Add SSL to TarantoolCartridgeContainer

Author: iDneprov

pom.xml

@@ -90,6 +90,12 @@
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.28</version>
+            <scope>provided</scope>
+        </dependency>
 
         <!-- Test dependencies -->
         <dependency>

src/main/java/org/testcontainers/containers/SslContext.java

@@ -0,0 +1,32 @@
+package org.testcontainers.containers;
+
+import lombok.AllArgsConstructor;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.NonNull;
+import lombok.ToString;
+
+@Getter
+@NoArgsConstructor(staticName = "getSslContext")
+@AllArgsConstructor(staticName = "getSslContext")
+@ToString(includeFieldNames=true)
+@EqualsAndHashCode
+public class SslContext {
+    @NonNull
+    private String keyFile;
+    @NonNull
+    private String certFile;
+
+//    public SslContext(@NonNull String keyFile, @NonNull String certFile) {
+//        if (keyFile.isEmpty()) {
+//            throw new RuntimeException("Parameter keyFile can not be empty String");
+//        }
+//        if (certFile.isEmpty()) {
+//            throw new RuntimeException("Parameter certFile can not be empty String");
+//        }
+//
+//        this.keyFile = keyFile;
+//        this.certFile = certFile;
+//    }
+}

src/main/java/org/testcontainers/containers/TarantoolCartridgeContainer.java

@@ -120,9 +120,7 @@ public class TarantoolCartridgeContainer extends GenericContainer<TarantoolCartr
     private String directoryResourcePath = SCRIPT_RESOURCE_DIRECTORY;
     private String instanceDir = INSTANCE_DIR;
     private String topologyConfigurationFile;
-    private Boolean sslIsActive = false;
-    private String keyFile = "";
-    private String certFile = "";
+    private SslContext sslContext ;
 
     /**
      * Create a container with default image and specified instances file from the classpath resources. Assumes that
@@ -193,6 +191,21 @@ public TarantoolCartridgeContainer(String dockerFile, String buildImageName, Str
         this(buildImage(dockerFile, buildImageName), instancesFile, topologyConfigurationFile, buildArgs);
     }
 
+    /**
+     * Create a container with specified image and specified instances file from the classpath resources. By providing
+     * the result Cartridge container image name, you can cache the image and avoid rebuilding on each test run (the
+     * image is tagged with the provided name and not deleted after tests finishing).
+     *
+     * @param tarantoolImageParams params for cached image creating
+     * @param instancesFile             URL resource path to instances.yml relative in the classpath
+     * @param topologyConfigurationFile URL resource path to a topology bootstrap script in the classpath
+     */
+    public TarantoolCartridgeContainer(TarantoolImageParams tarantoolImageParams, String instancesFile,
+                                       String topologyConfigurationFile) {
+        this(new ImageFromDockerfile(TarantoolContainerImageHelper.getImage(tarantoolImageParams)), instancesFile,
+            topologyConfigurationFile, tarantoolImageParams.getBuildArgs());
+    }
+
     private TarantoolCartridgeContainer(ImageFromDockerfile image, String instancesFile, String topologyConfigurationFile,
                                         Map<String, String> buildArgs) {
         super(withBuildArgs(image, buildArgs));
@@ -251,29 +264,15 @@ private static ImageFromDockerfile buildImage(String dockerFile, String buildIma
     }
 
     /**
-     * Specify SSL as connection transport.
-     * Warning! SSL must be set as default transport on your tarantool cluster.
-     * Supported only in Tarantool Enterprise
-     *
-     * @return this container instance
-     */
-    public TarantoolCartridgeContainer withSsl() {
-        checkNotRunning();
-        this.sslIsActive = true;
-        return this;
-    }
-
-    /**
-     * Specify path to key and cert files inside your container for SSL connection.
+     * Specify SSL as connection transport. And path to key and cert files inside your container for mTLS connection
      * Warning! SSL must be set as default transport on your tarantool cluster.
      * Supported only in Tarantool Enterprise
      *
      * @return this container instance
      */
-    public TarantoolCartridgeContainer withKeyAndCertFiles(String keyFile, String certFile) {
+    public TarantoolCartridgeContainer withSslContext(SslContext sslContext) {
         checkNotRunning();
-        this.keyFile = keyFile;
-        this.certFile = certFile;
+        this.sslContext = sslContext;
         return this;
     }
 
@@ -634,21 +633,21 @@ private boolean isCartridgeHealthy() {
 
     @Override
     public ExecResult executeScript(String scriptResourcePath) throws Exception {
-        return clientHelper.executeScript(scriptResourcePath, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeScript(scriptResourcePath, this.sslContext);
     }
 
     @Override
     public <T> T executeScriptDecoded(String scriptResourcePath) throws Exception {
-        return clientHelper.executeScriptDecoded(scriptResourcePath, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeScriptDecoded(scriptResourcePath, this.sslContext);
     }
 
     @Override
     public ExecResult executeCommand(String command) throws Exception {
-        return clientHelper.executeCommand(command, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeCommand(command, this.sslContext);
     }
 
     @Override
     public <T> T executeCommandDecoded(String command) throws Exception {
-        return clientHelper.executeCommandDecoded(command, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeCommandDecoded(command, this.sslContext);
     }
 }

src/main/java/org/testcontainers/containers/TarantoolContainer.java

@@ -37,15 +37,13 @@ public class TarantoolContainer extends GenericContainer<TarantoolContainer>
     private String password = API_PASSWORD;
     private String host = DEFAULT_HOST;
     private Integer port = DEFAULT_PORT;
-    private Boolean sslIsActive = false;
-    private String keyFile = "";
-    private String certFile = "";
     private TarantoolLogLevel logLevel = LOG_LEVEL;
     private Integer memtxMemory = MEMTX_MEMORY;
     private String directoryResourcePath = SCRIPT_RESOURCE_DIRECTORY;
     private String scriptFileName = SCRIPT_FILENAME;
     private String instanceDir = INSTANCE_DIR;
     private boolean useFixedPorts = false;
+    private SslContext sslContext;
 
     private final TarantoolContainerClientHelper clientHelper;
 
@@ -171,29 +169,15 @@ public TarantoolContainer withPassword(String password) {
 
 
     /**
-     * Specify SSL as connection transport.
+     * Specify SSL as connection transport. And path to key and cert files inside your container for mTLS connection
      * Warning! SSL must be set as default transport on your tarantool cluster.
      * Supported only in Tarantool Enterprise
      *
      * @return this container instance
      */
-    public TarantoolContainer withSsl() {
+    public TarantoolContainer withSslContext(SslContext sslContext) {
         checkNotRunning();
-        this.sslIsActive = true;
-        return this;
-    }
-
-    /**
-     * Specify path to key and cert files inside your container for SSL connection.
-     * Warning! SSL must be set as default transport on your tarantool cluster.
-     * Supported only in Tarantool Enterprise
-     *
-     * @return this container instance
-     */
-    public TarantoolContainer withKeyAndCertFiles(String keyFile, String certFile) {
-        checkNotRunning();
-        this.keyFile = keyFile;
-        this.certFile = certFile;
+        this.sslContext = sslContext;
         return this;
     }
 
@@ -370,21 +354,21 @@ protected void containerIsStopping(InspectContainerResponse containerInfo) {
 
     @Override
     public Container.ExecResult executeScript(String scriptResourcePath) throws Exception {
-        return clientHelper.executeScript(scriptResourcePath, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeScript(scriptResourcePath, this.sslContext);
     }
 
     @Override
     public <T> T executeScriptDecoded(String scriptResourcePath) throws Exception {
-        return clientHelper.executeScriptDecoded(scriptResourcePath, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeScriptDecoded(scriptResourcePath, this.sslContext);
     }
 
     @Override
     public Container.ExecResult executeCommand(String command) throws Exception {
-        return clientHelper.executeCommand(command, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeCommand(command, this.sslContext);
     }
 
     @Override
     public <T> T executeCommandDecoded(String command) throws Exception {
-        return clientHelper.executeCommandDecoded(command, this.sslIsActive, this.keyFile, this.certFile);
+        return clientHelper.executeCommandDecoded(command, this.sslContext);
     }
 }

src/main/java/org/testcontainers/containers/TarantoolContainerClientHelper.java

@@ -60,19 +60,19 @@ public final class TarantoolContainerClientHelper {
         this.container = container;
     }
 
-    public Container.ExecResult executeScript(String scriptResourcePath, Boolean sslIsActive, String keyFile, String certFile) throws IOException, InterruptedException {
+    public Container.ExecResult executeScript(String scriptResourcePath, SslContext sslContext) throws IOException, InterruptedException {
         if (!container.isRunning()) {
             throw new IllegalStateException("Cannot execute scripts in stopped container");
         }
 
         String scriptName = Paths.get(scriptResourcePath).getFileName().toString();
         String containerPath = normalizePath(Paths.get(TMP_DIR, scriptName));
         container.copyFileToContainer(MountableFile.forClasspathResource(scriptResourcePath), containerPath);
-        return executeCommand(String.format("return dofile('%s')", containerPath), sslIsActive, keyFile, certFile);
+        return executeCommand(String.format("return dofile('%s')", containerPath), sslContext);
     }
 
-    public <T> T executeScriptDecoded(String scriptResourcePath, Boolean sslIsActive, String keyFile, String certFile) throws IOException, InterruptedException, ExecutionException {
-        Container.ExecResult result = executeScript(scriptResourcePath, sslIsActive, keyFile, certFile);
+    public <T> T executeScriptDecoded(String scriptResourcePath, SslContext sslContext) throws IOException, InterruptedException, ExecutionException {
+        Container.ExecResult result = executeScript(scriptResourcePath, sslContext);
 
         if (result.getExitCode() != 0) {
 
@@ -91,7 +91,7 @@ public <T> T executeScriptDecoded(String scriptResourcePath, Boolean sslIsActive
         return yaml.load(result.getStdout());
     }
 
-    public Container.ExecResult executeCommand(String command, Boolean sslIsActive, String keyFile, String certFile) throws IOException, InterruptedException {
+    public Container.ExecResult executeCommand(String command, SslContext sslContext) throws IOException, InterruptedException {
         if (!container.isRunning()) {
             throw new IllegalStateException("Cannot execute commands in stopped container");
         }
@@ -100,20 +100,24 @@ public Container.ExecResult executeCommand(String command, Boolean sslIsActive,
         command = command.replace("\'", "\\\'");
 
         String bashCommand;
-        if (!keyFile.isEmpty() && !certFile.isEmpty()) {
+        // No SSL
+        if (sslContext == null) {
+            bashCommand = String.format(COMMAND_TEMPLATE,
+                container.getHost(), container.getInternalPort(),
+                container.getUsername(), container.getPassword(),
+                command
+            );
+        // mTLS
+        } else if (sslContext.getKeyFile() != null && sslContext.getCertFile() != null) {
             bashCommand = String.format(MTLS_COMMAND_TEMPLATE,
                 container.getHost(), container.getInternalPort(),
-                keyFile, certFile,
+                sslContext.getKeyFile(), sslContext.getCertFile(),
                 container.getUsername(), container.getPassword(),
                 command
             );
+        // SSL
         } else {
-            String commandTemplate = COMMAND_TEMPLATE;
-            if (sslIsActive) {
-                commandTemplate = SSL_COMMAND_TEMPLATE;
-            }
-
-            bashCommand = String.format(commandTemplate,
+            bashCommand = String.format(SSL_COMMAND_TEMPLATE,
                 container.getHost(), container.getInternalPort(),
                 container.getUsername(), container.getPassword(),
                 command
@@ -123,8 +127,8 @@ public Container.ExecResult executeCommand(String command, Boolean sslIsActive,
         return container.execInContainer("sh", "-c", bashCommand);
     }
 
-    public <T> T executeCommandDecoded(String command, Boolean sslIsActive, String keyFile, String certFile) throws IOException, InterruptedException {
-        Container.ExecResult result = executeCommand(command, sslIsActive, keyFile, certFile);
+    public <T> T executeCommandDecoded(String command, SslContext sslContext) throws IOException, InterruptedException {
+        Container.ExecResult result = executeCommand(command, sslContext);
 
         if (result.getExitCode() != 0) {
             throw new IllegalStateException(String.format(EXECUTE_COMMAND_ERROR_TEMPLATE,

src/test/java/org/testcontainers/containers/Enterprise/TarantoolCartridgeMtlsContainerTestEnterprise.java

@@ -0,0 +1,72 @@
+package org.testcontainers.containers.Enterprise;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.CartridgeContainerTestUtils;
+import org.testcontainers.containers.Container.ExecResult;
+import org.testcontainers.containers.SslContext;
+import org.testcontainers.containers.TarantoolCartridgeBootstrapFromYamlTest;
+import org.testcontainers.containers.TarantoolCartridgeContainer;
+import org.testcontainers.containers.TarantoolContainer;
+import org.testcontainers.containers.TarantoolImageParams;
+import org.testcontainers.containers.output.Slf4jLogConsumer;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import org.testcontainers.utility.MountableFile;
+
+import java.io.File;
+import java.time.Duration;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * @author Ivan Dneprov
+ */
+@Testcontainers
+public class TarantoolCartridgeMtlsContainerTestEnterprise {
+
+    private static TarantoolCartridgeContainer containerWithSsl;
+
+    @BeforeAll
+    public static void setUp() throws Exception {
+        final File dockerfile = new File(
+            TarantoolMTlsContainerTestEnterprise.class.getClassLoader()
+                .getResource("enterprise/ssl/mtls/Dockerfile").toURI()
+        );
+        final Map<String, String> buildArgs = new HashMap<>();
+        buildArgs.put("DOWNLOAD_SDK_URI", System.getenv("DOWNLOAD_SDK_URI"));
+        buildArgs.put("SDK_VERSION", System.getenv("SDK_VERSION"));
+
+        containerWithSsl = new TarantoolCartridgeContainer(
+            new TarantoolImageParams("tarantool-enterprise", dockerfile, buildArgs),
+            "cartridge/instances.yml", "cartridge/replicasets.yml")
+            .withCopyFileToContainer(MountableFile.forClasspathResource("cartridge"), "/app")
+            .withCopyFileToContainer(MountableFile.forClasspathResource("enterprise/ssl"), "/app")
+            .withStartupTimeout(Duration.ofSeconds(300))
+            .withLogConsumer(new Slf4jLogConsumer(
+                LoggerFactory.getLogger(TarantoolCartridgeMtlsContainerTestEnterprise.class)));
+
+        if (!containerWithSsl.isRunning()) {
+            containerWithSsl.start();
+        }
+    }
+
+    @Test
+    public void test_clientWithSsl_shouldWork() throws Exception {
+        HashMap result = containerWithSsl.executeCommandDecoded("box.cfg.listen");
+        HashMap params = (HashMap) result.get("params");
+        assertEquals("ssl", params.get("transport"));
+        assertEquals("server.key", params.get("ssl_key_file"));
+        assertEquals("server.crt", params.get("ssl_cert_file"));
+        assertEquals("ca.crt", params.get("ssl_ca_file"));
+    }
+
+    @Test
+    public void test_StaticClusterContainer_StartsSuccessfully_ifFilesAreCopied() throws Exception {
+        CartridgeContainerTestUtils.executeProfileReplaceSmokeTest(containerWithSsl);
+    }
+}

src/test/java/org/testcontainers/containers/Enterprise/TarantoolMTlsContainerTestEnterprise.java

@@ -4,6 +4,7 @@
 import org.junit.jupiter.api.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.SslContext;
 import org.testcontainers.containers.TarantoolContainer;
 import org.testcontainers.containers.TarantoolImageParams;
 import org.testcontainers.containers.output.Slf4jLogConsumer;
@@ -40,8 +41,7 @@ public static void setUp() throws Exception {
             .withPassword("test_password")
             .withMemtxMemory(256 * 1024 * 1024)
             .withDirectoryBinding("enterprise/ssl/mtls")
-            .withSsl()
-            .withKeyAndCertFiles("/app/ca.key", "/app/ca.crt")
+            .withSslContext(SslContext.getSslContext("/app/ca.key", "/app/ca.crt"))
             .withLogConsumer(new Slf4jLogConsumer(log));
 
         if (!containerWithSsl.isRunning()) {

src/test/java/org/testcontainers/containers/Enterprise/TarantoolSslContainerTestEnterprise.java

@@ -4,6 +4,7 @@
 import org.junit.jupiter.api.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.SslContext;
 import org.testcontainers.containers.TarantoolContainer;
 import org.testcontainers.containers.TarantoolImageParams;
 import org.testcontainers.containers.output.Slf4jLogConsumer;
@@ -40,7 +41,7 @@ public static void setUp() throws Exception {
             .withPassword("test_password")
             .withMemtxMemory(256 * 1024 * 1024)
             .withDirectoryBinding("enterprise/ssl")
-            .withSsl()
+            .withSslContext(SslContext.getSslContext())
             .withLogConsumer(new Slf4jLogConsumer(log));
 
         if (!containerWithSsl.isRunning()) {