Fix an integration test failure

elastic · Oct 29, 2023 · 1740c28 · 1740c28
1 parent c5ab124
commit 1740c28
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 19 deletions.
diff --git a/libbeat/docker-compose.yml b/libbeat/docker-compose.yml
@@ -70,26 +70,8 @@ services:
         condition: service_healthy
 
   proxy:
-    image: ubuntu/squid:latest
+    build: ${ES_BEATS}/testing/environments/docker/proxy
     network_mode: service:elasticsearch
-    healthcheck:
-      test: ["CMD", "bash", "-c", "echo > /dev/tcp/localhost/3128 || exit 1"]
-      retries: 60
-      interval: 1s
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |-
-        cat << EOF >> /etc/squid/conf.d/00_proxy.conf
-        auth_param basic program /usr/lib/squid/basic_fake_auth
-        acl auth proxy_auth REQUIRED
-        http_access deny !auth
-        http_access allow auth
-        http_access deny all
-        acl SSL_ports port 9200
-        dns_timeout 3 seconds
-        EOF
-        exec /usr/local/bin/entrypoint.sh -f /etc/squid/squid.conf -NYC
 
   redis:
     build: ${ES_BEATS}/testing/environments/docker/redis

diff --git a/testing/environments/docker/proxy/Dockerfile b/testing/environments/docker/proxy/Dockerfile
@@ -0,0 +1,10 @@
+FROM alpine:edge
+
+RUN apk add --no-cache squid bash
+
+COPY squid.conf /etc/squid/squid.conf
+
+HEALTHCHECK --interval=1s --retries=600 CMD nc -z localhost 3128
+EXPOSE 3128
+
+CMD ["squid", "--foreground"]
diff --git a/testing/environments/docker/proxy/squid.conf b/testing/environments/docker/proxy/squid.conf
@@ -0,0 +1,23 @@
+acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
+acl localnet src fc00::/7               # RFC 4193 local private network range
+acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
+
+# Authenticates only one user named "proxy" with the password "testing"
+auth_param basic program /bin/bash -c 'while IFS= read -r L; do [[ "$L" =~ "proxy testing" ]] && echo OK || echo ERR; done;'
+
+# Allows only authenticated requests from localnet to specific ports on localhost
+acl auth proxy_auth REQUIRED
+acl to_ports port 9200
+http_access allow auth localnet to_localhost to_ports
+
+# Denies otherwise
+http_access deny all
+
+# General settings
+http_port 3128
+dns_timeout 3 seconds