Need to load certificate in K6

Hemant · June 20, 2022, 1:10pm

We are using k6 in testing, I want to import the certificate ( perm file & key ) in k6 , can you pls let me know how we can use the certificate in k6 run & postman-k6 command.

- export MTLS_PEM="$(Details")"

- echo $MTLS_PEM | sed 's/\\n/\n/g' > mtls.pem

- export MTLS_KEY="$(details")"

- echo $MTLS_KEY | sed 's/\\n/\n/g' > mtls.key

k6 run --summary-export=load-performance.json $file --config=src/test/performance/config.json;

postman-to-k6 -e /$POSTMAN_ENV-$API_NAME.postman_environment.json $file -o /$filename-k6-script.js ;

olegbespalov · June 20, 2022, 2:37pm

Hi @Hemant !

Welcome to the community forums!

Not sure if I got the question fully But let me try to answer for the headline part. So if the question is how to set up the TLS Auth you can use the option Options reference.

Let me know if that answers,
Cheers!

Hemant · June 20, 2022, 2:46pm

Hi …

I need to import mtls.pem & mtls.key in below

k6 run --summary-export=load-performance.json $file --config=src/test/performance/config.json;

postman-to-k6 -e /$POSTMAN_ENV-$API_NAME.postman_environment.json $file -o /$filename-k6-script.js ;

I have check the link provided but not sure how i can add this in above script. Can you pls help.

olegbespalov · June 21, 2022, 1:13pm

Hi @Hemant

From the commands that you provided I see that you are trying to do 2 things:

Conver an existing postman collection to a k6 script using the tool postman-to-k6
Run the converted script using the k6

So what I’m saying is that after converting the postman collection you have to adjust the options inside the result script, and there put:

tlsAuth: [
    {
      domains: ['example.com'],
      cert: open('mtls.pem'),
      key: open('mtls.key'),
    },
  ]

Note that the mtls.key and mtls.pem should be placed in the same folder.

There is a nice blog post about this topic Load Testing Your API with Postman

Let me know if that answers,
Cheers!

Hemant · July 7, 2022, 10:53am

HI Olegnespalov,

Thanks for the input.

I am not sure were we need to add this .

1st i am doing postman to K6 using below command and have manged to get certificate in same path were where below file is present $POSTMAN_ENV-$API_NAME.postman_environment.json . Later it execute below

postman-to-k6 -e src/test/postman/$POSTMAN_ENV-$API_NAME.postman_environment.json $file -o src/test/performance/$filename-k6-script.js

So do you want me to add certificate details in $POSTMAN_ENV-$API_NAME.postman_environment.json file ?

So above command converts into .js and then it execute below

k6 run --summary-export=load-performance.json $file --config=<PATH>/config.json
( for the performance test we get result as all failed with response 200 )

olegbespalov · July 7, 2022, 12:28pm

Hi @Hemant ,

As I said in the first message, TLS Auth is the k6 option.

k6 run --summary-export=load-performance.json $file --config=/config.json

And this based on the above, you can define this option in $file or /config.json

To learn more about the options, you can check How to use options.

Hope that helps,
Cheers

Hemant · July 11, 2022, 7:54am

Thanks a lot. Will update and test it …

Hemant · July 11, 2022, 12:57pm

Hi ,

Below is the content in config.json

{“scenarios”:{“constant_request_rate”:{“executor”:“constant-arrival-rate”,“rate”:10,“timeUnit”:“1s”,“duration”:“600s”,“preAllocatedVUs”:50,“maxVUs”:100}},“maxRedirects”:10}

Can you pls let me know how to update the certificate details above

{
tlsAuth: [
{
domains: [‘example.com’],
cert: open(‘./mtls.pem’),
key: open(‘./mtls.key’),
},
]
“scenarios”:{“constant_request_rate”:{“executor”:“constant-arrival-rate”,“rate”:10,“timeUnit”:“1s”,“duration”:“600s”,“preAllocatedVUs”:50,“maxVUs”:100}},“maxRedirects”:10}

seems issue with above one , can you pls guide…?

Certificate is getting loaded on same path where config.json is present.

Hemant · July 12, 2022, 8:29am

Hi Obegbespalov

can you pls help here

olegbespalov · July 12, 2022, 10:20am

Hi @Hemant

Okay, sorry that I didn’t mention that explicitly. If you want to define the certificate in the config.json you should provide the value of the certificate/keys instead of the expressions open('./mtls.pem') and open(‘./mtls.key’).

So it should look like this:

{
   "tlsAuth": [
      {
         "domains": [
            "example.com"
         ],
         "cert": "-----BEGIN CERTIFICATE-----\nMIIDczCCAlugAwIB........y6Mph\nOzdADd956UIbHLXLN0A6f5hp/2QF1mA=\n-----END CERTIFICATE-----",
         "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqh........CUbAxfgYuyW2y\nnbTvljLvD4u36I9w5G9N3gg=\n-----END PRIVATE KEY-----"
      }
   ],
   "scenarios": {
      "constant_request_rate": {
         "executor": "constant-arrival-rate",
         "rate": 10,
         "timeUnit": "1s",
         "duration": "600s",
         "preAllocatedVUs": 50,
         "maxVUs": 100
      }
   },
   "maxRedirects": 10
}

Please let me know if that answers,
Cheers.

Hemant · July 12, 2022, 11:12am

Thanks for the revert .
We dont need to pass or disclose cert & key in config.json.
Is their any way we can refer mtls.perm and mtls.key in config.json file with performance parameter?

olegbespalov · July 12, 2022, 11:41am

config.json is a file with plain JSON, so there are no capabilities to use dynamic values there without the help of external tools.

Then I’d recommend configuring the TLS auth inside the scripts (I guess in your case, it’s $file).

export const options = {
  tlsAuth: [
    {
      domains: ['example.com'],
      cert: open('mtls.pem'),
      key: open('mtls.key'),
    },
  ],
};

Hope that helps,
Cheers

Hemant · July 12, 2022, 4:27pm

Hi ,
So $file is nothing but it.js file present below. This file is generate on the fly while executing below command
postman-to-k6 -e <PATH>/$POSTMAN_ENV-$API_NAME.postman_environment.json $file -o <PATH>/$filename-k6-script.js ;

-rw-r–r-- 1 root root 1709 Jul 11 08:03 mtls.key

-rw-r–r-- 1 root root 1485 Jul 11 08:03 mtls.pem
-rw-r–r-- 1 root root 2481 Jul 11 08:02 <API_NAME>.postman_collection.json-k6-script.js

My certificate details are also on the same location. I am not sure how this certificate can be mapped to <API_NAME>.postman_collection.json-k6-script.js i.e $file.
Is their any way were we can export the certificate in below command while executing?
k6 run --summary-export=load-performance.json $file --config=src/test/performance/config.json

pls help

olegbespalov · July 12, 2022, 5:44pm

I understand that in your case, the file is generated on the fly, but as I said in the k6, there are only two ways two configure this option, and it’s either value stored in the config.json or using options.

As I understood, you’re not planning to keep the load test scripts in the k6, but are planning to use automation, which is totally fine. I believe it’s possible also to automate modifying (sed, jq, whatever) the $file/config.json on the fly by injecting the options with open or values as the additional command in your pipeline in between the postman-to-k6 and k6 run.

Hope that helps,
Cheers.

Hemant · July 13, 2022, 11:43am

Hi Olegbespalov,

Thanks for the revert .

As i mentioned it run postman-to-k6 -e /$POSTMAN_ENV-$API_NAME.postman_environment.json $file -o /$filename-k6-script.js ;

Further i have added below to call certificate value
script:
- export MTLS_PEM=“$(PATH”)"
- echo $MTLS_PEM | sed ‘s/\n/\n/g’ > /mtls.pem
- export MTLS_KEY="$(“PATH)”
- echo $MTLS_KEY | sed ‘s/\n/\n/g’ > /mtls.key
- pwd
- ls -la
- |
for file in /*.js ;
do
k6 run --summary-export=load-performance.json $file --config=/config.json;
done

So over here certificate are placed on the fly at same path where by config.json is placed.

If i want to use option as mentioned earlier ( Options reference (k6.io))
then where i can update this value and how do it call this tls option in K6 run?

Can we use this
k6 run --summary-export=load-performance.json --ssl-client-cert mtls.pem --ssl-client-key mtls.key $file --config=/config.json;

Hemant · July 14, 2022, 8:55am

Hi ,
Pls help here to update the same.

olegbespalov · July 14, 2022, 9:53am

For now, there are no flags like --ssl-client-cert and --ssl-client-key available in the k6, however, you can open an issue in our GitHub.

As I said you can inject the options into your script or config in your pipeline, see the ugly version:

# converting to a k6 scripts
postman-to-k6 -e /$POSTMAN_ENV-$API_NAME.postman_environment.json $file -o /$filename-k6-script.js 

# defining the environment variables
- export MTLS_PEM=“$(PATH”)"
- export MTLS_KEY="$(“PATH)”

# injecting the options to scripts (you can user there environment variables)
sed -i 's/export let options = {/export let options = { tlsAuth: {domains: ["example.com"], cert: __ENV.MTLS_PEM, key: __ENV.MTLS_KEY}, /g' *.js

# executing scripts
for file in /*.js ;
do
k6 run --summary-export=load-performance.json $file --config=/config.json;
done

Let me know if that answers,
Cheers

Hemant · July 14, 2022, 11:24am

Hi Olegbespalov,
Thanks for the input. so now i have modified by script

script:
- export MTLS_PEM=“$(”)"
- echo $MTLS_PEM | sed ‘s/\n/\n/g’ > /mtls.pem
- export MTLS_KEY=“$(”)"
- echo $MTLS_KEY | sed ‘s/\n/\n/g’ > /mtls.key
- sed -i ‘s/export let options = {/export let options = { tlsAuth: {domains: [“example.com”], cert: __ENV.MTLS_PEM, key: __ENV.MTLS_KEY}, /g’ .js
- pwd
- ls -la /
- |
for file in /.js ;
do
k6 run --summary-export=load-performance.json $file --config=<PATH2/config.json;
done

Hope this changes are fine

olegbespalov · July 14, 2022, 4:43pm

Hi @Hemant

I belive you don’t need the lines:

- echo $MTLS_PEM | sed ‘s/\n/\n/g’ > /mtls.pem
- echo $MTLS_KEY | sed ‘s/\n/\n/g’ > /mtls.key

when you do

export MTLS_PEM=“$(”)"
export MTLS_KEY=“$(”)"

you define environment variables, which you can access later in the k6 by __ENV.MTLS_PEM and __ENV.MTLS_KEY.

Cheers

Hemant · July 14, 2022, 5:07pm

[quote=“Hemant, post:19, topic:3988”]

Hi ,

I have made below changes in script and try to add sed command before k6 run. . But while running it fails

error:
-rw-r–r-- 1 root root 1709 Jul 14 16:08 mtls.key

-rw-r–r-- 1 root root 1485 Jul 14 16:08 mtls.pem
-rw-r–r-- 1 root root 2481 Jul 14 16:07 prc-customer-details.postman_collection.json-k6-script.js

$ for file in src/test/performance/*.js ; # collapsed multi-line command

) /\ |‾‾| /‾‾/ /‾‾/
/\ / \ | |/ / / /
() / / \ | ( / ‾‾
) / \ | |\ \ | (‾) |
/ __________ \ |__| _\ ____/ .io

" level=error msg=“ReferenceError: prv is not defined\n\tat file:///tmp/build//mulesoft/shared_libs/performance-test/API/src/test/performance/API.postman_collection.json-k6-script.js:72:89(24)\n” hint=“script exception”

But *.js file is in same path

script:
- export MTLS_PEM=“$(vault kv get -tls-skip-verify -field=pem “kv/mulesoft/postman/mtls”)”
- echo $MTLS_PEM | sed ‘s/\n/\n/g’ > src/test/performance/mtls.pem
- export MTLS_KEY=“$(vault kv get -tls-skip-verify -field=key “kv/mulesoft/postman/mtls”)”
- echo $MTLS_KEY | sed ‘s/\n/\n/g’ > src/test/performance/mtls.key
- pwd
- ls -la src/test/performance/
- |
for file in src/test/performance/.js ;
do
sed -i “s/export let options = {/export let options = { tlsAuth: {domains: [“prv-vip.api-n.ms..com”], cert: __ENV.MTLS_PEM, key: __ENV.MTLS_KEY}, /g” src/test/performance/.js ;
k6 run --summary-export=load-performance.json $file --config=src/test/performance/config.json;
done
artifacts:
reports:
load_performance: load-performance.json
paths:
- load-performance.json
allow_failure: true

Now K6 run is failing.