Fix SSL config for local testing

jakubkulhan · Dec 8, 2020 · 9f4593a · 9f4593a
1 parent c955de9
commit 9f4593a
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -231,6 +231,8 @@ in.
   ```
   $ docker-compose up -d
   ```
+
+  To test against different SSL configurations (as in CI builds), you can set environment variable `CONFIG_NAME=rabbitmq.ssl.verify_none` before running `docker-compose up`.
 
 - Optionally use `docker ps` to display the running containers.  
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,11 +4,16 @@ networks:
 services:
   rabbit_node_1:
     image: 'rabbitmq:3-management'
+    entrypoint: /opt/bunny/docker/rabbitmq/entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+    command: rabbitmq-server
     environment:
       RABBITMQ_DEFAULT_USER: testuser
       RABBITMQ_DEFAULT_PASS: testpassword
       RABBITMQ_DEFAULT_VHOST: testvhost
       RABBITMQ_ERLANG_COOKIE: bunny-test-secret
+      CONFIG_NAME: "${CONFIG_NAME:-rabbitmq.ssl.verify_peer}"
+    volumes:
+      - .:/opt/bunny
     networks:
       - main
     hostname: rabbit_node_1
@@ -18,6 +23,13 @@ services:
     tty: true
   bunny:
     build: docker/bunny
+    init: true
+    environment:
+      SSL_TEST: 'yes'
+      SSL_CA: ssl/ca.pem
+      SSL_PEER_NAME: server.rmq
+      SSL_CLIENT_CERT: ssl/client.pem
+      SSL_CLIENT_KEY: ssl/client.key
     volumes:
       - .:/opt/bunny
     networks:

diff --git a/docker/rabbitmq/entrypoint.sh b/docker/rabbitmq/entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -eu
+
+is_rabbitmq_gte_3_7_0() {
+	[[ "3.7.0" = $(echo -e "3.7.0\n$RABBITMQ_VERSION" | sort -V | head -n1) ]]
+}
+
+TEST_DATA_ROOT=/opt/bunny/test/ssl
+CONFIG_NAME=${CONFIG_NAME:-}
+
+cp ${TEST_DATA_ROOT}/{ca.pem,server.pem,server.key} /etc/rabbitmq/
+chown rabbitmq /etc/rabbitmq/{ca.pem,server.pem,server.key}
+chmod 0400 /etc/rabbitmq/{ca.pem,server.pem,server.key}
+
+if [[ -n "$CONFIG_NAME" ]]; then
+	if is_rabbitmq_gte_3_7_0; then
+		cp ${TEST_DATA_ROOT}/${CONFIG_NAME}.conf /etc/rabbitmq/rabbitmq.conf
+		chown rabbitmq /etc/rabbitmq/rabbitmq.conf
+	else
+		cp ${TEST_DATA_ROOT}/${CONFIG_NAME}.config /etc/rabbitmq/rabbitmq.config
+		chown rabbitmq /etc/rabbitmq/rabbitmq.config
+	fi
+fi
+
+exec "$@"
diff --git a/test/Bunny/SSLTest.php b/test/Bunny/SSLTest.php
@@ -5,6 +5,8 @@
 use Bunny\Async\Client as AsyncClient;
 use Bunny\Exception\ClientException;
 use Bunny\Test\Exception\TimeoutException;
+use Bunny\Test\Library\AsynchronousClientHelper;
+use Bunny\Test\Library\SynchronousClientHelper;
 use PHPUnit\Framework\TestCase;
 
 use React\EventLoop\Factory;
@@ -17,12 +19,29 @@
 
 class SSLTest extends TestCase
 {
+    /**
+     * @var SynchronousClientHelper
+     */
+    private $helper;
+
+    /**
+     * @var AsynchronousClientHelper
+     */
+    private $asyncHelper;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->helper = new SynchronousClientHelper();
+        $this->asyncHelper = new AsynchronousClientHelper();
+    }
 
     public function testConnect()
     {
         $options = $this->getOptions();
 
-        $client = new Client($options);
+        $client = $this->helper->createClient($options);
         $client->connect();
         $client->disconnect();
 
@@ -37,7 +56,7 @@ public function testConnectAsync() {
             throw new TimeoutException();
         });
 
-        $client = new AsyncClient($loop, $options);
+        $client = $this->asyncHelper->createClient($loop, $options);
         $client->connect()->then(function (AsyncClient $client) {
             return $client->disconnect();
         })->then(function () use ($loop) {
@@ -61,7 +80,7 @@ public function testConnectWithMissingClientCert()
 
         $this->expectException(ClientException::class);
 
-        $client = new Client($options);
+        $client = $this->helper->createClient($options);
         $client->connect();
         $client->disconnect();
     }
@@ -73,7 +92,7 @@ public function testConnectToTcpPort()
 
         $this->expectException(ClientException::class);
 
-        $client = new Client($options);
+        $client = $this->helper->createClient($options);
         $client->connect();
         $client->disconnect();
     }
@@ -85,7 +104,7 @@ public function testConnectWithWrongPeerName()
 
         $this->expectException(ClientException::class);
 
-        $client = new Client($options);
+        $client = $this->helper->createClient($options);
         $client->connect();
         $client->disconnect();
     }

diff --git a/test/Library/AsynchronousClientHelper.php b/test/Library/AsynchronousClientHelper.php
@@ -17,7 +17,7 @@ final class AsynchronousClientHelper extends AbstractClientHelper
      */
     public function createClient(LoopInterface $loop, array $options = null): Client
     {
-        $options = $options ?? $this->getDefaultOptions();
+        $options = array_merge($this->getDefaultOptions(), $options ?? []);
 
         return new Client($loop, $options);
     }

diff --git a/test/Library/SynchronousClientHelper.php b/test/Library/SynchronousClientHelper.php
@@ -16,7 +16,7 @@ final class SynchronousClientHelper extends AbstractClientHelper
      */
     public function createClient(array $options = null): Client
     {
-        $options = $options ?? $this->getDefaultOptions();
+        $options = array_merge($this->getDefaultOptions(), $options ?? []);
 
         return new Client($options);
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -231,6 +231,8 @@ in. @@
       ```
       $ docker-compose up -d
       ```
+      To test against different SSL configurations (as in CI builds), you can set environment variable `CONFIG_NAME=rabbitmq.ssl.verify_none` before running `docker-compose up`.
     - Optionally use `docker ps` to display the running containers.
@@ Expand Down @@