Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add all config keys that disable CA gen, restrict check to version 8
Browse files Browse the repository at this point in the history
Anaethelion committed Apr 9, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 8dbf104 commit 3997322
Showing 2 changed files with 51 additions and 38 deletions.
20 changes: 15 additions & 5 deletions modules/elasticsearch/elasticsearch.go
Original file line number Diff line number Diff line change
@@ -126,12 +126,22 @@ func configureAddress(ctx context.Context, c *ElasticsearchContainer) (string, e
// For that, it defines a post start hook that copies the certificate from the container to the host.
// The certificate is only available since version 8, and will be located in a well-known location.
func configureCertificate(settings *Options, req *testcontainers.GenericContainerRequest) error {
if value, ok := req.Env["xpack.security.http.ssl.enabled"]; ok {
if value == "false" {
return nil
}
}
if isAtLeastVersion(req.Image, 8) {
// These configuration keys explicitly disable CA generation.
// If any are set we skip the file retrieval.
configKeys := []string{
"xpack.security.enabled",
"xpack.security.http.ssl.enabled",
"xpack.security.transport.ssl.enabled",
}
for _, configKey := range configKeys {
if value, ok := req.Env[configKey]; ok {
if value == "false" {
return nil
}
}
}

// The container needs a post ready hook to copy the certificate from the container to the host.
// This certificate is only available since version 8
req.LifecycleHooks[0].PostReadies = append(req.LifecycleHooks[0].PostReadies,
69 changes: 36 additions & 33 deletions modules/elasticsearch/elasticsearch_test.go
Original file line number Diff line number Diff line change
@@ -164,45 +164,48 @@ func TestElasticsearch(t *testing.T) {
}

func TestElasticsearch8WithAndWithoutSSL(t *testing.T) {
t.Run("Elasticsearch 8 with SSL should provide CACert", func(t *testing.T) {
ctx := context.Background()
container, err := elasticsearch.RunContainer(ctx, testcontainers.WithImage(baseImage8))
if err != nil {
t.Fatal(err)
}

t.Cleanup(func() {
if err := container.Terminate(ctx); err != nil {
t.Fatalf("failed to terminate container: %s", err)
tests := []struct {
name string
configKey string
}{
{
name: "security disabled",
configKey: "xpack.security.enabled",
},
{
name: "transport ssl disabled",
configKey: "xpack.security.transport.ssl.enabled",
},
{
name: "http ssl disabled",
configKey: "xpack.security.http.ssl.enabled",
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
ctx := context.Background()
container, err := elasticsearch.RunContainer(
ctx,
testcontainers.WithImage(baseImage8),
testcontainers.WithEnv(map[string]string{
test.configKey: "false",
}))
if err != nil {
t.Fatal(err)
}
})

if len(container.Settings.CACert) == 0 {
t.Fatal("expected CA cert to not be empty")
}
})
t.Run("Elasticsearch 8 without SSL should not provide CACert", func(t *testing.T) {
ctx := context.Background()
container, err := elasticsearch.RunContainer(
ctx,
testcontainers.WithImage(baseImage8),
testcontainers.WithEnv(map[string]string{
"xpack.security.http.ssl.enabled": "false",
}))
if err != nil {
t.Fatal(err)
}
t.Cleanup(func() {
if err := container.Terminate(ctx); err != nil {
t.Fatalf("failed to terminate container: %s", err)
}
})

t.Cleanup(func() {
if err := container.Terminate(ctx); err != nil {
t.Fatalf("failed to terminate container: %s", err)
if len(container.Settings.CACert) > 0 {
t.Fatal("expected CA cert to be empty")
}
})
}

if len(container.Settings.CACert) > 0 {
t.Fatal("expected CA cert to be empty")
}
})
}

func TestElasticsearch8WithoutCredentials(t *testing.T) {

0 comments on commit 3997322

Please sign in to comment.