Fix CassandraContainer wait strategy when SSL is configured#9419
Fix CassandraContainer wait strategy when SSL is configured#9419eddumelendez merged 6 commits intotestcontainers:mainfrom
Conversation
and reduce error logging while trying to connect to Cassandra database at container startup
eddumelendez
left a comment
eddumelendez
left a comment
There was a problem hiding this comment.
Hi @maximevw, sorry for the delay. I think the wait was worth because I recently learnt about SSL_CERTFILE env var which could avoid writing a cqlshrc file.
Let me know if you can take look at this. Otherwise, I can tackle it.
Thanks again!
modules/cassandra/src/main/java/org/testcontainers/cassandra/CassandraContainer.java
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,7 @@ | |||
| [ssl] | |||
There was a problem hiding this comment.
SSL_CERTFILE env var can be set with value. I recently learnt it from scylladb module. This will avoid creating a cqlshrc file. See https://github.com/testcontainers/testcontainers-java/blob/main/modules/scylladb/src/main/java/org/testcontainers/scylladb/ScyllaDBContainer.java#L81
There was a problem hiding this comment.
Hello @eddumelendez,
As stated in my previous message and after testing the different use cases, if client_encryption_options.require_client_auth is set to true in cassandra.yaml configuration file, the cqlshrc file becomes required because the environment variable SSL_CERTFILE is not sufficient to configure SSL properly on client-side and other required parameters ssl.usercert and ssl.userkey don't have equivalent env variables.
See:
That's why I used cqlshrc way: because it covers more possible configurations.
So, what we could do to avoid writing a cqlshrc in most use cases (by default, client auth is not required by server) is to have 2 methods withSsl:
withSsl(String clientCertFile, String clientKeyFile)using theSSL_CERTFILEenv variable for the default use case whereclient_encryption_options.require_client_authisfalseincassandra.yaml.withSsl(String clientCertFile, String clientKeyFile, boolean clientAuthRequired)using the appropriatecqlshrcfileclient_encryption_options.require_client_authistrueincassandra.yaml.
Let me know the solution you prefer and I'll implement it.
modules/cassandra/src/test/java/org/testcontainers/cassandra/CassandraContainerTest.java
Show resolved
Hide resolved
eddumelendez
changed the title
|
Hello @eddumelendez, Thank you for your review. I'll try to take a look in the next days. Regarding the |
Add test using simple cqlsh command with SSL configuration
eddumelendez
force-pushed
the
fix/issue-9410
branch
from
150bfb2 to
9b707ce
Compare
|
Thanks for your contribution! |
2 participants
This fixes issue #9410 and reduce error logging while trying to connect to Cassandra database at container startup (as discussed in #9337 (comment)).
The proposed solution introduces a method
withSslClientConfig(certFile, keyFile)to use when a secured connection (TLS) is required by the Cassandra server configuration. It allows to specify the client certificate and key to use when connection checks and init script execution are performed.The tests and documentation have been updated as well.