MCPcopy
hub / github.com/keploy/keploy / StartProxy

Method StartProxy

pkg/agent/proxy/proxy.go:1003–1247  ·  view source on GitHub ↗

In proxy.go

(ctx context.Context, opts agent.ProxyOptions)

Source from the content-addressed store, hash-verified

1001
1002// In proxy.go
1003func (p *Proxy) StartProxy(ctx context.Context, opts agent.ProxyOptions) error {
1004
1005 // Skip the TCP listener if configured. DNS + parsers + session still run.
1006 if agent.SkipProxyListener {
1007 p.skipListener = true
1008 }
1009
1010 //first initialize the integrations
1011 err := p.InitIntegrations(ctx)
1012 if err != nil {
1013 utils.LogError(p.logger, err, "failed to initialize the integrations")
1014 return err
1015 }
1016
1017 // Start the continuous error drain so the error channel never fills up.
1018 // This must happen before any connections are handled.
1019 p.StartErrorDrain(ctx)
1020
1021 // set up the CA for tls connections.
1022 //
1023 // On failure we record the terminal error via MarkCAFailed so the
1024 // /agent/ready handler can return a clear "CA setup failed"
1025 // diagnostic instead of an indefinite "not yet ready". We still
1026 // continue starting the proxy — the proxy can serve non-TLS
1027 // traffic and surfacing the error to readiness probes is a better
1028 // signal to operators than hard-aborting the agent here.
1029 // Use the PID-aware SetupCAForApp so the Java truststore import
1030 // (installJavaCAForHome) targets the JDK the instrumented app is
1031 // actually running with. On non-Java workloads / shared-volume
1032 // mode / appPID==0 these extra args are harmless — SetupCAForApp
1033 // falls back to the legacy PATH-keytool behaviour. See
1034 // pkg/agent/proxy/tls/java_detect.go for the resolution order.
1035 err = pTls.SetupCAForApp(ctx, p.logger, p.IsDocker, int(p.appPID), p.caJavaHome)
1036 if err != nil {
1037 // Terminal: the CA cannot be installed in this process and
1038 // Keploy-proxied TLS will fail cert-verify for every workload
1039 // that gets routed through the proxy. Log at Error (not Warn)
1040 // to match the severity, and include a next_step so operators
1041 // see the likely fix without grepping source.
1042 p.logger.Error(
1043 "SetupCA failed — Keploy-proxied TLS will fail cert-verify. "+
1044 "The /agent/ready endpoint will return 503 with this error "+
1045 "so dependents don't wait forever for a readiness that "+
1046 "will never come.",
1047 zap.Error(err),
1048 zap.String("next_step",
1049 "Verify the agent container has write access to the "+
1050 "shared /tmp/keploy-tls volume (docker/k8s mode) or "+
1051 "to the host's CA trust store under /usr/local/share/"+
1052 "ca-certificates or /etc/pki/ca-trust/source/anchors "+
1053 "(native mode). Restart the agent after fixing."),
1054 )
1055 pTls.MarkCAFailed(err)
1056 }
1057
1058 // Channel-binding shim: now that appPID is known, walk the app's
1059 // process tree, register every visible descendant in the BPF
1060 // allowlist, attach uprobes to whatever libcryptos they map, and

Callers

nothing calls this directly

Implementers 1

Proxypkg/agent/proxy/proxy.go

Calls 15

InitIntegrationsMethod · 0.95
StartErrorDrainMethod · 0.95
startMethod · 0.95
captureDNSUpstreamMethod · 0.95
startTCPDNSServerMethod · 0.95
startUDPDNSServerMethod · 0.95
LogErrorFunction · 0.92
RecoverFunction · 0.92
AttachToProcessTreeMethod · 0.80
ShutdownMethod · 0.80
AfterStartMethod · 0.80

Tested by

no test coverage detected