Merge pull request #10425 from infosiftr/rabbits

Adjust rabbitmq tls test to not rely on ENV vars

test/tests/rabbitmq-tls/rabbitmq-env.conf

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# https://www.rabbitmq.com/clustering-ssl.html
+ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)"
+
+sslErlArgs="-pa $ERL_SSL_PATH 
+    -proto_dist inet_tls
+    -ssl_dist_opt server_certfile /certs/combined.pem
+    -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
+
+SERVER_ADDITIONAL_ERL_ARGS="$sslErlArgs"
+CTL_ERL_ARGS="$sslErlArgs"
+if [ -n "$ERLANG_COOKIE" ]; then
+	SERVER_ADDITIONAL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS -setcookie $ERLANG_COOKIE"
+	CTL_ERL_ARGS="$CTL_ERL_ARGS -setcookie $ERLANG_COOKIE"
+fi

test/tests/rabbitmq-tls/rabbitmq.conf

@@ -0,0 +1,7 @@
+loopback_users.guest = false
+listeners.ssl.default = 5671
+ssl_options.cacertfile = /certs/ca.crt
+ssl_options.certfile = /certs/cert.crt
+ssl_options.fail_if_no_peer_cert = true
+ssl_options.keyfile = /certs/private.key
+ssl_options.verify = verify_peer

test/tests/rabbitmq-tls/run.sh

@@ -21,8 +21,11 @@ RUN set -eux; \
 		-CA /certs/ca.crt -CAkey /certs/ca-private.key -CAcreateserial \
 		-out /certs/cert.crt -days $(( 365 * 30 )); \
 	openssl verify -CAfile /certs/ca.crt /certs/cert.crt; \
+	cat /certs/cert.crt /certs/private.key > /certs/combined.pem; \
+	chmod 0400 /certs/combined.pem; \
 	chown -R rabbitmq:rabbitmq /certs
-ENV RABBITMQ_SSL_CACERTFILE=/certs/ca.crt RABBITMQ_SSL_CERTFILE=/certs/cert.crt RABBITMQ_SSL_KEYFILE=/certs/private.key
+
+COPY --chown=rabbitmq:rabbitmq dir/*.conf /etc/rabbitmq/
 EOD
 
 testImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-test "$1")"
@@ -39,10 +42,10 @@ RUN set -eux; \
 	testssl.sh --version
 EOD
 
-export RABBITMQ_ERLANG_COOKIE="rabbitmq-erlang-cookie-$RANDOM-$RANDOM"
+export ERLANG_COOKIE="rabbitmq-erlang-cookie-$RANDOM-$RANDOM"
 
 cname="rabbitmq-container-$RANDOM-$RANDOM"
-cid="$(docker run -d --name "$cname" --hostname "$cname" -e RABBITMQ_ERLANG_COOKIE "$serverImage")"
+cid="$(docker run -d --name "$cname" --hostname "$cname" -e ERLANG_COOKIE "$serverImage")"
 trap "docker rm -vf $cid > /dev/null" EXIT
 
 testssl() {
@@ -55,7 +58,7 @@ rabbitmqctl() {
 	# not using '--entrypoint', since regular entrypoint does needed env setup
 	docker run -i --rm \
 		--link "$cname" \
-		-e RABBITMQ_ERLANG_COOKIE \
+		-e ERLANG_COOKIE \
 		"$serverImage" \
 		rabbitmqctl --node "rabbit@$cname" "$@"
 }
@@ -63,7 +66,7 @@ rabbitmq-diagnostics() {
 	# not using '--entrypoint', since regular entrypoint does needed env setup
 	docker run -i --rm \
 		--link "$cname" \
-		-e RABBITMQ_ERLANG_COOKIE \
+		-e ERLANG_COOKIE \
 		"$serverImage" \
 		rabbitmq-diagnostics --node "rabbit@$cname" "$@"
 }