MGMT-16587: Migrate from dockertest to testcontainers to mitigate CVE-2024-21626

[paul-maidment]

This PR is to address CVE-2024-21626 which is ultimately caused by a vulnerable dependency on runc < 1.1.12 The dockertest library that is used for instantiation of a database container in some of our unit tests appears to use a vulnerable version of this library. The dockertest project has not had much activity in the last 12 months.

This PR migrates away from Dockertest by removing the library and all code that uses it, replacing this instead with an implementation to use TestContainers-Go. TestContainers is a much more supported and updated library with more maintainers and has up to date dependencies, including a non vulnerable version of runc.

List all the issues related to this PR

• New Feature
• Enhancement
• Bug fix
• Tests
• Documentation
• CI/CD

What environments does this code impact?

• Automation (CI, tools, etc)
• Cloud
• Operator Managed Deployments
• None

How was this code tested?

• assisted-test-infra environment
• dev-scripts environment
• Reviewer's test appreciated
• Waiting for CI to do a full test run
• Manual (Elaborate on how it was tested)
• No tests needed

Checklist

• Title and description added to both, commit and PR.
• Relevant issues have been associated (see CONTRIBUTING guide)
• This change does not require a documentation update (docstring, docs, README, etc)
• Does this change include unit-tests (note that code changes require unit-tests)

Reviewers Checklist

• Are the title and description (in both PR and commit) meaningful and clear?
• Is there a bug required (and linked) for this change?
• Should this PR be backported?

[openshift-ci-robot]

@paul-maidment: This pull request references MGMT-16587 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.16.0" version, but no target version was set.

In response to this:

This PR is to address CVE-2024-21626 which is ultimately caused by a vulnerable dependency on runc < 1.1.12 The dockertest library that is used for instantiation of a database container in some of our unit tests appears to use a vulnerable version of this library. The dockertest project has not had much activity in the last 12 months.

This PR migrates away from Dockertest by removing the library and all code that uses it, replacing this instead with an implementation to use TestContainers-Go. TestContainers is a much more supported and updated library with more maintainers and has up to date dependencies, including a non vulnerable version of runc.

List all the issues related to this PR

• New Feature
• Enhancement
• Bug fix
• Tests
• Documentation
• CI/CD

What environments does this code impact?

• Automation (CI, tools, etc)
• Cloud
• Operator Managed Deployments
• None

How was this code tested?

• assisted-test-infra environment
• dev-scripts environment
• Reviewer's test appreciated
• Waiting for CI to do a full test run
• Manual (Elaborate on how it was tested)
• No tests needed

Checklist

• Title and description added to both, commit and PR.
• Relevant issues have been associated (see CONTRIBUTING guide)
• This change does not require a documentation update (docstring, docs, README, etc)
• Does this change include unit-tests (note that code changes require unit-tests)

Reviewers Checklist

• Are the title and description (in both PR and commit) meaningful and clear?
• Is there a bug required (and linked) for this change?
• Should this PR be backported?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 36 lines in your changes are missing coverage. Please review.

Project coverage is 68.29%. Comparing base (53cac19) to head (c6246aa).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6109      +/-   ##
==========================================
- Coverage   68.32%   68.29%   -0.03%     
==========================================
  Files         241      242       +1     
  Lines       35779    35781       +2     
==========================================
- Hits        24445    24436       -9     
- Misses       9211     9218       +7     
- Partials     2123     2127       +4     

Files	Coverage Δ
internal/common/common_unitest_db.go	20.34% <0.00%> (+2.19%)	⬆️
internal/common/testcontainers_db_context.go	0.00% <0.00%> (ø)

... and 3 files with indirect coverage changes

[danmanor]

/lgtm

[danmanor]

@paul-maidment Nice !

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danmanor, paul-maidment

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [danmanor,paul-maidment]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@paul-maidment: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-agent-installer-api-server-container-v4.16.0-202403261317.p0.gcf7218d.assembly.stream.el8 for distgit ose-agent-installer-api-server.
All builds following this will include this PR.