feat(#370) Added mTLS support to docker endpoint

[vlaskal]

This PR add two options for docker endpoint authentication.

1. it is support of simple secured endpoint by TLS
2. it is support of client authentication via mTLS

PR contains 2 commits on for each option.

This PR is draft only to review approach of implementation.

[vlaskal]

I am not sure why few tests failed when locally run fine. I think that my code is out of test scope.

What this PR miss are:

• Test strategy for new TlsEndpointAuthenticationProvider and MTlsEndpointAuthenticationProvider
• Update build agents to be able to test these providers
• Cleanup based on last PRs
• Review of supportability in .NET Standard 2.1 (Do we test both .NET Standards?)
• Used Custom configurations

[HofmeisterAn]

I would like to split this pull request into two smaller chunks. The first one should just contain the changes regarding ICustomConfiguration (reading the custom configuration values incl. tests). The second one the TLS implementation. It makes the review easier and we can focus just on the TLS part next. What do you think? In the meantime I'll setup the TLS test environment. Thanks again.

[vlaskal]

I would like to split this pull request into two smaller chunks. The first one should just contain the changes regarding ICustomConfiguration (reading the custom configuration values incl. tests). The second one the TLS implementation. It makes the review easier and we can focus just on the TLS part next. What do you think? In the meantime I'll setup the TLS test environment. Thanks again.

Ok, will try to prepare it soon.

[HofmeisterAn]

We can use something like this to create a test instance:

public sealed class GitHub : IAsyncLifetime
{
  private const string CertsDirectoryName = "certs";

  private static readonly string ContainerCertDirectoryPath = Path.Combine("/", CertsDirectoryName);

  private static readonly string HostCertDirectoryPath = Path.Combine(Path.GetTempPath(), CertsDirectoryName);

  private readonly ITestcontainersContainer tlsContainer = new TestcontainersBuilder<TestcontainersContainer>()
    .WithImage("docker:20.10-dind")
    .WithPrivileged(true)
    .WithEnvironment("DOCKER_CERT_PATH", ContainerCertDirectoryPath)
    .WithEnvironment("DOCKER_TLS_CERTDIR", ContainerCertDirectoryPath)
    .WithEnvironment("DOCKER_TLS", "1")
    .WithEnvironment("DOCKER_TLS_VERIFY", "1")
    .WithBindMount(HostCertDirectoryPath, ContainerCertDirectoryPath, AccessMode.ReadWrite)
    .Build();

  [Fact]
  public Task PullRequest548()
  {
    return Task.CompletedTask;
  }

  public Task InitializeAsync()
  {
    return this.tlsContainer.StartAsync();
  }

  public Task DisposeAsync()
  {
    return this.tlsContainer.DisposeAsync().AsTask();
  }
}

This generates the certificates too.

[vlaskal]

Ok will try to use it. But I will update PR to latest master then will split it to two smaller chunks with tests.
Then we can deal with one feature in a time.

[vlaskal]

@HofmeisterAn I updated mTls implementation based on implementation of Tls in PR #597 including inheritance to not repeat code. Uou can look at implementation and chak it. Also here is a test which tests that mTls work.

[HofmeisterAn]

I think the pull request is on the right track. I would like to make sure that the configurations for the fixtures are correct, afterwards we can finalize the providers. Setting the fixtures explicit to tlsverify or tls should be the next step (dunno if that is possible via containers command args). Maybe we need to generate certificates by ourself and check them in to set the configuration explicit.

[HofmeisterAn]

@vlaskal Would you take a look at my recent changes? I think I just need to fix 2 tests, then we are good to merge. What do you think?

[vlaskal]

@vlaskal Would you take a look at my recent changes? I think I just need to fix 2 tests, then we are good to merge. What do you think?

Done. I think we are close.

[vlaskal]

It looks as final.

[HofmeisterAn]

Closes #370.