testcontainers · MitulShah1 · May 1, 2025 · May 2, 2025 · May 2, 2025 · May 2, 2025
@@ -2,10 +2,14 @@ package cassandra
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io"
+	"os"
 	"path/filepath"
 	"strings"
+	"time"
 
 	"github.com/docker/go-connections/nat"
 
@@ -14,28 +18,35 @@ import (
 )
 
 const (
-	port = nat.Port("9042/tcp")
+	port       = nat.Port("9042/tcp")
+	securePort = nat.Port("9142/tcp") // Common port for SSL/TLS connections
 )
 
 // CassandraContainer represents the Cassandra container type used in the module
 type CassandraContainer struct {
 	testcontainers.Container
+	settings Options
 }
 
-// ConnectionHost returns the host and port of the cassandra container, using the default, native 9000 port, and
+// ConnectionHost returns the host and port of the cassandra container, using the default, native port,
 // obtaining the host and exposed port from the container
 func (c *CassandraContainer) ConnectionHost(ctx context.Context) (string, error) {
 	host, err := c.Host(ctx)
 	if err != nil {
 		return "", err
 	}
 
-	port, err := c.MappedPort(ctx, port)
+	// Use the secure port if TLS is enabled
+	portToUse := port
+	if c.settings.IsTLSEnabled {
+		portToUse = securePort
+	}
+
+	mappedPort, err := c.MappedPort(ctx, portToUse)
 	if err != nil {
 		return "", err
 	}
-
-	return host + ":" + port.Port(), nil
+	return host + ":" + mappedPort.Port(), nil
 }
 
 // WithConfigFile sets the YAML config file to be used for the cassandra container
@@ -49,7 +60,6 @@ func WithConfigFile(configFile string) testcontainers.CustomizeRequestOption {
 			FileMode:          0o755,
 		}
 		req.Files = append(req.Files, cf)
-
 		return nil
 	}
 }
@@ -66,10 +76,8 @@ func WithInitScripts(scripts ...string) testcontainers.CustomizeRequestOption {
 				FileMode:          0o755,
 			}
 			initScripts = append(initScripts, cf)
-
 			execs = append(execs, initScript{File: cf.ContainerFilePath})
 		}
-
 		req.Files = append(req.Files, initScripts...)
 		return testcontainers.WithAfterReadyCommand(execs...)(req)
 	}
@@ -81,11 +89,62 @@ func RunContainer(ctx context.Context, opts ...testcontainers.ContainerCustomize
 	return Run(ctx, "cassandra:4.1.3", opts...)
 }
 
+// setupTLS configures TLS settings for the Cassandra container.
+func setupTLS(settings *Options) ([]string, []wait.Strategy, []testcontainers.ContainerCustomizer, error) {
+	exposePort := []string{string(port)}
+	waitStrategies := []wait.Strategy{
+		wait.ForListeningPort(port),
+		wait.ForExec([]string{"cqlsh", "-e", "SELECT bootstrapped FROM system.local"}).WithResponseMatcher(func(body io.Reader) bool {
+			data, _ := io.ReadAll(body)
+			return strings.Contains(string(data), "COMPLETED")
+		}).WithStartupTimeout(1 * time.Minute),
+	}
+	var tcOpts []testcontainers.ContainerCustomizer
+
+	if settings.IsTLSEnabled {
+		exposePort = append(exposePort, string(securePort))
+		waitStrategies = append(waitStrategies, wait.ForListeningPort(securePort).WithStartupTimeout(1*time.Minute))
+
+		keystorePath, certPath, err := GenerateJKSKeystore()
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("create SSL certs: %w", err)
+		}
+
+		tcOpts = append(tcOpts, testcontainers.WithFiles(
+			testcontainers.ContainerFile{
+				HostFilePath:      keystorePath,
+				ContainerFilePath: "/etc/cassandra/conf/keystore.jks",
+				FileMode:          0o644,
+			},
+			testcontainers.ContainerFile{
+				HostFilePath:      certPath,
+				ContainerFilePath: "/etc/cassandra/conf/cassandra.crt",
+				FileMode:          0o644,
+			}))
+
+		certPEM, err := os.ReadFile(certPath)
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("error while read certificate: %w", err)
+		}
+
+		certPool := x509.NewCertPool()
+		certPool.AppendCertsFromPEM(certPEM)
+
+		settings.TLSConfig = &tls.Config{
+			RootCAs:            certPool,
+			InsecureSkipVerify: true,
+			ServerName:         "localhost",
+			MinVersion:         tls.VersionTLS12,
+		}
+	}
+
+	return exposePort, waitStrategies, tcOpts, nil
+}
+
 // Run creates an instance of the Cassandra container type
 func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustomizer) (*CassandraContainer, error) {
 	req := testcontainers.ContainerRequest{
-		Image:        img,
-		ExposedPorts: []string{string(port)},
+		Image: img,
 		Env: map[string]string{
 			"CASSANDRA_SNITCH":          "GossipingPropertyFileSnitch",
 			"JVM_OPTS":                  "-Dcassandra.skip_wait_for_gossip_to_settle=0 -Dcassandra.initial_token=0",
@@ -94,21 +153,35 @@ func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustom
 			"CASSANDRA_ENDPOINT_SNITCH": "GossipingPropertyFileSnitch",
 			"CASSANDRA_DC":              "datacenter1",
 		},
-		WaitingFor: wait.ForAll(
-			wait.ForListeningPort(port),
-			wait.ForExec([]string{"cqlsh", "-e", "SELECT bootstrapped FROM system.local"}).WithResponseMatcher(func(body io.Reader) bool {
-				data, _ := io.ReadAll(body)
-				return strings.Contains(string(data), "COMPLETED")
-			}),
-		),
 	}
 
 	genericContainerReq := testcontainers.GenericContainerRequest{
 		ContainerRequest: req,
 		Started:          true,
 	}
 
+	var settings Options
 	for _, opt := range opts {
+		if opt, ok := opt.(Option); ok {
+			if err := opt(&settings); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	exposePort, waitStrategies, tcOpts, err := setupTLS(&settings)
+	if err != nil {
+		return nil, err
+	}
+
+	tcOpts = append(tcOpts, testcontainers.WithExposedPorts(exposePort...))
+	tcOpts = append(tcOpts, testcontainers.WithWaitStrategy(waitStrategies...))
+
+	// Append the customizers passed to the Run function.
+	tcOpts = append(tcOpts, opts...)
+
+	// Apply the testcontainers customizers.
+	for _, opt := range tcOpts {
 		if err := opt.Customize(&genericContainerReq); err != nil {
 			return nil, err
 		}
@@ -117,7 +190,7 @@ func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustom
 	container, err := testcontainers.GenericContainer(ctx, genericContainerReq)
 	var c *CassandraContainer
 	if container != nil {
-		c = &CassandraContainer{Container: container}
+		c = &CassandraContainer{Container: container, settings: settings}
 	}
 
 	if err != nil {
@@ -126,3 +199,8 @@ func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustom
 
 	return c, nil
 }
+
+// TLSConfig returns the TLS configuration for the Redis container, nil if TLS is not enabled.
+func (c *CassandraContainer) TLSConfig() *tls.Config {
+	return c.settings.TLSConfig
+}
@@ -2,8 +2,10 @@ package cassandra_test
 
 import (
 	"context"
+	"fmt"
 	"path/filepath"
 	"testing"
+	"time"
 
 	"github.com/gocql/gocql"
 	"github.com/stretchr/testify/require"
@@ -12,6 +14,8 @@ import (
 	"github.com/testcontainers/testcontainers-go/modules/cassandra"
 )
 
+const cassandraImage = "cassandra:4.1.3"
+
 type Test struct {
 	ID   uint64
 	Name string
@@ -20,7 +24,7 @@ type Test struct {
 func TestCassandra(t *testing.T) {
 	ctx := context.Background()
 
-	ctr, err := cassandra.Run(ctx, "cassandra:4.1.3")
+	ctr, err := cassandra.Run(ctx, cassandraImage)
 	testcontainers.CleanupContainer(t, ctr)
 	require.NoError(t, err)
 
@@ -52,7 +56,7 @@ func TestCassandra(t *testing.T) {
 func TestCassandraWithConfigFile(t *testing.T) {
 	ctx := context.Background()
 
-	ctr, err := cassandra.Run(ctx, "cassandra:4.1.3", cassandra.WithConfigFile(filepath.Join("testdata", "config.yaml")))
+	ctr, err := cassandra.Run(ctx, cassandraImage, cassandra.WithConfigFile(filepath.Join("testdata", "config.yaml")))
 	testcontainers.CleanupContainer(t, ctr)
 	require.NoError(t, err)
 
@@ -75,7 +79,7 @@ func TestCassandraWithInitScripts(t *testing.T) {
 		ctx := context.Background()
 
 		// withInitScripts {
-		ctr, err := cassandra.Run(ctx, "cassandra:4.1.3", cassandra.WithInitScripts(filepath.Join("testdata", "init.cql")))
+		ctr, err := cassandra.Run(ctx, cassandraImage, cassandra.WithInitScripts(filepath.Join("testdata", "init.cql")))
 		// }
 		testcontainers.CleanupContainer(t, ctr)
 		require.NoError(t, err)
@@ -99,7 +103,7 @@ func TestCassandraWithInitScripts(t *testing.T) {
 	t.Run("with init bash script", func(t *testing.T) {
 		ctx := context.Background()
 
-		ctr, err := cassandra.Run(ctx, "cassandra:4.1.3", cassandra.WithInitScripts(filepath.Join("testdata", "init.sh")))
+		ctr, err := cassandra.Run(ctx, cassandraImage, cassandra.WithInitScripts(filepath.Join("testdata", "init.sh")))
 		testcontainers.CleanupContainer(t, ctr)
 		require.NoError(t, err)
 
@@ -117,3 +121,42 @@ func TestCassandraWithInitScripts(t *testing.T) {
 		require.Equal(t, Test{ID: 1, Name: "NAME"}, test)
 	})
 }
+
+func TestCassandraSSL(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
+	defer cancel()
+
+	container, err := cassandra.Run(ctx, cassandraImage,
+		cassandra.WithConfigFile(filepath.Join("testdata", "cassandra-ssl.yaml")),
+		cassandra.WithSSL(),
+	)
+	testcontainers.CleanupContainer(t, container)
+	require.NoError(t, err)
+
+	// Get TLS configurations
+	tlsConfig := container.TLSConfig()
+
+	host, err := container.Host(ctx)
+	require.NoError(t, err)
+
+	sslPort, err := container.MappedPort(ctx, "9142/tcp")
+	require.NoError(t, err)
+
+	cluster := gocql.NewCluster(fmt.Sprintf("%s:%s", host, sslPort.Port()))
+	cluster.Consistency = gocql.Quorum
+	cluster.Timeout = 30 * time.Second
+	cluster.ConnectTimeout = 30 * time.Second
+	cluster.DisableInitialHostLookup = true
+	cluster.SslOpts = &gocql.SslOptions{
+		Config:                 tlsConfig,
+		EnableHostVerification: false,
+	}
+	var session *gocql.Session
+	session, err = cluster.CreateSession()
+	require.NoError(t, err)
+	defer session.Close()
+	var version string
+	err = session.Query("SELECT release_version FROM system.local").Scan(&version)
+	require.NoError(t, err)
+	require.NotEmpty(t, version)
+}
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"path/filepath"
+	"time"
 
 	"github.com/gocql/gocql"
 
@@ -67,3 +68,64 @@ func ExampleRun() {
 	// true
 	// 4.1.3
 }
+
+func ExampleRun_withSSL() {
+	ctx := context.Background()
+
+	cassandraContainer, err := cassandra.Run(ctx,
+		"cassandra:4.1.3",
+		cassandra.WithConfigFile(filepath.Join("testdata", "cassandra-ssl.yaml")),
+		cassandra.WithSSL(),
+	)
+	defer func() {
+		if err := testcontainers.TerminateContainer(cassandraContainer); err != nil {
+			log.Printf("failed to terminate container: %s", err)
+		}
+	}()
+	if err != nil {
+		log.Printf("failed to start container: %s", err)
+		return
+	}
+
+	host, err := cassandraContainer.Host(ctx)
+	if err != nil {
+		log.Printf("failed to get host: %s", err)
+		return
+	}
+
+	sslPort, err := cassandraContainer.MappedPort(ctx, "9142/tcp")
+	if err != nil {
+		log.Printf("failed to get SSL port: %s", err)
+		return
+	}
+
+	// Get TLS config
+	tlsConfig := cassandraContainer.TLSConfig()
+
+	cluster := gocql.NewCluster(fmt.Sprintf("%s:%s", host, sslPort.Port()))
+	cluster.Consistency = gocql.Quorum
+	cluster.Timeout = 30 * time.Second
+	cluster.ConnectTimeout = 30 * time.Second
+	cluster.DisableInitialHostLookup = true
+	cluster.SslOpts = &gocql.SslOptions{
+		Config:                 tlsConfig,
+		EnableHostVerification: false,
+	}
+	session, err := cluster.CreateSession()
+	if err != nil {
+		log.Printf("failed to create session: %s", err)
+		return
+	}
+	defer session.Close()
+
+	var version string
+	err = session.Query("SELECT release_version FROM system.local").Scan(&version)
+	if err != nil {
+		log.Printf("failed to query: %s", err)
+		return
+	}
+
+	fmt.Println(version)
+	// Output:
+	// 4.1.3
+}