k6
k6 copied to clipboard
grafana
Pass client certificates as CLI flags
Brief summary
I have my certificate present on path
- export MTLS_PEM=“$(”)"
- echo $MTLS_PEM | sed ‘s/\n/\n/g’ > /mtls.pem
- export MTLS_KEY=“$(”)"
- echo $MTLS_KEY | sed ‘s/\n/\n/g’ > /mtls.key I want to load this certificate with performing k6 run k6 run --summary-export=load-performance.json $file --config=src/test/performance/config.json.
How do i load this certificate ?
k6 run --summary-export=load-performance.json --ssl-client-cert mtls.pem --ssl-client-key mtls.key $file --config=/config.json;
Is it possible to use --ssl-cleint-cert such type to call certificate?
Also the main issue is , when were we run performance test for process API our test result showed failed . PFB error . where as same pipeline is used to run experience API all results shows pass.
Process API: ✗ Status code is 200 ↳ 0% — ✓ 0 / ✗ 12002 checks.....................: 0.00% ✓ 0 ✗ 12002 http_req_failed............: 100.00% ✓ 12002 ✗ 0
Experience API: http_req_failed................: 0.00% ✓ 0 ✗ 18000
we are not able to identify why different behaviour/out put we are getting as both is using same script.?
k6 version
k6
OS
windos
Docker version and image (if applicable)
No response
Steps to reproduce the problem
NA
Expected behaviour
same script should pass all performance test successful for process API as well
Actual behaviour
Performance test is failing for process API
k6 doesn't have a --ssl-client-cert or --ssl-client-key CLI flags, I am not sure where you saw that? :confused: Instead you should use the tlsAuth JS option, you can see an example of how it can be used in the docs: https://k6.io/docs/using-k6/k6-options/reference/#tls-auth
This doesn't seem like a bug in k6, so I'll close the issue. In the future, if you want to ask questions, please do it in the community forum at https://community.k6.io/
@na-- just to also provide more context here. There is a post in the community forum.
I guess the purpose of that issue is to request the possibility of configuring certificates via the flags like --ssl-client-cert or --ssl-client-key.
Ah, I see, then this feature request was definitely both mis-classified as a bug and not very well explained... I'll reopen it and adjust the title slightly.
@hem-source, I skimmed the forum thread, but I don't get why you need to pass TLS certificates as CLI flags... :confused: Can you please explain why options.tlsAuth in combination with k6 environment variables is insufficient for your use case?
Potentially relevant documentation issue https://github.com/grafana/k6-docs/issues/616
the main issue is , when were we run performance test for process API our test result showed failed . PFB error . where as same pipeline is used to run experience API all results shows pass.
Process API: ✗ Status code is 200 ↳ 0% — ✓ 0 / ✗ 12002 checks.....................: 0.00% ✓ 0 ✗ 12002 http_req_failed............: 100.00% ✓ 12002 ✗ 0
Experience API: http_req_failed................: 0.00% ✓ 0 ✗ 18000
we are not able to identify why different behaviour/out put we are getting as both is using same script.?
So we are suspecting that for process API we need certificate to be loaded before k6 run. So in my GIT script i have made below changes
script: - export MTLS_PEM="$(vault kv get -tls-skip-verify -field=pem "kv/mulesoft/postman/mtls")" - echo $MTLS_PEM | sed 's/\n/\n/g' > src/test/performance/mtls.pem - export MTLS_KEY="$(vault kv get -tls-skip-verify -field=key "kv/mulesoft/postman/mtls")" - echo $MTLS_KEY | sed 's/\n/\n/g' > src/test/performance/mtls.key - pwd - export const options = tlsAuth: [ { domains: ["domain.com"], cert: open('./mtls.pem'), key: open('./mtls.pem'),},]
| - ls -la src/test/performance/ |
|---|
for file in src/test/performance/*.js ;
do
k6 run --summary-export=load-performance.json $file --config=src/test/performance/config.json;
done
So is this TLS auth option is correctly defined?
SO in addition to tlsauth option defined, how would i call it in k6 run?
@hem-source the issues of this repository are for the bugs, feature requests, and things like that. For support, please use the community forum.
The reason why I mentioned the issue is that, as you mentioned that you would like to load the certificate with the flags:
Can we use this k6 run --summary-export=load-performance.json --ssl-client-cert mtls.pem --ssl-client-key mtls.key $file --config=/config.json;
And since right now there is no such functionality in the k6, you can make a feature request. But it should be appropriately specified.
Depending on different factors (community needs, k6, or maybe some contributors' capacity), the feature request can be prioritized and implemented in further versions of the k6.
- pwd - export const options = tlsAuth: [ { domains: ["domain.com"], cert: open('./mtls.pem'), key: open('./mtls.pem'),},]
@hem-source, you should not use export const options in the CI script code, you should have that code in your .js script files... See https://k6.io/docs/using-k6/k6-options/how-to and other examples in the documentation on how that works.