Add security support for exporter and collector

[zyiou]

Fixes #50

[srikartati]

Is TLSserver not supported with UDP transport? I see TLSclient in exporting process written for both TCP and UDP transport.

[srikartati]

Just realized you had WIP in the title. If you are planning to address the above already, please ignore the comment.

[zyiou]

For UDP Transport, we will need to use DTLS. Still working on that.

[shihhaoli]

StartTLSServer(serverCert []byte, serverKey []byte) can be simplified as StartTLSServer(serverCert, serverKey []byte)

[zyiou]

@shihhaoli Thanks! will update it.

[codecov]

Codecov Report

Merging #57 (2eb85c8) into master (150f98e) will decrease coverage by 0.88%.
The diff coverage is 68.53%.

@@            Coverage Diff             @@
##           master      #57      +/-   ##
==========================================
- Coverage   81.14%   80.26%   -0.89%     
==========================================
  Files          13       13              
  Lines        1496     1591      +95     
==========================================
+ Hits         1214     1277      +63     
- Misses        191      212      +21     
- Partials       91      102      +11     

Flag	Coverage Δ
integration-tests	67.07% <64.33%> (-0.14%)	⬇️
unit-tests	79.63% <66.43%> (-1.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/collector/tcp.go	67.74% <57.14%> (-1.83%)	⬇️
pkg/exporter/process.go	69.23% <60.52%> (-2.95%)	⬇️
pkg/collector/udp.go	67.77% <70.00%> (-0.98%)	⬇️
pkg/intermediate/aggregate.go	75.56% <71.42%> (ø)
pkg/collector/process.go	91.35% <94.11%> (+0.50%)	⬆️

[srikartati]

Is this removed to let the user start regular tcp/udp server or server with TLS/DTLS encryption? If so, I feel it is better to take in a input from the user through InitCollectorProcess on whether to use encryption or not.

[srikartati]

Just checking if these comments are resolved or not. From the latest code changes, it doesn't seem so.

[zyiou]

Thanks for reminding. Changes got postponed by other PRs. Will update asap.

[srikartati]

Here as well taking the input for encryption may be better. We can save some duplication of code and make this library function simpler.

[srikartati]

Should we make the standalone collector take in the certificate and the key as command arguments?

I think this will go in after PR #91 and PR #93, right?

[srikartati]

let's use random port by giving 0?

[zyiou]

Sure. updated with random port, but also added some code to support the random port since previously we directly used hard-coded address passed from users. If you think the commit is not quite relevant to current PR, I can move it to another PR separately.

[srikartati]

Since you changed the port number other than 4739 in the tests, I suggested a random open port. We should only expect users to give 4739, since it is the standard IPFIX port, right?

What is the extra code required to accept random port? Is that required in tests code or actual code?

[zyiou]

That's true. I changed the port number because if we use same port for all the tests, it will have conflicts (some of the tests cannot start collector since the port is occupied.). extra code is mainly about update address after the listener resolves the random port. I also added a get address function for get the latest address of the collector.

[srikartati]

Should we make the standalone collector take in the certificate and the key as command arguments?

I think this will go in after PR #91 and PR #93, right?

We can extend the standalone collector in a different PR. Overall it looks good to me.
@shihhaoli Please review this when you get a chance.

[srikartati]

Do it in init, so it will be applicable for all test functions.

[srikartati]

Since you changed the port number other than 4739 in the tests, I suggested a random open port. We should only expect users to give 4739, since it is the standard IPFIX port, right?

What is the extra code required to accept random port? Is that required in tests code or actual code?

[shihhaoli]

For public methods, we can consider creating a struct for all the input parameters.
This can avoid changing the code on the caller side whenever we need to add new parameters in the future.
I was asked by WCP team to do something like that when they consume a library maintained by our team. Otherwise every time we upgrade our library, that could break their existing code.

For example, a struct like https://gitreview.eng.vmware.com/c/nsx/+/312057/7/solutions/nsxi/go/src/nsxi/validator/validator.go#61
and used in https://gitreview.eng.vmware.com/c/nsx/+/312057/7/solutions/nsxi/go/src/nsxi/validator/validator.go#311

[zyiou]

Thanks it will also be clearer for users to pass parameters. Updated for exporter and intermediate process too.

[srikartati]

@shihhaoli It is a good suggestion to make consumption easier.
However, it is better to avoid company-specific internal links in the OSS repo.

[shihhaoli]

Yes, I made the same mistake while developing openstack long time ago (referring bugzilla link for bug fix in the commit message) :-)
Any suggestion how to do this in the future? Send an email instead?

[srikartati]

I felt if there are non-vmware folks following the conversation, they may not get complete context with the links that are not accessible. Yes offline mode through email or slack sounds good to me.

[shihhaoli]

OK, then those non-vmware people will completely hide from our conversations, but at least they will not complain inaccessible links : -)

[srikartati]

Or keeping the context to an accessible project will also work :)

[shihhaoli]

You may rearrange the code so that net.ParseIP() can be executed only once (i.e. lines 281 and 286, also lines 287 and 292).

[srikartati]

Address related extra code looks fine to me.

[srikartati]

As a convention, punctuation not required in fmt.Errorf.

[srikartati]

LGTM except for one comment on TODO.

[srikartati]

this todo not needed anymore right?

[zyiou]

yes, removed it. Thanks!