Implement AMQP 1.0: support JWT (OAuth 2) (#109)

 - Closes: #85 
 - Add  `rabbitmq_auth_backend_oauth2` configuration to CI ubuntu single node and CI cluster.
 - Update the RabbitMQ docker images to `4.1.0-beta.4`
 - Add TLS tests for different virtual hosts
 - Add an Example for OAuth2
---------

Signed-off-by: Gabriele Santomaggio <[email protected]>

Author: Gsantomaggio

.ci/ubuntu/cluster/gha-setup.sh

@@ -19,7 +19,7 @@ function run_docker_compose
     docker compose --file "$script_dir/docker-compose.yml" $@
 }
 
-readonly rabbitmq_image="${RABBITMQ_IMAGE:-pivotalrabbitmq/rabbitmq:main}"
+readonly rabbitmq_image="${RABBITMQ_IMAGE:-rabbitmq:4.1.0-beta.4-management-alpine}"
 
 if [[ ! -v GITHUB_ACTIONS ]]
 then

.ci/ubuntu/cluster/rmq/Dockerfile

@@ -1,4 +1,4 @@
-ARG RABBITMQ_DOCKER_TAG=pivotalrabbitmq/rabbitmq:main
+ARG RABBITMQ_DOCKER_TAG=rabbitmq:4.1.0-beta.4-management-alpine
 
 FROM ${RABBITMQ_DOCKER_TAG}
 

.ci/ubuntu/cluster/rmq/advanced.config

@@ -1,3 +1,14 @@
 [
-    {kernel, [{net_ticktime, 15}]}
-].
+  {kernel, [{net_ticktime, 15}]},
+  {rabbitmq_auth_backend_oauth2, [{key_config,
+         [{signing_keys,
+              #{<<"token-key">> =>
+                    {map,
+                        #{<<"alg">> => <<"HS256">>,
+                          <<"k">> => <<"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH">>,
+                          <<"kid">> => <<"token-key">>,
+                          <<"kty">> => <<"oct">>,
+                          <<"use">> => <<"sig">>,
+                          <<"value">> => <<"token-key">>}}}}]},
+     {resource_server_id,<<"rabbitmq">>}]}
+].

.ci/ubuntu/cluster/rmq/enabled_plugins

@@ -1 +1 @@
-[rabbitmq_auth_mechanism_ssl,rabbitmq_management,rabbitmq_top].
+[rabbitmq_auth_mechanism_ssl,rabbitmq_management,rabbitmq_stream,rabbitmq_stream_management,rabbitmq_top,rabbitmq_auth_backend_oauth2].

.ci/ubuntu/cluster/rmq/rabbitmq.conf

@@ -28,3 +28,7 @@ cluster_formation.peer_discovery_backend = classic_config
 cluster_formation.classic_config.nodes.0 = [email protected]
 cluster_formation.classic_config.nodes.1 = [email protected]
 cluster_formation.classic_config.nodes.2 = [email protected]
+
+
+auth_backends.1 = internal
+auth_backends.2 = rabbit_auth_backend_oauth2

.ci/ubuntu/one-node/advanced.config

@@ -0,0 +1,13 @@
+[
+  {rabbitmq_auth_backend_oauth2, [{key_config,
+         [{signing_keys,
+              #{<<"token-key">> =>
+                    {map,
+                        #{<<"alg">> => <<"HS256">>,
+                          <<"k">> => <<"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH">>,
+                          <<"kid">> => <<"token-key">>,
+                          <<"kty">> => <<"oct">>,
+                          <<"use">> => <<"sig">>,
+                          <<"value">> => <<"token-key">>}}}}]},
+     {resource_server_id,<<"rabbitmq">>}]}
+].

.ci/ubuntu/one-node/enabled_plugins

@@ -1 +1 @@
-[rabbitmq_auth_mechanism_ssl,rabbitmq_management,rabbitmq_stream,rabbitmq_stream_management,rabbitmq_top].
+[rabbitmq_auth_mechanism_ssl,rabbitmq_management,rabbitmq_stream,rabbitmq_stream_management,rabbitmq_top,rabbitmq_auth_backend_oauth2].

.ci/ubuntu/one-node/gha-setup.sh

@@ -8,12 +8,9 @@ script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 readonly script_dir
 echo "[INFO] script_dir: '$script_dir'"
 
-if [[ $3 == 'arm' ]]
-then
-    readonly rabbitmq_image="${RABBITMQ_IMAGE:-pivotalrabbitmq/rabbitmq-arm64:main}"
-else
-    readonly rabbitmq_image="${RABBITMQ_IMAGE:-pivotalrabbitmq/rabbitmq:main}"
-fi
+
+readonly rabbitmq_image="${RABBITMQ_IMAGE:-rabbitmq:4.1.0-beta.4-management-alpine}"
+
 
 
 readonly docker_name_prefix='rabbitmq-amqp-dotnet-client'
@@ -92,6 +89,7 @@ function start_rabbitmq
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/enabled_plugins:/etc/rabbitmq/enabled_plugins" \
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro" \
         --volume "$GITHUB_WORKSPACE/.ci/certs:/etc/rabbitmq/certs:ro" \
+        --volume "$GITHUB_WORKSPACE/.ci/ubuntu/one-node/advanced.config:/etc/rabbitmq/advanced.config:ro" \
         --volume "$GITHUB_WORKSPACE/.ci/ubuntu/log:/var/log/rabbitmq" \
         "$rabbitmq_image"
 }

.ci/ubuntu/one-node/rabbitmq.conf

@@ -24,3 +24,6 @@ ssl_options.fail_if_no_peer_cert = false
 auth_mechanisms.1 = PLAIN
 auth_mechanisms.2 = ANONYMOUS
 auth_mechanisms.3 = EXTERNAL
+
+auth_backends.1 = internal
+auth_backends.2 = rabbit_auth_backend_oauth2

.ci/windows/advanced.config

@@ -0,0 +1,13 @@
+[
+  {rabbitmq_auth_backend_oauth2, [{key_config,
+         [{signing_keys,
+              #{<<"token-key">> =>
+                    {map,
+                        #{<<"alg">> => <<"HS256">>,
+                          <<"k">> => <<"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH">>,
+                          <<"kid">> => <<"token-key">>,
+                          <<"kty">> => <<"oct">>,
+                          <<"use">> => <<"sig">>,
+                          <<"value">> => <<"token-key">>}}}}]},
+     {resource_server_id,<<"rabbitmq">>}]}
+].