXHRmdbmj31hBNIjNTIFwDXykdOmzyawZvNMhJgyObOCazvcWElFthYr +zanYcNVHRwEwE4r/M6NrU4BThRbMM1FiUR5DyR2ppNuY8Ero0fh9qXbMqYoUAr1z +s97efcSmBeR0hK4Zd5pdAoIBAQD+7U586IVRqvEw8Liy9NjHo7dS4dqSdI4GHO2J +tNDvPjZjQ7kkndD9Db/AqnMf9q5l8O3or30REwUl8AojT9Hsb0SoWifq20NDkMw1 +qjsyjL/z6ZAaPAasn6GPjGSW2WxEKOcM3l3hWMBc8J8qg9jwWwttPOf5VB4WCDm0 +qzYqx5cfJuQ2bmk6UvXgHmwAb1raPS0buwbAQHTFiPwrzUTfunqCYGJXob1rRKJM +jzWTCpdEE/pw95/qR0gpoCYbYbCk5mSHtOydOtGON7KBlUrkgyjPv6tR2+2YuK9F +TGouVfmZSWwmLx7IIKX1n/a9o2vGyUoOYYrH9BFMiaTwcINXAoIBAQDfKT6HqR6S +PXxDFU5YJ9+ELnKZd//aLnZhBPvKFl/b298OveysU4SELj1dgEWkoxHsN2wCJdg9 +eeiQp4X+HJ95n/TWojGCcoF+ihyBk2Jx5oiU8KS88GQs/4GF3NlR21QFbnqBtIav +WC7Nk6rkbI9Ou4siseeQwsxzO30Ncn56qG6zViL6xWmpZ5XspDt6Z3b5W/i/Sx1p +teIG8ThwblFuT/cFeiaffW1cVlOzwl9vUYLqAieM/PZJXfrkST+il3X7tyQLaUFE +UBWJXBH5+q+6dXbRu/Na3Efj3+kibeqFQg4ypPtrbBjW8x8Qvnx46lneG8ItpJu0 +aIj/TWCF/3zdAoIBAEIgfIOaLTsKBJaVWtPQ/4qJxTwSqgfjhBPB3TwjUy88DA+j +uZrt9RAvSNZJYKOh8Ysv/AanvuF29ZbptTeDtQiHtF+XQ1OAnOoh3VbuWXy7Ve+H +XoHvoCuXHOmHmXAn5hWoJocIB4I063EwWZlFqjhu5X/olKPwVf2RFKbw4pQmQeUq +yXf1HAatDmqceZeDSyXhSJow4YdtMN0ss30JOhxu2uiG5/ujUOdKXm9NlrAVxzc5 +l3VGRo0XAHkLudbQeGnN+bXaEKaYY1Nozz0d5NdxzlxVc7NAQVmkTpLDR6fNVXmV +uiANiQaQsXwNiouWoJZoEHW6h61mejZIXiighvECggEASzSVFBbUbKg35kuZ2W+m +jd8xU7LzEE40KsIJMLOVnnxckZVD21dSA1Gp8Ia38aHa+mY7CgZC94TL8WPjbh2r +SMu1MVf7o2B/b2uP68MFnCj6wmbOvbWtrNR2i+w/eKyXhjUTJ/70nMb1DubC4rQL +H5dobkrSJSDg0bysigmZwjBdDibrJuO8lhCIn/VA7iFMIQDztVPVF7jp8Tj9sjYb +Tze3oarmtT0Jy+Jz1tKcYuFvYvlS5tqhDVyUnrZosZylcCzqAsZ37lOmzmGu1TW8 +XvQTFN9oRaiSuaLN6IJuVHZMXpjm+e61+Ep6n6PyQrWHj6h/Ke6dYpEQCinDa6UM +KQKCAQEA6KY+wqlt4lG9ghMYNUEFnk7DLtDMj4MFK9vI+KlfLYTyQNZM9uMkglIY +ufXeyOuKNWbTl/6q519uuv2dMLDOYX1TPaYZlElFyFPp6/o1/Ujh1BgQq1GS9q7+ +H3Y/xcSNOLmJF/igvhlsdnsu4i8X1MxeThbJ0H2DFPczkf0peG13ZAdAvW6ULMYb +Ze/b7siCsDQXw+SMT9DE61KFsf7jqouuxyri7+9e5BbB19ZpHibAC4FnzswlGzQ+ +aPFvku0Zer86umS6UcZawCQw1UqQMQ+2hVVFr/t7d99cN01VV2roBQBSCHsLcBCW +YpRxs9Qgfw04XTPN1t4fj6s1w6u0MQ== +-----END PRIVATE KEY----- diff --git a/docker/redis/ca.txt b/docker/redis/ca.txt new file mode 100644 index 0000000000..fba5063905 --- /dev/null +++ b/docker/redis/ca.txt @@ -0,0 +1 @@ +141E6AEEA165D992A53AEDBF732949EA4B278E51 diff --git a/docker/redis/gen-cert.sh b/docker/redis/gen-cert.sh new file mode 100755 index 0000000000..d8d680cbf3 --- /dev/null +++ b/docker/redis/gen-cert.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Based upon https://github.com/redis/redis/blob/3a08819f5169f9702cde680acb6bf0c75fa70ffb/utils/gen-test-certs.sh + +set -e + +openssl genrsa -out ca.key 4096 +openssl req \ + -x509 -new -nodes -sha256 \ + -key ca.key \ + -days 3650 \ + -subj '/O=Redis/CN=Certificate Authority'\ + -out ca.crt + +openssl genrsa -out redis.key 2048 +openssl req \ + -new -sha256 \ + -subj "/O=Redis/CN=redis" \ + -key redis.key | openssl x509 \ + -req \ + -sha256 \ + -CA ca.crt \ + -CAkey ca.key \ + -CAserial ca.txt \ + -CAcreateserial \ + -days 3650 \ + -out redis.crt diff --git a/docker/redis/redis.crt b/docker/redis/redis.crt new file mode 100644 index 0000000000..05881b647b --- /dev/null +++ b/docker/redis/redis.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQDCCAiigAwIBAgIUFB5q7qFl2ZKlOu2/cylJ6ksnjlEwDQYJKoZIhvcNAQEL +BQAwMDEOMAwGA1UECgwFUmVkaXMxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhv +cml0eTAeFw0yNDA4MDgxNDI4MzNaFw0zNDA4MDYxNDI4MzNaMCAxDjAMBgNVBAoM +BVJlZGlzMQ4wDAYDVQQDDAVyZWRpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJD2mnJjQdoJHG8EuZCDndukDnUFEtFIvHp4jwxQDa0wENlc74M75yWm +mX39/Py6jgQcu8DD1wu7ShSAbfEVRLcIBdItkpncLutjbzzKCf0ZsMe57/Lizmoz +QkgtVQW0OqtuLLC4H4HqkxrJoyN1z34c2xwnMxWKAuiVZ7+hXgP6PxjYp4zMUp+S +hBQqlnD/Cg680usRGtuzCASsgPUo2fw8ec8sVloI9Im4RnvOPUwHgcRJuxGIImLG +821lxQmNP5sMdechHcQzGLuHwzeIjwfx7WJXMkKMoDziBAJkeb/bAA1t50sGex3l +K99fueqU4lQSjEMomyk3+D3zIilFPcECAwEAAaNiMGAwCwYDVR0PBAQDAgWgMBEG +CWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQUkqLWXtErfjQQ4MPZi1FCEHaIK/ow +HwYDVR0jBBgwFoAUM1iXaB+TOowF4Jfza+KrX3pikmAwDQYJKoZIhvcNAQELBQAD +ggIBAB0qvXaiXhoTS8CyVCatSfrjaepJRbxsJEzzCe2A/G6FXPw4yO5vFvniqSo9 +wQYDi166wyc14XFrArUpewPgEjKLmoCxcwQOrJSHQ+DQJ/dw07XbiwBQygxt98eB +OXin4efcW8ydfsLXozK61r9UEvfPlo/St3Q09PxQgDwCW8D7Uos/6bxsKIfPqzjI +/hEnpjzTpCy2iuBzG+UDLAvVlB7ZSOpz3H+FBxJzAFAkYs82sx7pZZkNduPoHerO +lIdI5oJCZmpnsW+pv8pd6MCNdR4cV5b/wazR5PzGAQW2MAW7LCTy5WI6myC+EBdS +q46Var/mmDGh54sGreVMMGSvrsdcR3gFrUN+ZUbkZanjyI2EKl38M+WNlpm3UYLn +G0BlD6Ude8Ic7BbawS8Cx2Z+jvAcAr1KQs8nn1c4PpEvkdz+Lj1tzNWA3pjZu0Tf +x3XGj41iJLre9Deehe5akjWg6x8ho9sbvUasNIlh6F9JTZE+AZyis0WbhNIlh75/ +mnS1TufJ3uoJX2f1imLm2gJHeoYj8Ff16qnpvRvgxJT15Ut18CC2sn1n47bu/V6N +dgodOWEqBDxccP4K3e9TsI8WNoEThc2tXKGrzanN+4qxR7XXgW5jcdzoHGmdxTBZ +ll1Hx8gPQuEfOtU73CGCY6yvSjA8kHh2mnXJcHjZy3Kbxg5B +-----END CERTIFICATE----- diff --git a/docker/redis/redis.key b/docker/redis/redis.key new file mode 100644 index 0000000000..0c99652466 --- /dev/null +++ b/docker/redis/redis.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCQ9ppyY0HaCRxv +BLmQg53bpA51BRLRSLx6eI8MUA2tMBDZXO+DO+clppl9/fz8uo4EHLvAw9cLu0oU +gG3xFUS3CAXSLZKZ3C7rY288ygn9GbDHue/y4s5qM0JILVUFtDqrbiywuB+B6pMa +yaMjdc9+HNscJzMVigLolWe/oV4D+j8Y2KeMzFKfkoQUKpZw/woOvNLrERrbswgE +rID1KNn8PHnPLFZaCPSJuEZ7zj1MB4HESbsRiCJixvNtZcUJjT+bDHXnIR3EMxi7 +h8M3iI8H8e1iVzJCjKA84gQCZHm/2wANbedLBnsd5SvfX7nqlOJUEoxDKJspN/g9 +8yIpRT3BAgMBAAECggEAKsKLKU2s+Ycxe2/t2rpwIH9CgnMWK2SksA2KyIt+lUT1 +22AGCHRtiNYdNaRrcRMIXB8rpL8/2iaLQgPmKjRnWgQET4yAz2C6+FUS1WAVVTK0 +Sh3HMSKE15+6H/c7Op0Ap1uu1Avjw1sxvDeZJxcTtvQFD8diUqqsk/WqLkUHqe0/ +3fCRUOgJNodAIIY9DEnq7YxBmQPKmsCudHAQNBU6v0NIYDfD9g1y5omy1pZ80XJP +ijFgYVXcjI89OGO0nS2/N8AOBktQ9jKIov7MIqJ74Y0MVqZJbiizDFpGPvYYFXZZ +UYd2UAyQBIRHojQsJ/bqVeMZqfQaSmfcbSeQDhCjzwKBgQDIWrtdG8ZFzFPjhF/5 ++PIrWUjYurVV1/zSeFIG7ANfG9epNsxEl5wg4ALO4/XlLxkEYRA+NyGx7p/KcPmj +LNprbt8Hd6HsYXTbXoT9+5xn9MoRGwDFKVhl7TWkNSMLcsPTQ1pCrhYLUrci6GIF +9I/6TCOoe814VIIaZdRQ6iEgrwKBgQC5OYsTUcJ9wDqL4TIZ+BLrQbQOdbR6/NJh +UEcpEy9qCeOjQJ7++iof0JuXuq6hkh7fN68TILO88bjxzxLvu8/zYq/p/3kO5SS2 +oeL60kBUSON9fewNu3pAiNnLj4OQYVv5LYTB0BqRN49rW5kPkKwd/Z/nRHgI7Z4o +ac2BO6LEjwKBgQCdW+3GnjbmwSmuC10aRvVlKJX3awVba+1tHQVH3Hx1abfDdn+O +7Ai7JVXvSsnpfElI0Dditghn6MRlyr+28laGhKj1A3gQ4SZX2W/Yz5Kzb2Z5ctzy +/ZspStqTowxoRHYbas3sizBTKl8eMqgyhzfB3aUwAjSJ6s3Yj9vmxUzJjwKBgG84 +FkJrfZV0r7L+bc8aHoIU2cE0/EI9PTYhthj75CSP+5gzXUVNga3I3SSme+WYj+EI +1p9tq39wxdSsunopFBzYzTh8pnxDK2BepKRnSylQ+wiHbA5y3F2TzvNkIWO4kjl1 +E5otE0bPTdbxEV8/R5paiIGdo1X5GFa78SIAZSQRAoGABQMu1XZWHA41BL1Wwd1I +VtZMmWnTfg9lN7DSIOeMMicuCt+Dam0NSJi2u6NxM9HJ/ACzm7TfnfH5vyRBaYl6 +cMzfUSR8HE5wnlAFOYsTCgj5ksjpk1mZ+obJGjA8c1PpA0ZGMxry1x20auGvlgd+ +AAYDp2njFzBuYeFbM/iJ18U= +-----END PRIVATE KEY----- diff --git a/lib/instrumentation/@node-redis/client.js b/lib/instrumentation/@node-redis/client.js index 7f2f76fccf..f51e5c6024 100644 --- a/lib/instrumentation/@node-redis/client.js +++ b/lib/instrumentation/@node-redis/client.js @@ -93,7 +93,7 @@ function getRedisParams(clientOpts) { // see: https://github.com/redis/node-redis/blob/5576a0db492cda2cd88e09881bc330aa956dd0f5/packages/client/lib/client/index.ts#L160 if (clientOpts?.url) { const parsedURL = new URL(clientOpts.url) - clientOpts.socket = { host: parsedURL.hostname } + clientOpts.socket = Object.assign({}, clientOpts.socket, { host: parsedURL.hostname }) if (parsedURL.port) { clientOpts.socket.port = parsedURL.port } diff --git a/test/lib/params.js b/test/lib/params.js index 22dffd2d3d..03095d0031 100644 --- a/test/lib/params.js +++ b/test/lib/params.js @@ -20,6 +20,8 @@ module.exports = { redis_host: process.env.NR_NODE_TEST_REDIS_HOST || 'localhost', redis_port: process.env.NR_NODE_TEST_REDIS_PORT || 6379, + redis_tls_host: process.env.NR_NODE_TEST_REDIS_TLS_HOST || '127.0.0.1', + redis_tls_port: process.env.NR_NODE_TEST_REDIS_TLS_PORT || 6380, cassandra_host: process.env.NR_NODE_TEST_CASSANDRA_HOST || 'localhost', cassandra_port: process.env.NR_NODE_TEST_CASSANDRA_PORT || 9042, diff --git a/test/versioned/redis/package.json b/test/versioned/redis/package.json index 589c9943fc..c82030c434 100644 --- a/test/versioned/redis/package.json +++ b/test/versioned/redis/package.json @@ -24,7 +24,8 @@ }, "files": [ "redis-v4.tap.js", - "redis-v4-legacy-mode.tap.js" + "redis-v4-legacy-mode.tap.js", + "tls.tap.js" ] } ] diff --git a/test/versioned/redis/tls.tap.js b/test/versioned/redis/tls.tap.js new file mode 100644 index 0000000000..95477d212f --- /dev/null +++ b/test/versioned/redis/tls.tap.js @@ -0,0 +1,91 @@ +/* + * Copyright 2024 New Relic Corporation. All rights reserved. + * SPDX-License-Identifier: Apache-2.0 + */ + +'use strict' + +const tap = require('tap') +const helper = require('../../lib/agent_helper') +const promiseResolvers = require('../../lib/promise-resolvers') +const { redis_tls_host: HOST, redis_tls_port: PORT } = require('../../lib/params') +const { removeModules } = require('../../lib/cache-buster') + +tap.test('redis over tls connection', (t) => { + t.afterEach(() => { + removeModules(['redis']) + }) + + t.test('should work with self-signed tls cert on server', async (t) => { + const { promise, resolve } = promiseResolvers() + const agent = helper.instrumentMockedAgent() + const redis = require('redis') + const client = await redis + .createClient({ + url: `rediss://${HOST}:${PORT}`, + socket: { + tls: true, + rejectUnauthorized: false + } + }) + .on('error', (error) => { + throw error + }) + .connect() + await client.flushAll() + + t.teardown(async () => { + await client.flushAll() + await client.disconnect() + helper.unloadAgent(agent) + }) + + helper.runInTransaction(agent, async function transactionInScope() { + const tx = agent.getTransaction() + await client.set('tls-test', 'foo') + const found = await client.get('tls-test') + t.equal(found, 'foo') + tx.end() + resolve() + }) + + await promise + }) + + t.test('url parsing should add tls true', async (t) => { + const { promise, resolve } = promiseResolvers() + const agent = helper.instrumentMockedAgent() + const redis = require('redis') + const client = await redis + .createClient({ + url: `rediss://${HOST}:${PORT}`, + socket: { + rejectUnauthorized: false + } + }) + .on('error', (error) => { + throw error + }) + .connect() + await client.flushAll() + + t.teardown(async () => { + await client.flushAll() + await client.disconnect() + helper.unloadAgent(agent) + }) + + helper.runInTransaction(agent, async function transactionInScope() { + const tx = agent.getTransaction() + await client.set('tls-test', 'foo') + const found = await client.get('tls-test') + t.equal(found, 'foo') + tx.end() + resolve() + }) + + await promise + }) + + t.end() +})