Fix CassandraContainer wait strategy when SSL is configured by maximevw · Pull Request #9419 · testcontainers/testcontainers-java (original) (raw)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @eddumelendez,

As stated in my previous message and after testing the different use cases, if client_encryption_options.require_client_auth is set to true in cassandra.yaml configuration file, the cqlshrc file becomes required because the environment variable SSL_CERTFILE is not sufficient to configure SSL properly on client-side and other required parameters ssl.usercert and ssl.userkey don't have equivalent env variables.

See:

• cqlshrc SSL options
• Using cqlsh with SSL
• Cassandra server - client encryption options reference

That's why I used cqlshrc way: because it covers more possible configurations.

So, what we could do to avoid writing a cqlshrc in most use cases (by default, client auth is not required by server) is to have 2 methods withSsl:

• withSsl(String clientCertFile, String clientKeyFile) using the SSL_CERTFILE env variable for the default use case where client_encryption_options.require_client_auth is false in cassandra.yaml.
• withSsl(String clientCertFile, String clientKeyFile, boolean clientAuthRequired) using the appropriate cqlshrc file client_encryption_options.require_client_auth is true in cassandra.yaml.

Let me know the solution you prefer and I'll implement it.