Add Go TLS tracing tests for binaries built with boringcrypto (#1461)

Summary: Add Go TLS tracing tests for binaries built with boringcrypto I will follow up with updating the docs.px.dev encryption library section of the [data source docs](https://docs.px.dev/about-pixie/data-sources/#encryption-libraries) to list boringcrypto as a supported TLS library. Relevant Issues: Fixes #597 Type of change: /kind test-infra Test Plan: New test coverage verifies boringcrypto TLS tracing is functional and verified that binaries used have boringcrypto enabled with `goversion -crypto` <details> <summary>goversion test output</summary> ``` # Build the boringcrypto binaries used the trace bpf tests ddelnano@vigenere:~/code/pixie (ddelnano/add-go-boringcrypto-tls-tracing-tests) $ bazel query //... | grep boringcrypto | grep binary | xargs -I{} bazel build {} Loading: 0 packages loaded Loading: 501 packages loaded INFO: Invocation ID: ebe2161e-6317-42d8-8c23-e83173c5ab64 INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/ebe2161e-6317-42d8-8c23-e83173c5ab64 INFO: Analyzed target //src/stirling/testing/demo_apps/go_grpc_tls_pl/client:golang_boringcrypto_grpc_tls_client_binary (0 packages loaded, 0 targets configured). INFO: Found 1 target... Target //src/stirling/testing/demo_apps/go_grpc_tls_pl/client:golang_boringcrypto_grpc_tls_client_binary up-to-date: bazel-bin/src/stirling/testing/demo_apps/go_grpc_tls_pl/client/golang_boringcrypto_grpc_tls_client_binary INFO: Elapsed time: 1.118s, Critical Path: 0.11s INFO: 1 process: 1 internal. INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/ebe2161e-6317-42d8-8c23-e83173c5ab64 INFO: Build completed successfully, 1 total action INFO: Invocation ID: bab5d6bb-5e75-48f3-91a7-5c7b7ab7fb25 INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/bab5d6bb-5e75-48f3-91a7-5c7b7ab7fb25 INFO: Analyzed target //src/stirling/testing/demo_apps/go_grpc_tls_pl/server:golang_boringcrypto_grpc_tls_server_binary (2 packages loaded, 6 targets configured). INFO: Found 1 target... Target //src/stirling/testing/demo_apps/go_grpc_tls_pl/server:golang_boringcrypto_grpc_tls_server_binary up-to-date: bazel-bin/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/golang_boringcrypto_grpc_tls_server_binary INFO: Elapsed time: 0.932s, Critical Path: 0.04s INFO: 1 process: 1 internal. INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/bab5d6bb-5e75-48f3-91a7-5c7b7ab7fb25 INFO: Build completed successfully, 1 total action INFO: Invocation ID: ff5e37d4-0cdf-4f78-b582-affeef69dcc4 INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/ff5e37d4-0cdf-4f78-b582-affeef69dcc4 INFO: Analyzed target //src/stirling/testing/demo_apps/go_https/client:golang_boringcrypto_client_binary (1 packages loaded, 4 targets configured). INFO: Found 1 target... Target //src/stirling/testing/demo_apps/go_https/client:golang_boringcrypto_client_binary up-to-date: bazel-bin/src/stirling/testing/demo_apps/go_https/client/golang_boringcrypto_client_binary INFO: Elapsed time: 0.503s, Critical Path: 0.06s INFO: 1 process: 1 internal. INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/ff5e37d4-0cdf-4f78-b582-affeef69dcc4 INFO: Build completed successfully, 1 total action INFO: Invocation ID: e1938fea-1793-490b-befd-38f632f95c6c INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/e1938fea-1793-490b-befd-38f632f95c6c INFO: Analyzed target //src/stirling/testing/demo_apps/go_https/server:golang_boringcrypto_server_binary (1 packages loaded, 4 targets configured). INFO: Found 1 target... Target //src/stirling/testing/demo_apps/go_https/server:golang_boringcrypto_server_binary up-to-date: bazel-bin/src/stirling/testing/demo_apps/go_https/server/golang_boringcrypto_server_binary INFO: Elapsed time: 0.421s, Critical Path: 0.05s INFO: 1 process: 1 internal. INFO: Streaming build results to: https://bb.corp.pixielabs.ai/invocation/e1938fea-1793-490b-befd-38f632f95c6c INFO: Build completed successfully, 1 total action # Verify with goversion -crypto that boringcrypto is in use ddelnano@vigenere:~/code/pixie (ddelnano/add-go-boringcrypto-tls-tracing-tests) $ ~/go/bin/goversion -crypto bazel-bin/src/stirling/testing/demo_apps/go_grpc_tls_pl/client/golang_boringcrypto_grpc_tls_client_binary bazel-bin/src/stirling/testing/demo_apps/go_grpc_tls_pl/client/golang_boringcrypto_grpc_tls_client_binary go1.20.4 X:boringcrypto,nocoverageredesign (boring crypto) ddelnano@vigenere:~/code/pixie (ddelnano/add-go-boringcrypto-tls-tracing-tests) $ ~/go/bin/goversion -crypto bazel-bin/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/golang_boringcrypto_grpc_tls_server_binary bazel-bin/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/golang_boringcrypto_grpc_tls_server_binary go1.20.4 X:boringcrypto,nocoverageredesign (boring crypto) ddelnano@vigenere:~/code/pixie (ddelnano/add-go-boringcrypto-tls-tracing-tests) $ ~/go/bin/goversion -crypto bazel-bin/src/stirling/testing/demo_apps/go_https/client/golang_boringcrypto_client_binary bazel-bin/src/stirling/testing/demo_apps/go_https/client/golang_boringcrypto_client_binary go1.20.4 X:boringcrypto,nocoverageredesign (boring crypto) ddelnano@vigenere:~/code/pixie (ddelnano/add-go-boringcrypto-tls-tracing-tests) $ ~/go/bin/goversion -crypto bazel-bin/src/stirling/testing/demo_apps/go_https/server/golang_boringcrypto_server_binary bazel-bin/src/stirling/testing/demo_apps/go_https/server/golang_boringcrypto_server_binary go1.20.4 X:boringcrypto,nocoverageredesign (boring crypto) ``` </details> --------- Signed-off-by: Dom Del Nano <ddelnano@pixielabs.ai>
pixie-io · Jun 12, 2023 · 1a0f465 · 1a0f465
1 parent e599084
commit 1a0f465
Show file tree

Hide file tree

Showing 16 changed files with 245 additions and 25 deletions.
diff --git a/WORKSPACE b/WORKSPACE
@@ -239,6 +239,19 @@ go_download_sdk(
     version = "1.20.5",
 )
 
+# The go_sdk_boringcrypto SDK is used for testing boringcrypto specific functionality (TLS tracing).
+# This SDK is used for specific test cases and is not meant to be used wholesale for a particular go
+# version.
+#
+# rules_go doesn't support using multiple SDKs with the same version and differing
+# GOEXPERIMENTs. This can use the same version as our latest go version once
+# https://github.com/bazelbuild/rules_go/issues/3582 is addressed.
+go_download_sdk(
+    name = "go_sdk_boringcrypto",
+    experiments = ["boringcrypto"],
+    version = "1.20.4",
+)
+
 pip_parse(
     name = "amqp_gen_reqs",
     requirements_lock = "//src/stirling/source_connectors/socket_tracer/protocols/amqp/amqp_code_generator:requirements.bazel.txt",

diff --git a/src/stirling/source_connectors/socket_tracer/BUILD.bazel b/src/stirling/source_connectors/socket_tracer/BUILD.bazel
@@ -307,11 +307,13 @@ pl_cc_bpf_test(
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client:golang_1_18_grpc_client",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client:golang_1_19_grpc_client",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client:golang_1_20_grpc_client",
+        "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client:golang_boringcrypto_grpc_client",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server:golang_1_16_grpc_server_with_certs",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server:golang_1_17_grpc_server_with_certs",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server:golang_1_18_grpc_server_with_certs",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server:golang_1_19_grpc_server_with_certs",
         "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server:golang_1_20_grpc_server_with_certs",
+        "//src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server:golang_boringcrypto_grpc_server_with_certs",
     ],
     flaky = True,
     shard_count = 3,
@@ -354,6 +356,8 @@ pl_cc_bpf_test(
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_1_19_grpc_server_container",
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_1_20_grpc_client_container",
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_1_20_grpc_server_container",
+        "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_boringcrypto_grpc_client_container",
+        "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_boringcrypto_grpc_server_container",
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:product_catalog_client_container",
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:product_catalog_service_container",
         "//src/stirling/testing:cc_library",
@@ -528,6 +532,8 @@ pl_cc_bpf_test(
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_1_19_tls_server_container",
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_1_20_tls_client_container",
         "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_1_20_tls_server_container",
+        "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_boringcrypto_tls_client_container",
+        "//src/stirling/source_connectors/socket_tracer/testing/container_images:go_boringcrypto_tls_server_container",
         "//src/stirling/testing:cc_library",
     ],
 )

diff --git a/src/stirling/source_connectors/socket_tracer/go_tls_trace_bpf_test.cc b/src/stirling/source_connectors/socket_tracer/go_tls_trace_bpf_test.cc
@@ -28,6 +28,8 @@
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_1_19_tls_server_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_1_20_tls_client_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_1_20_tls_server_container.h"
+#include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_boringcrypto_tls_client_container.h"
+#include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_boringcrypto_tls_server_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/protocol_checkers.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/socket_trace_bpf_test_fixture.h"
 #include "src/stirling/testing/common.h"
@@ -85,8 +87,14 @@ struct Go1_20TLSClientServerContainers {
   using GoTLSClientContainer = ::px::stirling::testing::Go1_20_TLSClientContainer;
 };
 
+struct GoBoringCryptoTLSClientServerContainers {
+  using GoTLSServerContainer = ::px::stirling::testing::GoBoringCryptoTLSServerContainer;
+  using GoTLSClientContainer = ::px::stirling::testing::GoBoringCryptoTLSClientContainer;
+};
+
 typedef ::testing::Types<Go1_17TLSClientServerContainers, Go1_18TLSClientServerContainers,
-                         Go1_19TLSClientServerContainers, Go1_20TLSClientServerContainers>
+                         Go1_19TLSClientServerContainers, Go1_20TLSClientServerContainers,
+                         GoBoringCryptoTLSClientServerContainers>
     GoVersions;
 TYPED_TEST_SUITE(GoTLSTraceTest, GoVersions);
 

diff --git a/src/stirling/source_connectors/socket_tracer/grpc_trace_bpf_test.cc b/src/stirling/source_connectors/socket_tracer/grpc_trace_bpf_test.cc
@@ -193,7 +193,8 @@ INSTANTIATE_TEST_SUITE_P(SecurityModeTest, GRPCTraceTest,
                              TestParams{"1_17", false, true}, TestParams{"1_17", false, false},
                              TestParams{"1_18", false, true}, TestParams{"1_18", true, false},
                              TestParams{"1_19", false, false}, TestParams{"1_19", true, true},
-                             TestParams{"1_20", true, true}, TestParams{"1_20", true, false}));
+                             TestParams{"1_20", true, true}, TestParams{"1_20", true, false},
+                             TestParams{"boringcrypto", true, true}));
 
 class PyGRPCTraceTest : public testing::SocketTraceBPFTestFixture</* TClientSideTracing */ false> {
  protected:

diff --git a/src/stirling/source_connectors/socket_tracer/http2_trace_bpf_test.cc b/src/stirling/source_connectors/socket_tracer/http2_trace_bpf_test.cc
@@ -29,6 +29,8 @@
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_1_19_grpc_server_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_1_20_grpc_client_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_1_20_grpc_server_container.h"
+#include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_boringcrypto_grpc_client_container.h"
+#include "src/stirling/source_connectors/socket_tracer/testing/container_images/go_boringcrypto_grpc_server_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/product_catalog_client_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/container_images/product_catalog_service_container.h"
 #include "src/stirling/source_connectors/socket_tracer/testing/protocol_checkers.h"
@@ -89,8 +91,14 @@ struct Go1_20GRPCClientServerContainers {
   using ClientContainer = ::px::stirling::testing::Go1_20_GRPCClientContainer;
 };
 
+struct GoBoringCryptoGRPCClientServerContainers {
+  using ServerContainer = ::px::stirling::testing::GoBoringCryptoGRPCServerContainer;
+  using ClientContainer = ::px::stirling::testing::GoBoringCryptoGRPCClientContainer;
+};
+
 typedef ::testing::Types<Go1_17GRPCClientServerContainers, Go1_18GRPCClientServerContainers,
-                         Go1_19GRPCClientServerContainers, Go1_20GRPCClientServerContainers>
+                         Go1_19GRPCClientServerContainers, Go1_20GRPCClientServerContainers,
+                         GoBoringCryptoGRPCClientServerContainers>
     GoVersions;
 TYPED_TEST_SUITE(HTTP2TraceTest, GoVersions);
 

diff --git a/...irling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client/BUILD.bazel b/...irling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client/BUILD.bazel
@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 load("@io_bazel_rules_go//go:def.bzl", "go_cross_binary", "go_library")
-load("//bazel:pl_build_system.bzl", "pl_go_binary", "pl_go_sdk_version_template_to_label", "pl_supported_go_sdk_versions")
+load("//bazel:pl_build_system.bzl", "pl_all_supported_go_sdk_versions", "pl_go_binary", "pl_go_sdk_version_template_to_label")
 
 package(default_visibility = ["//src/stirling:__subpackages__"])
 
@@ -44,5 +44,5 @@ pl_go_binary(
         tags = ["manual"],
         target = ":client",
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
diff --git a/...irling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server/BUILD.bazel b/...irling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server/BUILD.bazel
@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 load("@io_bazel_rules_go//go:def.bzl", "go_cross_binary", "go_library")
-load("//bazel:pl_build_system.bzl", "pl_go_binary", "pl_go_sdk_version_template_to_label", "pl_supported_go_sdk_versions")
+load("//bazel:pl_build_system.bzl", "pl_all_supported_go_sdk_versions", "pl_go_binary", "pl_go_sdk_version_template_to_label")
 
 package(default_visibility = ["//src/stirling:__subpackages__"])
 
@@ -43,7 +43,7 @@ pl_go_binary(
         tags = ["manual"],
         target = ":server",
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
 
 [
@@ -56,5 +56,5 @@ pl_go_binary(
         ],
         visibility = ["//src/stirling:__subpackages__"],
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
diff --git a/src/stirling/source_connectors/socket_tracer/testing/container_images/BUILD.bazel b/src/stirling/source_connectors/socket_tracer/testing/container_images/BUILD.bazel
@@ -14,7 +14,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-load("//bazel:pl_build_system.bzl", "pl_cc_test_library", "pl_go_sdk_version_template_to_label")
+load("//bazel:pl_build_system.bzl", "pl_boringcrypto_go_sdk", "pl_cc_test_library", "pl_go_sdk_version_template_to_label")
 
 # TODO(vihang): load this from pl_build_system once we remove go 1.16
 pl_supported_go_sdk_versions = [
@@ -24,6 +24,8 @@ pl_supported_go_sdk_versions = [
     "1.20",
 ]
 
+pl_all_supported_go_sdk_versions = pl_supported_go_sdk_versions + pl_boringcrypto_go_sdk
+
 package(default_visibility = ["//src/stirling:__subpackages__"])
 
 pl_cc_test_library(
@@ -66,7 +68,7 @@ pl_cc_test_library(
         ],
         deps = ["//src/common/testing/test_utils:cc_library"],
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
 
 [
@@ -79,7 +81,7 @@ pl_cc_test_library(
         ],
         deps = ["//src/common/testing/test_utils:cc_library"],
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
 
 [
@@ -92,7 +94,7 @@ pl_cc_test_library(
         ],
         deps = ["//src/common/testing/test_utils:cc_library"],
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
 
 [
@@ -105,7 +107,7 @@ pl_cc_test_library(
         ],
         deps = ["//src/common/testing/test_utils:cc_library"],
     )
-    for sdk_version in pl_supported_go_sdk_versions
+    for sdk_version in pl_all_supported_go_sdk_versions
 ]
 
 pl_cc_test_library(

diff --git a/...connectors/socket_tracer/testing/container_images/go_boringcrypto_grpc_client_container.h b/...connectors/socket_tracer/testing/container_images/go_boringcrypto_grpc_client_container.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018- The Pixie Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include <string>
+
+#include "src/common/testing/test_environment.h"
+#include "src/common/testing/test_utils/container_runner.h"
+
+namespace px {
+namespace stirling {
+namespace testing {
+
+class GoBoringCryptoGRPCClientContainer : public ContainerRunner {
+ public:
+  GoBoringCryptoGRPCClientContainer()
+      : ContainerRunner(::px::testing::BazelRunfilePath(kBazelImageTar), kContainerNamePrefix,
+                        kReadyMessage) {}
+
+ private:
+  static constexpr std::string_view kBazelImageTar =
+      "src/stirling/testing/demo_apps/go_grpc_tls_pl/client/"
+      "golang_boringcrypto_grpc_tls_client.tar";
+  static constexpr std::string_view kContainerNamePrefix = "grpc_client";
+  static constexpr std::string_view kReadyMessage = "";
+};
+
+}  // namespace testing
+}  // namespace stirling
+}  // namespace px
diff --git a/...connectors/socket_tracer/testing/container_images/go_boringcrypto_grpc_server_container.h b/...connectors/socket_tracer/testing/container_images/go_boringcrypto_grpc_server_container.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018- The Pixie Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include <string>
+
+#include "src/common/testing/test_environment.h"
+#include "src/common/testing/test_utils/container_runner.h"
+
+namespace px {
+namespace stirling {
+namespace testing {
+
+class GoBoringCryptoGRPCServerContainer : public ContainerRunner {
+ public:
+  GoBoringCryptoGRPCServerContainer()
+      : ContainerRunner(::px::testing::BazelRunfilePath(kBazelImageTar), kContainerNamePrefix,
+                        kReadyMessage) {}
+
+ private:
+  static constexpr std::string_view kBazelImageTar =
+      "src/stirling/testing/demo_apps/go_grpc_tls_pl/server/"
+      "golang_boringcrypto_grpc_tls_server.tar";
+  static constexpr std::string_view kContainerNamePrefix = "grpc_server";
+  static constexpr std::string_view kReadyMessage = "Starting HTTP/2 server";
+};
+
+}  // namespace testing
+}  // namespace stirling
+}  // namespace px
diff --git a/..._connectors/socket_tracer/testing/container_images/go_boringcrypto_tls_client_container.h b/..._connectors/socket_tracer/testing/container_images/go_boringcrypto_tls_client_container.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2018- The Pixie Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include <string>
+
+#include "src/common/testing/test_environment.h"
+#include "src/common/testing/test_utils/container_runner.h"
+
+namespace px {
+namespace stirling {
+namespace testing {
+
+class GoBoringCryptoTLSClientContainer : public ContainerRunner {
+ public:
+  GoBoringCryptoTLSClientContainer()
+      : ContainerRunner(::px::testing::BazelRunfilePath(kBazelImageTar), kContainerNamePrefix,
+                        kReadyMessage) {}
+
+ private:
+  static constexpr std::string_view kBazelImageTar =
+      "src/stirling/testing/demo_apps/go_https/client/golang_boringcrypto_https_client.tar";
+  static constexpr std::string_view kContainerNamePrefix = "https_client";
+  static constexpr std::string_view kReadyMessage = R"({"status":"ok"})";
+};
+
+}  // namespace testing
+}  // namespace stirling
+}  // namespace px
diff --git a/..._connectors/socket_tracer/testing/container_images/go_boringcrypto_tls_server_container.h b/..._connectors/socket_tracer/testing/container_images/go_boringcrypto_tls_server_container.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2018- The Pixie Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include <string>
+
+#include "src/common/testing/test_environment.h"
+#include "src/common/testing/test_utils/container_runner.h"
+
+namespace px {
+namespace stirling {
+namespace testing {
+
+class GoBoringCryptoTLSServerContainer : public ContainerRunner {
+ public:
+  GoBoringCryptoTLSServerContainer()
+      : ContainerRunner(::px::testing::BazelRunfilePath(kBazelImageTar), kContainerNamePrefix,
+                        kReadyMessage) {}
+
+ private:
+  static constexpr std::string_view kBazelImageTar =
+      "src/stirling/testing/demo_apps/go_https/server/golang_boringcrypto_https_server.tar";
+  static constexpr std::string_view kContainerNamePrefix = "https_server";
+  static constexpr std::string_view kReadyMessage = "Starting HTTPS service";
+};
+
+}  // namespace testing
+}  // namespace stirling
+}  // namespace px