This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new b52d0a7b4b Extend elasticsearch test with SSL
b52d0a7b4b is described below
commit b52d0a7b4b7ce58d602de6f1cd95534cd9b51873
Author: JinyuChen97 <[email protected]>
AuthorDate: Wed May 6 08:15:34 2026 +0100
Extend elasticsearch test with SSL
Fixes #5174
---
integration-tests/elasticsearch/pom.xml | 5 ++
.../elasticsearch/it/ElasticsearchTest.java | 73 +++++++++-------------
.../it/ElasticsearchTestResource.java | 52 +++++++++++++++
3 files changed, 87 insertions(+), 43 deletions(-)
diff --git a/integration-tests/elasticsearch/pom.xml
b/integration-tests/elasticsearch/pom.xml
index 71d491ab41..2b96c3606f 100644
--- a/integration-tests/elasticsearch/pom.xml
+++ b/integration-tests/elasticsearch/pom.xml
@@ -65,6 +65,11 @@
<artifactId>awaitility</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.camel.quarkus</groupId>
+
<artifactId>camel-quarkus-integration-tests-support-certificate-generator</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<profiles>
diff --git
a/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTest.java
b/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTest.java
index ff9bb766c3..6c58b91358 100644
---
a/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTest.java
+++
b/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTest.java
@@ -16,12 +16,7 @@
*/
package org.apache.camel.quarkus.component.elasticsearch.it;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
+import java.nio.file.Paths;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
@@ -30,7 +25,12 @@ import java.util.concurrent.TimeUnit;
import io.quarkus.test.common.QuarkusTestResource;
import io.quarkus.test.junit.QuarkusTest;
import io.restassured.RestAssured;
+import io.restassured.config.RestAssuredConfig;
+import io.restassured.config.SSLConfig;
import io.restassured.http.ContentType;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import org.apache.camel.quarkus.test.support.certificate.TestCertificates;
import org.awaitility.Awaitility;
import org.awaitility.core.ConditionTimeoutException;
import org.eclipse.microprofile.config.ConfigProvider;
@@ -42,6 +42,10 @@ import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.Matchers.is;
+@TestCertificates(certificates = {
+ @Certificate(name = ElasticsearchTestResource.CERTIFICATE_NAME,
formats = {
+ Format.PKCS12 }, password =
ElasticsearchTestResource.KEYSTORE_PASSWORD)
+}, docker = true)
@QuarkusTest
@QuarkusTestResource(ElasticsearchTestResource.class)
class ElasticsearchTest {
@@ -433,47 +437,30 @@ class ElasticsearchTest {
.atMost(10, TimeUnit.SECONDS)
.until(() -> {
try {
- URL url = new
URL(String.format("http://%s/_cluster/health";, hostAddresses));
- HttpURLConnection connection = (HttpURLConnection)
url.openConnection();
-
- // Set up Basic Authentication
- String auth = String.format("%s:%s", username,
password);
- String encodedAuth =
Base64.getEncoder().encodeToString(auth.getBytes(StandardCharsets.UTF_8));
- connection.setRequestProperty("Authorization", "Basic
" + encodedAuth);
- connection.setRequestMethod("GET");
- connection.setConnectTimeout(5000);
- connection.setReadTimeout(5000);
-
- int responseCode = connection.getResponseCode();
- if (responseCode == HttpURLConnection.HTTP_OK) {
- try (BufferedReader reader = new BufferedReader(
- new
InputStreamReader(connection.getInputStream()))) {
- StringBuilder response = new StringBuilder();
- String line;
- while ((line = reader.readLine()) != null) {
- response.append(line);
- }
- String healthJson = response.toString();
-
- // Check if cluster status is green or yellow
- if (healthJson.contains("\"status\":\"green\"")
- ||
healthJson.contains("\"status\":\"yellow\"")) {
- LOG.info("Cluster health is ready: " +
healthJson);
- return healthJson;
- } else {
- LOG.info("Cluster not ready yet, current
status: "
- + healthJson);
- return null;
- }
- }
+ RestAssuredConfig config =
RestAssured.config().sslConfig(
+ new
SSLConfig().trustStore(Paths.get("target/certs/elasticsearch-keystore.p12").toFile(),
+
ElasticsearchTestResource.KEYSTORE_PASSWORD));
+
+ String response = RestAssured.given()
+ .config(config)
+ .auth().preemptive().basic(username, password)
+ .when()
+
.get(String.format("https://%s/_cluster/health";, hostAddresses))
+ .then()
+ .extract()
+ .body()
+ .asString();
+
+ // Check if cluster status is green or yellow
+ if (response.contains("\"status\":\"green\"") ||
response.contains("\"status\":\"yellow\"")) {
+ LOG.info("Cluster health is ready: " + response);
+ return response;
} else {
- LOG.info("Cluster health check returned code: " +
responseCode
- + ", retrying...");
+ LOG.info("Cluster not ready yet, current status: "
+ response);
return null;
}
} catch (Exception e) {
- LOG.info("Failed to query cluster health: " +
e.getMessage()
- + ", retrying...");
+ LOG.info("Failed to query cluster health: " +
e.getMessage() + ", retrying...");
return null;
}
}, Objects::nonNull);
diff --git
a/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTestResource.java
b/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTestResource.java
index 867e95a9b6..964acb52c7 100644
---
a/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTestResource.java
+++
b/integration-tests/elasticsearch/src/test/java/org/apache/camel/quarkus/component/elasticsearch/it/ElasticsearchTestResource.java
@@ -16,6 +16,17 @@
*/
package org.apache.camel.quarkus.component.elasticsearch.it;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.OutputStreamWriter;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.util.Base64;
import java.util.Map;
import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
@@ -26,9 +37,12 @@ import org.slf4j.LoggerFactory;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.output.Slf4jLogConsumer;
import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.images.builder.Transferable;
public class ElasticsearchTestResource implements
QuarkusTestResourceLifecycleManager {
+ public static final String CERTIFICATE_NAME = "elasticsearch";
+ public static final String KEYSTORE_PASSWORD = "s3cr3t";
private static final Logger LOGGER =
LoggerFactory.getLogger(ElasticsearchTestResource.class);
private static final String ELASTICSEARCH_IMAGE =
ConfigProvider.getConfig().getValue("elasticsearch.container.image",
String.class);
@@ -40,6 +54,8 @@ public class ElasticsearchTestResource implements
QuarkusTestResourceLifecycleMa
@Override
public Map<String, String> start() {
+ exportCertificateCAForClient();
+
try {
container = new GenericContainer<>(ELASTICSEARCH_IMAGE)
.withExposedPorts(ELASTICSEARCH_PORT)
@@ -47,10 +63,17 @@ public class ElasticsearchTestResource implements
QuarkusTestResourceLifecycleMa
.withEnv("cluster.routing.allocation.disk.threshold_enabled", "false")
.withEnv("discovery.type", "single-node")
.withEnv("xpack.security.enabled", "true")
+ .withEnv("xpack.security.http.ssl.enabled", "true")
+ .withEnv("xpack.security.http.ssl.keystore.path",
"certs/elasticsearch-keystore.p12")
+ .withEnv("xpack.security.http.ssl.keystore.password",
KEYSTORE_PASSWORD)
+ .withEnv("xpack.security.http.ssl.verification_mode",
"certificate")
.withEnv("action.destructive_requires_name", "false") //
needed for deleting all indexes after each test (allowing _all wildcard)
.withEnv("ELASTIC_USERNAME", ELASTICSEARCH_USERNAME)
.withEnv("ELASTIC_PASSWORD", ELASTICSEARCH_PASSWORD)
.withEnv("ES_JAVA_OPTS", "-Xms512m -Xmx512m")
+ .withCopyToContainer(
+
Transferable.of(Files.readAllBytes(Paths.get("target/certs/elasticsearch-keystore.p12"))),
+
"/usr/share/elasticsearch/config/certs/elasticsearch-keystore.p12")
.waitingFor(Wait.forListeningPort());
container.start();
@@ -62,6 +85,8 @@ public class ElasticsearchTestResource implements
QuarkusTestResourceLifecycleMa
"camel.component.elasticsearch.host-addresses",
hostAddresses,
"camel.component.elasticsearch.user",
ELASTICSEARCH_USERNAME,
"camel.component.elasticsearch.password",
ELASTICSEARCH_PASSWORD,
+ "camel.component.elasticsearch.enable-ssl", "true",
+ "camel.component.elasticsearch.certificate-path",
"file:target/certs/ca.crt",
// Disable autowiring to use camel component functionality
"camel.component.elasticsearch.autowired-enabled",
"false");
@@ -80,4 +105,31 @@ public class ElasticsearchTestResource implements
QuarkusTestResourceLifecycleMa
// Ignored
}
}
+
+ private void exportCertificateCAForClient() {
+ Path path = Paths.get("target/certs/elasticsearch-keystore.p12");
+ File outputFile = path.getParent().resolve("ca.crt").toFile();
+ try {
+ KeyStore keyStore = KeyStore.getInstance("pkcs12");
+ try (FileInputStream fis = new
FileInputStream(path.toAbsolutePath().toString())) {
+ keyStore.load(fis, KEYSTORE_PASSWORD.toCharArray());
+ }
+
+ Certificate cert = keyStore.getCertificate(CERTIFICATE_NAME);
+ if (cert == null) {
+ throw new IllegalStateException("Unable to find a certificate
in keystore named " + CERTIFICATE_NAME);
+ }
+
+ Base64.Encoder encoder = Base64.getEncoder();
+ try (OutputStreamWriter writer = new OutputStreamWriter(new
FileOutputStream(outputFile), StandardCharsets.UTF_8)) {
+ writer.write("-----BEGIN CERTIFICATE-----");
+ writer.write("\n");
+ writer.write(encoder.encodeToString(cert.getEncoded()));
+ writer.write("\n");
+ writer.write("-----END CERTIFICATE-----");
+ }
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
}
