diff --git a/pkg/agent/config.go b/pkg/agent/config.go index e413a313..c72b8be7 100644 --- a/pkg/agent/config.go +++ b/pkg/agent/config.go @@ -301,7 +301,9 @@ func InitAgentCmdFlags(c *cobra.Command, cfg *AgentCmdFlags) { c.PersistentFlags().BoolVar( &cfg.DisableCompression, "disable-compression", - false, + // Compression was disabled after we found that the backend didn't + // support it. See: https://venafi.atlassian.net/browse/VC-37264. + true, "Disables GZIP compression when uploading the data. Useful for debugging purposes or when an intermediate proxy doesn't like compressed data.", ) } @@ -588,8 +590,8 @@ func ValidateAndCombineConfig(log logr.Logger, cfg Config, flags AgentCmdFlags) // Validation of --disable-compression. { - if flags.DisableCompression && res.AuthMode != VenafiCloudKeypair && res.AuthMode != VenafiCloudVenafiConnection { - errs = multierror.Append(errs, fmt.Errorf("--disable-compression can only be used with the %s and %s modes", VenafiCloudKeypair, VenafiCloudVenafiConnection)) + if !flags.DisableCompression && res.AuthMode != VenafiCloudKeypair && res.AuthMode != VenafiCloudVenafiConnection { + errs = multierror.Append(errs, fmt.Errorf("--disable-compression=false can only be used with the %s and %s modes", VenafiCloudKeypair, VenafiCloudVenafiConnection)) } res.DisableCompression = flags.DisableCompression } diff --git a/pkg/agent/config_test.go b/pkg/agent/config_test.go index 6a3bd07e..8725b127 100644 --- a/pkg/agent/config_test.go +++ b/pkg/agent/config_test.go @@ -215,12 +215,13 @@ func Test_ValidateAndCombineConfig(t *testing.T) { Name: "d1", Config: &dummyConfig{}, }}, - Period: 5 * time.Minute, - Server: "http://example.com", - OrganizationID: "example", - EndpointPath: "api/v1/data", - BackoffMaxTime: 10 * time.Minute, - InstallNS: "venafi", + Period: 5 * time.Minute, + Server: "http://example.com", + OrganizationID: "example", + EndpointPath: "api/v1/data", + BackoffMaxTime: 10 * time.Minute, + InstallNS: "venafi", + DisableCompression: true, } require.NoError(t, err) assert.Equal(t, expect, got) @@ -255,13 +256,14 @@ func Test_ValidateAndCombineConfig(t *testing.T) { DataGatherers: []DataGatherer{ {Name: "d1", Kind: "dummy", Config: &dummyConfig{AlwaysFail: false}}, }, - InputPath: "/home", - OutputPath: "/nothome", - UploadPath: "/testing/path", - AuthMode: VenafiCloudKeypair, - ClusterID: "the cluster name", - BackoffMaxTime: 99 * time.Minute, - InstallNS: "venafi", + InputPath: "/home", + OutputPath: "/nothome", + UploadPath: "/testing/path", + AuthMode: VenafiCloudKeypair, + ClusterID: "the cluster name", + BackoffMaxTime: 99 * time.Minute, + InstallNS: "venafi", + DisableCompression: true, } require.NoError(t, err) assert.Equal(t, expect, got) @@ -371,7 +373,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) { `)), withCmdLineFlags("--credentials-file", path)) require.NoError(t, err) - assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, OrganizationID: "foo", ClusterID: "bar", AuthMode: JetstackSecureOAuth, BackoffMaxTime: 10 * time.Minute, InstallNS: "venafi"}, got) + assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, OrganizationID: "foo", ClusterID: "bar", AuthMode: JetstackSecureOAuth, BackoffMaxTime: 10 * time.Minute, InstallNS: "venafi", DisableCompression: true}, got) assert.IsType(t, &client.OAuthClient{}, cl) }) @@ -384,8 +386,8 @@ func Test_ValidateAndCombineConfig(t *testing.T) { organization_id: foo cluster_id: bar `)), - withCmdLineFlags("--disable-compression", "--credentials-file", path, "--install-namespace", "venafi")) - require.EqualError(t, err, "1 error occurred:\n\t* --disable-compression can only be used with the Venafi Cloud Key Pair Service Account and Venafi Cloud VenafiConnection modes\n\n") + withCmdLineFlags("--disable-compression=false", "--credentials-file", path, "--install-namespace", "venafi")) + require.EqualError(t, err, "1 error occurred:\n\t* --disable-compression=false can only be used with the Venafi Cloud Key Pair Service Account and Venafi Cloud VenafiConnection modes\n\n") }) t.Run("jetstack-secure-oauth-auth: --credential-file used but file is missing", func(t *testing.T) { @@ -463,7 +465,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) { `)), withCmdLineFlags("--client-id", "5bc7d07c-45da-11ef-a878-523f1e1d7de1", "--private-key-path", path)) require.NoError(t, err) - assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar", BackoffMaxTime: 10 * time.Minute, InstallNS: "venafi"}, got) + assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar", BackoffMaxTime: 10 * time.Minute, InstallNS: "venafi", DisableCompression: true}, got) assert.IsType(t, &client.VenafiCloudClient{}, cl) }) @@ -485,7 +487,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) { `)), withCmdLineFlags("--venafi-cloud", "--credentials-file", credsPath)) require.NoError(t, err) - assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar", BackoffMaxTime: 10 * time.Minute, InstallNS: "venafi"}, got) + assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar", BackoffMaxTime: 10 * time.Minute, InstallNS: "venafi", DisableCompression: true}, got) }) t.Run("venafi-cloud-keypair-auth: venafi-cloud.upload_path field is required", func(t *testing.T) { @@ -560,13 +562,14 @@ func Test_ValidateAndCombineConfig(t *testing.T) { withCmdLineFlags("--venafi-connection", "venafi-components")) require.NoError(t, err) assert.Equal(t, CombinedConfig{ - Period: 1 * time.Hour, - ClusterID: "the cluster name", - AuthMode: VenafiCloudVenafiConnection, - VenConnName: "venafi-components", - VenConnNS: "venafi", - InstallNS: "venafi", - BackoffMaxTime: 10 * time.Minute, + Period: 1 * time.Hour, + ClusterID: "the cluster name", + AuthMode: VenafiCloudVenafiConnection, + VenConnName: "venafi-components", + VenConnNS: "venafi", + InstallNS: "venafi", + BackoffMaxTime: 10 * time.Minute, + DisableCompression: true, }, got) assert.IsType(t, &client.VenConnClient{}, cl) }) @@ -648,7 +651,7 @@ func Test_ValidateAndCombineConfig_VenafiCloudKeyPair(t *testing.T) { require.NoError(t, err) }) - t.Run("the request body is compressed", func(t *testing.T) { + t.Run("the request body is compressed if --disable-compression=false", func(t *testing.T) { srv, cert, setVenafiCloudAssert := testutil.FakeVenafiCloud(t) setVenafiCloudAssert(func(t testing.TB, gotReq *http.Request) { if gotReq.URL.Path == "/v1/oauth/token/serviceaccount" { @@ -675,7 +678,7 @@ func Test_ValidateAndCombineConfig_VenafiCloudKeyPair(t *testing.T) { uploader_id: no upload_path: /v1/tlspk/upload/clusterdata `)), - withCmdLineFlags("--client-id", "5bc7d07c-45da-11ef-a878-523f1e1d7de1", "--private-key-path", privKeyPath, "--install-namespace", "venafi"), + withCmdLineFlags("--disable-compression=false", "--client-id", "5bc7d07c-45da-11ef-a878-523f1e1d7de1", "--private-key-path", privKeyPath, "--install-namespace", "venafi"), ) require.NoError(t, err) testutil.TrustCA(t, cl, cert) @@ -686,7 +689,7 @@ func Test_ValidateAndCombineConfig_VenafiCloudKeyPair(t *testing.T) { require.NoError(t, err) }) - t.Run("--disable-compression works", func(t *testing.T) { + t.Run("the request is not compressed by default", func(t *testing.T) { srv, cert, setVenafiCloudAssert := testutil.FakeVenafiCloud(t) setVenafiCloudAssert(func(t testing.TB, gotReq *http.Request) { // Only care about /v1/tlspk/upload/clusterdata/:uploader_id?name= @@ -714,7 +717,7 @@ func Test_ValidateAndCombineConfig_VenafiCloudKeyPair(t *testing.T) { uploader_id: no upload_path: /v1/tlspk/upload/clusterdata `)), - withCmdLineFlags("--disable-compression", "--client-id", "5bc7d07c-45da-11ef-a878-523f1e1d7de1", "--private-key-path", privKeyPath, "--install-namespace", "venafi"), + withCmdLineFlags("--client-id", "5bc7d07c-45da-11ef-a878-523f1e1d7de1", "--private-key-path", privKeyPath, "--install-namespace", "venafi"), ) require.NoError(t, err) testutil.TrustCA(t, cl, cert) @@ -821,7 +824,7 @@ func Test_ValidateAndCombineConfig_VenafiConnection(t *testing.T) { require.NoError(t, err) }) - t.Run("the request is compressed by default", func(t *testing.T) { + t.Run("the request is only compressed when --disable-compression=false is passed", func(t *testing.T) { setVenafiCloudAssert(func(t testing.TB, gotReq *http.Request) { // Let's check that the body is compressed as expected. assert.Equal(t, "gzip", gotReq.Header.Get("Content-Encoding")) @@ -837,7 +840,7 @@ func Test_ValidateAndCombineConfig_VenafiConnection(t *testing.T) { period: 1h cluster_id: test cluster name `)), - withCmdLineFlags("--venafi-connection", "venafi-components", "--install-namespace", "venafi")) + withCmdLineFlags("--disable-compression=false", "--venafi-connection", "venafi-components", "--install-namespace", "venafi")) require.NoError(t, err) testutil.VenConnStartWatching(t, cl) testutil.TrustCA(t, cl, cert) @@ -845,7 +848,7 @@ func Test_ValidateAndCombineConfig_VenafiConnection(t *testing.T) { require.NoError(t, err) }) - t.Run("--disable-compression works", func(t *testing.T) { + t.Run("compression is disabled by default", func(t *testing.T) { setVenafiCloudAssert(func(t testing.TB, gotReq *http.Request) { // Let's check that the body isn't compressed. assert.Equal(t, "", gotReq.Header.Get("Content-Encoding")) @@ -860,7 +863,7 @@ func Test_ValidateAndCombineConfig_VenafiConnection(t *testing.T) { period: 1h cluster_id: test cluster name `)), - withCmdLineFlags("--disable-compression", "--venafi-connection", "venafi-components", "--install-namespace", "venafi")) + withCmdLineFlags("--venafi-connection", "venafi-components", "--install-namespace", "venafi")) require.NoError(t, err) testutil.VenConnStartWatching(t, cl) testutil.TrustCA(t, cl, cert)