Search code examples
azure-devopsxunitdotnet-aspire

Generated Aspire Test Throws SSL Exception During Azure DevOps Tests

I have created a default Aspire starter solution which has the following test:

public sealed class WebTests
{
    [Fact]
    public async Task GetWebResourceRootReturnsOkStatusCode()
    {
        // Arrange
        var host = await DistributedApplicationTestingBuilder.CreateAsync<Projects.Starter_AppHost>();
        host.Services.ConfigureHttpClientDefaults(x => x.AddStandardResilienceHandler());
        // To output logs to the xUnit.net ITestOutputHelper, consider adding a package from https://www.nuget.org/packages?q=xunit+logging

        await using var app     = await host.BuildAsync();
        var             service = app.Services.GetRequiredService<ResourceNotificationService>();
        await app.StartAsync();

        // Act
        var client = app.CreateHttpClient("gateway");
        var @for   = TimeSpan.FromSeconds(30);
        await service.WaitForResourceAsync("gateway", KnownResourceStates.Running).WaitAsync(@for);
        var response = await client.GetAsync("/");

        // Assert
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
    }
}

When deploying to Azure DevOps pipeline, this test throws the following exception:

[xUnit.net 00:00:12.52]     Starter.Tests.WebTests.GetWebResourceRootReturnsOkStatusCode [FAIL]
  Failed Starter.Tests.WebTests.GetWebResourceRootReturnsOkStatusCode [12 s]
  Error Message:
   System.Net.Http.HttpRequestException : The SSL connection could not be established, see inner exception.
---- System.Security.Authentication.AuthenticationException : The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
  Stack Trace:
     at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Resilience.ResilienceHandler.<>c.<<SendAsync>b__3_0>d.MoveNext()
--- End of stack trace from previous location ---
   at Polly.Outcome`1.ThrowIfException()
   at Microsoft.Extensions.Http.Resilience.ResilienceHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Starter.Tests.WebTests.GetWebResourceRootReturnsOkStatusCode() in C:\agent\default\_work\3\s\Starter.Tests\WebTests.cs:line 21
   at Starter.Tests.WebTests.GetWebResourceRootReturnsOkStatusCode() in C:\agent\default\_work\3\s\Starter.Tests\WebTests.cs:line 24
--- End of stack trace from previous location ---
----- Inner Stack Trace -----
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)

I have tried running the following commands but this doesn't appear to do anything and the error persists:

dotnet dev-certs https --clean
dotnet dev-certs https --trust

So, how do I fix this problem? Please note that this is a self-hosted Windows agent running Aspire workload 8.0.2.

Solution

  • I had to use PsExec64.exe:

    PsExec64.exe -i -u "nt authority\network service" powershell

    Then:

    dotnet dev-certs https --clean
dotnet dev-certs https --trust