Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: New CassandraContainer implementation fails when ssl is enabled and required #9410

Open
eddumelendez opened this issue Oct 16, 2024 · 5 comments

Comments

@eddumelendez
Copy link
Member

Module

Cassandra

Testcontainers version

1.20.2

Using the latest Testcontainers version?

Yes

Host OS

MacOS

Host Arch

ARM

Docker version

Client:
Version: 24.0.6-rd
API version: 1.43
Go version: go1.20.7
Git commit: da4c87c
Built: Wed Sep 6 16:40:13 2023
OS/Arch: darwin/arm64
Context: tcd

Server: Testcontainers Cloud
Engine:
Version: 82+testcontainerscloud
API version: 1.46 (minimum version 1.24)
Go version: go1.21.12
Git commit: cc13f952511154a2866bddbb7dddebfe9e83b801
Built: Thu Aug 1 16:00:49 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.12
GitCommit:
runc:
Version: 1.1.12-0ubuntu2~22.04.1
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:

What happened?

Spring Boot project uses Testcontainers to test SSL against different services, one of them is Cassandra. Recent update to the new org.testcontainers.cassandra.CassandraContainer broke the integration test and fixed switching the default strategy. See spring-projects/spring-boot@e015209#diff-b0a149f2cf485e597a8b639871643e71e78ba76bc12580da827bce321e7e4859

Relevant log output

INFO [nioEventLoopGroup-2-7] 2024-10-15 10:55:28,562 Message.java:826 - Unexpected exception during request; channel = [id: 0xa3393c93, L:0.0.0.0/0.0.0.0:9042 ! R:/127.0.0.1:41786]
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0400000001000000160001000b43514c5f56455253494f4e0005332e302e30
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1057) ~[netty-all-4.0.44.Final.jar:4.0.44.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-all-4.0.44.Final.jar:4.0.44.Final]

Additional Information

I've seen some ways to make it work given that the new CassandraContainer implementation relies on cqlsh

  1. Make client_encryption_options.optional false. But, it will lose the the whole point of enabling SSL. See https://github.com/spring-projects/spring-boot/blob/main/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-data-cassandra/src/dockerTest/resources/ssl/cassandra.yaml#L1061
  2. Configure cqlsh with ssl but needs the ssl flag.
@eddumelendez
Copy link
Member Author

Hi @maximevw, your feedback is very welcome here :)

@eddumelendez
Copy link
Member Author

Also, I think it would be nice to have integration tests for ssl as well and make them part of the docs.

@maximevw
Copy link
Contributor

Hello @eddumelendez

I think the second option is better. We could add a method like withSsl to the CassandraContainer allowing the users to activate the ssl flag on cqlsh and specify the appropriate SSL client configuration.
Sorry, I totally missed this point while I implemented cqlsh (I tested locally with SSL but the client_encryption_options.optional was true 🫣).
I'm little busy right now, but I'll try to have a deeper look to this in the next days.

@kiview kiview changed the title [Bug]: New CassandraCotainer implementation fails when ssl is enabled and required [Bug]: New CassandraContainer implementation fails when ssl is enabled and required Oct 16, 2024
maximevw added a commit to maximevw/testcontainers-java that referenced this issue Oct 19, 2024
and reduce error logging while trying to connect to Cassandra database at container startup
@maximevw
Copy link
Contributor

maximevw commented Oct 19, 2024

Hello @eddumelendez @kiview

I submitted the PR #9419 to fix this issue. I let you review it.

@maximevw
Copy link
Contributor

maximevw commented Dec 2, 2024

Hello @eddumelendez @kiview,
Little up 🙂, I don't if you think this PR is still useful. If yes, so I let you review as soon as you have time for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants