search

rabbitmq / rabbitmq-server

Open source RabbitMQ: core server and tier 1 (built-in) plugins
https://www.rabbitmq.com/
Other
12.31k stars 3.92k forks source link

Selenium suites: Test TLS-based authentication via messaging protocols (backport #12662) #12728

Closed mergify[bot] closed 1 week ago

mergify[bot] commented 1 week ago

Proposed Changes

Test TLS.-based authentication mechanism via messaging protocols like amqp 1.0 and mqtt. Also test MQTT security measures like using client_id from TLS certificate.

So far the selenium tests depended on certificates present in github. It is better to generate those certificates.

This is an automatic backport of pull request #12662 done by Mergify.

mergify[bot] commented 1 week ago

Cherry-pick of 6bf27a212f5e058a935ed01b05ab4033d0068d18 has failed:

On branch mergify/bp/v4.0.x/pr-12662
Your branch is up to date with 'origin/v4.0.x'.

You are currently cherry-picking commit 6bf27a212f.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
    modified:   .github/workflows/test-authnz.yaml
    modified:   .github/workflows/test-management-ui-for-pr.yaml
    modified:   .github/workflows/test-management-ui.yaml
    modified:   selenium/.gitignore
    modified:   selenium/amqp10-roundtriptest/src/main/java/com/rabbitmq/amqp1_0/RoundTripTest.java
    modified:   selenium/bin/components/devkeycloak
    modified:   selenium/bin/components/fakeportal
    modified:   selenium/bin/components/fakeproxy
    modified:   selenium/bin/components/keycloak
    modified:   selenium/bin/components/prodkeycloak
    modified:   selenium/bin/components/rabbitmq
    modified:   selenium/bin/components/uaa
    modified:   selenium/bin/suite_template
    modified:   selenium/fakeportal/app.js
    modified:   selenium/full-suite-authnz-messaging
    modified:   selenium/short-suite-management-ui
    modified:   selenium/suites/authnz-messaging/auth-internal-backend.sh
    new file:   selenium/suites/authnz-messaging/auth-internal-mtls-backend.sh
    modified:   selenium/suites/authnz-mgt/basic-auth-behind-proxy.sh
    modified:   selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix-via-proxy.sh
    modified:   selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-via-proxy.sh
    modified:   selenium/suites/authnz-mgt/oauth-with-uaa.sh
    modified:   selenium/test/authnz-msg-protocols/amqp10.js
    new file:   selenium/test/authnz-msg-protocols/env.auth-mtls
    new file:   selenium/test/authnz-msg-protocols/env.tls
    modified:   selenium/test/authnz-msg-protocols/mqtt.js
    new file:   selenium/test/authnz-msg-protocols/rabbitmq.auth-mtls.conf
    new file:   selenium/test/authnz-msg-protocols/rabbitmq.tls.conf
    modified:   selenium/test/env.docker
    modified:   selenium/test/env.local
    modified:   selenium/test/env.tls.docker
    modified:   selenium/test/env.tls.local
    deleted:    selenium/test/multi-oauth/certs/ca_certificate.pem
    modified:   selenium/test/multi-oauth/certs/server_rabbitmq_certificate.pem
    modified:   selenium/test/multi-oauth/certs/server_rabbitmq_key.pem
    deleted:    selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
    modified:   selenium/test/multi-oauth/devkeycloak/server_devkeycloak.p12
    modified:   selenium/test/multi-oauth/devkeycloak/server_devkeycloak_certificate.pem
    modified:   selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem
    modified:   selenium/test/multi-oauth/env.docker.devkeycloak
    modified:   selenium/test/multi-oauth/env.docker.prodkeycloak
    deleted:    selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
    modified:   selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak.p12
    modified:   selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_certificate.pem
    modified:   selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem
    modified:   selenium/test/multi-oauth/rabbitmq.tls.conf
    deleted:    selenium/test/oauth/certs/ca_certificate.pem
    deleted:    selenium/test/oauth/certs/server_rabbitmq_certificate.pem
    deleted:    selenium/test/oauth/certs/server_rabbitmq_key.pem
    modified:   selenium/test/oauth/env.docker.fakeportal
    modified:   selenium/test/oauth/env.docker.fakeproxy
    modified:   selenium/test/oauth/env.docker.keycloak
    modified:   selenium/test/oauth/env.docker.uaa
    modified:   selenium/test/oauth/env.local.fakeportal
    modified:   selenium/test/oauth/env.local.uaa
    deleted:    selenium/test/oauth/keycloak/ca_certificate.pem
    new file:   selenium/test/oauth/keycloak/openssl.cnf.in
    deleted:    selenium/test/oauth/keycloak/server_keycloak_certificate.pem
    deleted:    selenium/test/oauth/keycloak/server_keycloak_key.pem
    modified:   selenium/test/oauth/rabbitmq.tls.conf
    new file:   selenium/test/oauth/uaa/server.xml
    modified:   selenium/test/oauth/uaa/uaa.yml

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
    both modified:   selenium/bin/gen-env-file
    deleted by them: selenium/test/authnz-msg-protocols/env.local
    both modified:   selenium/test/multi-oauth/env.local.devkeycloak
    both modified:   selenium/test/multi-oauth/env.local.prodkeycloak
    both modified:   selenium/test/oauth/env.local.keycloak

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally