During development of #4770 it was not possible to test a scenario where elastic-agent installs and enrolls to an http mock fleet server using TLS going through an https proxy because:
Using an http fleet endpoint requires specifying --insecure at install even when we have a correctly configured https proxy (no TLS validation would then happen) (see #4896)
I tried having the proxy support https requests doing tunneling similar to goproxy, it didn't work but here's the code for reference
In order to test such scenario we would need at least one of 2 things:
an https proxy that can terminate TLS and forward plain http requests to the mock fleet server (either extend proxy test or swap out for some other proxy implementation)
have an https fleet endpoint (either mocked or the real thing in a cloud deployment), ideally where we can set up (m)TLS with custom CAs (this is not possible at the moment on ESS)
During development of #4770 it was not possible to test a scenario where elastic-agent installs and enrolls to an http mock fleet server using TLS going through an https proxy because:
--insecure
at install even when we have a correctly configured https proxy (no TLS validation would then happen) (see #4896)The testcase is
TLSEnrollProxy-mTLSProxyInThePolicy
where we try to test this scenario.In order to test such scenario we would need at least one of 2 things: