From eb6800f8298f48754ebffa4891c00b435bf9e569 Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Tue, 9 Apr 2019 09:09:52 -0400 Subject: [PATCH] feat(plugin tests) permission fixes for development purposes (#41) * feat(tests) ability to run plugin tests * fix(permissions) run the development container as the current user mend --- Makefile | 9 ++++++--- docker-compose.yml | 18 +++++++----------- test/Dockerfile.deb | 20 +++++++++++++++++--- test/docker-entrypoint.sh | 31 +++++++++++++++++++++++-------- 4 files changed, 53 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index ef70a5d7841..245bb421ce6 100644 --- a/Makefile +++ b/Makefile @@ -49,18 +49,21 @@ clean: docker rmi kong:$(RESTY_IMAGE_BASE)-$(RESTY_IMAGE_TAG) development: - test -s output/kong-community-edition-$(KONG_VERSION).xenial.all.deb || make package-kong - cp output/kong-community-edition-$(KONG_VERSION).xenial.all.deb output/kong-community-edition-$(KONG_VERSION).openresty-ubuntu-xenial.all.deb + test -s output/kong-$(KONG_VERSION).xenial.all.deb || make package-kong + cp output/kong-$(KONG_VERSION).xenial.all.deb output/kong-$(KONG_VERSION).openresty-ubuntu-xenial.all.deb docker inspect --type=image kong:openresty-ubuntu-xenial > /dev/null || make build-openresty-base docker build \ --build-arg RESTY_IMAGE_BASE=kong \ --build-arg RESTY_IMAGE_TAG=openresty-ubuntu-xenial \ --build-arg KONG_VERSION=$(KONG_VERSION) \ + --build-arg KONG_UID=$$(id -u) \ + --build-arg USER=$$USER \ + --build-arg RUNAS_USER=$$USER \ -f test/Dockerfile.deb \ -t kong:development . - docker-compose stop - docker-compose rm -f - docker-compose up -d && \ + USER=$$(id -u) docker-compose up -d && \ docker-compose exec kong make dev && \ docker-compose exec kong /bin/bash diff --git a/docker-compose.yml b/docker-compose.yml index 3f8c407f28e..7cf852547a3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,6 +3,7 @@ services: kong: image: kong:development entrypoint: tail -f /dev/null + user: ${USER:-root} working_dir: /kong volumes: - ../kong:/kong @@ -11,24 +12,18 @@ services: db: condition: service_healthy environment: - LUA_PATH: /kong-plugin/?.lua;; + LUA_PATH: /tmp/build/usr/local/share/lua/5.1/?.lua;/tmp/build/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/kong-plugin/?.lua;/kong/?.lua;; KONG_PREFIX: /kong/servroot KONG_PLUGINS: bundled,myplugin KONG_ADMIN_LISTEN: '0.0.0.0:8001' - KONG_CASSANDRA_CONTACT_POINTS: db + KONG_TEST_DATABASE: postgres KONG_DATABASE: postgres KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong_tests} - KONG_PG_HOST: db - KONG_TEST_PG_HOST: db + KONG_PG_HOST: 127.0.0.1 + KONG_TEST_PG_HOST: 127.0.0.1 KONG_PG_USER: ${KONG_PG_USER:-kong} KONG_ANONYMOUS_REPORTS: "false" - links: - - db:db - ports: - - "8000:8000/tcp" - - "8001:8001/tcp" - - "8443:8443/tcp" - - "8444:8444/tcp" + network_mode: "host" restart: on-failure db: image: postgres:9.5 @@ -41,5 +36,6 @@ services: timeout: 30s retries: 3 restart: on-failure + network_mode: "host" stdin_open: true tty: true diff --git a/test/Dockerfile.deb b/test/Dockerfile.deb index 3a8512bbeb7..a3e68c2d38c 100644 --- a/test/Dockerfile.deb +++ b/test/Dockerfile.deb @@ -5,6 +5,9 @@ FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG} ARG KONG_VERSION="0.0.0" ARG KONG_PACKAGE_NAME="kong" +ARG KONG_UID="1337" +ARG USER="kong" +ARG RUNAS_USER="root" ARG RESTY_IMAGE_TAG ARG SU_EXEC_VERSION=0.2 @@ -14,18 +17,29 @@ RUN apt-get update && apt-get install -y perl curl gcc build-essential libcap2-b RUN curl -sL "${SU_EXEC_URL}" | tar -C /tmp -zxf - \ && make -C "/tmp/su-exec-${SU_EXEC_VERSION}" \ - && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin \ - && useradd --uid 1337 kong + && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin + +RUN adduser --uid ${KONG_UID} ${USER} \ + && mkdir -p "/usr/local/kong" COPY output/${KONG_PACKAGE_NAME}-${KONG_VERSION}.${RESTY_IMAGE_TAG}.all.deb /kong.deb RUN dpkg -i kong.deb +RUN if [ "$KONG_UID" != "1337" ] ; then chown -R ${USER}:0 /usr/local/kong \ + && chmod -R g=u /usr/local/kong \ + && chmod -R 777 /usr/local/lib \ + && chmod -R 777 /usr/local/share \ + && chmod -R 777 /usr/local/bin ; fi + COPY test/docker-entrypoint.sh /docker-entrypoint.sh + ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 8000 8443 8001 8444 +USER $RUNAS_USER + STOPSIGNAL SIGTERM -CMD ["kong", "docker-start"] \ No newline at end of file +CMD ["kong", "docker-start"] diff --git a/test/docker-entrypoint.sh b/test/docker-entrypoint.sh index 66c4132d048..9c145401fce 100755 --- a/test/docker-entrypoint.sh +++ b/test/docker-entrypoint.sh @@ -3,22 +3,37 @@ set -e export KONG_NGINX_DAEMON=off +has_transparent() { + echo "$1" | grep -E "[^\s,]+\s+transparent\b" >/dev/null +} + if [[ "$1" == "kong" ]]; then PREFIX=${KONG_PREFIX:=/usr/local/kong} - mkdir -p $PREFIX if [[ "$2" == "docker-start" ]]; then - kong prepare -p $PREFIX - chown -R kong $PREFIX + shift 2 + kong prepare -p "$PREFIX" "$@" chmod o+w /proc/self/fd/1 chmod o+w /proc/self/fd/2 - setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx - - exec su-exec kong /usr/local/openresty/nginx/sbin/nginx \ - -p $PREFIX \ - -c nginx.conf + if [ "$(id -u)" != "0" ]; then + exec /usr/local/openresty/nginx/sbin/nginx \ + -p "$PREFIX" \ + -c nginx.conf + else + if [ ! -z ${SET_CAP_NET_RAW} ] \ + || has_transparent "$KONG_STREAM_LISTEN" \ + || has_transparent "$KONG_PROXY_LISTEN" \ + || has_transparent "$KONG_ADMIN_LISTEN"; + then + setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx + fi + chown -R kong:0 /usr/local/kong + exec su-exec kong /usr/local/openresty/nginx/sbin/nginx \ + -p "$PREFIX" \ + -c nginx.conf + fi fi fi