From 23878f9a66875953e753d493d9b1f882d2a619dc Mon Sep 17 00:00:00 2001
From: David Pilato <david@pilato.fr>
Date: Mon, 3 Feb 2020 15:39:54 +0100
Subject: [PATCH 1/3] Add withPassword(String) method to secure Elasticsearch

Instead of providing env settings manually, we can simplify the usage of Elasticsearch in the context of TestContainers by just asking a password.
Behind the scene, we do provide the needed env settings.

We also check that we can not define the password on OSS image.
---
 docs/modules/elasticsearch.md                    |  2 +-
 .../elasticsearch/ElasticsearchContainer.java    | 16 ++++++++++++++++
 .../ElasticsearchContainerTest.java              |  7 ++-----
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/docs/modules/elasticsearch.md b/docs/modules/elasticsearch.md
index f84a7840e4c..9e89b4cf961 100644
--- a/docs/modules/elasticsearch.md
+++ b/docs/modules/elasticsearch.md
@@ -22,7 +22,7 @@ or set `client.transport.ignore_cluster_name` to `true`.
 ## Secure your Elasticsearch cluster
 
 The default distribution of Elasticsearch comes with the basic license which contains security feature.
-You can turn on security by providing some extra environment settings:
+You can turn on security by providing a password:
 
 <!--codeinclude-->
 [HttpClient](../../modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java) inside_block:httpClientSecuredContainer
diff --git a/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java b/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java
index e0880aa7849..fdfe7dd1b26 100644
--- a/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java
+++ b/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java
@@ -75,6 +75,22 @@ public ElasticsearchContainer(final DockerImageName dockerImageName) {
             .withStartupTimeout(Duration.ofMinutes(2)));
     }
 
+    /**
+     * Define the Elasticsearch password to set. It enables security behind the scene.
+     * It's not possible to use security with the oss image.
+     * @param password  Password to set
+     * @return this
+     */
+    public ElasticsearchContainer withPassword(String password) {
+        if (getDockerImageName().startsWith(DEFAULT_OSS_IMAGE_NAME.getUnversionedPart())) {
+            throw new IllegalArgumentException("You can not activate security on Elastic OSS Image. " +
+                "Please switch to the default distribution");
+        }
+        withEnv("ELASTIC_PASSWORD", password);
+        withEnv("xpack.security.enabled", "true");
+        return this;
+    }
+
     public String getHttpHostAddress() {
         return getHost() + ":" + getMappedPort(ELASTICSEARCH_DEFAULT_PORT);
     }
diff --git a/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java b/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java
index f86f1e8c104..fb6375d72c9 100644
--- a/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java
+++ b/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java
@@ -110,9 +110,7 @@ public void elasticsearchDefaultTest() throws IOException {
     @Test
     public void elasticsearchSecuredTest() throws IOException {
         try (ElasticsearchContainer container = new ElasticsearchContainer(ELASTICSEARCH_IMAGE)
-            .withEnv("ELASTIC_PASSWORD", ELASTICSEARCH_PASSWORD)
-            .withEnv("xpack.security.enabled", "true")
-        ) {
+            .withPassword(ELASTICSEARCH_PASSWORD)) {
             container.start();
 
             // The cluster should be secured so it must fail when we try to access / without credentials
@@ -191,8 +189,7 @@ public void restClientSecuredClusterHealth() throws IOException {
         // Create the elasticsearch container.
         try (ElasticsearchContainer container = new ElasticsearchContainer(ELASTICSEARCH_IMAGE)
             // With a password
-            .withEnv("ELASTIC_PASSWORD", ELASTICSEARCH_PASSWORD)
-            .withEnv("xpack.security.enabled", "true")) {
+            .withPassword(ELASTICSEARCH_PASSWORD)) {
             // Start the container. This step might take some time...
             container.start();
 

From c351a5670b9a6ddeafd7bbe2daed7c7d01e6d63d Mon Sep 17 00:00:00 2001
From: David Pilato <david@pilato.fr>
Date: Fri, 16 Oct 2020 11:37:46 +0200
Subject: [PATCH 2/3] Add missing test

---
 .../elasticsearch/ElasticsearchContainerTest.java   | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java b/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java
index fb6375d72c9..0b7db695bf7 100644
--- a/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java
+++ b/modules/elasticsearch/src/test/java/org/testcontainers/elasticsearch/ElasticsearchContainerTest.java
@@ -236,6 +236,19 @@ public void transportClientClusterHealth() {
         // }
     }
 
+    @Test
+    public void incompatibleSettingsTest() {
+        // The OSS image can not use security feature
+        assertThrows("We should not be able to activate security with an OSS License",
+            IllegalArgumentException.class,
+            () -> new ElasticsearchContainer(
+                DockerImageName
+                    .parse("docker.elastic.co/elasticsearch/elasticsearch-oss")
+                    .withTag(ELASTICSEARCH_VERSION))
+            .withPassword("foo")
+        );
+    }
+
     private RestClient getClient(ElasticsearchContainer container) {
         if (client == null) {
             final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();

From d2149b1715f0135b29f34d5e8161ce8016df61f3 Mon Sep 17 00:00:00 2001
From: David Pilato <david@pilato.fr>
Date: Fri, 16 Oct 2020 13:46:27 +0200
Subject: [PATCH 3/3] Use `isCompatibleWith` instead

---
 .../elasticsearch/ElasticsearchContainer.java              | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java b/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java
index fdfe7dd1b26..acbca15aaf5 100644
--- a/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java
+++ b/modules/elasticsearch/src/main/java/org/testcontainers/elasticsearch/ElasticsearchContainer.java
@@ -39,6 +39,7 @@ public class ElasticsearchContainer extends GenericContainer<ElasticsearchContai
      */
     @Deprecated
     protected static final String DEFAULT_TAG = "7.9.2";
+    private boolean isOss = false;
 
     /**
      * @deprecated use {@link ElasticsearchContainer(DockerImageName)} instead
@@ -65,6 +66,10 @@ public ElasticsearchContainer(final DockerImageName dockerImageName) {
 
         dockerImageName.assertCompatibleWith(DEFAULT_IMAGE_NAME, DEFAULT_OSS_IMAGE_NAME);
 
+        if (dockerImageName.isCompatibleWith(DEFAULT_OSS_IMAGE_NAME)) {
+            this.isOss = true;
+        }
+
         logger().info("Starting an elasticsearch container using [{}]", dockerImageName);
         withNetworkAliases("elasticsearch-" + Base58.randomString(6));
         withEnv("discovery.type", "single-node");
@@ -82,7 +87,7 @@ public ElasticsearchContainer(final DockerImageName dockerImageName) {
      * @return this
      */
     public ElasticsearchContainer withPassword(String password) {
-        if (getDockerImageName().startsWith(DEFAULT_OSS_IMAGE_NAME.getUnversionedPart())) {
+        if (isOss) {
             throw new IllegalArgumentException("You can not activate security on Elastic OSS Image. " +
                 "Please switch to the default distribution");
         }