add tls tests for different virtual hosts

Signed-off-by: Gabriele Santomaggio <[email protected]>

Author: Gsantomaggio

.ci/ubuntu/cluster/rmq/Dockerfile

@@ -12,6 +12,5 @@ COPY --chown=rabbitmq:rabbitmq --chmod=0644 enabled_plugins /etc/rabbitmq/enable
 COPY --chown=rabbitmq:rabbitmq rabbitmq-env.conf /etc/rabbitmq/rabbitmq-env.conf
 COPY --chown=rabbitmq:rabbitmq rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
 COPY --chown=rabbitmq:rabbitmq advanced.config /etc/rabbitmq/advanced.config
-COPY --chown=rabbitmq:rabbitmq definitions.json /etc/rabbitmq/definitions.json
 
 EXPOSE 4369 5671 5672 15672 15692 25672 35672-35682

.ci/ubuntu/cluster/rmq/definitions.json

@@ -31,6 +31,4 @@ cluster_formation.classic_config.nodes.2 = [email protected]
 
 
 auth_backends.1 = internal
-auth_backends.2 = rabbit_auth_backend_oauth2
-
-load_definitions = /etc/rabbitmq/definitions.json
+auth_backends.2 = rabbit_auth_backend_oauth2

.ci/ubuntu/cluster/rmq/rabbitmq.conf

@@ -89,7 +89,6 @@ function start_rabbitmq
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/enabled_plugins:/etc/rabbitmq/enabled_plugins" \
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro" \
         --volume "$GITHUB_WORKSPACE/.ci/certs:/etc/rabbitmq/certs:ro" \
-        --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/definitions.json:/etc/rabbitmq/definitions.json:ro" \
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/advanced.config:/etc/rabbitmq/advanced.config:ro" \
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/log:/var/log/rabbitmq" \
         "$rabbitmq_image"

.ci/ubuntu/one-node/definitions.json

@@ -27,5 +27,3 @@ auth_mechanisms.3 = EXTERNAL
 
 auth_backends.1 = internal
 auth_backends.2 = rabbit_auth_backend_oauth2
-
-load_definitions = /etc/rabbitmq/definitions.json

.ci/ubuntu/one-node/gha-setup.sh

@@ -604,7 +604,7 @@ public TlsSettings() : this(DefaultSslProtocols)
         public TlsSettings(SslProtocols protocols)
         {
             Protocols = protocols;
-            RemoteCertificateValidationCallback = trustEverythingCertValidationCallback;
+            RemoteCertificateValidationCallback = TrustEverythingCertValidationCallback;
             LocalCertificateSelectionCallback = null;
         }
 
@@ -620,7 +620,7 @@ public TlsSettings(SslProtocols protocols)
 
         public LocalCertificateSelectionCallback? LocalCertificateSelectionCallback { get; set; }
 
-        private bool trustEverythingCertValidationCallback(object sender, X509Certificate? certificate,
+        private bool TrustEverythingCertValidationCallback(object sender, X509Certificate? certificate,
             X509Chain? chain, SslPolicyErrors sslPolicyErrors)
         {
             return (sslPolicyErrors & ~AcceptablePolicyErrors) == SslPolicyErrors.None;

.ci/ubuntu/one-node/rabbitmq.conf

@@ -31,12 +31,13 @@ public ushort GetClusterSize()
     /// Creates a user, without password, with full permissions
     /// </summary>
     /// <param name="userName">The user name.</param>
-    public async Task CreateUserAsync(string userName)
+    /// <param name="virtualHost">The virtual host</param>
+    public async Task CreateUserAsync(string userName, string virtualHost)
     {
         var userInfo = new UserInfo(null, null, []);
         await _managementClient.CreateUserAsync(userName, userInfo);
         var permissionInfo = new PermissionInfo();
-        await _managementClient.CreatePermissionAsync("/", userName, permissionInfo);
+        await _managementClient.CreatePermissionAsync(virtualHost, userName, permissionInfo);
     }
 
     public async Task CreateVhostAsync(string vhostName)

RabbitMQ.AMQP.Client/ConnectionSettings.cs

@@ -76,7 +76,8 @@ public async Task ConnectUsingTlsAndUserPassword(string virtualHost)
         else
         {
             connectionSettings.TlsSettings.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors;
-            connectionSettings.TlsSettings.RemoteCertificateValidationCallback = (sender, certificate, chain, errors) => true;
+            connectionSettings.TlsSettings.RemoteCertificateValidationCallback =
+                (sender, certificate, chain, errors) => true;
         }
 
         Assert.Equal("localhost", connectionSettings.Host);
@@ -92,18 +93,22 @@ public async Task ConnectUsingTlsAndUserPassword(string virtualHost)
         Assert.Equal(State.Closed, connection.State);
     }
 
-    [Fact]
-    public async Task ConnectUsingTlsAndClientCertificate()
+    [Theory]
+    [InlineData("/my_tls_host_certificate")]
+    [InlineData("/")]
+    public async Task ConnectUsingTlsAndClientCertificate(string virtualHost)
     {
+        await CreateVhostAsync(virtualHost);
         string clientCertFile = GetClientCertFile();
         var cert = new X509Certificate2(clientCertFile, "grapefruit");
 
-        await CreateUserFromCertSubject(cert);
+        await CreateUserFromCertSubject(cert, virtualHost);
 
         ConnectionSettings connectionSettings = _connectionSettingBuilder
             .Scheme("amqps")
             .SaslMechanism(SaslMechanism.External)
             .Port(_port)
+            .VirtualHost(virtualHost)
             .Build();
 
         Assert.True(connectionSettings.UseSsl);
@@ -125,14 +130,15 @@ public async Task ConnectUsingTlsAndClientCertificate()
         else
         {
             connectionSettings.TlsSettings.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors;
-            connectionSettings.TlsSettings.RemoteCertificateValidationCallback = (sender, certificate, chain, errors) => true;
+            connectionSettings.TlsSettings.RemoteCertificateValidationCallback =
+                (sender, certificate, chain, errors) => true;
         }
 
         Assert.Equal("localhost", connectionSettings.Host);
         Assert.Equal(_port, connectionSettings.Port);
         Assert.Null(connectionSettings.User);
         Assert.Null(connectionSettings.Password);
-        Assert.Equal("/", connectionSettings.VirtualHost);
+        Assert.Equal(virtualHost, connectionSettings.VirtualHost);
         Assert.Equal("amqps", connectionSettings.Scheme);
         Assert.Equal(SaslMechanism.External, connectionSettings.SaslMechanism);
 
@@ -142,10 +148,10 @@ public async Task ConnectUsingTlsAndClientCertificate()
         Assert.Equal(State.Closed, connection.State);
     }
 
-    private Task CreateUserFromCertSubject(X509Certificate cert)
+    private Task CreateUserFromCertSubject(X509Certificate cert, string virtualHost)
     {
         string userName = cert.Subject.Trim().Replace(" ", string.Empty);
-        return _httpApiClient.CreateUserAsync(userName);
+        return _httpApiClient.CreateUserAsync(userName, virtualHost);
     }
 
     private static string GetClientCertFile()
@@ -156,6 +162,7 @@ private static string GetClientCertFile()
         {
             clientCertFile = Path.GetFullPath(Path.Combine(cwd, "../../../../../.ci/certs/client_localhost.p12"));
         }
+
         Assert.True(File.Exists(clientCertFile));
         return clientCertFile;
     }