Deploy RabbitMQ with TLS when testing messaging protocls vs auth

MarcialRosales · MarcialRosales · commit 11348c206fa0 · 2024-11-06T15:07:59.000+01:00
diff --git a/selenium/.gitignore b/selenium/.gitignore
@@ -9,4 +9,5 @@ test/oauth/*/h2/*.lock.db
 */target/*
 tls-gen
 test/oauth/*/*.pem
-test/oauth/*/*.p12
+test/oauth/*/*.p12
+test/authnz-msg-protocols/certs
diff --git a/selenium/bin/components/rabbitmq b/selenium/bin/components/rabbitmq
@@ -12,6 +12,10 @@ init_rabbitmq() {
   [[ -z "${OAUTH_SERVER_CONFIG_BASEDIR}" ]] || print "> OAUTH_SERVER_CONFIG_BASEDIR: ${OAUTH_SERVER_CONFIG_BASEDIR}"
   [[ -z "${OAUTH_SERVER_CONFIG_DIR}" ]] || print "> OAUTH_SERVER_CONFIG_DIR: ${OAUTH_SERVER_CONFIG_DIR}"
 
+  if [[ ! -d "${RABBITMQ_CONFIG_DIR}/certs" ]]; then 
+    mkdir ${RABBITMQ_CONFIG_DIR}/certs
+  fi 
+  generate-ca-server-client-kpi rabbitmq $RABBITMQ_CONFIG_DIR/certs
 }
 
 start_rabbitmq() {
diff --git a/selenium/suites/authnz-messaging/auth-internal-backend.sh b/selenium/suites/authnz-messaging/auth-internal-backend.sh
@@ -3,7 +3,7 @@
 SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 TEST_CASES_PATH=/authnz-msg-protocols
-PROFILES="internal-user auth_backends-internal "
+PROFILES="internal-user auth_backends-internal tls"
 
 source $SCRIPT/../../bin/suite_template
 run
diff --git a/selenium/test/authnz-msg-protocols/mqtt.js b/selenium/test/authnz-msg-protocols/mqtt.js
@@ -14,10 +14,10 @@ for (const element of profiles.split(" ")) {
 describe('Having MQTT protocol enbled and the following auth_backends: ' + backends, function () {
   let mqttOptions
   let expectations = []
-  let client_id = 'selenium-client'
   let rabbit = process.env.RABBITMQ_HOSTNAME || 'localhost'
   let username = process.env.RABBITMQ_AMQP_USERNAME
   let password = process.env.RABBITMQ_AMQP_PASSWORD
+  let client_id = process.env.RABBITMQ_AMQP_CLIENT_ID || 'selenium-client'
 
   before(function () {
     if (backends.includes("http") && username.includes("http")) {
diff --git a/selenium/test/authnz-msg-protocols/rabbitmq.tls.conf b/selenium/test/authnz-msg-protocols/rabbitmq.tls.conf
@@ -0,0 +1,14 @@
+auth_backends.1 = rabbit_auth_backend_oauth2
+
+listeners.ssl.1 = 5671
+
+ssl_options.cacertfile = ${RABBITMQ_TEST_DIR}/certs/ca_rabbitmq_certificate.pem
+ssl_options.certfile   = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_certificate.pem
+ssl_options.keyfile    = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_key.pem
+ssl_options.verify     = verify_peer
+ssl_options.fail_if_no_peer_cert = true
+
+management.ssl.port = 15671
+management.ssl.cacertfile = ${RABBITMQ_TEST_DIR}/certs/ca_rabbitmq_certificate.pem
+management.ssl.certfile   = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_certificate.pem
+management.ssl.keyfile    = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_key.pem

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,10 @@ init_rabbitmq() {`
`12`	`12`	`[[ -z "${OAUTH_SERVER_CONFIG_BASEDIR}" ]] \|\| print "> OAUTH_SERVER_CONFIG_BASEDIR: ${OAUTH_SERVER_CONFIG_BASEDIR}"`
`13`	`13`	`[[ -z "${OAUTH_SERVER_CONFIG_DIR}" ]] \|\| print "> OAUTH_SERVER_CONFIG_DIR: ${OAUTH_SERVER_CONFIG_DIR}"`
`14`	`14`
	`15`	`+ if [[ ! -d "${RABBITMQ_CONFIG_DIR}/certs" ]]; then`
	`16`	`+ mkdir ${RABBITMQ_CONFIG_DIR}/certs`
	`17`	`+ fi`
	`18`	`+ generate-ca-server-client-kpi rabbitmq $RABBITMQ_CONFIG_DIR/certs`
`15`	`19`	`}`
`16`	`20`
`17`	`21`	`start_rabbitmq() {`