Add more tests for OAuth2

Signed-off-by: Gabriele Santomaggio <[email protected]>

Author: Gsantomaggio

.ci/ubuntu/cluster/rmq/Dockerfile

@@ -12,5 +12,6 @@ COPY --chown=rabbitmq:rabbitmq --chmod=0644 enabled_plugins /etc/rabbitmq/enable
 COPY --chown=rabbitmq:rabbitmq rabbitmq-env.conf /etc/rabbitmq/rabbitmq-env.conf
 COPY --chown=rabbitmq:rabbitmq rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
 COPY --chown=rabbitmq:rabbitmq advanced.config /etc/rabbitmq/advanced.config
+COPY --chown=rabbitmq:rabbitmq definitions.json /etc/rabbitmq/definitions.json
 
 EXPOSE 4369 5671 5672 15672 15692 25672 35672-35682

.ci/ubuntu/cluster/rmq/definitions.json

@@ -0,0 +1 @@
+{"rabbit_version":"4.1.0-beta.4","rabbitmq_version":"4.1.0-beta.4","product_name":"RabbitMQ","product_version":"4.1.0-beta.4","rabbitmq_definition_format":"cluster","original_cluster_name":"rabbit@rabbitmq-amqp-go-client-rabbitmq","explanation":"Definitions of cluster 'rabbit@rabbitmq-amqp-go-client-rabbitmq'","users":[{"name":"guest","password_hash":"5AXVjnnJAKWzGy8L/t9vhOi5iZ4j2wwUA9aI0QoOgBYPXmGS","hashing_algorithm":"rabbit_password_hashing_sha256","tags":["administrator"],"limits":{}},{"name":"user_1","password_hash":"k91LVmfv+JsXCihK+BiwURDo2otPX4wRtX4vErArkhRq/kkJ","hashing_algorithm":"rabbit_password_hashing_sha256","tags":["administrator"],"limits":{}},{"name":"O=client,CN=localhost","password_hash":"n3z/QaCVGTgelie+hmxw7//jYQmtERIVOQj+tw47AoPVAsCh","hashing_algorithm":"rabbit_password_hashing_sha256","tags":["administrator"],"limits":{}}],"vhosts":[{"name":"vhost_user_1","description":"","metadata":{"description":"","tags":[],"default_queue_type":"classic"},"tags":[],"default_queue_type":"classic"},{"name":"/","description":"Default virtual host","metadata":{"description":"Default virtual host","tags":[],"default_queue_type":"classic"},"tags":[],"default_queue_type":"classic"},{"name":"tls","description":"","metadata":{"description":"","tags":[],"default_queue_type":"classic"},"tags":[],"default_queue_type":"classic"}],"permissions":[{"user":"O=client,CN=localhost","vhost":"/","configure":".*","write":".*","read":".*"},{"user":"guest","vhost":"/","configure":".*","write":".*","read":".*"},{"user":"O=client,CN=localhost","vhost":"tls","configure":".*","write":".*","read":".*"},{"user":"guest","vhost":"vhost_user_1","configure":".*","write":".*","read":".*"},{"user":"guest","vhost":"tls","configure":".*","write":".*","read":".*"},{"user":"user_1","vhost":"vhost_user_1","configure":".*","write":".*","read":".*"}],"topic_permissions":[],"parameters":[],"global_parameters":[{"name":"cluster_tags","value":[]},{"name":"internal_cluster_id","value":"rabbitmq-cluster-id-A5bx3jtkxi8ukG64KRkw8g"}],"policies":[],"queues":[],"exchanges":[],"bindings":[]}

.ci/ubuntu/cluster/rmq/rabbitmq.conf

@@ -33,3 +33,4 @@ cluster_formation.classic_config.nodes.2 = [email protected]
 auth_backends.1 = internal
 auth_backends.2 = rabbit_auth_backend_oauth2
 
+load_definitions = /etc/rabbitmq/definitions.json

RabbitMQ.AMQP.Client/ConnectionSettings.cs

@@ -208,10 +208,11 @@ public class ConnectionSettings : IEquatable<ConnectionSettings>
     {
         protected Address _address = new("amqp://localhost:5672");
         protected string _virtualHost = Consts.DefaultVirtualHost;
+        private readonly SaslMechanism _saslMechanism = SaslMechanism.Plain;
+        private readonly OAuth2Options? _oAuth2Options = null;
         private readonly string _containerId = string.Empty;
         private readonly uint _maxFrameSize = Consts.DefaultMaxFrameSize;
         private readonly TlsSettings? _tlsSettings;
-        private readonly SaslMechanism _saslMechanism = SaslMechanism.Plain;
         private readonly IRecoveryConfiguration _recoveryConfiguration = new RecoveryConfiguration();
 
         public ConnectionSettings(Uri uri,
@@ -221,7 +222,7 @@ public ConnectionSettings(Uri uri,
             uint? maxFrameSize = null,
             TlsSettings? tlsSettings = null,
             OAuth2Options? oAuth2Options = null)
-            : this(containerId, saslMechanism, recoveryConfiguration, maxFrameSize, tlsSettings)
+            : this(containerId, saslMechanism, recoveryConfiguration, maxFrameSize, tlsSettings, oAuth2Options)
         {
             (string? user, string? password) = ProcessUserInfo(uri);
 
@@ -233,22 +234,23 @@ public ConnectionSettings(Uri uri,
                 throw new ArgumentOutOfRangeException("uri.Scheme", "Uri scheme must be 'amqp' or 'amqps'");
             }
 
-            _address = new Address(host: uri.Host,
-                port: uri.Port,
-                user: user,
-                password: password,
-                path: "/",
-                scheme: scheme);
+            _address = InitAddress(uri.Host, uri.Port, user, password, scheme);
+            _tlsSettings = InitTlsSettings();
+        }
 
-            if (oAuth2Options is not null)
+        protected Address InitAddress(string host, int port, string? user, string? password, string scheme)
+        {
+            if (_oAuth2Options is not null)
             {
-                // in case of OAuth2, we need to use plain mechanism
-                _saslMechanism = SaslMechanism.Plain;
-                _address = new Address(_address.Host, _address.Port, "", oAuth2Options.Token, _address.Path,
-                    _address.Scheme);
+                return new Address(host, port, "", _oAuth2Options.Token, "/", scheme);
             }
 
-            _tlsSettings = InitTlsSettings();
+            return new Address(host,
+                port: port,
+                user: user,
+                password: password,
+                path: "/",
+                scheme: scheme);
         }
 
         public ConnectionSettings(string scheme,
@@ -263,33 +265,19 @@ public ConnectionSettings(string scheme,
             uint? maxFrameSize = null,
             TlsSettings? tlsSettings = null,
             OAuth2Options? oAuth2Options = null)
-            : this(containerId, saslMechanism, recoveryConfiguration, maxFrameSize, tlsSettings)
+            : this(containerId, saslMechanism, recoveryConfiguration, maxFrameSize, tlsSettings, oAuth2Options)
         {
             if (false == Utils.IsValidScheme(scheme))
             {
                 throw new ArgumentOutOfRangeException(nameof(scheme), "scheme must be 'amqp' or 'amqps'");
             }
 
-            _address = new Address(host: host,
-                port: port,
-                user: user,
-                password: password,
-                path: "/",
-                scheme: scheme);
-
+            _address = InitAddress(host, port, user, password, scheme);
             if (virtualHost is not null)
             {
                 _virtualHost = virtualHost;
             }
 
-            if (oAuth2Options is not null)
-            {
-                // in case of OAuth2, we need to use plain mechanism
-                _saslMechanism = SaslMechanism.Plain;
-                _address = new Address(_address.Host, _address.Port, "", oAuth2Options.Token, _address.Path,
-                    _address.Scheme);
-            }
-
             _tlsSettings = InitTlsSettings();
         }
 
@@ -298,7 +286,8 @@ protected ConnectionSettings(
             SaslMechanism? saslMechanism = null,
             IRecoveryConfiguration? recoveryConfiguration = null,
             uint? maxFrameSize = null,
-            TlsSettings? tlsSettings = null)
+            TlsSettings? tlsSettings = null,
+            OAuth2Options? oAuth2Options = null)
         {
             if (containerId is not null)
             {
@@ -310,6 +299,13 @@ protected ConnectionSettings(
                 _saslMechanism = saslMechanism;
             }
 
+            if (oAuth2Options is not null)
+            {
+                // If OAuth2Options is set, then SaslMechanism must be Plain
+                _oAuth2Options = oAuth2Options;
+                _saslMechanism = SaslMechanism.Plain;
+            }
+
             if (recoveryConfiguration is not null)
             {
                 _recoveryConfiguration = recoveryConfiguration;
@@ -483,7 +479,7 @@ public ClusterConnectionSettings(IEnumerable<Uri> uris,
             uint? maxFrameSize = null,
             TlsSettings? tlsSettings = null,
             OAuth2Options? oAuth2Options = null)
-            : base(containerId, saslMechanism, recoveryConfiguration, maxFrameSize, tlsSettings)
+            : base(containerId, saslMechanism, recoveryConfiguration, maxFrameSize, tlsSettings, oAuth2Options)
         {
             _uris = uris.ToList();
             if (_uris.Count == 0)
@@ -525,20 +521,7 @@ public ClusterConnectionSettings(IEnumerable<Uri> uris,
                     }
                 }
 
-                var address = new Address(host: uri.Host,
-                    port: uri.Port,
-                    user: user,
-                    password: password,
-                    path: "/",
-                    scheme: scheme);
-
-                // if (oAuth2Options is not null)
-                // {
-                //     // in case of OAuth2, we need to use plain mechanism
-                //     _saslMechanism = SaslMechanism.Plain;
-                //     _address = new Address(_address.Host, _address.Port, "", oAuth2Options.Token, _address.Path,
-                //         _address.Scheme);
-                // }
+                var address = InitAddress(uri.Host, uri.Port, user, password, scheme);
 
                 _uriToAddress[uri] = address;
 

RabbitMQ.AMQP.Client/PublicAPI.Unshipped.txt

@@ -65,10 +65,11 @@ RabbitMQ.AMQP.Client.ConnectionException.ConnectionException(string! message) ->
 RabbitMQ.AMQP.Client.ConnectionException.ConnectionException(string! message, System.Exception! innerException) -> void
 RabbitMQ.AMQP.Client.ConnectionSettings
 RabbitMQ.AMQP.Client.ConnectionSettings.ConnectionSettings(string! scheme, string! host, int port, string? user = null, string? password = null, string? virtualHost = null, string! containerId = "", RabbitMQ.AMQP.Client.SaslMechanism? saslMechanism = null, RabbitMQ.AMQP.Client.IRecoveryConfiguration? recoveryConfiguration = null, uint? maxFrameSize = null, RabbitMQ.AMQP.Client.TlsSettings? tlsSettings = null, RabbitMQ.AMQP.Client.OAuth2Options? oAuth2Options = null) -> void
-RabbitMQ.AMQP.Client.ConnectionSettings.ConnectionSettings(string? containerId = null, RabbitMQ.AMQP.Client.SaslMechanism? saslMechanism = null, RabbitMQ.AMQP.Client.IRecoveryConfiguration? recoveryConfiguration = null, uint? maxFrameSize = null, RabbitMQ.AMQP.Client.TlsSettings? tlsSettings = null) -> void
+RabbitMQ.AMQP.Client.ConnectionSettings.ConnectionSettings(string? containerId = null, RabbitMQ.AMQP.Client.SaslMechanism? saslMechanism = null, RabbitMQ.AMQP.Client.IRecoveryConfiguration? recoveryConfiguration = null, uint? maxFrameSize = null, RabbitMQ.AMQP.Client.TlsSettings? tlsSettings = null, RabbitMQ.AMQP.Client.OAuth2Options? oAuth2Options = null) -> void
 RabbitMQ.AMQP.Client.ConnectionSettings.ConnectionSettings(System.Uri! uri, string? containerId = null, RabbitMQ.AMQP.Client.SaslMechanism? saslMechanism = null, RabbitMQ.AMQP.Client.IRecoveryConfiguration? recoveryConfiguration = null, uint? maxFrameSize = null, RabbitMQ.AMQP.Client.TlsSettings? tlsSettings = null, RabbitMQ.AMQP.Client.OAuth2Options? oAuth2Options = null) -> void
 RabbitMQ.AMQP.Client.ConnectionSettings.ContainerId.get -> string!
 RabbitMQ.AMQP.Client.ConnectionSettings.Host.get -> string!
+RabbitMQ.AMQP.Client.ConnectionSettings.InitAddress(string! host, int port, string? user, string? password, string! scheme) -> Amqp.Address!
 RabbitMQ.AMQP.Client.ConnectionSettings.MaxFrameSize.get -> uint
 RabbitMQ.AMQP.Client.ConnectionSettings.Password.get -> string?
 RabbitMQ.AMQP.Client.ConnectionSettings.Path.get -> string!

Tests/OAuth2Tests.cs

@@ -21,11 +21,13 @@
 
 namespace Tests
 {
-    public class OAuth2Tests(ITestOutputHelper testOutputHelper) : IntegrationTest(testOutputHelper, setupConnectionAndManagement: false)
+    public class OAuth2Tests(ITestOutputHelper testOutputHelper)
+        : IntegrationTest(testOutputHelper, setupConnectionAndManagement: false)
     {
         private const string Base64Key = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH";
 
         private const string Audience = "rabbitmq";
+
         // 
         [SkippableFact]
         public async Task ConnectToRabbitMqWithOAuth2TokenShouldSuccess()
@@ -46,37 +48,42 @@ public async Task ConnectToRabbitMqWithOAuth2TokenShouldSuccess()
         public async Task ConnectToRabbitMqWithOAuth2TokenShouldDisconnectAfterTimeout()
         {
             Skip.IfNot(IsCluster);
-            IConnection connection = await AmqpConnection.CreateAsync(
-                ConnectionSettingsBuilder.Create()
-                    .Host("localhost")
-                    .Port(5672)
-                    .RecoveryConfiguration(new RecoveryConfiguration().Activated(false).Topology(false))
-                    .OAuth2Options(new OAuth2Options(GenerateToken(DateTime.UtcNow.AddMilliseconds(1_000))))
-                    .Build());
-
-            Assert.NotNull(connection);
-            Assert.Equal(State.Open, connection.State);
-            State? stateFrom = null;
-            State? stateTo = null;
-            Error? stateError = null;
-            TaskCompletionSource<bool> tcs = new();
-            connection.ChangeState += (sender, from, to, error) =>
+            var l = new List<ConnectionSettingsBuilder>
             {
-                stateFrom = from;
-                stateTo = to;
-                stateError = error;
-                tcs.SetResult(true);
+                ConnectionSettingsBuilder.Create().Uris(new List<Uri> { new("amqp://") }),
+                ConnectionSettingsBuilder.Create().Uri(new Uri("amqp://localhost:5672")),
+                ConnectionSettingsBuilder.Create().Host("localhost").Port(5672)
             };
 
-            await tcs.Task;
-            Assert.NotNull(stateFrom);
-            Assert.NotNull(stateTo);
-            Assert.NotNull(stateError);
-            Assert.NotNull(stateError.ErrorCode);
-            Assert.Equal(State.Open, stateFrom);
-            Assert.Equal(State.Closed, stateTo);
-            Assert.Equal(State.Closed, connection.State);
-            Assert.Contains(stateError.ErrorCode, "amqp:unauthorized-access");
+            foreach (ConnectionSettingsBuilder builder in l)
+            {
+                IConnection connection = await AmqpConnection.CreateAsync(builder
+                    .RecoveryConfiguration(new RecoveryConfiguration().Activated(false).Topology(false))
+                    .OAuth2Options(new OAuth2Options(GenerateToken(DateTime.UtcNow.AddMilliseconds(1_000)))).Build());
+                Assert.NotNull(connection);
+                Assert.Equal(State.Open, connection.State);
+                State? stateFrom = null;
+                State? stateTo = null;
+                Error? stateError = null;
+                TaskCompletionSource<bool> tcs = new();
+                connection.ChangeState += (sender, from, to, error) =>
+                {
+                    stateFrom = from;
+                    stateTo = to;
+                    stateError = error;
+                    tcs.SetResult(true);
+                };
+
+                await tcs.Task;
+                Assert.NotNull(stateFrom);
+                Assert.NotNull(stateTo);
+                Assert.NotNull(stateError);
+                Assert.NotNull(stateError.ErrorCode);
+                Assert.Equal(State.Open, stateFrom);
+                Assert.Equal(State.Closed, stateTo);
+                Assert.Equal(State.Closed, connection.State);
+                Assert.Contains(stateError.ErrorCode, "amqp:unauthorized-access");
+            }
         }
 
         private static string GenerateToken(DateTime duration)