Hi,
We currently have end to end tests running from our Circle CI setup, however we can only set it up to speak to services that are accessible from the outside world.
Is there any way to setup Circle CI to access internal web services (eg: REST apis) within our companies internal VPC
As a pipeline step we need to make http requests to one of our internal search apis.
Any help would be greatly appreciated
Thoughts that come to mind:
Hi,
I dont think mocking the api calls is good because it means its not a true end to end test (more of an integration test in that case)
Does circle CI have an IP range we can use so we can restrict requests that goto a public proxy server ?
Also have you got any tech details on how we can run a vpn through a circle ci agent ?
I don’t know if this is documented anywhere. I don’t think it is accessible in the container though - perhaps you could wget a dummy file on your web server to get the IP. Maybe it goes through a proxy and so always will be the same?
I’d have to research this, the same as you. Look into OpenVPN - client in CircleCI, server on the public edge of your LAN.
Could you just take a copy of your API and a snapshot of your database, and put that on a public server?
Seems there is a blog article on saying a VPN isnt possible:
https://circleci.com/blog/vpns-and-why-they-don-t-work/
Could you just take a copy of your API and a snapshot of your database, and put that on a public server?
This is not as easy as it sounds when there is a bunch of different apis, each with different backing dbs etc - not feasible 
It does hint at the end to say there is an alternative, which they were to cover in a future article - see if they posted the follow-up?
There’s no mention of the Machine executor either, so I wonder if the article predates CircleCI 2.0. You could switch to a Machine, which is a proper VM rather than a Docker container; there’s presently no charge for this service.
I don’t know whether a Machine can cope with a VPN, but I’d assume so - I’m guessing it’s a VMWare guest or something like that.
I’m wondering, in any case, whether a proxy would be better than a VPN. The latter might be regarded as a security risk, since it would open your LAN out to a (trusted) third party, and you might want to set up an isolated LAN to mitigate that extra risk.
A proxy is just HTTP(S) and can be easily filtered.
Speaking to circle ci support - I can use a VPN (eg: https://wiki.ubuntu.com/VPN)
Also to connect to a VPN I need to use a machine[1] executor. There is no way to connect to a vpn from a docker image due to security reasons.
Yeah true - I think the http proxy is probably safer (As its only https)
thanks for the help !
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.