Skip to content

Add support to configure system password for Oracle database #10601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add support to configure system password for Oracle database #10601

wants to merge 1 commit into from

Conversation

cetindogu
Copy link

…; fix ORACLE_PASSWORD mapping

Introduce an independent system user password for Oracle containers and map it correctly to the ORACLE_PASSWORD env.

  • Add withOraclePassword(String) to configure SYSTEM/SYS password independently from the app user password
  • Use system password in SID connections (getPassword returns system password in SID mode)
  • Keep backward compatibility: withPassword also sets system password unless withOraclePassword was called
  • Update Oracle XE and Oracle Free containers to use the new internal oraclePassword
  • Add OracleContainerTest to verify system vs app password behavior in SID and non-SID modes

This resolves the issue where ORACLE_PASSWORD was effectively bound to the app user password, making it impossible to set the system user password correctly.

Summary

Fix Oracle container password handling so ORACLE_PASSWORD configures the system user (SYSTEM/SYS) password, not the app user’s password. Add withOraclePassword(String) to configure it independently while keeping backward compatibility.

Problem

  • ORACLE_PASSWORD was populated from the application user password.
  • In SID mode, getUsername() returns system, but getPassword() returned the app user’s password, causing authentication mismatches and preventing a distinct system user password.

Changes

  • Add a dedicated system user password field and API:
    • New: withOraclePassword(String oraclePassword) for SYSTEM/SYS.
    • Existing: withPassword(String password) continues to set the application user password.
  • Correct container env mapping:
    • ORACLE_PASSWORD ← system user password.
    • APP_USER_PASSWORD ← app user password.
  • In SID mode, use the system credentials:
    • getUsername() returns system.
    • getPassword() now returns the system password.
  • Backward compatibility:
    • If withOraclePassword(...) is not used, withPassword(...) sets both the app and system passwords (preserving previous behavior).

Why getPassword() changed

return isUsingSid() ? oraclePassword : password;
  • In SID mode we authenticate as system. Returning the app user’s password was incorrect and led to login failures. Now the password matches the user being used.

Affected modules

  • testcontainers-oracle-xe
  • testcontainers-oracle-free

Tests

  • Extended existing SimpleOracleTest (no new test classes):
    • SID tests run a system-level statement to validate the system password.
    • Non-SID tests validate the app user password.
    • Added cases verifying independent system vs app passwords.

Usage examples

// Different passwords for SYSTEM and app user
new OracleContainer(IMAGE)
  .withOraclePassword("SysP@ss1!")
  .withPassword("AppP@ss1!")
  .start();

// SID mode (connects as SYSTEM → uses system password)
new OracleContainer(IMAGE)
  .usingSid()
  .withOraclePassword("SysOnly")
  .start();

Migration / Compatibility

  • No breaking change.
  • Existing usage of .withPassword(...) continues to work (sets both passwords unless .withOraclePassword(...) is used).
  • Use .withOraclePassword(...) to set a distinct system password.

How to verify locally

  • Style and formatting:
    • Unix/macOS: ./gradlew checkstyleMain checkstyleTest spotlessApply
    • Windows: .\gradlew.bat checkstyleMain checkstyleTest spotlessApply
  • Run module tests:
    • ./gradlew :testcontainers-oracle-xe:test :testcontainers-oracle-free:test

Documentation

  • Clarify:
    • ORACLE_PASSWORD configures the SYSTEM/SYS password.
    • APP_USER_PASSWORD configures the app user’s password.

Changelog entry

  • feat(oracle): add withOraclePassword and fix ORACLE_PASSWORD mapping to system user; use system password in SID mode; maintain backward compatibility with withPassword.

Related issues

  • (If applicable) Fixes: #

@cetindogu
feat(oracle): add separate system password and withOraclePassword API…
079a494 
…; fix ORACLE_PASSWORD mapping

Introduce an independent system user password for Oracle containers and map it correctly to the ORACLE_PASSWORD env.
- Add withOraclePassword(String) to configure SYSTEM/SYS password independently from the app user password
- Use system password in SID connections (getPassword returns system password in SID mode)
- Keep backward compatibility: withPassword also sets system password unless withOraclePassword was called
- Update Oracle XE and Oracle Free containers to use the new internal oraclePassword
- Add OracleContainerTest to verify system vs app password behavior in SID and non-SID modes

This resolves the issue where ORACLE_PASSWORD was effectively bound to the app user password, making it impossible to set the system user password correctly.
@eddumelendez eddumelendez changed the title feat(oracle): add separate system password and withOraclePassword API… Add support to configure system password for Oracle database Aug 13, 2025
eddumelendez
eddumelendez requested changes Aug 13, 2025
View reviewed changes
Copy link
Member

@eddumelendez eddumelendez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for your contribution. Rename the new method to withSystemPassword instead to make it more aligned with the Oracle database user instead of the env var. Regarding to the comments, please revisit it.

modules/oracle-free/src/main/java/org/testcontainers/oracle/OracleContainer.java
* Password for Oracle system user (e.g. SYSTEM/SYS). Defaults to {@link #APP_USER_PASSWORD}
* for backwards compatibility, but can be customized independently via {@link #withOraclePassword(String)}.
*/
private String oraclePassword = APP_USER_PASSWORD;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private String oraclePassword = APP_USER_PASSWORD;
private String systemPassword = APP_USER_PASSWORD;

modules/oracle-free/src/main/java/org/testcontainers/oracle/OracleContainer.java
* @param oraclePassword password for SYSTEM/SYS users inside the container
* @return this container instance
*/
public OracleContainer withOraclePassword(String oraclePassword) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public OracleContainer withOraclePassword(String oraclePassword) {
public OracleContainer withSystemPassword(String oraclePassword) {

modules/oracle-free/src/main/java/org/testcontainers/oracle/OracleContainer.java
* Tracks whether {@link #withOraclePassword(String)} was called to avoid overriding
* the system password when {@link #withPassword(String)} is used for the application user only.
*/
private boolean oraclePasswordExplicitlySet = false;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private boolean oraclePasswordExplicitlySet = false;
private boolean systemPasswordExplicitlySet = false;

modules/oracle-xe/src/test/java/org/testcontainers/junit/oracle/SimpleOracleTest.java
@@ -31,6 +31,20 @@ private void runTest(OracleContainer container, String databaseName, String user
assertThat(resultSetInt).as("A basic SELECT query succeeds").isEqualTo(1);
}

private void runTestSystemUser(OracleContainer container, String databaseName, String username, String password)
throws SQLException {
//Test config was honored
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the comment

modules/oracle-xe/src/test/java/org/testcontainers/junit/oracle/SimpleOracleTest.java
assertThat(container.getUsername()).isEqualTo(username);
assertThat(container.getPassword()).isEqualTo(password);

//Test we can get a connection and execute a system-level command
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the comment

modules/oracle-xe/src/test/java/org/testcontainers/junit/oracle/SimpleOracleTest.java

@Test
public void testSeparateSystemAndAppPasswords() throws SQLException {
// SID mode should use system password
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the comment

modules/oracle-xe/src/test/java/org/testcontainers/junit/oracle/SimpleOracleTest.java
runTestSystemUser(oracleSid, "xepdb1", "system", "SysP@ss1!");
}

// Non-SID mode should use application user's password
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the comment

modules/oracle-xe/src/test/java/org/testcontainers/junit/oracle/SimpleOracleTest.java
}

@Test
public void testSeparateSystemAndAppPasswords() throws SQLException {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should have two tests instead?

@eddumelendez eddumelendez requested a review from a team as a code owner August 19, 2025 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eddumelendez eddumelendez eddumelendez requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
modules/oracle type/enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cetindogu @eddumelendez