From 0a0b6f8f124eefd4ee47cc0fee331f238924acf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 29 Oct 2020 12:25:56 +0000 Subject: [PATCH 01/25] Add first version of tests From https://github.com/Tecnativa/docker-socket-proxy/pull/14 --- poetry.lock | 177 ++++++++++++++++++++++++++++++++++++++++++ pyproject.toml | 16 ++++ tests/run_tests.sh | 84 ++++++++++++++++++++ tests/test_service.py | 90 +++++++++++++++++++++ 4 files changed, 367 insertions(+) create mode 100644 poetry.lock create mode 100644 pyproject.toml create mode 100755 tests/run_tests.sh create mode 100644 tests/test_service.py diff --git a/poetry.lock b/poetry.lock new file mode 100644 index 0000000..730d910 --- /dev/null +++ b/poetry.lock @@ -0,0 +1,177 @@ +[[package]] +name = "atomicwrites" +version = "1.4.0" +description = "Atomic file writes." +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "attrs" +version = "20.3.0" +description = "Classes Without Boilerplate" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.extras] +dev = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface", "furo", "sphinx", "pre-commit"] +docs = ["furo", "sphinx", "zope.interface"] +tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface"] +tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six"] + +[[package]] +name = "colorama" +version = "0.4.4" +description = "Cross-platform colored terminal text." +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[[package]] +name = "iniconfig" +version = "1.1.1" +description = "iniconfig: brain-dead simple config-ini parsing" +category = "dev" +optional = false +python-versions = "*" + +[[package]] +name = "packaging" +version = "20.4" +description = "Core utilities for Python packages" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.dependencies] +pyparsing = ">=2.0.2" +six = "*" + +[[package]] +name = "pluggy" +version = "0.13.1" +description = "plugin and hook calling mechanisms for python" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.extras] +dev = ["pre-commit", "tox"] + +[[package]] +name = "plumbum" +version = "1.6.9" +description = "Plumbum: shell combinators library" +category = "main" +optional = false +python-versions = ">=2.6,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*" + +[[package]] +name = "py" +version = "1.9.0" +description = "library with cross-python path, ini-parsing, io, code, log facilities" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "pyparsing" +version = "2.4.7" +description = "Python parsing module" +category = "dev" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" + +[[package]] +name = "pytest" +version = "6.1.2" +description = "pytest: simple powerful testing with Python" +category = "dev" +optional = false +python-versions = ">=3.5" + +[package.dependencies] +atomicwrites = {version = ">=1.0", markers = "sys_platform == \"win32\""} +attrs = ">=17.4.0" +colorama = {version = "*", markers = "sys_platform == \"win32\""} +iniconfig = "*" +packaging = "*" +pluggy = ">=0.12,<1.0" +py = ">=1.8.2" +toml = "*" + +[package.extras] +checkqa_mypy = ["mypy (==0.780)"] +testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] + +[[package]] +name = "six" +version = "1.15.0" +description = "Python 2 and 3 compatibility utilities" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" + +[[package]] +name = "toml" +version = "0.10.2" +description = "Python Library for Tom's Obvious, Minimal Language" +category = "dev" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" + +[metadata] +lock-version = "1.1" +python-versions = "^3.8" +content-hash = "aad93df5d769d433d8739fc1fb317b1d53d9e8ddd18efaaaf8a864d543734c5a" + +[metadata.files] +atomicwrites = [ + {file = "atomicwrites-1.4.0-py2.py3-none-any.whl", hash = "sha256:6d1784dea7c0c8d4a5172b6c620f40b6e4cbfdf96d783691f2e1302a7b88e197"}, + {file = "atomicwrites-1.4.0.tar.gz", hash = "sha256:ae70396ad1a434f9c7046fd2dd196fc04b12f9e91ffb859164193be8b6168a7a"}, +] +attrs = [ + {file = "attrs-20.3.0-py2.py3-none-any.whl", hash = "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6"}, + {file = "attrs-20.3.0.tar.gz", hash = "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700"}, +] +colorama = [ + {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, + {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, +] +iniconfig = [ + {file = "iniconfig-1.1.1-py2.py3-none-any.whl", hash = "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3"}, + {file = "iniconfig-1.1.1.tar.gz", hash = "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"}, +] +packaging = [ + {file = "packaging-20.4-py2.py3-none-any.whl", hash = "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"}, + {file = "packaging-20.4.tar.gz", hash = "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8"}, +] +pluggy = [ + {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"}, + {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, +] +plumbum = [ + {file = "plumbum-1.6.9-py2.py3-none-any.whl", hash = "sha256:91418dcc66b58ab9d2e3b04b3d1e0d787dc45923154fb8b4a826bd9316dba0d6"}, + {file = "plumbum-1.6.9.tar.gz", hash = "sha256:16b9e19d96c80f2e9d051ef5f04927b834a6ac0ce5d2768eb8662b5cd53e43df"}, +] +py = [ + {file = "py-1.9.0-py2.py3-none-any.whl", hash = "sha256:366389d1db726cd2fcfc79732e75410e5fe4d31db13692115529d34069a043c2"}, + {file = "py-1.9.0.tar.gz", hash = "sha256:9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342"}, +] +pyparsing = [ + {file = "pyparsing-2.4.7-py2.py3-none-any.whl", hash = "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"}, + {file = "pyparsing-2.4.7.tar.gz", hash = "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"}, +] +pytest = [ + {file = "pytest-6.1.2-py3-none-any.whl", hash = "sha256:4288fed0d9153d9646bfcdf0c0428197dba1ecb27a33bb6e031d002fa88653fe"}, + {file = "pytest-6.1.2.tar.gz", hash = "sha256:c0a7e94a8cdbc5422a51ccdad8e6f1024795939cc89159a0ae7f0b316ad3823e"}, +] +six = [ + {file = "six-1.15.0-py2.py3-none-any.whl", hash = "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"}, + {file = "six-1.15.0.tar.gz", hash = "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"}, +] +toml = [ + {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, + {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, +] diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..dae9d82 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,16 @@ +[tool.poetry] +name = "docker-socket-proxy" +version = "0.1.0" +description = "" +authors = ["Tecnativa S.L"] + +[tool.poetry.dependencies] +python = "^3.8" +plumbum = "^1.6.9" + +[tool.poetry.dev-dependencies] +pytest = "^6.1.2" + +[build-system] +requires = ["poetry-core>=1.0.0"] +build-backend = "poetry.core.masonry.api" diff --git a/tests/run_tests.sh b/tests/run_tests.sh new file mode 100755 index 0000000..60975f1 --- /dev/null +++ b/tests/run_tests.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +set -eu + +proxy_container=docksockprox_test +socket_proxy=127.0.0.1:2375 + +start_proxy() { + echo "Starting $proxy_container with args: ${*}..." + docker run -d --name "$proxy_container" \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -p "${socket_proxy}:2375" \ + "$@" \ + tecnativa/docker-socket-proxy &>/dev/null +} + +delete_proxy() { + echo "Removing ${proxy_container}..." + docker rm -f "$proxy_container" &>/dev/null +} + +docker_with_proxy() { + docker --host "$socket_proxy" "$@" 2>&1 +} + +assert() { + assertion=$1 + shift 1 + if docker_with_proxy "$@" | grep -qi 'forbidden'; then + result='forbidden' + else + result='allowed' + fi + if [ "$assertion" == "$result" ]; then + printf '%s' 'PASS' + else + printf '%s' 'FAIL' + fi + echo " | assert 'docker $*' is $assertion" +} + + +trap delete_proxy EXIT + +start_proxy +assert allowed version +assert forbidden run --rm alpine +assert forbidden pull alpine +assert forbidden logs "$proxy_container" +assert forbidden wait "$proxy_container" +assert forbidden rm -f "$proxy_container" +assert forbidden restart "$proxy_container" +assert forbidden network ls +assert forbidden config ls +assert forbidden service ls +assert forbidden stack ls +assert forbidden secret ls +assert forbidden plugin ls +assert forbidden info +assert forbidden system info +assert forbidden build . +assert forbidden swarm init + +delete_proxy +start_proxy -e CONTAINERS=1 +assert allowed logs "$proxy_container" +assert allowed inspect "$proxy_container" +assert forbidden wait "$proxy_container" +assert forbidden run --rm alpine +assert forbidden rm -f "$proxy_container" +assert forbidden restart "$proxy_container" + +delete_proxy +start_proxy -e POST=1 +assert forbidden rm -f "$proxy_container" +assert forbidden pull alpine +assert forbidden run --rm alpine +assert forbidden network create foobar + +delete_proxy +start_proxy -e NETWORKS=1 -e POST=1 +assert allowed network ls +assert allowed network create foo +assert allowed network rm foo diff --git a/tests/test_service.py b/tests/test_service.py new file mode 100644 index 0000000..1886b99 --- /dev/null +++ b/tests/test_service.py @@ -0,0 +1,90 @@ + +import pytest +import logging + +from plumbum import ProcessExecutionError, local +from plumbum.cmd import docker +from plumbum.machines.local import LocalCommand + +logger = logging.getLogger() + +CONTAINER_NAME = "docksockprox_test" +SOCKET_PROXY = "127.0.0.1:2375" + + +def _start_proxy( + container_name=CONTAINER_NAME, + socket_proxy=SOCKET_PROXY, + extra_args=None +): + logger.info(f"Starting {container_name} with args: {extra_args}...") + docker( + "run", + "-d", + "--name", container_name, + "--privileged", + "-v", "/var/run/docker.sock:/var/run/docker.sock", + "-p", f"{socket_proxy}:2375", + extra_args, + "tecnativa/docker-socket-proxy", + ) + + +def _stop_and_delete_proxy( + container_name=CONTAINER_NAME, + socket_proxy=SOCKET_PROXY, +): + logger.info(f"Removing {container_name}...") + docker( + "rm", + "-f", + container_name, + ) + + +def _query_docker_with_proxy(socket_proxy=SOCKET_PROXY, extra_args=None): + try: + _ret_code, stdout, stderr = docker.run( + ( + "--host", + socket_proxy, + extra_args, + ) + ) + except ProcessExecutionError as result: + stdout = result.stdout + stderr = result.stderr + return stdout + stderr + + +def _check_permission(assertion, extra_args=None): + if "forbidden" in _query_docker_with_proxy(extra_args=extra_args): + result = "forbidden" + else: + result = "allowed" + assert result == assertion + + +def test_default_permissions(): + try: + _start_proxy() + _check_permission("allowed", extra_args="version") + _check_permission("forbidden", ["run", "--rm", "alpine"]) + _check_permission("forbidden", ["pull", "alpine"]) + _check_permission("forbidden", ["logs", CONTAINER_NAME]) + _check_permission("forbidden", ["wait", CONTAINER_NAME]) + _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) + _check_permission("forbidden", ["restart", CONTAINER_NAME]) + _check_permission("forbidden", ["network", "ls"]) + _check_permission("forbidden", ["config", "ls"]) + _check_permission("forbidden", ["service", "ls"]) + _check_permission("forbidden", ["stack", "ls"]) + _check_permission("forbidden", ["secret", "ls"]) + _check_permission("forbidden", ["plugin", "ls"]) + _check_permission("forbidden", ["info"]) + _check_permission("forbidden", ["system", "info"]) + _check_permission("forbidden", ["build", "."]) + _check_permission("forbidden", ["swarm", "init"]) + finally: + pass + _stop_and_delete_proxy() \ No newline at end of file From 05ba0bec7257a008d9ce4af887da8cec2f7c7477 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Mon, 9 Nov 2020 16:34:02 +0000 Subject: [PATCH 02/25] Expand tests --- tests/test_service.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/test_service.py b/tests/test_service.py index 1886b99..a992749 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -85,6 +85,43 @@ def test_default_permissions(): _check_permission("forbidden", ["system", "info"]) _check_permission("forbidden", ["build", "."]) _check_permission("forbidden", ["swarm", "init"]) + finally: + pass + _stop_and_delete_proxy() + + +def test_container_permissions(): + try: + _start_proxy(extra_args=["-e", "CONTAINERS=1"]) + _check_permission("allowed", ["logs", CONTAINER_NAME]) + _check_permission("allowed", ["inspect", CONTAINER_NAME]) + _check_permission("forbidden", ["wait", CONTAINER_NAME]) + _check_permission("forbidden", ["run", "--rm", "alpine"]) + _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) + _check_permission("forbidden", ["restart", CONTAINER_NAME]) + finally: + pass + _stop_and_delete_proxy() + + +def test_post_permissions(): + try: + _start_proxy(extra_args=["-e", "POST=1"]) + _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) + _check_permission("forbidden", ["pull", "alpine"]) + _check_permission("forbidden", ["run", "--rm", "alpine"]) + _check_permission("forbidden", ["network", "create", "foobar"]) + finally: + pass + _stop_and_delete_proxy() + + +def test_network_post_permissions(): + try: + _start_proxy(extra_args=["-e", "POST=1", "-e", "NETWORKS=1"]) + _check_permission("allowed", ["network", "ls"]) + _check_permission("allowed", ["network", "create", "foo"]) + _check_permission("allowed", ["network", "rm", "foo"]) finally: pass _stop_and_delete_proxy() \ No newline at end of file From 0dec9ac6e97e028d563c7a8f9465c2ff86f53d0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Mon, 9 Nov 2020 16:34:11 +0000 Subject: [PATCH 03/25] Add GH CI --- .github/workflows/test.yaml | 55 +++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..c0df0a7 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,55 @@ +name: test + +on: + pull_request: + push: + branches: + - devel + - stable + workflow_dispatch: + inputs: + pytest_addopts: + description: + Extra options for pytest; use -vv for full details; see + https://docs.pytest.org/en/latest/example/simple.html#how-to-change-command-line-options-defaults + required: false + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + LANG: "en_US.utf-8" + LC_ALL: "en_US.utf-8" + PIP_CACHE_DIR: ${{ github.workspace }}/.cache.~/pip + PIPX_HOME: ${{ github.workspace }}/.cache.~/pipx + POETRY_CACHE_DIR: ${{ github.workspace }}/.cache.~/pypoetry + POETRY_VIRTUALENVS_IN_PROJECT: "true" + PYTEST_ADDOPTS: ${{ github.event.inputs.pytest_addopts }} + PYTHONIOENCODING: "UTF-8" + +jobs: + test: + runs-on: ubuntu-latest + steps: + # Shared steps + - uses: actions/checkout@v1 + - name: Install python + uses: actions/setup-python@v1 + with: + python-version: '3.x' + - name: Generate cache key CACHE + run: + echo "::set-env name=CACHE::${{ secrets.CACHE_DATE }} ${{ runner.os }} + $(python -VV | sha256sum | cut -d' ' -f1) ${{ hashFiles('pyproject.toml') }} + ${{ hashFiles('poetry.lock') }}" + - uses: actions/cache@v2.1.0 + with: + path: | + .cache.~ + .venv + ~/.local/bin + key: venv ${{ env.CACHE }} + - run: pip install poetry + - name: Patch $PATH + run: echo "::set-env name=PATH::$HOME/.local/bin:$PATH" + - run: poetry install + # Run tests + - run: poetry run pytest From ffdd442ec6a8f2127fcc60f9a3e31008eefd6268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 07:40:58 +0000 Subject: [PATCH 04/25] Apply suggestions --- .github/workflows/test.yaml | 14 +-- poetry.lock | 219 +++++++++++++++++++++++++++++++++++- pyproject.toml | 5 +- pytest.ini | 2 + tests/run_tests.sh | 84 -------------- 5 files changed, 229 insertions(+), 95 deletions(-) create mode 100644 pytest.ini delete mode 100755 tests/run_tests.sh diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c0df0a7..439e534 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -4,8 +4,7 @@ on: pull_request: push: branches: - - devel - - stable + - master workflow_dispatch: inputs: pytest_addopts: @@ -15,7 +14,6 @@ on: required: false env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} LANG: "en_US.utf-8" LC_ALL: "en_US.utf-8" PIP_CACHE_DIR: ${{ github.workspace }}/.cache.~/pip @@ -34,13 +32,13 @@ jobs: - name: Install python uses: actions/setup-python@v1 with: - python-version: '3.x' + python-version: '3.9' - name: Generate cache key CACHE run: - echo "::set-env name=CACHE::${{ secrets.CACHE_DATE }} ${{ runner.os }} + echo "CACHE=${{ secrets.CACHE_DATE }} ${{ runner.os }} $(python -VV | sha256sum | cut -d' ' -f1) ${{ hashFiles('pyproject.toml') }} - ${{ hashFiles('poetry.lock') }}" - - uses: actions/cache@v2.1.0 + ${{ hashFiles('poetry.lock') }}" >> $GITHUB_ENV + - uses: actions/cache@v2 with: path: | .cache.~ @@ -49,7 +47,7 @@ jobs: key: venv ${{ env.CACHE }} - run: pip install poetry - name: Patch $PATH - run: echo "::set-env name=PATH::$HOME/.local/bin:$PATH" + run: echo "PATH=$HOME/.local/bin:$PATH" >> $GITHUB_ENV - run: poetry install # Run tests - run: poetry run pytest diff --git a/poetry.lock b/poetry.lock index 730d910..4a65440 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,3 +1,24 @@ +[[package]] +name = "apipkg" +version = "1.5" +description = "apipkg: namespace control and lazy-import mechanism" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "astroid" +version = "2.4.2" +description = "An abstract syntax tree for Python with inference support." +category = "dev" +optional = false +python-versions = ">=3.5" + +[package.dependencies] +lazy-object-proxy = ">=1.4.0,<1.5.0" +six = ">=1.12,<2.0" +wrapt = ">=1.11,<2.0" + [[package]] name = "atomicwrites" version = "1.4.0" @@ -28,6 +49,33 @@ category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +[[package]] +name = "execnet" +version = "1.7.1" +description = "execnet: rapid multi-Python deployment" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.dependencies] +apipkg = ">=1.4" + +[package.extras] +testing = ["pre-commit"] + +[[package]] +name = "flake8" +version = "3.8.4" +description = "the modular source code checker: pep8 pyflakes and co" +category = "dev" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" + +[package.dependencies] +mccabe = ">=0.6.0,<0.7.0" +pycodestyle = ">=2.6.0a1,<2.7.0" +pyflakes = ">=2.2.0,<2.3.0" + [[package]] name = "iniconfig" version = "1.1.1" @@ -36,6 +84,35 @@ category = "dev" optional = false python-versions = "*" +[[package]] +name = "isort" +version = "5.6.4" +description = "A Python utility / library to sort Python imports." +category = "dev" +optional = false +python-versions = ">=3.6,<4.0" + +[package.extras] +pipfile_deprecated_finder = ["pipreqs", "requirementslib"] +requirements_deprecated_finder = ["pipreqs", "pip-api"] +colors = ["colorama (>=0.4.3,<0.5.0)"] + +[[package]] +name = "lazy-object-proxy" +version = "1.4.3" +description = "A fast and thorough lazy object proxy." +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "mccabe" +version = "0.6.1" +description = "McCabe checker, plugin for flake8" +category = "dev" +optional = false +python-versions = "*" + [[package]] name = "packaging" version = "20.4" @@ -63,7 +140,7 @@ dev = ["pre-commit", "tox"] name = "plumbum" version = "1.6.9" description = "Plumbum: shell combinators library" -category = "main" +category = "dev" optional = false python-versions = ">=2.6,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*" @@ -75,6 +152,37 @@ category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +[[package]] +name = "pycodestyle" +version = "2.6.0" +description = "Python style guide checker" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "pyflakes" +version = "2.2.0" +description = "passive checker of Python programs" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "pylint" +version = "2.6.0" +description = "python code static checker" +category = "dev" +optional = false +python-versions = ">=3.5.*" + +[package.dependencies] +astroid = ">=2.4.0,<=2.5" +colorama = {version = "*", markers = "sys_platform == \"win32\""} +isort = ">=4.2.5,<6" +mccabe = ">=0.6,<0.7" +toml = ">=0.7.1" + [[package]] name = "pyparsing" version = "2.4.7" @@ -105,6 +213,35 @@ toml = "*" checkqa_mypy = ["mypy (==0.780)"] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] +[[package]] +name = "pytest-forked" +version = "1.3.0" +description = "run tests in isolated forked subprocesses" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.dependencies] +py = "*" +pytest = ">=3.10" + +[[package]] +name = "pytest-xdist" +version = "2.1.0" +description = "pytest xdist plugin for distributed testing and loop-on-failing modes" +category = "dev" +optional = false +python-versions = ">=3.5" + +[package.dependencies] +execnet = ">=1.1" +pytest = ">=6.0.0" +pytest-forked = "*" + +[package.extras] +psutil = ["psutil (>=3.0)"] +testing = ["filelock"] + [[package]] name = "six" version = "1.15.0" @@ -121,12 +258,28 @@ category = "dev" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +[[package]] +name = "wrapt" +version = "1.12.1" +description = "Module for decorators, wrappers and monkey patching." +category = "dev" +optional = false +python-versions = "*" + [metadata] lock-version = "1.1" python-versions = "^3.8" -content-hash = "aad93df5d769d433d8739fc1fb317b1d53d9e8ddd18efaaaf8a864d543734c5a" +content-hash = "cba324e2aa3a63b0dd46727f6da353580d38b2be137b48335d5487632eb2a087" [metadata.files] +apipkg = [ + {file = "apipkg-1.5-py2.py3-none-any.whl", hash = "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c"}, + {file = "apipkg-1.5.tar.gz", hash = "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6"}, +] +astroid = [ + {file = "astroid-2.4.2-py3-none-any.whl", hash = "sha256:bc58d83eb610252fd8de6363e39d4f1d0619c894b0ed24603b881c02e64c7386"}, + {file = "astroid-2.4.2.tar.gz", hash = "sha256:2f4078c2a41bf377eea06d71c9d2ba4eb8f6b1af2135bec27bbbb7d8f12bb703"}, +] atomicwrites = [ {file = "atomicwrites-1.4.0-py2.py3-none-any.whl", hash = "sha256:6d1784dea7c0c8d4a5172b6c620f40b6e4cbfdf96d783691f2e1302a7b88e197"}, {file = "atomicwrites-1.4.0.tar.gz", hash = "sha256:ae70396ad1a434f9c7046fd2dd196fc04b12f9e91ffb859164193be8b6168a7a"}, @@ -139,10 +292,49 @@ colorama = [ {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, ] +execnet = [ + {file = "execnet-1.7.1-py2.py3-none-any.whl", hash = "sha256:d4efd397930c46415f62f8a31388d6be4f27a91d7550eb79bc64a756e0056547"}, + {file = "execnet-1.7.1.tar.gz", hash = "sha256:cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50"}, +] +flake8 = [ + {file = "flake8-3.8.4-py2.py3-none-any.whl", hash = "sha256:749dbbd6bfd0cf1318af27bf97a14e28e5ff548ef8e5b1566ccfb25a11e7c839"}, + {file = "flake8-3.8.4.tar.gz", hash = "sha256:aadae8761ec651813c24be05c6f7b4680857ef6afaae4651a4eccaef97ce6c3b"}, +] iniconfig = [ {file = "iniconfig-1.1.1-py2.py3-none-any.whl", hash = "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3"}, {file = "iniconfig-1.1.1.tar.gz", hash = "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"}, ] +isort = [ + {file = "isort-5.6.4-py3-none-any.whl", hash = "sha256:dcab1d98b469a12a1a624ead220584391648790275560e1a43e54c5dceae65e7"}, + {file = "isort-5.6.4.tar.gz", hash = "sha256:dcaeec1b5f0eca77faea2a35ab790b4f3680ff75590bfcb7145986905aab2f58"}, +] +lazy-object-proxy = [ + {file = "lazy-object-proxy-1.4.3.tar.gz", hash = "sha256:f3900e8a5de27447acbf900b4750b0ddfd7ec1ea7fbaf11dfa911141bc522af0"}, + {file = "lazy_object_proxy-1.4.3-cp27-cp27m-macosx_10_13_x86_64.whl", hash = "sha256:a2238e9d1bb71a56cd710611a1614d1194dc10a175c1e08d75e1a7bcc250d442"}, + {file = "lazy_object_proxy-1.4.3-cp27-cp27m-win32.whl", hash = "sha256:efa1909120ce98bbb3777e8b6f92237f5d5c8ea6758efea36a473e1d38f7d3e4"}, + {file = "lazy_object_proxy-1.4.3-cp27-cp27m-win_amd64.whl", hash = "sha256:4677f594e474c91da97f489fea5b7daa17b5517190899cf213697e48d3902f5a"}, + {file = "lazy_object_proxy-1.4.3-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:0c4b206227a8097f05c4dbdd323c50edf81f15db3b8dc064d08c62d37e1a504d"}, + {file = "lazy_object_proxy-1.4.3-cp34-cp34m-manylinux1_x86_64.whl", hash = "sha256:d945239a5639b3ff35b70a88c5f2f491913eb94871780ebfabb2568bd58afc5a"}, + {file = "lazy_object_proxy-1.4.3-cp34-cp34m-win32.whl", hash = "sha256:9651375199045a358eb6741df3e02a651e0330be090b3bc79f6d0de31a80ec3e"}, + {file = "lazy_object_proxy-1.4.3-cp34-cp34m-win_amd64.whl", hash = "sha256:eba7011090323c1dadf18b3b689845fd96a61ba0a1dfbd7f24b921398affc357"}, + {file = "lazy_object_proxy-1.4.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:48dab84ebd4831077b150572aec802f303117c8cc5c871e182447281ebf3ac50"}, + {file = "lazy_object_proxy-1.4.3-cp35-cp35m-win32.whl", hash = "sha256:ca0a928a3ddbc5725be2dd1cf895ec0a254798915fb3a36af0964a0a4149e3db"}, + {file = "lazy_object_proxy-1.4.3-cp35-cp35m-win_amd64.whl", hash = "sha256:194d092e6f246b906e8f70884e620e459fc54db3259e60cf69a4d66c3fda3449"}, + {file = "lazy_object_proxy-1.4.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:97bb5884f6f1cdce0099f86b907aa41c970c3c672ac8b9c8352789e103cf3156"}, + {file = "lazy_object_proxy-1.4.3-cp36-cp36m-win32.whl", hash = "sha256:cb2c7c57005a6804ab66f106ceb8482da55f5314b7fcb06551db1edae4ad1531"}, + {file = "lazy_object_proxy-1.4.3-cp36-cp36m-win_amd64.whl", hash = "sha256:8d859b89baf8ef7f8bc6b00aa20316483d67f0b1cbf422f5b4dc56701c8f2ffb"}, + {file = "lazy_object_proxy-1.4.3-cp37-cp37m-macosx_10_13_x86_64.whl", hash = "sha256:1be7e4c9f96948003609aa6c974ae59830a6baecc5376c25c92d7d697e684c08"}, + {file = "lazy_object_proxy-1.4.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:d74bb8693bf9cf75ac3b47a54d716bbb1a92648d5f781fc799347cfc95952383"}, + {file = "lazy_object_proxy-1.4.3-cp37-cp37m-win32.whl", hash = "sha256:9b15f3f4c0f35727d3a0fba4b770b3c4ebbb1fa907dbcc046a1d2799f3edd142"}, + {file = "lazy_object_proxy-1.4.3-cp37-cp37m-win_amd64.whl", hash = "sha256:9254f4358b9b541e3441b007a0ea0764b9d056afdeafc1a5569eee1cc6c1b9ea"}, + {file = "lazy_object_proxy-1.4.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:a6ae12d08c0bf9909ce12385803a543bfe99b95fe01e752536a60af2b7797c62"}, + {file = "lazy_object_proxy-1.4.3-cp38-cp38-win32.whl", hash = "sha256:5541cada25cd173702dbd99f8e22434105456314462326f06dba3e180f203dfd"}, + {file = "lazy_object_proxy-1.4.3-cp38-cp38-win_amd64.whl", hash = "sha256:59f79fef100b09564bc2df42ea2d8d21a64fdcda64979c0fa3db7bdaabaf6239"}, +] +mccabe = [ + {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, + {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, +] packaging = [ {file = "packaging-20.4-py2.py3-none-any.whl", hash = "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"}, {file = "packaging-20.4.tar.gz", hash = "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8"}, @@ -159,6 +351,18 @@ py = [ {file = "py-1.9.0-py2.py3-none-any.whl", hash = "sha256:366389d1db726cd2fcfc79732e75410e5fe4d31db13692115529d34069a043c2"}, {file = "py-1.9.0.tar.gz", hash = "sha256:9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342"}, ] +pycodestyle = [ + {file = "pycodestyle-2.6.0-py2.py3-none-any.whl", hash = "sha256:2295e7b2f6b5bd100585ebcb1f616591b652db8a741695b3d8f5d28bdc934367"}, + {file = "pycodestyle-2.6.0.tar.gz", hash = "sha256:c58a7d2815e0e8d7972bf1803331fb0152f867bd89adf8a01dfd55085434192e"}, +] +pyflakes = [ + {file = "pyflakes-2.2.0-py2.py3-none-any.whl", hash = "sha256:0d94e0e05a19e57a99444b6ddcf9a6eb2e5c68d3ca1e98e90707af8152c90a92"}, + {file = "pyflakes-2.2.0.tar.gz", hash = "sha256:35b2d75ee967ea93b55750aa9edbbf72813e06a66ba54438df2cfac9e3c27fc8"}, +] +pylint = [ + {file = "pylint-2.6.0-py3-none-any.whl", hash = "sha256:bfe68f020f8a0fece830a22dd4d5dddb4ecc6137db04face4c3420a46a52239f"}, + {file = "pylint-2.6.0.tar.gz", hash = "sha256:bb4a908c9dadbc3aac18860550e870f58e1a02c9f2c204fdf5693d73be061210"}, +] pyparsing = [ {file = "pyparsing-2.4.7-py2.py3-none-any.whl", hash = "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"}, {file = "pyparsing-2.4.7.tar.gz", hash = "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"}, @@ -167,6 +371,14 @@ pytest = [ {file = "pytest-6.1.2-py3-none-any.whl", hash = "sha256:4288fed0d9153d9646bfcdf0c0428197dba1ecb27a33bb6e031d002fa88653fe"}, {file = "pytest-6.1.2.tar.gz", hash = "sha256:c0a7e94a8cdbc5422a51ccdad8e6f1024795939cc89159a0ae7f0b316ad3823e"}, ] +pytest-forked = [ + {file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"}, + {file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"}, +] +pytest-xdist = [ + {file = "pytest-xdist-2.1.0.tar.gz", hash = "sha256:82d938f1a24186520e2d9d3a64ef7d9ac7ecdf1a0659e095d18e596b8cbd0672"}, + {file = "pytest_xdist-2.1.0-py3-none-any.whl", hash = "sha256:7c629016b3bb006b88ac68e2b31551e7becf173c76b977768848e2bbed594d90"}, +] six = [ {file = "six-1.15.0-py2.py3-none-any.whl", hash = "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"}, {file = "six-1.15.0.tar.gz", hash = "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"}, @@ -175,3 +387,6 @@ toml = [ {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, ] +wrapt = [ + {file = "wrapt-1.12.1.tar.gz", hash = "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7"}, +] diff --git a/pyproject.toml b/pyproject.toml index dae9d82..e5d4316 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,10 +6,13 @@ authors = ["Tecnativa S.L"] [tool.poetry.dependencies] python = "^3.8" -plumbum = "^1.6.9" [tool.poetry.dev-dependencies] pytest = "^6.1.2" +pytest-xdist = "^2.1.0" +plumbum = "^1.6.9" +flake8 = "^3.8.4" +pylint = "^2.6.0" [build-system] requires = ["poetry-core>=1.0.0"] diff --git a/pytest.ini b/pytest.ini new file mode 100644 index 0000000..154c512 --- /dev/null +++ b/pytest.ini @@ -0,0 +1,2 @@ +[pytest] +addopts = -n auto -ra \ No newline at end of file diff --git a/tests/run_tests.sh b/tests/run_tests.sh deleted file mode 100755 index 60975f1..0000000 --- a/tests/run_tests.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash - -set -eu - -proxy_container=docksockprox_test -socket_proxy=127.0.0.1:2375 - -start_proxy() { - echo "Starting $proxy_container with args: ${*}..." - docker run -d --name "$proxy_container" \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -p "${socket_proxy}:2375" \ - "$@" \ - tecnativa/docker-socket-proxy &>/dev/null -} - -delete_proxy() { - echo "Removing ${proxy_container}..." - docker rm -f "$proxy_container" &>/dev/null -} - -docker_with_proxy() { - docker --host "$socket_proxy" "$@" 2>&1 -} - -assert() { - assertion=$1 - shift 1 - if docker_with_proxy "$@" | grep -qi 'forbidden'; then - result='forbidden' - else - result='allowed' - fi - if [ "$assertion" == "$result" ]; then - printf '%s' 'PASS' - else - printf '%s' 'FAIL' - fi - echo " | assert 'docker $*' is $assertion" -} - - -trap delete_proxy EXIT - -start_proxy -assert allowed version -assert forbidden run --rm alpine -assert forbidden pull alpine -assert forbidden logs "$proxy_container" -assert forbidden wait "$proxy_container" -assert forbidden rm -f "$proxy_container" -assert forbidden restart "$proxy_container" -assert forbidden network ls -assert forbidden config ls -assert forbidden service ls -assert forbidden stack ls -assert forbidden secret ls -assert forbidden plugin ls -assert forbidden info -assert forbidden system info -assert forbidden build . -assert forbidden swarm init - -delete_proxy -start_proxy -e CONTAINERS=1 -assert allowed logs "$proxy_container" -assert allowed inspect "$proxy_container" -assert forbidden wait "$proxy_container" -assert forbidden run --rm alpine -assert forbidden rm -f "$proxy_container" -assert forbidden restart "$proxy_container" - -delete_proxy -start_proxy -e POST=1 -assert forbidden rm -f "$proxy_container" -assert forbidden pull alpine -assert forbidden run --rm alpine -assert forbidden network create foobar - -delete_proxy -start_proxy -e NETWORKS=1 -e POST=1 -assert allowed network ls -assert allowed network create foo -assert allowed network rm foo From c2fc1fffb10e41a2211780352db4184a26cd93f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 07:47:17 +0000 Subject: [PATCH 05/25] Apply autopretty template + fix prettier --- .copier-answers.autopretty.yml | 10 ++ .editorconfig | 15 ++ .flake8 | 4 + .github/workflows/pre-commit.yml | 15 ++ .gitignore | 260 +++++++++++++++++++++++++++++++ .pre-commit-config.yaml | 89 +++++++++++ .prettierrc.yml | 3 + .vscode/settings.json | 3 + pytest.ini | 2 +- 9 files changed, 400 insertions(+), 1 deletion(-) create mode 100644 .copier-answers.autopretty.yml create mode 100644 .editorconfig create mode 100644 .flake8 create mode 100644 .github/workflows/pre-commit.yml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 .prettierrc.yml create mode 100644 .vscode/settings.json diff --git a/.copier-answers.autopretty.yml b/.copier-answers.autopretty.yml new file mode 100644 index 0000000..379255b --- /dev/null +++ b/.copier-answers.autopretty.yml @@ -0,0 +1,10 @@ +# Changes here will be overwritten by Copier; do NOT edit manually +_commit: v0.1.0a4 +_src_path: https://github.com/copier-org/autopretty.git +ansible: false +biggest_kbs: 0 +github: true +js: false +protected_branches: + - master +python: true diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..99952a3 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +root = true + +[*] +indent_style = space +indent_size = 4 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[*.py] +profile = black # For isort + +[*.{code-snippets,code-workspace,json,yaml,yml}{,.jinja}] +indent_size = 2 diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..f681fa7 --- /dev/null +++ b/.flake8 @@ -0,0 +1,4 @@ +[flake8] +ignore = E203, E501, W503, B950 +max-line-length = 88 +select = C,E,F,W,B diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000..1479882 --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,15 @@ +name: pre-commit + +on: + pull_request: + push: + branches: + - master + +jobs: + pre-commit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + - uses: pre-commit/action@v2.0.0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..55348a6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,260 @@ +# Created by https://www.toptal.com/developers/gitignore/api/vscode,python,node +# Edit at https://www.toptal.com/developers/gitignore?templates=vscode,python,node + +### Node ### +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# TypeScript v1 declaration files +typings/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variables file +.env +.env.test +.env*.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +### Python ### +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +pytestdebug.log + +# Translations +*.mo +*.pot + +# Django stuff: +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ +doc/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ +pythonenv* + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# profiling data +.prof + +### vscode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# End of https://www.toptal.com/developers/gitignore/api/vscode,python,node diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..adaa439 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,89 @@ +default_language_version: + python: python3 + node: "14.14.0" +repos: + # General + - repo: local + hooks: + - id: forbidden-files + name: forbidden files + entry: found forbidden files; remove them + language: fail + files: "\\.rej$" + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.2.0 + hooks: + - id: check-case-conflict + - id: check-executables-have-shebangs + - id: check-json + - id: check-merge-conflict + - id: check-symlinks + - id: check-toml + - id: check-xml + - id: check-yaml + - id: detect-private-key + - id: end-of-file-fixer + - id: mixed-line-ending + args: + - --fix=lf + - id: no-commit-to-branch + args: + - --branch=master + - id: trailing-whitespace + - id: check-ast + - id: check-builtin-literals + - id: check-docstring-first + - id: debug-statements + - id: fix-encoding-pragma + args: + - --remove + - id: requirements-txt-fixer + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v2.1.2 + hooks: + - id: prettier + additional_dependencies: + - prettier@2.1.2 + - "@prettier/plugin-xml@0.12.0" + args: + - --plugin=@prettier/plugin-xml + - repo: https://github.com/myint/autoflake + rev: v1.4 + hooks: + - id: autoflake + args: + - --in-place + - --expand-star-imports + - --ignore-init-module-imports + - --remove-all-unused-imports + - --remove-duplicate-keys + - --remove-unused-variables + - repo: https://github.com/asottile/pyupgrade + rev: v2.7.2 + hooks: + - id: pyupgrade + - repo: https://github.com/psf/black + rev: 20.8b1 + hooks: + - id: black + - repo: https://github.com/timothycrosley/isort + rev: 5.5.1 + hooks: + - id: isort + args: + - --settings=. + - repo: https://gitlab.com/pycqa/flake8 + rev: 3.8.3 + hooks: + - &flake8 + id: flake8 + name: flake8 except __init__.py + exclude: /__init__\.py$ + additional_dependencies: + - flake8-bugbear==20.1.4 + - <<: *flake8 + name: flake8 for __init__.py + args: + # ignore unused imports in __init__.py + - --extend-ignore=F401 + files: /__init__\.py$ diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..e805b1c --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,3 @@ +printWidth: 88 +proseWrap: always +xmlWhitespaceSensitivity: "ignore" diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..c6d14ea --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "python.pythonPath": "{$workspaceFolder}/.venv/bin/python3.9" +} diff --git a/pytest.ini b/pytest.ini index 154c512..45a6328 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,2 +1,2 @@ [pytest] -addopts = -n auto -ra \ No newline at end of file +addopts = -n auto -ra From 7bd86a5425fbd45b5155189d97f3891e072e1515 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 07:52:33 +0000 Subject: [PATCH 06/25] Fix isort --- .editorconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.editorconfig b/.editorconfig index 99952a3..4148b01 100644 --- a/.editorconfig +++ b/.editorconfig @@ -9,7 +9,7 @@ trim_trailing_whitespace = true insert_final_newline = true [*.py] -profile = black # For isort +profile = black [*.{code-snippets,code-workspace,json,yaml,yml}{,.jinja}] indent_size = 2 From 0206be67e594fb358b1dff1b29237d100af5d6c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 07:52:57 +0000 Subject: [PATCH 07/25] Apply autoprettier --- .github/workflows/test.yaml | 8 +-- README.md | 137 ++++++++++++++++++------------------ tests/test_service.py | 24 +++---- 3 files changed, 81 insertions(+), 88 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 439e534..20ef7a9 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -32,12 +32,12 @@ jobs: - name: Install python uses: actions/setup-python@v1 with: - python-version: '3.9' + python-version: "3.9" - name: Generate cache key CACHE run: - echo "CACHE=${{ secrets.CACHE_DATE }} ${{ runner.os }} - $(python -VV | sha256sum | cut -d' ' -f1) ${{ hashFiles('pyproject.toml') }} - ${{ hashFiles('poetry.lock') }}" >> $GITHUB_ENV + echo "CACHE=${{ secrets.CACHE_DATE }} ${{ runner.os }} $(python -VV | + sha256sum | cut -d' ' -f1) ${{ hashFiles('pyproject.toml') }} ${{ + hashFiles('poetry.lock') }}" >> $GITHUB_ENV - uses: actions/cache@v2 with: path: | diff --git a/README.md b/README.md index d64afe3..725a9b9 100644 --- a/README.md +++ b/README.md @@ -11,36 +11,36 @@ This is a security-enhanced proxy for the Docker Socket. ## Why? -Giving access to your Docker socket could mean giving root access to your host, -or even to your whole swarm, but some services require hooking into that socket -to react to events, etc. Using this proxy lets you block anything you consider -those services should not do. +Giving access to your Docker socket could mean giving root access to your host, or even +to your whole swarm, but some services require hooking into that socket to react to +events, etc. Using this proxy lets you block anything you consider those services should +not do. ## How? -We use the official [Alpine][]-based [HAProxy][] image with a small -configuration file. +We use the official [Alpine][]-based [HAProxy][] image with a small configuration file. -It blocks access to the Docker socket API according to the environment -variables you set. It returns a `HTTP 403 Forbidden` status for those dangerous -requests that should never happen. +It blocks access to the Docker socket API according to the environment variables you +set. It returns a `HTTP 403 Forbidden` status for those dangerous requests that should +never happen. ## Security recommendations -- Never expose this container's port to a public network. Only to a Docker - networks where only reside the proxy itself and the service that uses it. -- Revoke access to any API section that you consider your service should not - need. -- This image does not include TLS support, just plain HTTP proxy to the host - Docker Unix socket (which is not TLS protected even if you configured your - host for TLS protection). This is by design because you are supposed to - restrict access to it through Docker's built-in firewall. -- [Read the docs](#suppported-api-versions) for the API version you are using, - and **know what you are doing**. +- Never expose this container's port to a public network. Only to a Docker networks + where only reside the proxy itself and the service that uses it. +- Revoke access to any API section that you consider your service should not need. +- This image does not include TLS support, just plain HTTP proxy to the host Docker + Unix socket (which is not TLS protected even if you configured your host for TLS + protection). This is by design because you are supposed to restrict access to it + through Docker's built-in firewall. +- [Read the docs](#suppported-api-versions) for the API version you are using, and + **know what you are doing**. ## Usage -1. Run the API proxy (`--privileged` flag is required here because it connects with the docker socket, which is a privileged connection in some SELinux/AppArmor contexts and would get locked otherwise): +1. Run the API proxy (`--privileged` flag is required here because it connects with the + docker socket, which is a privileged connection in some SELinux/AppArmor contexts + and would get locked otherwise): $ docker container run \ -d --privileged \ @@ -80,85 +80,84 @@ requests that should never happen. Request forbidden by administrative rules. -The same will happen to any containers that use this proxy's `2375` port to -access the Docker socket API. +The same will happen to any containers that use this proxy's `2375` port to access the +Docker socket API. ## Grant or revoke access to certain API sections -You grant and revoke access to certain features of the Docker API through -environment variables. +You grant and revoke access to certain features of the Docker API through environment +variables. -Normally the variables match the URL prefix (i.e. `AUTH` blocks access to -`/auth/*` parts of the API, etc.). +Normally the variables match the URL prefix (i.e. `AUTH` blocks access to `/auth/*` +parts of the API, etc.). Possible values for these variables: -- `0` to **revoke** access. -- `1` to **grant** access. +- `0` to **revoke** access. +- `1` to **grant** access. ### Access granted by default -These API sections are mostly harmless and almost required for any service that -uses the API, so they are granted by default. +These API sections are mostly harmless and almost required for any service that uses the +API, so they are granted by default. -- `EVENTS` -- `PING` -- `VERSION` +- `EVENTS` +- `PING` +- `VERSION` ### Access revoked by default #### Security-critical -These API sections are considered security-critical, and thus access is revoked -by default. Maximum caution when enabling these. +These API sections are considered security-critical, and thus access is revoked by +default. Maximum caution when enabling these. -- `AUTH` -- `SECRETS` -- `POST`: When disabled, only `GET` and `HEAD` operations are allowed, meaning - any section of the API is read-only. +- `AUTH` +- `SECRETS` +- `POST`: When disabled, only `GET` and `HEAD` operations are allowed, meaning any + section of the API is read-only. #### Not always needed -You will possibly need to grant access to some of these API sections, which are -not so extremely critical but can expose some information that your service -does not need. - -- `BUILD` -- `COMMIT` -- `CONFIGS` -- `CONTAINERS` -- `DISTRIBUTION` -- `EXEC` -- `IMAGES` -- `INFO` -- `NETWORKS` -- `NODES` -- `PLUGINS` -- `SERVICES` -- `SESSION` -- `SWARM` -- `SYSTEM` -- `TASKS` -- `VOLUMES` +You will possibly need to grant access to some of these API sections, which are not so +extremely critical but can expose some information that your service does not need. + +- `BUILD` +- `COMMIT` +- `CONFIGS` +- `CONTAINERS` +- `DISTRIBUTION` +- `EXEC` +- `IMAGES` +- `INFO` +- `NETWORKS` +- `NODES` +- `PLUGINS` +- `SERVICES` +- `SESSION` +- `SWARM` +- `SYSTEM` +- `TASKS` +- `VOLUMES` ## Logging You can set the logging level or severity level of the messages to be logged with the - environment variable `LOG_LEVEL`. Defaul value is info. Possible values are: debug, - info, notice, warning, err, crit, alert and emerg. +environment variable `LOG_LEVEL`. Defaul value is info. Possible values are: debug, +info, notice, warning, err, crit, alert and emerg. ## Supported API versions -- [1.27](https://docs.docker.com/engine/api/v1.27/) -- [1.28](https://docs.docker.com/engine/api/v1.28/) -- [1.29](https://docs.docker.com/engine/api/v1.29/) -- [1.30](https://docs.docker.com/engine/api/v1.30/) -- [1.37](https://docs.docker.com/engine/api/v1.37/) +- [1.27](https://docs.docker.com/engine/api/v1.27/) +- [1.28](https://docs.docker.com/engine/api/v1.28/) +- [1.29](https://docs.docker.com/engine/api/v1.29/) +- [1.30](https://docs.docker.com/engine/api/v1.30/) +- [1.37](https://docs.docker.com/engine/api/v1.37/) ## Feedback Please send any feedback (issues, questions) to the [issue tracker][]. -[Alpine]: https://alpinelinux.org/ -[HAProxy]: http://www.haproxy.org/ +[alpine]: https://alpinelinux.org/ +[haproxy]: http://www.haproxy.org/ [issue tracker]: https://github.com/Tecnativa/docker-socket-proxy/issues diff --git a/tests/test_service.py b/tests/test_service.py index a992749..56816c6 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -1,10 +1,7 @@ - -import pytest import logging -from plumbum import ProcessExecutionError, local +from plumbum import ProcessExecutionError from plumbum.cmd import docker -from plumbum.machines.local import LocalCommand logger = logging.getLogger() @@ -13,18 +10,19 @@ def _start_proxy( - container_name=CONTAINER_NAME, - socket_proxy=SOCKET_PROXY, - extra_args=None + container_name=CONTAINER_NAME, socket_proxy=SOCKET_PROXY, extra_args=None ): logger.info(f"Starting {container_name} with args: {extra_args}...") docker( "run", "-d", - "--name", container_name, + "--name", + container_name, "--privileged", - "-v", "/var/run/docker.sock:/var/run/docker.sock", - "-p", f"{socket_proxy}:2375", + "-v", + "/var/run/docker.sock:/var/run/docker.sock", + "-p", + f"{socket_proxy}:2375", extra_args, "tecnativa/docker-socket-proxy", ) @@ -86,7 +84,6 @@ def test_default_permissions(): _check_permission("forbidden", ["build", "."]) _check_permission("forbidden", ["swarm", "init"]) finally: - pass _stop_and_delete_proxy() @@ -100,7 +97,6 @@ def test_container_permissions(): _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) _check_permission("forbidden", ["restart", CONTAINER_NAME]) finally: - pass _stop_and_delete_proxy() @@ -112,7 +108,6 @@ def test_post_permissions(): _check_permission("forbidden", ["run", "--rm", "alpine"]) _check_permission("forbidden", ["network", "create", "foobar"]) finally: - pass _stop_and_delete_proxy() @@ -123,5 +118,4 @@ def test_network_post_permissions(): _check_permission("allowed", ["network", "create", "foo"]) _check_permission("allowed", ["network", "rm", "foo"]) finally: - pass - _stop_and_delete_proxy() \ No newline at end of file + _stop_and_delete_proxy() From b21d6d8a71552072570eaeb596d5145888fd4b5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 07:56:22 +0000 Subject: [PATCH 08/25] Fix VSCode settings --- .vscode/settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index c6d14ea..3b1d464 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,3 +1,3 @@ { - "python.pythonPath": "{$workspaceFolder}/.venv/bin/python3.9" + "python.pythonPath": ".venv/bin/python" } From 0b7c5d9dcba063dc414e316cb7e0c1a3c0ad69a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 08:19:53 +0000 Subject: [PATCH 09/25] Make tests run in parallel --- pytest.ini | 2 +- tests/test_service.py | 173 ++++++++++++++++++++++++++++++++---------- 2 files changed, 133 insertions(+), 42 deletions(-) diff --git a/pytest.ini b/pytest.ini index 45a6328..0bf3b48 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,2 +1,2 @@ [pytest] -addopts = -n auto -ra +addopts = -n auto -ra diff --git a/tests/test_service.py b/tests/test_service.py index 56816c6..3b2aca5 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -30,7 +30,6 @@ def _start_proxy( def _stop_and_delete_proxy( container_name=CONTAINER_NAME, - socket_proxy=SOCKET_PROXY, ): logger.info(f"Removing {container_name}...") docker( @@ -55,8 +54,10 @@ def _query_docker_with_proxy(socket_proxy=SOCKET_PROXY, extra_args=None): return stdout + stderr -def _check_permission(assertion, extra_args=None): - if "forbidden" in _query_docker_with_proxy(extra_args=extra_args): +def _check_permission(assertion, socket_proxy=SOCKET_PROXY, extra_args=None): + if "forbidden" in _query_docker_with_proxy( + socket_proxy=socket_proxy, extra_args=extra_args + ): result = "forbidden" else: result = "allowed" @@ -64,58 +65,148 @@ def _check_permission(assertion, extra_args=None): def test_default_permissions(): + container_name = f"{CONTAINER_NAME}_1" + socket_proxy = "127.0.0.1:2375" try: - _start_proxy() - _check_permission("allowed", extra_args="version") - _check_permission("forbidden", ["run", "--rm", "alpine"]) - _check_permission("forbidden", ["pull", "alpine"]) - _check_permission("forbidden", ["logs", CONTAINER_NAME]) - _check_permission("forbidden", ["wait", CONTAINER_NAME]) - _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) - _check_permission("forbidden", ["restart", CONTAINER_NAME]) - _check_permission("forbidden", ["network", "ls"]) - _check_permission("forbidden", ["config", "ls"]) - _check_permission("forbidden", ["service", "ls"]) - _check_permission("forbidden", ["stack", "ls"]) - _check_permission("forbidden", ["secret", "ls"]) - _check_permission("forbidden", ["plugin", "ls"]) - _check_permission("forbidden", ["info"]) - _check_permission("forbidden", ["system", "info"]) - _check_permission("forbidden", ["build", "."]) - _check_permission("forbidden", ["swarm", "init"]) + _start_proxy(container_name=container_name, socket_proxy=socket_proxy) + _check_permission("allowed", socket_proxy=socket_proxy, extra_args="version") + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["pull", "alpine"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["logs", container_name] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["wait", container_name] + ) + _check_permission( + "forbidden", + socket_proxy=socket_proxy, + extra_args=["rm", "-f", container_name], + ) + _check_permission( + "forbidden", + socket_proxy=socket_proxy, + extra_args=["restart", container_name], + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["network", "ls"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["config", "ls"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["service", "ls"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["stack", "ls"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["secret", "ls"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["plugin", "ls"] + ) + _check_permission("forbidden", socket_proxy=socket_proxy, extra_args=["info"]) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["system", "info"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["build", "."] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["swarm", "init"] + ) finally: - _stop_and_delete_proxy() + _stop_and_delete_proxy(container_name=container_name) def test_container_permissions(): + container_name = f"{CONTAINER_NAME}_2" + socket_proxy = "127.0.0.1:2376" try: - _start_proxy(extra_args=["-e", "CONTAINERS=1"]) - _check_permission("allowed", ["logs", CONTAINER_NAME]) - _check_permission("allowed", ["inspect", CONTAINER_NAME]) - _check_permission("forbidden", ["wait", CONTAINER_NAME]) - _check_permission("forbidden", ["run", "--rm", "alpine"]) - _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) - _check_permission("forbidden", ["restart", CONTAINER_NAME]) + _start_proxy( + container_name=container_name, + socket_proxy=socket_proxy, + extra_args=["-e", "CONTAINERS=1"], + ) + _check_permission( + "allowed", socket_proxy=socket_proxy, extra_args=["logs", container_name] + ) + _check_permission( + "allowed", socket_proxy=socket_proxy, extra_args=["inspect", container_name] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["wait", container_name] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"] + ) + _check_permission( + "forbidden", + socket_proxy=socket_proxy, + extra_args=["rm", "-f", container_name], + ) + _check_permission( + "forbidden", + socket_proxy=socket_proxy, + extra_args=["restart", container_name], + ) finally: - _stop_and_delete_proxy() + _stop_and_delete_proxy(container_name=container_name) def test_post_permissions(): + container_name = f"{CONTAINER_NAME}_3" + socket_proxy = "127.0.0.1:2377" try: - _start_proxy(extra_args=["-e", "POST=1"]) - _check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) - _check_permission("forbidden", ["pull", "alpine"]) - _check_permission("forbidden", ["run", "--rm", "alpine"]) - _check_permission("forbidden", ["network", "create", "foobar"]) + _start_proxy( + container_name=container_name, + socket_proxy=socket_proxy, + extra_args=["-e", "POST=1"], + ) + _check_permission( + "forbidden", + socket_proxy=socket_proxy, + extra_args=["rm", "-f", container_name], + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["pull", "alpine"] + ) + _check_permission( + "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"] + ) + _check_permission( + "forbidden", + socket_proxy=socket_proxy, + extra_args=["network", "create", "foobar"], + ) finally: - _stop_and_delete_proxy() + _stop_and_delete_proxy(container_name=container_name) def test_network_post_permissions(): + container_name = f"{CONTAINER_NAME}_4" + socket_proxy = "127.0.0.1:2378" try: - _start_proxy(extra_args=["-e", "POST=1", "-e", "NETWORKS=1"]) - _check_permission("allowed", ["network", "ls"]) - _check_permission("allowed", ["network", "create", "foo"]) - _check_permission("allowed", ["network", "rm", "foo"]) + _start_proxy( + container_name=container_name, + socket_proxy=socket_proxy, + extra_args=["-e", "POST=1", "-e", "NETWORKS=1"], + ) + _check_permission( + "allowed", socket_proxy=socket_proxy, extra_args=["network", "ls"] + ) + _check_permission( + "allowed", + socket_proxy=socket_proxy, + extra_args=["network", "create", "foo"], + ) + _check_permission( + "allowed", socket_proxy=socket_proxy, extra_args=["network", "rm", "foo"] + ) finally: - _stop_and_delete_proxy() + _stop_and_delete_proxy(container_name=container_name) From 8d09134a667f55be53ddb3b45c6a0cc664bbc2e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 09:19:44 +0000 Subject: [PATCH 10/25] Build docker image before testing --- tests/test_service.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/test_service.py b/tests/test_service.py index 3b2aca5..9e4c318 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -1,5 +1,6 @@ import logging +import pytest from plumbum import ProcessExecutionError from plumbum.cmd import docker @@ -9,6 +10,12 @@ SOCKET_PROXY = "127.0.0.1:2375" +@pytest.fixture(autouse=True) +def build_docker_image(): + logger.info("Building docker image...") + docker("build", "-t", "docker-socket-proxy:local", ".") + + def _start_proxy( container_name=CONTAINER_NAME, socket_proxy=SOCKET_PROXY, extra_args=None ): @@ -24,7 +31,7 @@ def _start_proxy( "-p", f"{socket_proxy}:2375", extra_args, - "tecnativa/docker-socket-proxy", + "docker-socket-proxy:local", ) From 38f530af899fa07c66dbba404935aaed776c6de9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 09:22:34 +0000 Subject: [PATCH 11/25] Update workspace settings --- .vscode/settings.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 3b1d464..a78f109 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,3 +1,5 @@ { - "python.pythonPath": ".venv/bin/python" + "python.pythonPath": ".venv/bin/python", + "python.testing.pytestEnabled": true, + "cSpell.words": ["pytest"] } From d2dad86abe53cbd5dec7a9e4713a4e2e1ae9c967 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 25 Nov 2020 11:09:46 +0000 Subject: [PATCH 12/25] Try multi-platform builds and push to ghcr.io --- .github/workflows/test.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 20ef7a9..1f43ede 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -51,3 +51,34 @@ jobs: - run: poetry install # Run tests - run: poetry run pytest + build-push: + runs-on: ubuntu-latest + needs: test + env: + DOCKER_REGISTRY_PASSWORD: ${{ secrets.BOT_TOKEN }} + DOCKER_REGISTRY_USERNAME: ${{ secrets.BOT_LOGIN }} + DOCKER_REGISTRY: ghcr.io + DOCKER_REPO: tecnativa/docker-socket-proxy + steps: + # Prepare + - uses: actions/checkout@v2 + - uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + # Build and push + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ env.DOCKER_REGISTRY_USERNAME }} + password: ${{ env.DOCKER_REGISTRY_PASSWORD }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm/v8,linux/arm64,linux/ppc64le,linux/s390x + load: false + push: true + tags: | + ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPO }} From 856cb4912cec20af0a44f2019caa46dbe2d8b519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 26 Nov 2020 09:39:56 +0000 Subject: [PATCH 13/25] Push to docker hub as well from ci --- .github/workflows/test.yaml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1f43ede..616c22f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -47,7 +47,7 @@ jobs: key: venv ${{ env.CACHE }} - run: pip install poetry - name: Patch $PATH - run: echo "PATH=$HOME/.local/bin:$PATH" >> $GITHUB_ENV + run: echo "$HOME/.local/bin" >> $GITHUB_PATH - run: poetry install # Run tests - run: poetry run pytest @@ -55,9 +55,6 @@ jobs: runs-on: ubuntu-latest needs: test env: - DOCKER_REGISTRY_PASSWORD: ${{ secrets.BOT_TOKEN }} - DOCKER_REGISTRY_USERNAME: ${{ secrets.BOT_LOGIN }} - DOCKER_REGISTRY: ghcr.io DOCKER_REPO: tecnativa/docker-socket-proxy steps: # Prepare @@ -66,12 +63,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 # Build and push + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_LOGIN }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry uses: docker/login-action@v1 with: registry: ghcr.io - username: ${{ env.DOCKER_REGISTRY_USERNAME }} - password: ${{ env.DOCKER_REGISTRY_PASSWORD }} + username: ${{ secrets.BOT_LOGIN }} + password: ${{ secrets.BOT_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 with: @@ -81,4 +83,5 @@ jobs: load: false push: true tags: | - ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPO }} + ghcr.io/${{ env.DOCKER_REPO }} + ${{ env.DOCKER_REPO }} From a7d91ef625ecaeb37ea1b26509adb66a9cc766dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 26 Nov 2020 09:41:50 +0000 Subject: [PATCH 14/25] Upgrade autopretty --- .copier-answers.autopretty.yml | 2 +- .editorconfig | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.copier-answers.autopretty.yml b/.copier-answers.autopretty.yml index 379255b..938184a 100644 --- a/.copier-answers.autopretty.yml +++ b/.copier-answers.autopretty.yml @@ -1,5 +1,5 @@ # Changes here will be overwritten by Copier; do NOT edit manually -_commit: v0.1.0a4 +_commit: v0.1.0a5 _src_path: https://github.com/copier-org/autopretty.git ansible: false biggest_kbs: 0 diff --git a/.editorconfig b/.editorconfig index 4148b01..9bec321 100644 --- a/.editorconfig +++ b/.editorconfig @@ -9,6 +9,7 @@ trim_trailing_whitespace = true insert_final_newline = true [*.py] +# For isort profile = black [*.{code-snippets,code-workspace,json,yaml,yml}{,.jinja}] From f3366b55cb7ba1fec6bf819542d0fa01db9a5b96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 26 Nov 2020 09:42:34 +0000 Subject: [PATCH 15/25] Update pyproject configurations --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index e5d4316..fd43df4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,8 +1,8 @@ [tool.poetry] name = "docker-socket-proxy" -version = "0.1.0" +version = "0.0.0" description = "" -authors = ["Tecnativa S.L"] +authors = ["Tecnativa"] [tool.poetry.dependencies] python = "^3.8" From 0c41d3aeb9b97dee1c95cd19c2cc871cc596ba89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Tue, 1 Dec 2020 15:13:49 +0000 Subject: [PATCH 16/25] Improve test configuration and execution TT26468 --- tests/test_service.py | 253 +++++++++++++----------------------------- 1 file changed, 79 insertions(+), 174 deletions(-) diff --git a/tests/test_service.py b/tests/test_service.py index 9e4c318..9d149a0 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -1,7 +1,9 @@ +import json import logging +from contextlib import contextmanager import pytest -from plumbum import ProcessExecutionError +from plumbum import ProcessExecutionError, local from plumbum.cmd import docker logger = logging.getLogger() @@ -16,204 +18,107 @@ def build_docker_image(): docker("build", "-t", "docker-socket-proxy:local", ".") -def _start_proxy( - container_name=CONTAINER_NAME, socket_proxy=SOCKET_PROXY, extra_args=None -): - logger.info(f"Starting {container_name} with args: {extra_args}...") - docker( +def _start_proxy(env_vars_list): + logger.info(f"Starting docker-socket-proxy container with args: {env_vars_list}...") + # HACK: receive as array to make it easier to handle dynamic env vars for docker + cmd = [ "run", "-d", - "--name", - container_name, "--privileged", "-v", "/var/run/docker.sock:/var/run/docker.sock", "-p", - f"{socket_proxy}:2375", - extra_args, - "docker-socket-proxy:local", - ) - - -def _stop_and_delete_proxy( - container_name=CONTAINER_NAME, -): - logger.info(f"Removing {container_name}...") + "2375", + ] + cmd.extend(env_vars_list) + cmd.append("docker-socket-proxy:local") + ret_code, stdout, stderr = docker.run(cmd) + # Get container info + container_id = stdout.strip() + container_data = json.loads(docker("inspect", container_id)) + socket_port = container_data[0]["NetworkSettings"]["Ports"]["2375/tcp"][0][ + "HostPort" + ] + return container_id, socket_port + + +def _stop_and_delete_proxy(container): + logger.info(f"Removing {container}...") docker( + "container", "rm", "-f", - container_name, + container, ) -def _query_docker_with_proxy(socket_proxy=SOCKET_PROXY, extra_args=None): +@contextmanager +def _docker_proxy(**env_vars): + env_vars_list = [] + for var in env_vars: + env_vars_list.extend(["-e", f"{var}={env_vars[var]}"]) + container, port = _start_proxy(env_vars_list) + # start a test container for queries + test_container = docker("run", "--rm", "-d", "nginx").strip() try: - _ret_code, stdout, stderr = docker.run( - ( - "--host", - socket_proxy, - extra_args, - ) - ) - except ProcessExecutionError as result: - stdout = result.stdout - stderr = result.stderr - return stdout + stderr + with local.env(DOCKER_HOST=f"127.0.0.1:{port}"): + yield (docker, test_container) + finally: + _stop_and_delete_proxy(container) + docker("stop", test_container) -def _check_permission(assertion, socket_proxy=SOCKET_PROXY, extra_args=None): - if "forbidden" in _query_docker_with_proxy( - socket_proxy=socket_proxy, extra_args=extra_args - ): - result = "forbidden" +def _query_docker_with_proxy(*command, allowed=True): + if allowed: + docker(command) else: - result = "allowed" - assert result == assertion + with pytest.raises(ProcessExecutionError): + docker(command) def test_default_permissions(): - container_name = f"{CONTAINER_NAME}_1" - socket_proxy = "127.0.0.1:2375" - try: - _start_proxy(container_name=container_name, socket_proxy=socket_proxy) - _check_permission("allowed", socket_proxy=socket_proxy, extra_args="version") - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["pull", "alpine"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["logs", container_name] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["wait", container_name] - ) - _check_permission( - "forbidden", - socket_proxy=socket_proxy, - extra_args=["rm", "-f", container_name], - ) - _check_permission( - "forbidden", - socket_proxy=socket_proxy, - extra_args=["restart", container_name], - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["network", "ls"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["config", "ls"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["service", "ls"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["stack", "ls"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["secret", "ls"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["plugin", "ls"] - ) - _check_permission("forbidden", socket_proxy=socket_proxy, extra_args=["info"]) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["system", "info"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["build", "."] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["swarm", "init"] - ) - finally: - _stop_and_delete_proxy(container_name=container_name) + with _docker_proxy() as (docker, test_container): + _query_docker_with_proxy("version", allowed=True) + _query_docker_with_proxy("pull", "alpine", allowed=False) + _query_docker_with_proxy( + "run", "--rm", "alpine", "--name", test_container, allowed=False + ) + _query_docker_with_proxy("logs", test_container, allowed=False) + _query_docker_with_proxy("wait", test_container, allowed=False) + _query_docker_with_proxy("rm", "-f", test_container, allowed=False) + _query_docker_with_proxy("restart", test_container, allowed=False) + _query_docker_with_proxy("network", "ls", allowed=False) + _query_docker_with_proxy("config", "ls", allowed=False) + _query_docker_with_proxy("service", "ls", allowed=False) + _query_docker_with_proxy("stack", "ls", allowed=False) + _query_docker_with_proxy("secret", "ls", allowed=False) + _query_docker_with_proxy("plugin", "ls", allowed=False) + _query_docker_with_proxy("info", allowed=False) + _query_docker_with_proxy("system", "info", allowed=False) + _query_docker_with_proxy("build", ".", allowed=False) + _query_docker_with_proxy("swarm", "init", allowed=False) def test_container_permissions(): - container_name = f"{CONTAINER_NAME}_2" - socket_proxy = "127.0.0.1:2376" - try: - _start_proxy( - container_name=container_name, - socket_proxy=socket_proxy, - extra_args=["-e", "CONTAINERS=1"], - ) - _check_permission( - "allowed", socket_proxy=socket_proxy, extra_args=["logs", container_name] - ) - _check_permission( - "allowed", socket_proxy=socket_proxy, extra_args=["inspect", container_name] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["wait", container_name] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"] - ) - _check_permission( - "forbidden", - socket_proxy=socket_proxy, - extra_args=["rm", "-f", container_name], - ) - _check_permission( - "forbidden", - socket_proxy=socket_proxy, - extra_args=["restart", container_name], - ) - finally: - _stop_and_delete_proxy(container_name=container_name) + with _docker_proxy(CONTAINERS=1) as (docker, test_container): + _query_docker_with_proxy("logs", test_container, allowed=True) + _query_docker_with_proxy("inspect", test_container, allowed=True) + _query_docker_with_proxy("wait", test_container, allowed=False) + _query_docker_with_proxy("run", "--rm", "alpine", allowed=False) + _query_docker_with_proxy("rm", "-f", test_container, allowed=False) + _query_docker_with_proxy("restart", test_container, allowed=False) def test_post_permissions(): - container_name = f"{CONTAINER_NAME}_3" - socket_proxy = "127.0.0.1:2377" - try: - _start_proxy( - container_name=container_name, - socket_proxy=socket_proxy, - extra_args=["-e", "POST=1"], - ) - _check_permission( - "forbidden", - socket_proxy=socket_proxy, - extra_args=["rm", "-f", container_name], - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["pull", "alpine"] - ) - _check_permission( - "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"] - ) - _check_permission( - "forbidden", - socket_proxy=socket_proxy, - extra_args=["network", "create", "foobar"], - ) - finally: - _stop_and_delete_proxy(container_name=container_name) + with _docker_proxy(POST=1) as (docker, test_container): + _query_docker_with_proxy("rm", "-f", test_container, allowed=False) + _query_docker_with_proxy("pull", "alpine", allowed=False) + _query_docker_with_proxy("run", "--rm", "alpine", allowed=False) + _query_docker_with_proxy("network", "create", "foobar", allowed=False) def test_network_post_permissions(): - container_name = f"{CONTAINER_NAME}_4" - socket_proxy = "127.0.0.1:2378" - try: - _start_proxy( - container_name=container_name, - socket_proxy=socket_proxy, - extra_args=["-e", "POST=1", "-e", "NETWORKS=1"], - ) - _check_permission( - "allowed", socket_proxy=socket_proxy, extra_args=["network", "ls"] - ) - _check_permission( - "allowed", - socket_proxy=socket_proxy, - extra_args=["network", "create", "foo"], - ) - _check_permission( - "allowed", socket_proxy=socket_proxy, extra_args=["network", "rm", "foo"] - ) - finally: - _stop_and_delete_proxy(container_name=container_name) + with _docker_proxy(POST=1, NETWORKS=1) as (docker, test_container): + _query_docker_with_proxy("network", "ls", allowed=True) + _query_docker_with_proxy("network", "create", "foo", allowed=True) + _query_docker_with_proxy("network", "rm", "foo", allowed=True) From 91c06522f32a593fdbe1e3beeaca3b3b6bc6d9c0 Mon Sep 17 00:00:00 2001 From: Jairo Llopis Date: Wed, 2 Dec 2020 10:49:50 +0000 Subject: [PATCH 17/25] Provide initial conftest --- .vscode/settings.json | 11 +- poetry.lock | 243 +++++++++++++++++++++++++++--------------- pyproject.toml | 6 +- tests/conftest.py | 70 ++++++++++++ tests/test_service.py | 118 +++++--------------- 5 files changed, 269 insertions(+), 179 deletions(-) create mode 100644 tests/conftest.py diff --git a/.vscode/settings.json b/.vscode/settings.json index a78f109..80552b4 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,14 @@ { + "cSpell.words": ["pytest"], + "editor.defaultFormatter": "esbenp.prettier-vscode", + "editor.formatOnSave": true, + "editor.formatOnSaveMode": "file", + "python.formatting.provider": "black", + "python.linting.flake8Enabled": true, "python.pythonPath": ".venv/bin/python", "python.testing.pytestEnabled": true, - "cSpell.words": ["pytest"] + "[python]": { + "editor.defaultFormatter": "ms-python.python", + "editor.formatOnSave": true + } } diff --git a/poetry.lock b/poetry.lock index 4a65440..dad8261 100644 --- a/poetry.lock +++ b/poetry.lock @@ -7,17 +7,12 @@ optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" [[package]] -name = "astroid" -version = "2.4.2" -description = "An abstract syntax tree for Python with inference support." +name = "appdirs" +version = "1.4.4" +description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." category = "dev" optional = false -python-versions = ">=3.5" - -[package.dependencies] -lazy-object-proxy = ">=1.4.0,<1.5.0" -six = ">=1.12,<2.0" -wrapt = ">=1.11,<2.0" +python-versions = "*" [[package]] name = "atomicwrites" @@ -41,6 +36,36 @@ docs = ["furo", "sphinx", "zope.interface"] tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface"] tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six"] +[[package]] +name = "black" +version = "20.8b1" +description = "The uncompromising code formatter." +category = "dev" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +appdirs = "*" +click = ">=7.1.2" +mypy-extensions = ">=0.4.3" +pathspec = ">=0.6,<1" +regex = ">=2020.1.8" +toml = ">=0.10.1" +typed-ast = ">=1.4.0" +typing-extensions = ">=3.7.4" + +[package.extras] +colorama = ["colorama (>=0.4.3)"] +d = ["aiohttp (>=3.3.2)", "aiohttp-cors"] + +[[package]] +name = "click" +version = "7.1.2" +description = "Composable command line interface toolkit" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + [[package]] name = "colorama" version = "0.4.4" @@ -85,30 +110,17 @@ optional = false python-versions = "*" [[package]] -name = "isort" -version = "5.6.4" -description = "A Python utility / library to sort Python imports." -category = "dev" -optional = false -python-versions = ">=3.6,<4.0" - -[package.extras] -pipfile_deprecated_finder = ["pipreqs", "requirementslib"] -requirements_deprecated_finder = ["pipreqs", "pip-api"] -colors = ["colorama (>=0.4.3,<0.5.0)"] - -[[package]] -name = "lazy-object-proxy" -version = "1.4.3" -description = "A fast and thorough lazy object proxy." +name = "mccabe" +version = "0.6.1" +description = "McCabe checker, plugin for flake8" category = "dev" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = "*" [[package]] -name = "mccabe" -version = "0.6.1" -description = "McCabe checker, plugin for flake8" +name = "mypy-extensions" +version = "0.4.3" +description = "Experimental type system extensions for programs checked with the mypy typechecker." category = "dev" optional = false python-versions = "*" @@ -125,6 +137,14 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" pyparsing = ">=2.0.2" six = "*" +[[package]] +name = "pathspec" +version = "0.8.1" +description = "Utility library for gitignore style pattern matching of file paths." +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + [[package]] name = "pluggy" version = "0.13.1" @@ -168,21 +188,6 @@ category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -[[package]] -name = "pylint" -version = "2.6.0" -description = "python code static checker" -category = "dev" -optional = false -python-versions = ">=3.5.*" - -[package.dependencies] -astroid = ">=2.4.0,<=2.5" -colorama = {version = "*", markers = "sys_platform == \"win32\""} -isort = ">=4.2.5,<6" -mccabe = ">=0.6,<0.7" -toml = ">=0.7.1" - [[package]] name = "pyparsing" version = "2.4.7" @@ -242,6 +247,14 @@ pytest-forked = "*" psutil = ["psutil (>=3.0)"] testing = ["filelock"] +[[package]] +name = "regex" +version = "2020.11.13" +description = "Alternative regular expression module, to replace re." +category = "dev" +optional = false +python-versions = "*" + [[package]] name = "six" version = "1.15.0" @@ -259,9 +272,17 @@ optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" [[package]] -name = "wrapt" -version = "1.12.1" -description = "Module for decorators, wrappers and monkey patching." +name = "typed-ast" +version = "1.4.1" +description = "a fork of Python 2 and 3 ast modules with type comment support" +category = "dev" +optional = false +python-versions = "*" + +[[package]] +name = "typing-extensions" +version = "3.7.4.3" +description = "Backported and Experimental Type Hints for Python 3.5+" category = "dev" optional = false python-versions = "*" @@ -269,16 +290,16 @@ python-versions = "*" [metadata] lock-version = "1.1" python-versions = "^3.8" -content-hash = "cba324e2aa3a63b0dd46727f6da353580d38b2be137b48335d5487632eb2a087" +content-hash = "96dcdc93ce97e947b10a856408bfbb970e7df54f4694f7c4c1634b2d0ed8ea6c" [metadata.files] apipkg = [ {file = "apipkg-1.5-py2.py3-none-any.whl", hash = "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c"}, {file = "apipkg-1.5.tar.gz", hash = "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6"}, ] -astroid = [ - {file = "astroid-2.4.2-py3-none-any.whl", hash = "sha256:bc58d83eb610252fd8de6363e39d4f1d0619c894b0ed24603b881c02e64c7386"}, - {file = "astroid-2.4.2.tar.gz", hash = "sha256:2f4078c2a41bf377eea06d71c9d2ba4eb8f6b1af2135bec27bbbb7d8f12bb703"}, +appdirs = [ + {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"}, + {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"}, ] atomicwrites = [ {file = "atomicwrites-1.4.0-py2.py3-none-any.whl", hash = "sha256:6d1784dea7c0c8d4a5172b6c620f40b6e4cbfdf96d783691f2e1302a7b88e197"}, @@ -288,6 +309,14 @@ attrs = [ {file = "attrs-20.3.0-py2.py3-none-any.whl", hash = "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6"}, {file = "attrs-20.3.0.tar.gz", hash = "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700"}, ] +black = [ + {file = "black-20.8b1-py3-none-any.whl", hash = "sha256:70b62ef1527c950db59062cda342ea224d772abdf6adc58b86a45421bab20a6b"}, + {file = "black-20.8b1.tar.gz", hash = "sha256:1c02557aa099101b9d21496f8a914e9ed2222ef70336404eeeac8edba836fbea"}, +] +click = [ + {file = "click-7.1.2-py2.py3-none-any.whl", hash = "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc"}, + {file = "click-7.1.2.tar.gz", hash = "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a"}, +] colorama = [ {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, @@ -301,44 +330,24 @@ flake8 = [ {file = "flake8-3.8.4.tar.gz", hash = "sha256:aadae8761ec651813c24be05c6f7b4680857ef6afaae4651a4eccaef97ce6c3b"}, ] iniconfig = [ - {file = "iniconfig-1.1.1-py2.py3-none-any.whl", hash = "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3"}, {file = "iniconfig-1.1.1.tar.gz", hash = "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"}, ] -isort = [ - {file = "isort-5.6.4-py3-none-any.whl", hash = "sha256:dcab1d98b469a12a1a624ead220584391648790275560e1a43e54c5dceae65e7"}, - {file = "isort-5.6.4.tar.gz", hash = "sha256:dcaeec1b5f0eca77faea2a35ab790b4f3680ff75590bfcb7145986905aab2f58"}, -] -lazy-object-proxy = [ - {file = "lazy-object-proxy-1.4.3.tar.gz", hash = "sha256:f3900e8a5de27447acbf900b4750b0ddfd7ec1ea7fbaf11dfa911141bc522af0"}, - {file = "lazy_object_proxy-1.4.3-cp27-cp27m-macosx_10_13_x86_64.whl", hash = "sha256:a2238e9d1bb71a56cd710611a1614d1194dc10a175c1e08d75e1a7bcc250d442"}, - {file = "lazy_object_proxy-1.4.3-cp27-cp27m-win32.whl", hash = "sha256:efa1909120ce98bbb3777e8b6f92237f5d5c8ea6758efea36a473e1d38f7d3e4"}, - {file = "lazy_object_proxy-1.4.3-cp27-cp27m-win_amd64.whl", hash = "sha256:4677f594e474c91da97f489fea5b7daa17b5517190899cf213697e48d3902f5a"}, - {file = "lazy_object_proxy-1.4.3-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:0c4b206227a8097f05c4dbdd323c50edf81f15db3b8dc064d08c62d37e1a504d"}, - {file = "lazy_object_proxy-1.4.3-cp34-cp34m-manylinux1_x86_64.whl", hash = "sha256:d945239a5639b3ff35b70a88c5f2f491913eb94871780ebfabb2568bd58afc5a"}, - {file = "lazy_object_proxy-1.4.3-cp34-cp34m-win32.whl", hash = "sha256:9651375199045a358eb6741df3e02a651e0330be090b3bc79f6d0de31a80ec3e"}, - {file = "lazy_object_proxy-1.4.3-cp34-cp34m-win_amd64.whl", hash = "sha256:eba7011090323c1dadf18b3b689845fd96a61ba0a1dfbd7f24b921398affc357"}, - {file = "lazy_object_proxy-1.4.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:48dab84ebd4831077b150572aec802f303117c8cc5c871e182447281ebf3ac50"}, - {file = "lazy_object_proxy-1.4.3-cp35-cp35m-win32.whl", hash = "sha256:ca0a928a3ddbc5725be2dd1cf895ec0a254798915fb3a36af0964a0a4149e3db"}, - {file = "lazy_object_proxy-1.4.3-cp35-cp35m-win_amd64.whl", hash = "sha256:194d092e6f246b906e8f70884e620e459fc54db3259e60cf69a4d66c3fda3449"}, - {file = "lazy_object_proxy-1.4.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:97bb5884f6f1cdce0099f86b907aa41c970c3c672ac8b9c8352789e103cf3156"}, - {file = "lazy_object_proxy-1.4.3-cp36-cp36m-win32.whl", hash = "sha256:cb2c7c57005a6804ab66f106ceb8482da55f5314b7fcb06551db1edae4ad1531"}, - {file = "lazy_object_proxy-1.4.3-cp36-cp36m-win_amd64.whl", hash = "sha256:8d859b89baf8ef7f8bc6b00aa20316483d67f0b1cbf422f5b4dc56701c8f2ffb"}, - {file = "lazy_object_proxy-1.4.3-cp37-cp37m-macosx_10_13_x86_64.whl", hash = "sha256:1be7e4c9f96948003609aa6c974ae59830a6baecc5376c25c92d7d697e684c08"}, - {file = "lazy_object_proxy-1.4.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:d74bb8693bf9cf75ac3b47a54d716bbb1a92648d5f781fc799347cfc95952383"}, - {file = "lazy_object_proxy-1.4.3-cp37-cp37m-win32.whl", hash = "sha256:9b15f3f4c0f35727d3a0fba4b770b3c4ebbb1fa907dbcc046a1d2799f3edd142"}, - {file = "lazy_object_proxy-1.4.3-cp37-cp37m-win_amd64.whl", hash = "sha256:9254f4358b9b541e3441b007a0ea0764b9d056afdeafc1a5569eee1cc6c1b9ea"}, - {file = "lazy_object_proxy-1.4.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:a6ae12d08c0bf9909ce12385803a543bfe99b95fe01e752536a60af2b7797c62"}, - {file = "lazy_object_proxy-1.4.3-cp38-cp38-win32.whl", hash = "sha256:5541cada25cd173702dbd99f8e22434105456314462326f06dba3e180f203dfd"}, - {file = "lazy_object_proxy-1.4.3-cp38-cp38-win_amd64.whl", hash = "sha256:59f79fef100b09564bc2df42ea2d8d21a64fdcda64979c0fa3db7bdaabaf6239"}, -] mccabe = [ {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, ] +mypy-extensions = [ + {file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"}, + {file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"}, +] packaging = [ {file = "packaging-20.4-py2.py3-none-any.whl", hash = "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"}, {file = "packaging-20.4.tar.gz", hash = "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8"}, ] +pathspec = [ + {file = "pathspec-0.8.1-py2.py3-none-any.whl", hash = "sha256:aa0cb481c4041bf52ffa7b0d8fa6cd3e88a2ca4879c533c9153882ee2556790d"}, + {file = "pathspec-0.8.1.tar.gz", hash = "sha256:86379d6b86d75816baba717e64b1a3a3469deb93bb76d613c9ce79edc5cb68fd"}, +] pluggy = [ {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"}, {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, @@ -359,10 +368,6 @@ pyflakes = [ {file = "pyflakes-2.2.0-py2.py3-none-any.whl", hash = "sha256:0d94e0e05a19e57a99444b6ddcf9a6eb2e5c68d3ca1e98e90707af8152c90a92"}, {file = "pyflakes-2.2.0.tar.gz", hash = "sha256:35b2d75ee967ea93b55750aa9edbbf72813e06a66ba54438df2cfac9e3c27fc8"}, ] -pylint = [ - {file = "pylint-2.6.0-py3-none-any.whl", hash = "sha256:bfe68f020f8a0fece830a22dd4d5dddb4ecc6137db04face4c3420a46a52239f"}, - {file = "pylint-2.6.0.tar.gz", hash = "sha256:bb4a908c9dadbc3aac18860550e870f58e1a02c9f2c204fdf5693d73be061210"}, -] pyparsing = [ {file = "pyparsing-2.4.7-py2.py3-none-any.whl", hash = "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"}, {file = "pyparsing-2.4.7.tar.gz", hash = "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"}, @@ -379,6 +384,49 @@ pytest-xdist = [ {file = "pytest-xdist-2.1.0.tar.gz", hash = "sha256:82d938f1a24186520e2d9d3a64ef7d9ac7ecdf1a0659e095d18e596b8cbd0672"}, {file = "pytest_xdist-2.1.0-py3-none-any.whl", hash = "sha256:7c629016b3bb006b88ac68e2b31551e7becf173c76b977768848e2bbed594d90"}, ] +regex = [ + {file = "regex-2020.11.13-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:8b882a78c320478b12ff024e81dc7d43c1462aa4a3341c754ee65d857a521f85"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:a63f1a07932c9686d2d416fb295ec2c01ab246e89b4d58e5fa468089cab44b70"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:6e4b08c6f8daca7d8f07c8d24e4331ae7953333dbd09c648ed6ebd24db5a10ee"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:bba349276b126947b014e50ab3316c027cac1495992f10e5682dc677b3dfa0c5"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:56e01daca75eae420bce184edd8bb341c8eebb19dd3bce7266332258f9fb9dd7"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:6a8ce43923c518c24a2579fda49f093f1397dad5d18346211e46f134fc624e31"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:1ab79fcb02b930de09c76d024d279686ec5d532eb814fd0ed1e0051eb8bd2daa"}, + {file = "regex-2020.11.13-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:9801c4c1d9ae6a70aeb2128e5b4b68c45d4f0af0d1535500884d644fa9b768c6"}, + {file = "regex-2020.11.13-cp36-cp36m-win32.whl", hash = "sha256:49cae022fa13f09be91b2c880e58e14b6da5d10639ed45ca69b85faf039f7a4e"}, + {file = "regex-2020.11.13-cp36-cp36m-win_amd64.whl", hash = "sha256:749078d1eb89484db5f34b4012092ad14b327944ee7f1c4f74d6279a6e4d1884"}, + {file = "regex-2020.11.13-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b2f4007bff007c96a173e24dcda236e5e83bde4358a557f9ccf5e014439eae4b"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:38c8fd190db64f513fe4e1baa59fed086ae71fa45083b6936b52d34df8f86a88"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:5862975b45d451b6db51c2e654990c1820523a5b07100fc6903e9c86575202a0"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:262c6825b309e6485ec2493ffc7e62a13cf13fb2a8b6d212f72bd53ad34118f1"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:bafb01b4688833e099d79e7efd23f99172f501a15c44f21ea2118681473fdba0"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:e32f5f3d1b1c663af7f9c4c1e72e6ffe9a78c03a31e149259f531e0fed826512"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:3bddc701bdd1efa0d5264d2649588cbfda549b2899dc8d50417e47a82e1387ba"}, + {file = "regex-2020.11.13-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:02951b7dacb123d8ea6da44fe45ddd084aa6777d4b2454fa0da61d569c6fa538"}, + {file = "regex-2020.11.13-cp37-cp37m-win32.whl", hash = "sha256:0d08e71e70c0237883d0bef12cad5145b84c3705e9c6a588b2a9c7080e5af2a4"}, + {file = "regex-2020.11.13-cp37-cp37m-win_amd64.whl", hash = "sha256:1fa7ee9c2a0e30405e21031d07d7ba8617bc590d391adfc2b7f1e8b99f46f444"}, + {file = "regex-2020.11.13-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:baf378ba6151f6e272824b86a774326f692bc2ef4cc5ce8d5bc76e38c813a55f"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux1_i686.whl", hash = "sha256:e3faaf10a0d1e8e23a9b51d1900b72e1635c2d5b0e1bea1c18022486a8e2e52d"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:2a11a3e90bd9901d70a5b31d7dd85114755a581a5da3fc996abfefa48aee78af"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d1ebb090a426db66dd80df8ca85adc4abfcbad8a7c2e9a5ec7513ede522e0a8f"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:b2b1a5ddae3677d89b686e5c625fc5547c6e492bd755b520de5332773a8af06b"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:2c99e97d388cd0a8d30f7c514d67887d8021541b875baf09791a3baad48bb4f8"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:c084582d4215593f2f1d28b65d2a2f3aceff8342aa85afd7be23a9cad74a0de5"}, + {file = "regex-2020.11.13-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:a3d748383762e56337c39ab35c6ed4deb88df5326f97a38946ddd19028ecce6b"}, + {file = "regex-2020.11.13-cp38-cp38-win32.whl", hash = "sha256:7913bd25f4ab274ba37bc97ad0e21c31004224ccb02765ad984eef43e04acc6c"}, + {file = "regex-2020.11.13-cp38-cp38-win_amd64.whl", hash = "sha256:6c54ce4b5d61a7129bad5c5dc279e222afd00e721bf92f9ef09e4fae28755683"}, + {file = "regex-2020.11.13-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1862a9d9194fae76a7aaf0150d5f2a8ec1da89e8b55890b1786b8f88a0f619dc"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux1_i686.whl", hash = "sha256:4902e6aa086cbb224241adbc2f06235927d5cdacffb2425c73e6570e8d862364"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:7a25fcbeae08f96a754b45bdc050e1fb94b95cab046bf56b016c25e9ab127b3e"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:d2d8ce12b7c12c87e41123997ebaf1a5767a5be3ec545f64675388970f415e2e"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:f7d29a6fc4760300f86ae329e3b6ca28ea9c20823df123a2ea8693e967b29917"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:717881211f46de3ab130b58ec0908267961fadc06e44f974466d1887f865bd5b"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:3128e30d83f2e70b0bed9b2a34e92707d0877e460b402faca908c6667092ada9"}, + {file = "regex-2020.11.13-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:8f6a2229e8ad946e36815f2a03386bb8353d4bde368fdf8ca5f0cb97264d3b5c"}, + {file = "regex-2020.11.13-cp39-cp39-win32.whl", hash = "sha256:f8f295db00ef5f8bae530fc39af0b40486ca6068733fb860b42115052206466f"}, + {file = "regex-2020.11.13-cp39-cp39-win_amd64.whl", hash = "sha256:a15f64ae3a027b64496a71ab1f722355e570c3fac5ba2801cafce846bf5af01d"}, + {file = "regex-2020.11.13.tar.gz", hash = "sha256:83d6b356e116ca119db8e7c6fc2983289d87b27b3fac238cfe5dca529d884562"}, +] six = [ {file = "six-1.15.0-py2.py3-none-any.whl", hash = "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"}, {file = "six-1.15.0.tar.gz", hash = "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"}, @@ -387,6 +435,31 @@ toml = [ {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, ] -wrapt = [ - {file = "wrapt-1.12.1.tar.gz", hash = "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7"}, +typed-ast = [ + {file = "typed_ast-1.4.1-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:73d785a950fc82dd2a25897d525d003f6378d1cb23ab305578394694202a58c3"}, + {file = "typed_ast-1.4.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:aaee9905aee35ba5905cfb3c62f3e83b3bec7b39413f0a7f19be4e547ea01ebb"}, + {file = "typed_ast-1.4.1-cp35-cp35m-win32.whl", hash = "sha256:0c2c07682d61a629b68433afb159376e24e5b2fd4641d35424e462169c0a7919"}, + {file = "typed_ast-1.4.1-cp35-cp35m-win_amd64.whl", hash = "sha256:4083861b0aa07990b619bd7ddc365eb7fa4b817e99cf5f8d9cf21a42780f6e01"}, + {file = "typed_ast-1.4.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:269151951236b0f9a6f04015a9004084a5ab0d5f19b57de779f908621e7d8b75"}, + {file = "typed_ast-1.4.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:24995c843eb0ad11a4527b026b4dde3da70e1f2d8806c99b7b4a7cf491612652"}, + {file = "typed_ast-1.4.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:fe460b922ec15dd205595c9b5b99e2f056fd98ae8f9f56b888e7a17dc2b757e7"}, + {file = "typed_ast-1.4.1-cp36-cp36m-win32.whl", hash = "sha256:4e3e5da80ccbebfff202a67bf900d081906c358ccc3d5e3c8aea42fdfdfd51c1"}, + {file = "typed_ast-1.4.1-cp36-cp36m-win_amd64.whl", hash = "sha256:249862707802d40f7f29f6e1aad8d84b5aa9e44552d2cc17384b209f091276aa"}, + {file = "typed_ast-1.4.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8ce678dbaf790dbdb3eba24056d5364fb45944f33553dd5869b7580cdbb83614"}, + {file = "typed_ast-1.4.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:c9e348e02e4d2b4a8b2eedb48210430658df6951fa484e59de33ff773fbd4b41"}, + {file = "typed_ast-1.4.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:bcd3b13b56ea479b3650b82cabd6b5343a625b0ced5429e4ccad28a8973f301b"}, + {file = "typed_ast-1.4.1-cp37-cp37m-win32.whl", hash = "sha256:d5d33e9e7af3b34a40dc05f498939f0ebf187f07c385fd58d591c533ad8562fe"}, + {file = "typed_ast-1.4.1-cp37-cp37m-win_amd64.whl", hash = "sha256:0666aa36131496aed8f7be0410ff974562ab7eeac11ef351def9ea6fa28f6355"}, + {file = "typed_ast-1.4.1-cp38-cp38-macosx_10_15_x86_64.whl", hash = "sha256:d205b1b46085271b4e15f670058ce182bd1199e56b317bf2ec004b6a44f911f6"}, + {file = "typed_ast-1.4.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:6daac9731f172c2a22ade6ed0c00197ee7cc1221aa84cfdf9c31defeb059a907"}, + {file = "typed_ast-1.4.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:498b0f36cc7054c1fead3d7fc59d2150f4d5c6c56ba7fb150c013fbc683a8d2d"}, + {file = "typed_ast-1.4.1-cp38-cp38-win32.whl", hash = "sha256:715ff2f2df46121071622063fc7543d9b1fd19ebfc4f5c8895af64a77a8c852c"}, + {file = "typed_ast-1.4.1-cp38-cp38-win_amd64.whl", hash = "sha256:fc0fea399acb12edbf8a628ba8d2312f583bdbdb3335635db062fa98cf71fca4"}, + {file = "typed_ast-1.4.1-cp39-cp39-macosx_10_15_x86_64.whl", hash = "sha256:d43943ef777f9a1c42bf4e552ba23ac77a6351de620aa9acf64ad54933ad4d34"}, + {file = "typed_ast-1.4.1.tar.gz", hash = "sha256:8c8aaad94455178e3187ab22c8b01a3837f8ee50e09cf31f1ba129eb293ec30b"}, +] +typing-extensions = [ + {file = "typing_extensions-3.7.4.3-py2-none-any.whl", hash = "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f"}, + {file = "typing_extensions-3.7.4.3-py3-none-any.whl", hash = "sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918"}, + {file = "typing_extensions-3.7.4.3.tar.gz", hash = "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c"}, ] diff --git a/pyproject.toml b/pyproject.toml index fd43df4..d7d4ee7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,11 +8,11 @@ authors = ["Tecnativa"] python = "^3.8" [tool.poetry.dev-dependencies] +black = {version = "^20.8b1", allow-prereleases = true} +flake8 = "^3.8.4" +plumbum = "^1.6.9" pytest = "^6.1.2" pytest-xdist = "^2.1.0" -plumbum = "^1.6.9" -flake8 = "^3.8.4" -pylint = "^2.6.0" [build-system] requires = ["poetry-core>=1.0.0"] diff --git a/tests/conftest.py b/tests/conftest.py new file mode 100644 index 0000000..0b76054 --- /dev/null +++ b/tests/conftest.py @@ -0,0 +1,70 @@ +import json +from contextlib import contextmanager +from logging import info +from pathlib import Path + +import pytest +from plumbum import local +from plumbum.cmd import docker + +IMAGE_NAME = "docker-socket-proxy:local" + + +@pytest.fixture(autouse=True, scope="session") +def docker_image(): + """Build local docker image once before starting test suite.""" + info(f"Building {IMAGE_NAME}...") + docker("build", "-t", IMAGE_NAME, Path(__file__).parent.parent) + return IMAGE_NAME + + +@pytest.fixture() +def sleeping_container(): + """Launch a test container that will last alive as long as the test.""" + try: + container = docker( + "container", "run", "--rm", "--detach", "alpine", "sleep", "3600" + ).strip() + yield container + finally: + docker("container", "rm", "--force", container) + + +@contextmanager +def proxy(**env_vars): + """A context manager that starts the proxy with the specified env. + + While inside the block, `$DOCKER_HOST` will be modified to talk to the proxy + instead of the raw docker socket. + """ + container_id = None + env_list = [f"--env={key}={value}" for key, value in env_vars.items()] + info(f"Starting {IMAGE_NAME} container with: {env_vars.join(' ')}") + try: + container_id = docker( + "container", + "run", + "--detach", + "--privileged", + "--publish=2375", + "--volume=/var/run/docker.sock:/var/run/docker.sock", + *env_list, + IMAGE_NAME, + ) + container_data = json.loads( + docker("container", "inspect", container_id.strip()) + ) + socket_port = container_data[0]["NetworkSettings"]["Ports"]["2375/tcp"][0][ + "HostPort" + ] + with local.env(DOCKER_HOST=f"tcp://localhost:{socket_port}"): + yield + finally: + if container_id: + info(f"Removing {container_id}...") + docker( + "container", + "rm", + "-f", + container_id, + ) diff --git a/tests/test_service.py b/tests/test_service.py index 9d149a0..6857b10 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -1,102 +1,40 @@ -import json import logging -from contextlib import contextmanager import pytest -from plumbum import ProcessExecutionError, local +from plumbum import ProcessExecutionError from plumbum.cmd import docker -logger = logging.getLogger() - -CONTAINER_NAME = "docksockprox_test" -SOCKET_PROXY = "127.0.0.1:2375" - - -@pytest.fixture(autouse=True) -def build_docker_image(): - logger.info("Building docker image...") - docker("build", "-t", "docker-socket-proxy:local", ".") +from .conftest import proxy - -def _start_proxy(env_vars_list): - logger.info(f"Starting docker-socket-proxy container with args: {env_vars_list}...") - # HACK: receive as array to make it easier to handle dynamic env vars for docker - cmd = [ - "run", - "-d", - "--privileged", - "-v", - "/var/run/docker.sock:/var/run/docker.sock", - "-p", - "2375", - ] - cmd.extend(env_vars_list) - cmd.append("docker-socket-proxy:local") - ret_code, stdout, stderr = docker.run(cmd) - # Get container info - container_id = stdout.strip() - container_data = json.loads(docker("inspect", container_id)) - socket_port = container_data[0]["NetworkSettings"]["Ports"]["2375/tcp"][0][ - "HostPort" - ] - return container_id, socket_port +logger = logging.getLogger() -def _stop_and_delete_proxy(container): - logger.info(f"Removing {container}...") - docker( - "container", - "rm", - "-f", - container, +def test_default_permissions(sleeping_container): + allowed_calls = (("version",),) + forbidden_calls = ( + ("pull", "alpine"), + ("--rm", "alpine", "--name", sleeping_container), + ("logs", sleeping_container), + ("wait", sleeping_container), + ("rm", "-f", sleeping_container), + ("restart", sleeping_container), + ("network", "ls"), + ("config", "ls"), + ("service", "ls"), + ("stack", "ls"), + ("secret", "ls"), + ("plugin", "ls"), + ("info",), + ("system", "info"), + ("build", "."), + ("swarm", "init"), ) - - -@contextmanager -def _docker_proxy(**env_vars): - env_vars_list = [] - for var in env_vars: - env_vars_list.extend(["-e", f"{var}={env_vars[var]}"]) - container, port = _start_proxy(env_vars_list) - # start a test container for queries - test_container = docker("run", "--rm", "-d", "nginx").strip() - try: - with local.env(DOCKER_HOST=f"127.0.0.1:{port}"): - yield (docker, test_container) - finally: - _stop_and_delete_proxy(container) - docker("stop", test_container) - - -def _query_docker_with_proxy(*command, allowed=True): - if allowed: - docker(command) - else: - with pytest.raises(ProcessExecutionError): - docker(command) - - -def test_default_permissions(): - with _docker_proxy() as (docker, test_container): - _query_docker_with_proxy("version", allowed=True) - _query_docker_with_proxy("pull", "alpine", allowed=False) - _query_docker_with_proxy( - "run", "--rm", "alpine", "--name", test_container, allowed=False - ) - _query_docker_with_proxy("logs", test_container, allowed=False) - _query_docker_with_proxy("wait", test_container, allowed=False) - _query_docker_with_proxy("rm", "-f", test_container, allowed=False) - _query_docker_with_proxy("restart", test_container, allowed=False) - _query_docker_with_proxy("network", "ls", allowed=False) - _query_docker_with_proxy("config", "ls", allowed=False) - _query_docker_with_proxy("service", "ls", allowed=False) - _query_docker_with_proxy("stack", "ls", allowed=False) - _query_docker_with_proxy("secret", "ls", allowed=False) - _query_docker_with_proxy("plugin", "ls", allowed=False) - _query_docker_with_proxy("info", allowed=False) - _query_docker_with_proxy("system", "info", allowed=False) - _query_docker_with_proxy("build", ".", allowed=False) - _query_docker_with_proxy("swarm", "init", allowed=False) + with proxy(): + for args in allowed_calls: + docker(*args) + for args in forbidden_calls: + with pytest.raises(ProcessExecutionError): + docker(*args) def test_container_permissions(): From 3cf4ee6d6648e30069e006aa715edf5822213356 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 2 Dec 2020 14:25:50 +0000 Subject: [PATCH 18/25] Improve tests --- tests/conftest.py | 18 ++------ tests/test_service.py | 102 ++++++++++++++++++++++++------------------ 2 files changed, 62 insertions(+), 58 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index 0b76054..69a779b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -18,18 +18,6 @@ def docker_image(): return IMAGE_NAME -@pytest.fixture() -def sleeping_container(): - """Launch a test container that will last alive as long as the test.""" - try: - container = docker( - "container", "run", "--rm", "--detach", "alpine", "sleep", "3600" - ).strip() - yield container - finally: - docker("container", "rm", "--force", container) - - @contextmanager def proxy(**env_vars): """A context manager that starts the proxy with the specified env. @@ -39,7 +27,7 @@ def proxy(**env_vars): """ container_id = None env_list = [f"--env={key}={value}" for key, value in env_vars.items()] - info(f"Starting {IMAGE_NAME} container with: {env_vars.join(' ')}") + info(f"Starting {IMAGE_NAME} container with: {env_list}") try: container_id = docker( "container", @@ -50,7 +38,7 @@ def proxy(**env_vars): "--volume=/var/run/docker.sock:/var/run/docker.sock", *env_list, IMAGE_NAME, - ) + ).strip() container_data = json.loads( docker("container", "inspect", container_id.strip()) ) @@ -58,7 +46,7 @@ def proxy(**env_vars): "HostPort" ] with local.env(DOCKER_HOST=f"tcp://localhost:{socket_port}"): - yield + yield container_id finally: if container_id: info(f"Removing {container_id}...") diff --git a/tests/test_service.py b/tests/test_service.py index 6857b10..3b4d95b 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -1,62 +1,78 @@ import logging import pytest +from conftest import proxy from plumbum import ProcessExecutionError from plumbum.cmd import docker -from .conftest import proxy - logger = logging.getLogger() -def test_default_permissions(sleeping_container): - allowed_calls = (("version",),) - forbidden_calls = ( - ("pull", "alpine"), - ("--rm", "alpine", "--name", sleeping_container), - ("logs", sleeping_container), - ("wait", sleeping_container), - ("rm", "-f", sleeping_container), - ("restart", sleeping_container), - ("network", "ls"), - ("config", "ls"), - ("service", "ls"), - ("stack", "ls"), - ("secret", "ls"), - ("plugin", "ls"), - ("info",), - ("system", "info"), - ("build", "."), - ("swarm", "init"), - ) - with proxy(): - for args in allowed_calls: +def _check_permissions(allowed_calls, forbidden_calls): + for args in allowed_calls: + docker(*args) + for args in forbidden_calls: + with pytest.raises(ProcessExecutionError): docker(*args) - for args in forbidden_calls: - with pytest.raises(ProcessExecutionError): - docker(*args) + + +def test_default_permissions(): + with proxy() as test_container: + allowed_calls = (("version",),) + forbidden_calls = ( + ("pull", "alpine"), + ("--rm", "alpine", "--name", test_container), + ("logs", test_container), + ("wait", test_container), + ("rm", "-f", test_container), + ("restart", test_container), + ("network", "ls"), + ("config", "ls"), + ("service", "ls"), + ("stack", "ls"), + ("secret", "ls"), + ("plugin", "ls"), + ("info",), + ("system", "info"), + ("build", "."), + ("swarm", "init"), + ) + _check_permissions(allowed_calls, forbidden_calls) def test_container_permissions(): - with _docker_proxy(CONTAINERS=1) as (docker, test_container): - _query_docker_with_proxy("logs", test_container, allowed=True) - _query_docker_with_proxy("inspect", test_container, allowed=True) - _query_docker_with_proxy("wait", test_container, allowed=False) - _query_docker_with_proxy("run", "--rm", "alpine", allowed=False) - _query_docker_with_proxy("rm", "-f", test_container, allowed=False) - _query_docker_with_proxy("restart", test_container, allowed=False) + with proxy(CONTAINERS=1) as test_container: + allowed_calls = [ + ("logs", test_container), + ("inspect", test_container), + ] + forbidden_calls = [ + ("wait", test_container), + ("run", "--rm", "alpine"), + ("rm", "-f", test_container), + ("restart", test_container), + ] + _check_permissions(allowed_calls, forbidden_calls) def test_post_permissions(): - with _docker_proxy(POST=1) as (docker, test_container): - _query_docker_with_proxy("rm", "-f", test_container, allowed=False) - _query_docker_with_proxy("pull", "alpine", allowed=False) - _query_docker_with_proxy("run", "--rm", "alpine", allowed=False) - _query_docker_with_proxy("network", "create", "foobar", allowed=False) + with proxy(POST=1) as test_container: + allowed_calls = [] + forbidden_calls = [ + ("rm", "-f", test_container), + ("pull", "alpine"), + ("run", "--rm", "alpine"), + ("network", "create", "foobar"), + ] + _check_permissions(allowed_calls, forbidden_calls) def test_network_post_permissions(): - with _docker_proxy(POST=1, NETWORKS=1) as (docker, test_container): - _query_docker_with_proxy("network", "ls", allowed=True) - _query_docker_with_proxy("network", "create", "foo", allowed=True) - _query_docker_with_proxy("network", "rm", "foo", allowed=True) + with proxy(POST=1, NETWORKS=1): + allowed_calls = [ + ("network", "ls"), + ("network", "create", "foo"), + ("network", "rm", "foo"), + ] + forbidden_calls = [] + _check_permissions(allowed_calls, forbidden_calls) From 1f4bd857c48844faccca2bea3ae80bf8e44c628a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Wed, 2 Dec 2020 14:36:41 +0000 Subject: [PATCH 19/25] Add python3 in image --- Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index a3e5611..6f82a54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,12 @@ ENV ALLOW_RESTARTS=0 \ VOLUMES=0 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg +# Install python/pip +ENV PYTHONUNBUFFERED=1 +RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python +RUN python -m ensurepip +RUN python -m pip install --no-cache --upgrade pip setuptools + # Metadata ARG VCS_REF ARG BUILD_DATE From 764ece57aad6ac0b775a242c26608519e4f94502 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 3 Dec 2020 14:42:29 +0000 Subject: [PATCH 20/25] Remove POST rule from proxy --- haproxy.cfg | 1 - 1 file changed, 1 deletion(-) diff --git a/haproxy.cfg b/haproxy.cfg index 1e5aa63..78bdf37 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -57,7 +57,6 @@ frontend dockerfrontend http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/nodes } { env(NODES) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } { env(PING) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/plugins } { env(PLUGINS) -m bool } - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/post } { env(POST) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/secrets } { env(SECRETS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/services } { env(SERVICES) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/session } { env(SESSION) -m bool } From d9d5b442354e8dea173072ddc2fa6b8621c8a44c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 3 Dec 2020 15:10:27 +0000 Subject: [PATCH 21/25] Build image before testing and push at the end Builds the image (in single arch) before testing Loads the image into local docker (See https://github.com/docker/build-push-action#export-image-to-docker) Rebuilds and pushes the final image in multi-arch at the end. --- .github/workflows/test.yaml | 42 ++++++++++++++++++++++++------------- tests/conftest.py | 4 +++- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 616c22f..0ff646e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -24,11 +24,27 @@ env: PYTHONIOENCODING: "UTF-8" jobs: - test: + build-test-push: runs-on: ubuntu-latest + env: + DOCKER_REPO: tecnativa/docker-socket-proxy steps: - # Shared steps - - uses: actions/checkout@v1 + # Prepare Docker environment and build + - uses: actions/checkout@v2 + - uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Build image(s) + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + # HACK: Build single platform image for testing. See https://github.com/docker/buildx/issues/59 + load: true + push: false + tags: | + ${{ env.DOCKER_REPO }}:local + # Set up and run tests - name: Install python uses: actions/setup-python@v1 with: @@ -51,30 +67,28 @@ jobs: - run: poetry install # Run tests - run: poetry run pytest - build-push: - runs-on: ubuntu-latest - needs: test - env: - DOCKER_REPO: tecnativa/docker-socket-proxy - steps: - # Prepare - - uses: actions/checkout@v2 - - uses: docker/setup-qemu-action@v1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 # Build and push - name: Login to DockerHub + if: + github.repository == 'Tecnativa/docker-socket-proxy' && github.ref == + 'refs/heads/master' uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_LOGIN }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry + if: + github.repository == 'Tecnativa/docker-socket-proxy' && github.ref == + 'refs/heads/master' uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ secrets.BOT_LOGIN }} password: ${{ secrets.BOT_TOKEN }} - name: Build and push + if: + github.repository == 'Tecnativa/docker-socket-proxy' && github.ref == + 'refs/heads/master' uses: docker/build-push-action@v2 with: context: . diff --git a/tests/conftest.py b/tests/conftest.py index 69a779b..7069363 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,4 +1,5 @@ import json +import os from contextlib import contextmanager from logging import info from pathlib import Path @@ -7,7 +8,8 @@ from plumbum import local from plumbum.cmd import docker -IMAGE_NAME = "docker-socket-proxy:local" +DOCKER_REPO = os.environ.get("DOCKER_REPO", "docker-socket-proxy") +IMAGE_NAME = f"{DOCKER_REPO}:local" @pytest.fixture(autouse=True, scope="session") From 47f8f464186b97ec4e7d674d94fe56e03f247fca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Thu, 3 Dec 2020 15:31:46 +0000 Subject: [PATCH 22/25] Fix python path --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6f82a54..cd37ef7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,9 +31,8 @@ COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg # Install python/pip ENV PYTHONUNBUFFERED=1 -RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python -RUN python -m ensurepip -RUN python -m pip install --no-cache --upgrade pip setuptools +RUN apk add --update --no-cache python3 && ln -sf $(which python3) /usr/local/bin/python +RUN python -m ensurepip && python -m pip install --no-cache --upgrade pip setuptools # Metadata ARG VCS_REF From dc0b60e63f05ef041383b981995f9673e919054b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Fri, 4 Dec 2020 09:07:31 +0000 Subject: [PATCH 23/25] Remove build fixture from tests to see if image is built in CI --- tests/conftest.py | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index 7069363..9ce7ebf 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,9 +2,7 @@ import os from contextlib import contextmanager from logging import info -from pathlib import Path -import pytest from plumbum import local from plumbum.cmd import docker @@ -12,14 +10,6 @@ IMAGE_NAME = f"{DOCKER_REPO}:local" -@pytest.fixture(autouse=True, scope="session") -def docker_image(): - """Build local docker image once before starting test suite.""" - info(f"Building {IMAGE_NAME}...") - docker("build", "-t", IMAGE_NAME, Path(__file__).parent.parent) - return IMAGE_NAME - - @contextmanager def proxy(**env_vars): """A context manager that starts the proxy with the specified env. From b46fc70a168bf58a21cf486b0aeee1237c588619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Marques?= Date: Fri, 4 Dec 2020 10:01:10 +0000 Subject: [PATCH 24/25] Organize docker tests definition and document --- .github/workflows/test.yaml | 2 ++ README.md | 29 +++++++++++++++++++++++++++++ tests/conftest.py | 7 +++---- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 0ff646e..c1b2136 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -67,6 +67,8 @@ jobs: - run: poetry install # Run tests - run: poetry run pytest + env: + DOCKER_IMAGE_NAME: ${{ env.DOCKER_REPO }}:local # Build and push - name: Login to DockerHub if: diff --git a/README.md b/README.md index 725a9b9..6ba3de8 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,35 @@ extremely critical but can expose some information that your service does not ne - `TASKS` - `VOLUMES` +## Development + +All the dependencies you need to develop this project (apart from Docker itself) are +managed with [poetry](https://python-poetry.org/). + +To set up your development environment, run: + +``` +poetry install +``` + +### Testing + +To run the tests locally, you first need to build the image locally: + +``` +docker build -t docker-socket-proxy:local . +``` + +You can then run them with: + +``` +poetry run pytest +``` + +_Note:_ You can use the docker tag you want, but that is the one that is picked by +default in the tests. If you opt for a different one, set the environment variable +`DOCKER_IMAGE_NAME` to the value you prefer before running the tests. + ## Logging You can set the logging level or severity level of the messages to be logged with the diff --git a/tests/conftest.py b/tests/conftest.py index 9ce7ebf..6e840c6 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -6,8 +6,7 @@ from plumbum import local from plumbum.cmd import docker -DOCKER_REPO = os.environ.get("DOCKER_REPO", "docker-socket-proxy") -IMAGE_NAME = f"{DOCKER_REPO}:local" +DOCKER_IMAGE_NAME = os.environ.get("DOCKER_IMAGE_NAME", "docker-socket-proxy:local") @contextmanager @@ -19,7 +18,7 @@ def proxy(**env_vars): """ container_id = None env_list = [f"--env={key}={value}" for key, value in env_vars.items()] - info(f"Starting {IMAGE_NAME} container with: {env_list}") + info(f"Starting {DOCKER_IMAGE_NAME} container with: {env_list}") try: container_id = docker( "container", @@ -29,7 +28,7 @@ def proxy(**env_vars): "--publish=2375", "--volume=/var/run/docker.sock:/var/run/docker.sock", *env_list, - IMAGE_NAME, + DOCKER_IMAGE_NAME, ).strip() container_data = json.loads( docker("container", "inspect", container_id.strip()) From 15071f7387054d3ab274fe43c785d99a3a865921 Mon Sep 17 00:00:00 2001 From: Jairo Llopis Date: Fri, 4 Dec 2020 17:18:44 +0000 Subject: [PATCH 25/25] Restore fixture allowing usage for local testing This reverts commit dc0b60e63f05ef041383b981995f9673e919054b and allows using `--prebuild` CLI flag for pytest when doing local tests. --- README.md | 27 +++++++++++++++++++-------- tests/conftest.py | 15 +++++++++++++++ 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6ba3de8..1cea066 100644 --- a/README.md +++ b/README.md @@ -153,21 +153,32 @@ poetry install ### Testing -To run the tests locally, you first need to build the image locally: +To run the tests locally, add `--prebuild` to autobuild the image before testing: -``` -docker build -t docker-socket-proxy:local . +```sh +poetry run pytest --prebuild ``` -You can then run them with: +By default, the image that the tests use (and optionally prebuild) is named +`docker-socket-proxy:local`. If you prefer, you can build it separately before testing, +and remove the `--prebuild` flag, to run the tests with that image you built: -``` +```sh +docker image build -t docker-socket-proxy:local . poetry run pytest ``` -_Note:_ You can use the docker tag you want, but that is the one that is picked by -default in the tests. If you opt for a different one, set the environment variable -`DOCKER_IMAGE_NAME` to the value you prefer before running the tests. +If you want to use a different image, export the `DOCKER_IMAGE_NAME` env variable with +the name you want: + +```sh +# To build it automatically +env DOCKER_IMAGE_NAME=my_custom_image poetry run pytest --prebuild + +# To prebuild it separately +docker image build -t my_custom_image . +env DOCKER_IMAGE_NAME=my_custom_image poetry run pytest +``` ## Logging diff --git a/tests/conftest.py b/tests/conftest.py index 6e840c6..8ccb095 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,13 +2,28 @@ import os from contextlib import contextmanager from logging import info +from pathlib import Path +import pytest from plumbum import local from plumbum.cmd import docker DOCKER_IMAGE_NAME = os.environ.get("DOCKER_IMAGE_NAME", "docker-socket-proxy:local") +def pytest_addoption(parser): + """Allow prebuilding image for local testing.""" + parser.addoption("--prebuild", action="store_const", const=True) + + +@pytest.fixture(autouse=True, scope="session") +def prebuild_docker_image(request): + """Build local docker image once before starting test suite.""" + if request.config.getoption("--prebuild"): + info(f"Building {DOCKER_IMAGE_NAME}...") + docker("build", "-t", DOCKER_IMAGE_NAME, Path(__file__).parent.parent) + + @contextmanager def proxy(**env_vars): """A context manager that starts the proxy with the specified env.