KEMBAR78
Fix CassandraContainer wait strategy when SSL is configured by maximevw · Pull Request #9419 · testcontainers/testcontainers-java · GitHub
Skip to content

Fix CassandraContainer wait strategy when SSL is configured #9419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 14, 2025
Merged

Fix CassandraContainer wait strategy when SSL is configured #9419

merged 6 commits into from
Oct 14, 2025
+1,487 −10

Conversation

@maximevw
Copy link
Contributor

This fixes issue #9410 and reduce error logging while trying to connect to Cassandra database at container startup (as discussed in #9337 (comment)).

The proposed solution introduces a method withSslClientConfig(certFile, keyFile) to use when a secured connection (TLS) is required by the Cassandra server configuration. It allows to specify the client certificate and key to use when connection checks and init script execution are performed.

The tests and documentation have been updated as well.

@maximevw
Fix issue testcontainers#9410
214c023 
and reduce error logging while trying to connect to Cassandra database at container startup
@maximevw maximevw requested a review from a team October 19, 2024 16:50
@maximevw maximevw mentioned this pull request Oct 19, 2024
Closed
eddumelendez
eddumelendez requested changes Feb 5, 2025
View reviewed changes
Copy link
Member

@eddumelendez eddumelendez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @maximevw, sorry for the delay. I think the wait was worth because I recently learnt about SSL_CERTFILE env var which could avoid writing a cqlshrc file.

Let me know if you can take look at this. Otherwise, I can tackle it.

Thanks again!

modules/cassandra/src/main/resources/cqlshrc
@@ -0,0 +1,7 @@
[ssl]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SSL_CERTFILE env var can be set with value. I recently learnt it from scylladb module. This will avoid creating a cqlshrc file. See https://github.com/testcontainers/testcontainers-java/blob/main/modules/scylladb/src/main/java/org/testcontainers/scylladb/ScyllaDBContainer.java#L81

Copy link
Contributor Author

@maximevw maximevw Feb 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @eddumelendez,

As stated in my previous message and after testing the different use cases, if client_encryption_options.require_client_auth is set to true in cassandra.yaml configuration file, the cqlshrc file becomes required because the environment variable SSL_CERTFILE is not sufficient to configure SSL properly on client-side and other required parameters ssl.usercert and ssl.userkey don't have equivalent env variables.

See:

That's why I used cqlshrc way: because it covers more possible configurations.

So, what we could do to avoid writing a cqlshrc in most use cases (by default, client auth is not required by server) is to have 2 methods withSsl:

  • withSsl(String clientCertFile, String clientKeyFile) using the SSL_CERTFILE env variable for the default use case where client_encryption_options.require_client_auth is false in cassandra.yaml.
  • withSsl(String clientCertFile, String clientKeyFile, boolean clientAuthRequired) using the appropriate cqlshrc file client_encryption_options.require_client_auth is true in cassandra.yaml.

Let me know the solution you prefer and I'll implement it.

@eddumelendez eddumelendez changed the title Fix issue #9410 Fix CassandraContainer wait strategy when SSL is configured Feb 5, 2025
@maximevw
Copy link
Contributor Author

maximevw commented Feb 6, 2025
edited
Loading

Hello @eddumelendez,

Thank you for your review. I'll try to take a look in the next days.

Regarding the SSL_CERTFILE env variable, I think I tested it, but I had issues if some other parameters such as ssl.userkey or ssl.usercert (not available through env variables if I remember well) were not present in the cqlshrc file. The cause was these properties are mandatory when require_client_auth is enabled on Cassandra server side.

@eddumelendez eddumelendez requested a review from a team as a code owner August 19, 2025 16:51
@eddumelendez eddumelendez added this to the next milestone Oct 14, 2025
@eddumelendez eddumelendez merged commit 16d93e3 into testcontainers:main Oct 14, 2025
101 checks passed
@eddumelendez
Copy link
Member

Thanks for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eddumelendez eddumelendez eddumelendez requested changes

Assignees

No one assigned

Labels

modules/cassandra type/docs

Projects

None yet

Milestone

2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@maximevw @eddumelendez