Workaround MSSQL CI failures with certificates containing negative se…

…rial numbers
hashicorp · Jan 10, 2025 · feae857 · feae857
1 parent 78f2eda
commit feae857
Showing 1 changed file with 43 additions and 20 deletions.
diff --git a/testutil/mssqlhelper.go b/testutil/mssqlhelper.go
@@ -31,28 +31,51 @@ func PrepareMSSQLTestContainer(t *testing.T) (cleanup func(), retURL string) {
 		return func() {}, os.Getenv("MSSQL_URL")
 	}
 
-	var err error
-	for i := 0; i < mssqlNumRetries; i++ {
-		var svc *docker.Service
-		runner, err := docker.NewServiceRunner(docker.RunOptions{
-			ContainerName: "sqlserver",
-			ImageRepo:     "mcr.microsoft.com/mssql/server",
-			ImageTag:      "2017-latest-ubuntu",
-			Env:           []string{"ACCEPT_EULA=Y", "SA_PASSWORD=" + mssqlPassword},
-			Ports:         []string{"1433/tcp"},
-			LogConsumer: func(s string) {
-				if t.Failed() {
-					t.Logf("container logs: %s", s)
-				}
-			},
-		})
-		if err != nil {
-			t.Fatalf("Could not start docker MSSQL: %s", err)
-		}
+	// Workaround for https://github.com/microsoft/mssql-docker/issues/895 and us temporary seeing
+	// tls: failed to parse certificate from server: x509: negative serial number in test case failures.
+	containerfile := `
+FROM mcr.microsoft.com/mssql/server:2017-latest
+USER root
+ENV MSDIR=/var/opt/mssql
+RUN mkdir -p $MSDIR \
+    && openssl req -x509 -nodes -newkey rsa:2048 -subj '/CN=mssql' -addext "subjectAltName = DNS:mssql" -keyout $MSDIR/mssql.key -out $MSDIR/mssql.pem -days 1 \
+	&& chmod 400 $MSDIR/mssql.key \
+	&& chmod 400 $MSDIR/mssql.pem \
+    && chown -R mssql $MSDIR
+RUN echo "[network]" > $MSDIR/mssql.conf \
+	&& echo "tlscert = $MSDIR/mssql.pem" >> $MSDIR/mssql.conf \
+	&& echo "tlskey = $MSDIR/mssql.key" >> $MSDIR/mssql.conf \ 
+	&& echo "tlsprotocols = 1.2" >> $MSDIR/mssql.conf \ 
+	&& echo "forceencryption = 1" >> $MSDIR/mssql.conf 
+USER mssql
+`
+	bCtx := docker.NewBuildContext()
+	imageName := "mssql-workaround-895"
+	imageTag := "latest"
+
+	runner, err := docker.NewServiceRunner(docker.RunOptions{
+		ContainerName: "sqlserver",
+		ImageRepo:     imageName,
+		ImageTag:      imageTag,
+		Env:           []string{"ACCEPT_EULA=Y", "SA_PASSWORD=" + mssqlPassword},
+		Ports:         []string{"1433/tcp"},
+	})
+	if err != nil {
+		t.Fatalf("Could not provision docker service runner: %s", err)
+	}
 
-		svc, err = runner.StartService(context.Background(), connectMSSQL)
+	for i := 0; i < 3; i++ {
+		_, err = runner.BuildImage(context.Background(), containerfile, bCtx,
+			docker.BuildRemove(true),
+			docker.BuildForceRemove(true),
+			docker.BuildPullParent(true),
+			docker.BuildTags([]string{imageName + ":" + imageTag}))
 		if err == nil {
-			return svc.Cleanup, svc.Config.URL().String()
+			var svc *docker.Service
+			svc, err = runner.StartService(context.Background(), connectMSSQL)
+			if err == nil {
+				return svc.Cleanup, svc.Config.URL().String()
+			}
 		}
 	}