testcontainers · ImFlog · May 3, 2024 · Jun 11, 2024 · Jun 11, 2024
@@ -53,6 +53,15 @@ If you need to set a different password to request authorization when performing
 [Custom Password](../../modules/elasticsearch/examples_test.go) inside_block:usingPassword
 <!--/codeinclude-->
 
+#### Skipping cert retrieval
+
+If you do not want to retrieve the Elasticsearch certificate, you can use the `WithoutCertRetrieval` option.
+This can be useful in some edge cases where the certificate to download from the container is not available.
+
+<!--codeinclude-->
+[Skip Certificate Retrieval](../../modules/elasticsearch/examples_test.go) inside_block:withoutCertRetrieval
+<!--/codeinclude-->
+
 ### Configuring the access to the Elasticsearch container
 
 The Elasticsearch container exposes its settings in order to configure the client to connect to it. With those settings it's very easy to setup up our preferred way to connect to the container. We are going to show you two ways to connect to the container, using the HTTP client from the standard library, and using the Elasticsearch client.

@@ -128,7 +128,7 @@ func configureAddress(ctx context.Context, c *ElasticsearchContainer) (string, e
 // For that, it defines a post start hook that copies the certificate from the container to the host.
 // The certificate is only available since version 8, and will be located in a well-known location.
 func configureCertificate(settings *Options, req *testcontainers.GenericContainerRequest) error {
-	if isAtLeastVersion(req.Image, 8) {
+	if isAtLeastVersion(req.Image, 8) && !settings.SkipCertRetrieval {
 		// These configuration keys explicitly disable CA generation.
 		// If any are set we skip the file retrieval.
 		configKeys := []string{

@@ -134,7 +134,9 @@ func TestElasticsearch(t *testing.T) {
 					// finish validating the response when the request is unauthorised
 					return
 				}
-
+				if esContainer.Settings.CACert == nil {
+					t.Fatal("expected CA cert to be set")
+				}
 			}
 
 			// validate response
@@ -259,6 +261,25 @@ func TestElasticsearchOSSCannotuseWithPassword(t *testing.T) {
 	}
 }
 
+func TestElastictSearchWithoutCertRetrieval(t *testing.T) {
+	ctx := context.Background()
+
+	container, err := elasticsearch.RunContainer(ctx, testcontainers.WithImage(baseImage8), elasticsearch.WithoutCertRetrieval())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Cleanup(func() {
+		if err := container.Terminate(ctx); err != nil {
+			t.Fatalf("failed to terminate container: %s", err)
+		}
+	})
+
+	if container.Settings.CACert != nil {
+		t.Fatal("expected CA cert to be empty")
+	}
+}
+
 // configureHTTPClient configures an HTTP client for the Elasticsearch container.
 // If no certificate bytes are available, the default HTTP client will be returned.
 // If certificate bytes are available, the client will be configured to use TLS with the certificate.

@@ -112,3 +112,30 @@ func ExampleRunContainer_connectUsingElasticsearchClient() {
 	fmt.Println(esResp.Tagline)
 	// Output: You Know, for Search
 }
+
+func ExampleRunContainer_withoutCertRetrieval() {
+	// withoutCertRetrieval {
+	ctx := context.Background()
+	elasticsearchContainer, err := elasticsearch.RunContainer(
+		ctx,
+		testcontainers.WithImage("docker.elastic.co/elasticsearch/elasticsearch:8.9.0"),
+		elasticsearch.WithoutCertRetrieval(),
+	)
+	if err != nil {
+		log.Fatalf("failed to start container: %s", err)
+	}
+	defer func() {
+		err := elasticsearchContainer.Terminate(ctx)
+		if err != nil {
+			log.Fatalf("failed to terminate container: %s", err)
+		}
+	}()
+	// }
+
+	fmt.Println(elasticsearchContainer.Settings.SkipCertRetrieval)
+	fmt.Println(elasticsearchContainer.Settings.CACert)
+
+	// Output:
+	// true
+	// nil
+}
@@ -8,16 +8,18 @@ import (
 // It could be used to build an HTTP client for the Elasticsearch container, as it will
 // hold information on how to connect to the container.
 type Options struct {
-	Address  string
-	CACert   []byte
-	Password string
-	Username string
+	Address           string
+	CACert            []byte
+	Password          string
+	Username          string
+	SkipCertRetrieval bool
 }
 
 func defaultOptions() *Options {
 	return &Options{
-		CACert:   nil,
-		Username: defaultUsername,
+		CACert:            nil,
+		Username:          defaultUsername,
+		SkipCertRetrieval: false,
 	}
 }
 
@@ -39,3 +41,9 @@ func WithPassword(password string) Option {
 		o.Password = password
 	}
 }
+
+func WithoutCertRetrieval() Option {
+	return func(o *Options) {
+		o.SkipCertRetrieval = true
+	}
+}