-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: address testcontainers vulnerability by replacing with docker-java #1088
Merged
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
af4778a
chore: address testcontainers vulnerability by replacing with docker-…
ianbotsf 5b3fbcd
clean up error handling for Docker containers
ianbotsf 51dd9b1
add support for pulling Docker images which do not exist locally
ianbotsf fd84e93
use the right filter criteria
ianbotsf 51eed2a
wait for image pull completion
ianbotsf 1319a2c
add omitted `actual` minus function for `InstantNative`
ianbotsf df59afc
only run Docker tests on Linux
ianbotsf a3af2c2
lint
ianbotsf c761b62
address PR feedback: clean up version name and add KDocs/comments
ianbotsf File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
...p-client-engines/test-suite/jvm/test/aws/smithy/kotlin/runtime/http/test/MitmContainer.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
/* | ||
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package aws.smithy.kotlin.runtime.http.test | ||
|
||
import aws.smithy.kotlin.runtime.http.test.util.Docker | ||
import com.github.dockerjava.api.model.AccessMode | ||
import com.github.dockerjava.api.model.Bind | ||
import com.github.dockerjava.api.model.ExposedPort | ||
import com.github.dockerjava.api.model.Volume | ||
import java.io.Closeable | ||
|
||
private const val CONTAINER_MOUNT_POINT = "/home/mitmproxy/scripts" | ||
private const val CONTAINER_PORT = 8080 | ||
private const val IMAGE_NAME = "mitmproxy/mitmproxy:8.1.0" | ||
private val PROXY_SCRIPT_ROOT = System.getProperty("MITM_PROXY_SCRIPTS_ROOT") // defined by gradle script | ||
|
||
// Port used for communication with container | ||
private val exposedPort = ExposedPort.tcp(CONTAINER_PORT) | ||
|
||
/** | ||
* A Docker container which runs the **mitmproxy** image. Upon instantiating this class, a docker container will be | ||
* created and ran with a logger attached echoing logs out to **STDOUT**. The container will be stopped and removed when | ||
* [close] is called. | ||
*/ | ||
class MitmContainer(vararg options: String) : Closeable { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: missing KDocs |
||
private val delegate: Docker.Container | ||
|
||
init { | ||
val cmd = listOf( | ||
"mitmdump", // https://docs.mitmproxy.org/stable/#mitmdump | ||
"--flow-detail", | ||
"2", | ||
"-s", | ||
"$CONTAINER_MOUNT_POINT/fakeupstream.py", | ||
*options, | ||
).also { println("Initializing container with command: $it") } | ||
|
||
// Make proxy scripts from host filesystem available in container's filesystem | ||
val binding = Bind(PROXY_SCRIPT_ROOT, Volume(CONTAINER_MOUNT_POINT), AccessMode.ro) | ||
|
||
delegate = Docker.Instance.createContainer(IMAGE_NAME, cmd, binding, exposedPort) | ||
|
||
try { | ||
delegate.apply { | ||
start() | ||
waitUntilReady() | ||
} | ||
} catch (e: Throwable) { | ||
close() | ||
throw e | ||
} | ||
} | ||
|
||
/** | ||
* Gets the host port that can be used to communicate to the MITM proxy | ||
*/ | ||
val hostPort: Int | ||
get() = delegate.hostPort | ||
|
||
override fun close() = delegate.close() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this different from
./gradlew dependencies
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes,
./gradlew dependencies
only shows the dependencies of the target project (root if otherwise unspecified). I initially ran./gradlew dependencies
to grep for where we transitively consumed the Apache Commons Compress library but couldn't find it because it only showed me the root project dependencies.Running
./gradlew :runtime:protocol:http-client-engines:test-suite:dependencies
shows our use of Apache Commons Compress but then you have to know that :runtime:protocol:http-client-engines:test-suite is where to look. This new task registers an effective alias ofdependencies
for every subproject in such a way that it can be invoked at the root project and yield the dependencies for root and every subproject.