feat(plugin tests) permission fixes for development purposes (#41)

* feat(tests) ability to run plugin tests * fix(permissions) run the development container as the current user mend
Kong · Apr 9, 2019 · eb6800f · eb6800f
1 parent 8fa2d46
commit eb6800f
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 25 deletions.
diff --git a/Makefile b/Makefile
@@ -49,18 +49,21 @@ clean:
 	docker rmi kong:$(RESTY_IMAGE_BASE)-$(RESTY_IMAGE_TAG)
 
 development:
-	test -s output/kong-community-edition-$(KONG_VERSION).xenial.all.deb || make package-kong
-	cp output/kong-community-edition-$(KONG_VERSION).xenial.all.deb output/kong-community-edition-$(KONG_VERSION).openresty-ubuntu-xenial.all.deb
+	test -s output/kong-$(KONG_VERSION).xenial.all.deb || make package-kong
+	cp output/kong-$(KONG_VERSION).xenial.all.deb output/kong-$(KONG_VERSION).openresty-ubuntu-xenial.all.deb
 	docker inspect --type=image kong:openresty-ubuntu-xenial > /dev/null || make build-openresty-base
 	docker build \
 	--build-arg RESTY_IMAGE_BASE=kong \
 	--build-arg RESTY_IMAGE_TAG=openresty-ubuntu-xenial \
 	--build-arg KONG_VERSION=$(KONG_VERSION) \
+	--build-arg KONG_UID=$$(id -u) \
+	--build-arg USER=$$USER \
+	--build-arg RUNAS_USER=$$USER \
 	-f test/Dockerfile.deb \
 	-t kong:development .
 	- docker-compose stop
 	- docker-compose rm -f
-	docker-compose up -d && \
+	USER=$$(id -u) docker-compose up -d && \
 	docker-compose exec kong make dev && \
 	docker-compose exec kong /bin/bash
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,6 +3,7 @@ services:
   kong:
     image: kong:development
     entrypoint: tail -f /dev/null
+    user: ${USER:-root}
     working_dir: /kong
     volumes:
       - ../kong:/kong
@@ -11,24 +12,18 @@ services:
       db:
         condition: service_healthy
     environment:
-      LUA_PATH: /kong-plugin/?.lua;;
+      LUA_PATH: /tmp/build/usr/local/share/lua/5.1/?.lua;/tmp/build/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/kong-plugin/?.lua;/kong/?.lua;;
       KONG_PREFIX: /kong/servroot
       KONG_PLUGINS: bundled,myplugin
       KONG_ADMIN_LISTEN: '0.0.0.0:8001'
-      KONG_CASSANDRA_CONTACT_POINTS: db
+      KONG_TEST_DATABASE: postgres
       KONG_DATABASE: postgres
       KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong_tests}
-      KONG_PG_HOST: db
-      KONG_TEST_PG_HOST: db
+      KONG_PG_HOST: 127.0.0.1
+      KONG_TEST_PG_HOST: 127.0.0.1
       KONG_PG_USER: ${KONG_PG_USER:-kong}
       KONG_ANONYMOUS_REPORTS: "false"
-    links:
-      - db:db
-    ports:
-      - "8000:8000/tcp"
-      - "8001:8001/tcp"
-      - "8443:8443/tcp"
-      - "8444:8444/tcp"
+    network_mode: "host"
     restart: on-failure
   db:
     image: postgres:9.5
@@ -41,5 +36,6 @@ services:
       timeout: 30s
       retries: 3
     restart: on-failure
+    network_mode: "host"
     stdin_open: true
     tty: true
diff --git a/test/Dockerfile.deb b/test/Dockerfile.deb
@@ -5,6 +5,9 @@ FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
 
 ARG KONG_VERSION="0.0.0"
 ARG KONG_PACKAGE_NAME="kong"
+ARG KONG_UID="1337"
+ARG USER="kong"
+ARG RUNAS_USER="root"
 ARG RESTY_IMAGE_TAG
 
 ARG SU_EXEC_VERSION=0.2
@@ -14,18 +17,29 @@ RUN apt-get update && apt-get install -y perl curl gcc build-essential libcap2-b
 
 RUN curl -sL "${SU_EXEC_URL}" | tar -C /tmp -zxf - \
   && make -C "/tmp/su-exec-${SU_EXEC_VERSION}" \
-  && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin \
-  && useradd --uid 1337 kong
+  && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin
+
+RUN adduser --uid ${KONG_UID} ${USER} \
+  && mkdir -p "/usr/local/kong"
 
 COPY output/${KONG_PACKAGE_NAME}-${KONG_VERSION}.${RESTY_IMAGE_TAG}.all.deb /kong.deb
 
 RUN dpkg -i kong.deb
 
+RUN if [ "$KONG_UID" != "1337" ] ; then chown -R ${USER}:0 /usr/local/kong \
+  && chmod -R g=u /usr/local/kong \
+  && chmod -R 777 /usr/local/lib \
+  && chmod -R 777 /usr/local/share \
+  && chmod -R 777 /usr/local/bin ; fi
+
 COPY test/docker-entrypoint.sh /docker-entrypoint.sh
+
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
 EXPOSE 8000 8443 8001 8444
 
+USER $RUNAS_USER
+
 STOPSIGNAL SIGTERM
 
-CMD ["kong", "docker-start"]
+CMD ["kong", "docker-start"]
diff --git a/test/docker-entrypoint.sh b/test/docker-entrypoint.sh
@@ -3,22 +3,37 @@ set -e
 
 export KONG_NGINX_DAEMON=off
 
+has_transparent() {
+  echo "$1" | grep -E "[^\s,]+\s+transparent\b" >/dev/null
+}
+
 if [[ "$1" == "kong" ]]; then
   PREFIX=${KONG_PREFIX:=/usr/local/kong}
-  mkdir -p $PREFIX
 
   if [[ "$2" == "docker-start" ]]; then
-    kong prepare -p $PREFIX
-    chown -R kong $PREFIX
+    shift 2
+    kong prepare -p "$PREFIX" "$@"
 
     chmod o+w /proc/self/fd/1
     chmod o+w /proc/self/fd/2
 
-    setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx
-
-    exec su-exec kong /usr/local/openresty/nginx/sbin/nginx \
-      -p $PREFIX \
-      -c nginx.conf
+    if [ "$(id -u)" != "0" ]; then
+      exec /usr/local/openresty/nginx/sbin/nginx \
+        -p "$PREFIX" \
+        -c nginx.conf
+    else
+      if [ ! -z ${SET_CAP_NET_RAW} ] \
+          || has_transparent "$KONG_STREAM_LISTEN" \
+          || has_transparent "$KONG_PROXY_LISTEN" \
+          || has_transparent "$KONG_ADMIN_LISTEN";
+      then
+        setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx
+      fi
+      chown -R kong:0 /usr/local/kong
+      exec su-exec kong /usr/local/openresty/nginx/sbin/nginx \
+        -p "$PREFIX" \
+        -c nginx.conf
+    fi
   fi
 fi