From 6c15260c35aadde833544faacb55d903921d0d07 Mon Sep 17 00:00:00 2001 From: bstrausser Date: Mon, 1 Apr 2024 21:21:40 -0400 Subject: [PATCH 1/3] Fix AMQPS url --- modules/rabbitmq/rabbitmq.go | 2 +- modules/rabbitmq/rabbitmq_test.go | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/rabbitmq/rabbitmq.go b/modules/rabbitmq/rabbitmq.go index 9fb28212e1..a6dec1a779 100644 --- a/modules/rabbitmq/rabbitmq.go +++ b/modules/rabbitmq/rabbitmq.go @@ -48,7 +48,7 @@ func (c *RabbitMQContainer) AmqpURL(ctx context.Context) (string, error) { // AmqpURL returns the URL for AMQPS clients. func (c *RabbitMQContainer) AmqpsURL(ctx context.Context) (string, error) { - endpoint, err := c.PortEndpoint(ctx, nat.Port(DefaultAMQPPort), "") + endpoint, err := c.PortEndpoint(ctx, nat.Port(DefaultAMQPSPort), "") if err != nil { return "", err } diff --git a/modules/rabbitmq/rabbitmq_test.go b/modules/rabbitmq/rabbitmq_test.go index 0c85c66607..b218d7a3d1 100644 --- a/modules/rabbitmq/rabbitmq_test.go +++ b/modules/rabbitmq/rabbitmq_test.go @@ -32,6 +32,15 @@ func TestRunContainer_connectUsingAmqp(t *testing.T) { t.Fatal(err) } + amqpsURL, err := rabbitmqContainer.AmqpsURL(ctx) + if err != nil { + t.Fatal(err) + } + + if !strings.HasPrefix(amqpsURL, "amqps") { + t.Fatal(fmt.Errorf("AMQPS Url should begin with `amqps`")) + } + amqpConnection, err := amqp.Dial(amqpURL) if err != nil { t.Fatal(err) @@ -40,6 +49,15 @@ func TestRunContainer_connectUsingAmqp(t *testing.T) { if err = amqpConnection.Close(); err != nil { t.Fatal(err) } + + amqpsConnection, err := amqp.Dial(amqpsURL) + if err != nil { + t.Fatal(err) + } + + if err = amqpsConnection.Close(); err != nil { + t.Fatal(err) + } } func TestRunContainer_withAllSettings(t *testing.T) { From 4dd462660afb0b7f2e67461c97850170da6f26c0 Mon Sep 17 00:00:00 2001 From: bstrausser Date: Mon, 1 Apr 2024 21:36:13 -0400 Subject: [PATCH 2/3] Split off amqps and add failing test for client certs --- modules/rabbitmq/rabbitmq_test.go | 38 ++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/modules/rabbitmq/rabbitmq_test.go b/modules/rabbitmq/rabbitmq_test.go index b218d7a3d1..07035016be 100644 --- a/modules/rabbitmq/rabbitmq_test.go +++ b/modules/rabbitmq/rabbitmq_test.go @@ -2,8 +2,10 @@ package rabbitmq_test import ( "context" + "crypto/tls" "fmt" "io" + "path/filepath" "strings" "testing" @@ -32,25 +34,49 @@ func TestRunContainer_connectUsingAmqp(t *testing.T) { t.Fatal(err) } - amqpsURL, err := rabbitmqContainer.AmqpsURL(ctx) + amqpConnection, err := amqp.Dial(amqpURL) if err != nil { t.Fatal(err) } - if !strings.HasPrefix(amqpsURL, "amqps") { - t.Fatal(fmt.Errorf("AMQPS Url should begin with `amqps`")) + if err = amqpConnection.Close(); err != nil { + t.Fatal(err) } +} - amqpConnection, err := amqp.Dial(amqpURL) +func TestRunContainer_connectUsingAmqps(t *testing.T) { + ctx := context.Background() + + sslSettings := rabbitmq.SSLSettings{ + CACertFile: filepath.Join("testdata", "certs", "server_ca.pem"), + CertFile: filepath.Join("testdata", "certs", "server_cert.pem"), + KeyFile: filepath.Join("testdata", "certs", "server_key.pem"), + VerificationMode: rabbitmq.SSLVerificationModePeer, + FailIfNoCert: true, + VerificationDepth: 0, + } + + rabbitmqContainer, err := rabbitmq.RunContainer(ctx, rabbitmq.WithSSL(sslSettings)) if err != nil { t.Fatal(err) } - if err = amqpConnection.Close(); err != nil { + defer func() { + if err := rabbitmqContainer.Terminate(ctx); err != nil { + t.Fatal(err) + } + }() + + amqpsURL, err := rabbitmqContainer.AmqpsURL(ctx) + if err != nil { t.Fatal(err) } - amqpsConnection, err := amqp.Dial(amqpsURL) + if !strings.HasPrefix(amqpsURL, "amqps") { + t.Fatal(fmt.Errorf("AMQPS Url should begin with `amqps`")) + } + + amqpsConnection, err := amqp.DialTLS(amqpsURL, &tls.Config{}) if err != nil { t.Fatal(err) } From a01d45bde7cbbb5fbe561628ee0870e5d3996b08 Mon Sep 17 00:00:00 2001 From: bstrausser Date: Mon, 1 Apr 2024 23:18:23 -0400 Subject: [PATCH 3/3] Adds certs into tests --- modules/rabbitmq/rabbitmq_test.go | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/modules/rabbitmq/rabbitmq_test.go b/modules/rabbitmq/rabbitmq_test.go index 07035016be..7079379421 100644 --- a/modules/rabbitmq/rabbitmq_test.go +++ b/modules/rabbitmq/rabbitmq_test.go @@ -3,8 +3,10 @@ package rabbitmq_test import ( "context" "crypto/tls" + "crypto/x509" "fmt" "io" + "io/ioutil" "path/filepath" "strings" "testing" @@ -52,8 +54,8 @@ func TestRunContainer_connectUsingAmqps(t *testing.T) { CertFile: filepath.Join("testdata", "certs", "server_cert.pem"), KeyFile: filepath.Join("testdata", "certs", "server_key.pem"), VerificationMode: rabbitmq.SSLVerificationModePeer, - FailIfNoCert: true, - VerificationDepth: 0, + FailIfNoCert: false, + VerificationDepth: 1, } rabbitmqContainer, err := rabbitmq.RunContainer(ctx, rabbitmq.WithSSL(sslSettings)) @@ -76,11 +78,22 @@ func TestRunContainer_connectUsingAmqps(t *testing.T) { t.Fatal(fmt.Errorf("AMQPS Url should begin with `amqps`")) } - amqpsConnection, err := amqp.DialTLS(amqpsURL, &tls.Config{}) + certs := x509.NewCertPool() + + pemData, err := ioutil.ReadFile(sslSettings.CACertFile) + if err != nil { + t.Fatal(err) + } + certs.AppendCertsFromPEM(pemData) + + amqpsConnection, err := amqp.DialTLS(amqpsURL, &tls.Config{InsecureSkipVerify: false, RootCAs: certs}) if err != nil { t.Fatal(err) } + if amqpsConnection.IsClosed() { + t.Fatal(fmt.Errorf("AMQPS Connection unexpectdely closed")) + } if err = amqpsConnection.Close(); err != nil { t.Fatal(err) }