testcontainers-dotnet icon indicating copy to clipboard operation
testcontainers-dotnet copied to clipboard
verified publisher icon testcontainers

Feature/370 add support tls secured docker endpoint

Open vlaskal opened this issue 3 years ago • 4 comments

This PR add two options for docker endpoint authentication.

  1. it is support of simple secured endpoint by TLS
  2. it is support of client authentication via mTLS

PR contains 2 commits on for each option.

This PR is draft only to review approach of implementation.

vlaskal avatar Aug 02 '22 06:08 vlaskal

I am not sure why few tests failed when locally run fine. I think that my code is out of test scope.

What this PR miss are:

  • [x] Test strategy for new TlsEndpointAuthenticationProvider and MTlsEndpointAuthenticationProvider
  • [x] Update build agents to be able to test these providers
  • [x] Cleanup based on last PRs
  • [x] Review of supportability in .NET Standard 2.1 (Do we test both .NET Standards?)
  • [x] Used Custom configurations

vlaskal avatar Aug 02 '22 16:08 vlaskal

I would like to split this pull request into two smaller chunks. The first one should just contain the changes regarding ICustomConfiguration (reading the custom configuration values incl. tests). The second one the TLS implementation. It makes the review easier and we can focus just on the TLS part next. What do you think? In the meantime I'll setup the TLS test environment. Thanks again.

Ok, will try to prepare it soon.

vlaskal avatar Sep 03 '22 19:09 vlaskal

We can use something like this to create a test instance:

public sealed class GitHub : IAsyncLifetime
{
  private const string CertsDirectoryName = "certs";

  private static readonly string ContainerCertDirectoryPath = Path.Combine("/", CertsDirectoryName);

  private static readonly string HostCertDirectoryPath = Path.Combine(Path.GetTempPath(), CertsDirectoryName);

  private readonly ITestcontainersContainer tlsContainer = new TestcontainersBuilder<TestcontainersContainer>()
    .WithImage("docker:20.10-dind")
    .WithPrivileged(true)
    .WithEnvironment("DOCKER_CERT_PATH", ContainerCertDirectoryPath)
    .WithEnvironment("DOCKER_TLS_CERTDIR", ContainerCertDirectoryPath)
    .WithEnvironment("DOCKER_TLS", "1")
    .WithEnvironment("DOCKER_TLS_VERIFY", "1")
    .WithBindMount(HostCertDirectoryPath, ContainerCertDirectoryPath, AccessMode.ReadWrite)
    .Build();

  [Fact]
  public Task PullRequest548()
  {
    return Task.CompletedTask;
  }

  public Task InitializeAsync()
  {
    return this.tlsContainer.StartAsync();
  }

  public Task DisposeAsync()
  {
    return this.tlsContainer.DisposeAsync().AsTask();
  }
}

This generates the certificates too.

HofmeisterAn avatar Sep 05 '22 15:09 HofmeisterAn

Ok will try to use it. But I will update PR to latest master then will split it to two smaller chunks with tests. Then we can deal with one feature in a time.

vlaskal avatar Sep 06 '22 17:09 vlaskal

@HofmeisterAn I updated mTls implementation based on implementation of Tls in PR #597 including inheritance to not repeat code. Uou can look at implementation and chak it. Also here is a test which tests that mTls work.

vlaskal avatar Oct 09 '22 13:10 vlaskal

@vlaskal Would you take a look at my recent changes? I think I just need to fix 2 tests, then we are good to merge. What do you think?

Done. I think we are close.

vlaskal avatar Oct 17 '22 16:10 vlaskal

Closes #370.

HofmeisterAn avatar Oct 20 '22 07:10 HofmeisterAn