Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(elasticsearch): add option to skip cert retrieval #2530

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions docs/modules/elasticsearch.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,15 @@ If you need to set a different password to request authorization when performing
[Custom Password](../../modules/elasticsearch/examples_test.go) inside_block:usingPassword
<!--/codeinclude-->

#### Skipping cert retrieval

If you do not want to retrieve the Elasticsearch certificate, you can use the `WithoutCertRetrieval` option.
This can be useful in some edge cases where the certificate to download from the container is not available.

<!--codeinclude-->
[Skip Certificate Retrieval](../../modules/elasticsearch/examples_test.go) inside_block:withoutCertRetrieval
<!--/codeinclude-->

### Configuring the access to the Elasticsearch container

The Elasticsearch container exposes its settings in order to configure the client to connect to it. With those settings it's very easy to setup up our preferred way to connect to the container. We are going to show you two ways to connect to the container, using the HTTP client from the standard library, and using the Elasticsearch client.
Expand Down
2 changes: 1 addition & 1 deletion modules/elasticsearch/elasticsearch.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func configureAddress(ctx context.Context, c *ElasticsearchContainer) (string, e
// For that, it defines a post start hook that copies the certificate from the container to the host.
// The certificate is only available since version 8, and will be located in a well-known location.
func configureCertificate(settings *Options, req *testcontainers.GenericContainerRequest) error {
if isAtLeastVersion(req.Image, 8) {
if isAtLeastVersion(req.Image, 8) && !settings.SkipCertRetrieval {
// These configuration keys explicitly disable CA generation.
// If any are set we skip the file retrieval.
configKeys := []string{
Expand Down
23 changes: 22 additions & 1 deletion modules/elasticsearch/elasticsearch_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,9 @@ func TestElasticsearch(t *testing.T) {
// finish validating the response when the request is unauthorised
return
}

if esContainer.Settings.CACert == nil {
t.Fatal("expected CA cert to be set")
}
}

// validate response
Expand Down Expand Up @@ -259,6 +261,25 @@ func TestElasticsearchOSSCannotuseWithPassword(t *testing.T) {
}
}

func TestElastictSearchWithoutCertRetrieval(t *testing.T) {
ctx := context.Background()

container, err := elasticsearch.RunContainer(ctx, testcontainers.WithImage(baseImage8), elasticsearch.WithoutCertRetrieval())
if err != nil {
t.Fatal(err)
}

t.Cleanup(func() {
if err := container.Terminate(ctx); err != nil {
t.Fatalf("failed to terminate container: %s", err)
}
})

if container.Settings.CACert != nil {
t.Fatal("expected CA cert to be empty")
}
}

// configureHTTPClient configures an HTTP client for the Elasticsearch container.
// If no certificate bytes are available, the default HTTP client will be returned.
// If certificate bytes are available, the client will be configured to use TLS with the certificate.
Expand Down
27 changes: 27 additions & 0 deletions modules/elasticsearch/examples_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,3 +112,30 @@ func ExampleRunContainer_connectUsingElasticsearchClient() {
fmt.Println(esResp.Tagline)
// Output: You Know, for Search
}

func ExampleRunContainer_withoutCertRetrieval() {
// withoutCertRetrieval {
ctx := context.Background()
elasticsearchContainer, err := elasticsearch.RunContainer(
ctx,
testcontainers.WithImage("docker.elastic.co/elasticsearch/elasticsearch:8.9.0"),
elasticsearch.WithoutCertRetrieval(),
)
if err != nil {
log.Fatalf("failed to start container: %s", err)
}
defer func() {
err := elasticsearchContainer.Terminate(ctx)
if err != nil {
log.Fatalf("failed to terminate container: %s", err)
}
}()
// }

fmt.Println(elasticsearchContainer.Settings.SkipCertRetrieval)
fmt.Println(elasticsearchContainer.Settings.CACert)

// Output:
// true
// nil
}
20 changes: 14 additions & 6 deletions modules/elasticsearch/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,18 @@ import (
// It could be used to build an HTTP client for the Elasticsearch container, as it will
// hold information on how to connect to the container.
type Options struct {
Address string
CACert []byte
Password string
Username string
Address string
CACert []byte
Password string
Username string
SkipCertRetrieval bool
}

func defaultOptions() *Options {
return &Options{
CACert: nil,
Username: defaultUsername,
CACert: nil,
Username: defaultUsername,
SkipCertRetrieval: false,
}
}

Expand All @@ -39,3 +41,9 @@ func WithPassword(password string) Option {
o.Password = password
}
}

func WithoutCertRetrieval() Option {
return func(o *Options) {
o.SkipCertRetrieval = true
}
}