search

testcontainers / testcontainers-java

Testcontainers is a Java library that supports JUnit tests, providing lightweight, throwaway instances of common databases, Selenium web browsers, or anything else that can run in a Docker container.
https://testcontainers.org
MIT License
8k stars 1.65k forks source link

[Bug]: New CassandraContainer implementation fails when ssl is enabled and required #9410

Open eddumelendez opened 11 hours ago

eddumelendez commented 11 hours ago

Module

Cassandra

Testcontainers version

1.20.2

Using the latest Testcontainers version?

Yes

Host OS

MacOS

Host Arch

ARM

Docker version

Client: Version: 24.0.6-rd API version: 1.43 Go version: go1.20.7 Git commit: da4c87c Built: Wed Sep 6 16:40:13 2023 OS/Arch: darwin/arm64 Context: tcd

Server: Testcontainers Cloud Engine: Version: 82+testcontainerscloud API version: 1.46 (minimum version 1.24) Go version: go1.21.12 Git commit: cc13f952511154a2866bddbb7dddebfe9e83b801 Built: Thu Aug 1 16:00:49 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.12 GitCommit: runc: Version: 1.1.12-0ubuntu2~22.04.1 GitCommit: docker-init: Version: 0.19.0 GitCommit:

What happened?

Spring Boot project uses Testcontainers to test SSL against different services, one of them is Cassandra. Recent update to the new org.testcontainers.cassandra.CassandraContainer broke the integration test and fixed switching the default strategy. See https://github.com/spring-projects/spring-boot/commit/e0152097f366ba6a868eb5f26426695e471632e7#diff-b0a149f2cf485e597a8b639871643e71e78ba76bc12580da827bce321e7e4859

Relevant log output

INFO [nioEventLoopGroup-2-7] 2024-10-15 10:55:28,562 Message.java:826 - Unexpected exception during request; channel = [id: 0xa3393c93, L:0.0.0.0/0.0.0.0:9042 ! R:/127.0.0.1:41786] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0400000001000000160001000b43514c5f56455253494f4e0005332e302e30 at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1057) ~[netty-all-4.0.44.Final.jar:4.0.44.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-all-4.0.44.Final.jar:4.0.44.Final]

Additional Information

I've seen some ways to make it work given that the new CassandraContainer implementation relies on cqlsh

  1. Make client_encryption_options.optional false. But, it will lose the the whole point of enabling SSL. See https://github.com/spring-projects/spring-boot/blob/main/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-data-cassandra/src/dockerTest/resources/ssl/cassandra.yaml#L1061
  2. Configure cqlsh with ssl but needs the ssl flag.
eddumelendez commented 11 hours ago

Hi @maximevw, your feedback is very welcome here :)

eddumelendez commented 11 hours ago

Also, I think it would be nice to have integration tests for ssl as well and make them part of the docs.

maximevw commented 7 hours ago

Hello @eddumelendez

I think the second option is better. We could add a method like withSsl to the CassandraContainer allowing the users to activate the ssl flag on cqlsh and specify the appropriate SSL client configuration. Sorry, I totally missed this point while I implemented cqlsh (I tested locally with SSL but the client_encryption_options.optional was true 🫣). I'm little busy right now, but I'll try to have a deeper look to this in the next days.