Add support for disabling TLS in OpenSearch module

docs/modules/opensearch.md

@@ -33,3 +33,9 @@ Choose an image from the [container registry](https://hub.docker.com/r/opensearc
 <!--codeinclude-->
 [](../../packages/modules/opensearch/src/opensearch-container.test.ts) inside_block:opensearchCustomPassword
 <!--/codeinclude-->
+
+### With security disabled
+
+<!--codeinclude-->
+[](../../packages/modules/opensearch/src/opensearch-container.test.ts) inside_block:opensearchDisableSecurity
+<!--/codeinclude-->

packages/modules/opensearch/src/opensearch-container.test.ts

@@ -102,4 +102,23 @@ describe("OpenSearchContainer", { timeout: 180_000 }, () => {
     const { body } = await client.indices.exists({ index: "people" });
     expect(body).toBe(true);
   });
+
+  it("should be reachable with security disabled", async () => {
+    // opensearchDisableSecurity {
+    await using container = await new OpenSearchContainer(IMAGE).withSecurityEnabled(false).start();
+
+    const client = new Client({
+      node: container.getHttpUrl(),
+      // no auth, or ssl required
+    });
+    // }
+
+    // Url should start with http not https.
+    expect(container.getHttpUrl()).toMatch(/^http:\/\/.*/);
+
+    await client.indices.create({ index: "people" });
+
+    const { body } = await client.indices.exists({ index: "people" });
+    expect(body).toBe(true);
+  });
 });

packages/modules/opensearch/src/opensearch-container.ts

@@ -12,10 +12,10 @@ export class OpenSearchContainer extends GenericContainer {
   private readonly username = "admin";
 
   // HTTPS + Basic Auth wait strategy
-  private readonly defaultWaitStrategy = Wait.forHttp("/", OPENSEARCH_HTTP_PORT)
-    .usingTls()
-    .allowInsecure()
-    .withBasicCredentials(this.username, this.password);
+  private readonly defaultWaitStrategy = Wait.forHttp("/", OPENSEARCH_HTTP_PORT).withBasicCredentials(
+    this.username,
+    this.password
+  );
 
   constructor(image: string) {
     super(image);
@@ -67,16 +67,21 @@ export class OpenSearchContainer extends GenericContainer {
       OPENSEARCH_INITIAL_ADMIN_PASSWORD: this.password,
     });
 
+    if (this.securityEnabled) {
+      this.defaultWaitStrategy.usingTls().allowInsecure();
+    }
+
     const started = await super.start();
-    return new StartedOpenSearchContainer(started, this.username, this.password);
+    return new StartedOpenSearchContainer(started, this.username, this.password, this.securityEnabled);
   }
 }
 
 export class StartedOpenSearchContainer extends AbstractStartedContainer {
   constructor(
     override readonly startedTestContainer: StartedTestContainer,
     private readonly username: string,
-    private readonly password: string
+    private readonly password: string,
+    private readonly securityEnabled: boolean
   ) {
     super(startedTestContainer);
   }
@@ -86,9 +91,14 @@ export class StartedOpenSearchContainer extends AbstractStartedContainer {
     return this.getMappedPort(OPENSEARCH_HTTP_PORT);
   }
 
+  /** Get the URL schema needed for connecting to this container */
+  public getSchema(): string {
+    return this.securityEnabled ? "https" : "http";
+  }
+
   /** HTTPS endpoint URL */
   public getHttpUrl(): string {
-    return `https://${this.getHost()}:${this.getPort()}`;
+    return `${this.getSchema()}://${this.getHost()}:${this.getPort()}`;
   }
 
   /** Admin username (always 'admin' by default) */