use ssh port forwarding to expose host's ports to the containers

[bsideup]

// tell Testcontainers which host ports to expose to your containers
Testcontainers.exposeHostPorts(someHostPortNumber);

// later, just give your container this address to use to reach back to the host:
address = "http://host.testcontainers.internal:" + someHostPortNumber;

[rnorth]

This is pretty awesome, nice work!

I assume we are OK regarding security - this will not be accessible on any real external (LAN) network, will it?

We can update the docs after releasing. I think this will warrant some major examples updates too :)

[rnorth]

Ah good, does this prevent the sshd container being connected to the host network?

Obviously it would be bad to let this thing be accessible on real networks 😬

[bsideup]

host & none networks are not connectable, this is why I added it :)

We could also use a random password to improve the security

[rnorth]

If adding a random password isn't a massive change, let's do it. I can't think of a practical attack via this container, but we may as well just in case we've missed something.

[bsideup]

changed to generate a random password

[kiview]

Really love this feature, already thinking about how to refactor some of our tests at work, which are hardcoded interacting with the Linux host network.

[kiview]

What's the reason to use an Enum here and not a Singleton? Maybe I'm missing something obvious, or do we use this approach elsewhere as well?

[bsideup]

that's the easiest way to achieve singleton in JVM, used by Spring and others.

https://dzone.com/articles/java-singletons-using-enum

[kiview]

Okay, I didn't know this, nice I could learn something new 😄

[kiview]

This method of the ssh lib is so cool 😎

[kiview]

Maybe better, to use host.testcontainers here?

[rnorth]

While the .internal TLD is technically 'wrong' to use, I can't actually find an official TLD that is properly reserved and semantically correct.

Given that Docker is host.docker.internal, I feel it's OK to follow in their tracks and keep host.testcontainers.internal.

[kiview]

K, makes sense to be similar to Docker.

[kiview]

WDYT about refactoring to private method for better readibility? Took me some time to get the high level view what's happening here (and I possibly even got it wrong):

[...]
String networkMode = createCommand.getNetworkMode();
connectToPortForwardingNetwork(networkMode);
[...]



private void connectToPortForwardingNetwork(String networkMode) {
        PortForwardingContainer.INSTANCE.getNetwork().map(ContainerNetwork::getNetworkID).ifPresent(networkId -> {
            if (!Arrays.asList(networkId, "none", "host").contains(networkMode)) {
                dockerClient.connectToNetworkCmd().withContainerId(containerId).withNetworkId(networkId).exec();
            }
        });
    }

[rnorth]

👍 yes, I think that would help the readability.

[bsideup]

@kiview extracted

[kiview]

I think we have the same exact code multiple times in our code base, so we could add a utility method for this? (not in this PR).

Optional<ContainerNetwork> getFirstNetwork() in GenericContainer?

[bsideup]

this code doesn't have any logic in it (and just calls the getters), but exposing it as public API (in Testcontainers) makes me feel uneasy, I would rather not do that

[kiview]

@rnorth AFAIK the SSH server is only available to Docker networks, if I understood the implementation correctly?

[rnorth]

@kiview yep, that makes perfect sense.

[rnorth]

We have this out in a Release Candidate build (1.9.0-rc1) for anyone who is keen to try it!

Release notes