Skip to content

Commit

Permalink
Make fetching CA cert bytes in ElasticsearchContainer a lazy operation.
Browse files Browse the repository at this point in the history
Added the test to ensure the security can be enabled for Elasticsearch 7.x too
  • Loading branch information
pioorg committed Jan 9, 2024
1 parent 8f7f56c commit f777482
Showing 1 changed file with 44 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.testcontainers.containers.wait.strategy.HttpWaitStrategy;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.images.RemoteDockerImage;
import org.testcontainers.images.builder.Transferable;
import org.testcontainers.utility.DockerImageName;
import org.testcontainers.utility.MountableFile;

Expand Down Expand Up @@ -375,6 +376,49 @@ public void testElasticsearch8SecureByDefaultFailsSilentlyOnLatestImages() throw
}
}

@Test
public void testElasticsearch7CanHaveSecurityEnabledAndUseSslContext() throws Exception {
try (
ElasticsearchContainer container = new ElasticsearchContainer(
"docker.elastic.co/elasticsearch/elasticsearch:7.17.15"
)
.withPassword(ElasticsearchContainer.ELASTICSEARCH_DEFAULT_PASSWORD)
.withEnv("xpack.security.enabled", "true")
.withEnv("xpack.security.http.ssl.enabled", "true")
.withEnv("xpack.security.http.ssl.key", "/usr/share/elasticsearch/config/certs/elasticsearch.key")
.withEnv(
"xpack.security.http.ssl.certificate",
"/usr/share/elasticsearch/config/certs/elasticsearch.crt"
)
.withEnv(
"xpack.security.http.ssl.certificate_authorities",
"/usr/share/elasticsearch/config/certs/http_ca.crt"
)
// these lines show how certificates can be created self-made way
// obviously this shouldn't be done in prod environment, where proper and officially signed keys should be present
.withCopyToContainer(
Transferable.of(
"#!/bin/bash\n" +
"mkdir -p /usr/share/elasticsearch/config/certs;" +
"openssl req -x509 -newkey rsa:4096 -keyout /usr/share/elasticsearch/config/certs/elasticsearch.key -out /usr/share/elasticsearch/config/certs/elasticsearch.crt -days 365 -nodes -subj \"/CN=localhost\";" +
"openssl x509 -outform der -in /usr/share/elasticsearch/config/certs/elasticsearch.crt -out /usr/share/elasticsearch/config/certs/http_ca.crt;" +
"chown -R elasticsearch /usr/share/elasticsearch/config/certs/",
555
),
"/usr/share/elasticsearch/generate-certs.sh"
)
// because we need to generate the certificates before Elasticsearch starts, the entry command has to be tuned accordingly
.withCommand(
"sh",
"-c",
"/usr/share/elasticsearch/generate-certs.sh && /usr/local/bin/docker-entrypoint.sh"
);
) {
container.start();
assertClusterHealthResponse(container);
}
}

@Test
public void testElasticsearchDefaultMaxHeapSize() throws Exception {
long defaultHeapSize = 2147483648L;
Expand Down

0 comments on commit f777482

Please sign in to comment.