Addresses review modulo cleanup

testcontainers · Dec 24, 2024 · 9e15ac5 · 9e15ac5
1 parent ab0e3ff
commit 9e15ac5
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 30 deletions.
diff --git a/docs/modules/postgres.md b/docs/modules/postgres.md
@@ -75,17 +75,17 @@ This function can be used `WithSSLSettings` but requires your configuration corr
 
 - Not available until the next release of testcontainers-go <a href="https://github.com/testcontainers/testcontainers-go"><span class="tc-version">:material-tag: main</span></a>
 
-If you would like to use SSL with the container you can use the `WithSSLSettings`. This function accepts a `SSLSettings` which has the required secret material, namely the ca-certificate, server certificate and key. The container will copy this material to `/tmp/data/ca_cert.pem`, `tmp/data/server.cert` and `/tmp/data/server.key`
+If you would like to use SSL with the container you can use the `WithSSLSettings`. This function accepts a `SSLSettings` which has the required secret material, namely the ca-certificate, server certificate and key. The container will copy this material to `/tmp/testcontainers-go/postgres/ca_cert.pem`, `/tmp/testcontainers-go/postgres/server.cert` and `/tmp/testcontainers-go/postgres/server.key`
 
 This function requires a custom postgres configuration file that enables SSL and correctly sets the paths on the key material.
 
 If you use this function by itself or in conjuction with `WithConfigFile` your custom conf must set the require ssl fields. The configuration must correctly align the key material provided via `SSLSettings` with the server configuration, namely the paths. Your configuration will need to contain the following:
 
  ```
  ssl = on
-ssl_ca_file = '/tmp/data/ca_cert.pem'
-ssl_cert_file = '/tmp/data/server.cert'
-ssl_key_file = '/tmp/data/server.key'
+ssl_ca_file = '/tmp/testcontainers-go/postgres/ca_cert.pem'
+ssl_cert_file = '/tmp/testcontainers-go/postgres/server.cert'
+ssl_key_file = '/tmp/testcontainers-go/postgres/server.key'
  ```
 
 This function assumes the postgres user in the container is `postgres`

diff --git a/modules/postgres/postgres.go b/modules/postgres/postgres.go
@@ -5,14 +5,12 @@ import (
 	"fmt"
 	"io"
 	"net"
-	"os"
 	"path/filepath"
 	"strings"
 
 	_ "embed"
 
 	"github.com/testcontainers/testcontainers-go"
-	"github.com/testcontainers/testcontainers-go/wait"
 )
 
 const (
@@ -192,11 +190,7 @@ func WithSnapshotName(name string) SnapshotOption {
 // WithSSLSettings configures the Postgres server to run with the provided CA Chain
 // This will not function if the corresponding postgres conf is not correctly configured.
 // Namely the paths below must match what is set in the conf file
-func WithSSLCert(caCertFile, certFile, keyFile) testcontainers.CustomizeRequestOption {
-	const postgresCaCertPath = "/tmp/data/ca_cert.pem"
-	const postgresCertPath = "/tmp/data/server.cert"
-	const postgresKeyPath = "/tmp/data/server.key"
-
+func WithSSLCert(caCertFile string, certFile string, keyFile string) testcontainers.CustomizeRequestOption {
 	const defaultPermission = 0o600
 
 	return func(req *testcontainers.GenericContainerRequest) error {
@@ -205,27 +199,27 @@ func WithSSLCert(caCertFile, certFile, keyFile) testcontainers.CustomizeRequestO
 		req.Files = append(req.Files,
 			testcontainers.ContainerFile{
 				HostFilePath:      caCertFile,
-				ContainerFilePath: "/tmp/certs/ca_cert.pem",
+				ContainerFilePath: "/tmp/testcontainers-go/postgres/ca_cert.pem",
 				FileMode:          defaultPermission,
 			},
 			testcontainers.ContainerFile{
 				HostFilePath:      certFile,
-				ContainerFilePath: "/tmp/certs/server.cert",
+				ContainerFilePath: "/tmp/testcontainers-go/postgres/server.cert",
 				FileMode:          defaultPermission,
 			},
 			testcontainers.ContainerFile{
 				HostFilePath:      keyFile,
-				ContainerFilePath: "/tmp/data/server.key",
+				ContainerFilePath: "/tmp/testcontainers-go/postgres/server.key",
 				FileMode:          defaultPermission,
 			},
 			testcontainers.ContainerFile{
 				Reader:            strings.NewReader(embeddedCustomEntrypoint),
-				ContainerFilePath: entrypointPath ,
+				ContainerFilePath: entrypointPath,
 				FileMode:          defaultPermission,
 			},
 		)
 		req.Entrypoint = []string{"sh", entrypointPath}
-		
+
 		return nil
 	}
 }

diff --git a/modules/postgres/postgres_test.go b/modules/postgres/postgres_test.go
@@ -30,6 +30,7 @@ const (
 )
 
 func createSSLCerts(t *testing.T) (*tlscert.Certificate, *tlscert.Certificate, error) {
+	t.Helper()
 	tmpDir := t.TempDir()
 	certsDir := tmpDir + "/certs"
 
@@ -46,7 +47,7 @@ func createSSLCerts(t *testing.T) (*tlscert.Certificate, *tlscert.Certificate, e
 	})
 
 	if caCert == nil {
-		return caCert, nil, errors.New("Unable to create CA Authority")
+		return caCert, nil, errors.New("unable to create CA Authority")
 	}
 
 	cert := tlscert.SelfSignedFromRequest(tlscert.Request{
@@ -56,7 +57,7 @@ func createSSLCerts(t *testing.T) (*tlscert.Certificate, *tlscert.Certificate, e
 		ParentDir: certsDir,
 	})
 	if cert == nil {
-		return caCert, cert, errors.New("Unable to create Server Certificates")
+		return caCert, cert, errors.New("unable to create Server Certificates")
 	}
 
 	return caCert, cert, nil
@@ -247,7 +248,7 @@ func TestWithSSL(t *testing.T) {
 		postgres.WithUsername(user),
 		postgres.WithPassword(password),
 		testcontainers.WithWaitStrategy(wait.ForLog("database system is ready to accept connections").WithOccurrence(2).WithStartupTimeout(5*time.Second)),
-		postgres.WithSSLSettings(sslSettings),
+		postgres.WithSSLCert(sslSettings.CACertFile, sslSettings.CertFile, sslSettings.KeyFile),
 	)
 	if err != nil {
 		t.Fatal(err)
@@ -284,11 +285,10 @@ func TestSSLValidatesKeyMaterialPath(t *testing.T) {
 		postgres.WithUsername(user),
 		postgres.WithPassword(password),
 		testcontainers.WithWaitStrategy(wait.ForLog("database system is ready to accept connections").WithOccurrence(2).WithStartupTimeout(5*time.Second)),
-		postgres.WithSSLSettings(sslSettings),
+		postgres.WithSSLCert(sslSettings.CACertFile, sslSettings.CertFile, sslSettings.KeyFile),
 	)
-	if err == nil {
-		t.Fatal("Error should not have been nil. Container creation should have failed due to empty key material")
-	}
+
+	require.Error(t, err, "Error should not have been nil. Container creation should have failed due to empty key material")
 }
 
 func TestWithInitScript(t *testing.T) {

diff --git a/modules/postgres/resources/customEntrypoint.sh b/modules/postgres/resources/customEntrypoint.sh
@@ -7,16 +7,18 @@ pGID=$(id -g postgres)
 
 if [ -z "$pUID" ]
 then
+    echo "Unable to find postgres user id, required in order to chown key material"
     exit 1
 fi
 
 if [ -z "$pGID" ]
 then
+    echo "Unable to find postgres group id, required in order to chown key material"
     exit 1
 fi
 
-chown "$pUID":"$pGID" /tmp/data/ca_cert.pem
-chown "$pUID":"$pGID" /tmp/data/server.cert
-chown "$pUID":"$pGID" /tmp/data/server.key
+chown "$pUID":"$pGID" /tmp/testcontainers-go/postgres/ca_cert.pem
+chown "$pUID":"$pGID" /tmp/testcontainers-go/postgres/server.cert
+chown "$pUID":"$pGID" /tmp/testcontainers-go/postgres/server.key
 
-/usr/local/bin/docker-entrypoint.sh "$@"
+/usr/local/bin/docker-entrypoint.sh "$@"
diff --git a/modules/postgres/testdata/postgres-ssl.conf b/modules/postgres/testdata/postgres-ssl.conf
@@ -66,10 +66,10 @@ listen_addresses = '*'
 # - SSL -
 
 ssl = on
-ssl_ca_file = '/tmp/data/ca_cert.pem'
-ssl_cert_file = '/tmp/data/server.cert'
+ssl_ca_file = '/tmp/testcontainers-go/postgres/ca_cert.pem'
+ssl_cert_file = '/tmp/testcontainers-go/postgres/server.cert'
 #ssl_crl_file = ''
-ssl_key_file = '/tmp/data/server.key'
+ssl_key_file = '/tmp/testcontainers-go/postgres/server.key'
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
 #ssl_ecdh_curve = 'prime256v1'