diff --git a/.gitattributes b/.gitattributes index bb27001..52f5301 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,4 @@ * text=auto -*.sh eol=lf \ No newline at end of file +*.sh eol=lf +**/run eol=lf +*/services.d/* eol=lf \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 438e20f..1d6a419 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + + - name: Set up java for tests execution + uses: actions/setup-java@v1 + with: + java-version: 11 - name: Set tag var id: vars @@ -24,6 +29,9 @@ jobs: - name: Build Docker image run: docker build . --file Dockerfile --tag ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }} --label quay.expires-after=2h + - name: Test Docker image + run: chmod 777 example && cd tests && gradle test -Dimage_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }} + - name: Scan with Phonito Security uses: phonito/phonito-scanner-action@master with: diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml index 157e043..bd1ddda 100644 --- a/.github/workflows/ci_cd.yml +++ b/.github/workflows/ci_cd.yml @@ -33,6 +33,12 @@ jobs: --label "version=$RELEASE_VERSION" \ --label "org.label-schema.build-date=$(date '+%F %T')" + - name: Test Docker image + run: docker-compose up --exit-code-from test + + - name: Test Docker image + run: chmod 777 example && cd tests && gradle test -Dimage_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} + - name: Scan with Phonito Security if: env.RELEASE_VERSION != '' uses: phonito/phonito-scanner-action@master diff --git a/.gitignore b/.gitignore index 9265881..a80710b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,23 @@ **/*.bind **/*.bind.jnl node_modules + +*.class +*.jar +*.war +*.ear +.gradle +build +.gradletasknamecache + +**/.idea/workspace.xml +**/.idea/tasks.xml + +# Ignore Gradle GUI config +gradle-app.setting + +# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored) +!gradle-wrapper.jar + +# Cache of project +.gradletasknamecache \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 993794d..d82d6a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,22 @@ +FROM homecentr/base:1.0.0 as base + FROM alpine:3.11.2 LABEL maintainer="Lukas Holota " -RUN apk add --no-cache bind=9.14.8-r5 libcap=2.27-r0 && \ - # Create directory for built-in configs - mkdir /config-default && \ - # Prepare directory for pid file so that also non-root user can write into it - chmod 0757 /var/run/named && \ +# Copy S6 overlay and shared scripts +COPY --from=base / / + +# Copy S6 scripts & default configs +COPY ./fs/ / + +RUN apk add --no-cache \ + bind=9.14.8-r5 \ + libcap=2.27-r0 \ + shadow=4.7-r1 && \ # Grant the named process to open a well-known port (1-1024) which normally requires root permissions setcap 'cap_net_bind_service=+ep' /usr/sbin/named -COPY ./config/named.conf /config-default/ -COPY ./config/healthcheck.conf /config-default/ -COPY ./config/healthcheck.zone /config-default/ - HEALTHCHECK --interval=10s --timeout=3s --start-period=10s --retries=3 CMD [ "nslookup", "ns1.bind9-healthcheck", "127.0.0.1" ] # Config directory @@ -28,4 +31,4 @@ EXPOSE 953/tcp # Default statistics port, not opened by default, must be configured EXPOSE 8888/tcp -ENTRYPOINT ["/usr/sbin/named", "-f", "-g", "-4", "-c", "/config-default/named.conf"] \ No newline at end of file +ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/README.md b/README.md index dba3aa8..ed959d2 100644 --- a/README.md +++ b/README.md @@ -3,11 +3,12 @@ This container contains the [BIND9 DNS server](https://www.isc.org/bind/). ## Project status +TODO: Remove snyk, replace with Phonito - link to actions + | Project status/quality | Analytics | |--------|---------------| -| ![](https://snyk.io/test/github/homecentr/docker-dns/badge.svg) | [![](https://img.shields.io/docker/pulls/homecentr/dns.svg)](https://hub.docker.com/repository/docker/homecentr/dns) | -| [![](https://img.shields.io/github/issues-raw/homecentr/docker-dns/bug?label=open%20bugs)](https://github.com/homecentr/docker-dns/labels/bug) | [![](https://images.microbadger.com/badges/version/homecentr/dns.svg)](https://hub.docker.com/repository/docker/homecentr/dns) | -| [![](https://img.shields.io/github/license/homecentr/docker-dns)](https://github.com/homecentr/docker-dns/blob/master/LICENSE) | +| [![](https://img.shields.io/github/issues-raw/homecentr/docker-dns/bug?label=open%20bugs)](https://github.com/homecentr/docker-dns/labels/bug) | [![](https://img.shields.io/docker/pulls/homecentr/dns.svg)](https://hub.docker.com/repository/docker/homecentr/dns) | +| [![](https://img.shields.io/github/license/homecentr/docker-dns)](https://github.com/homecentr/docker-dns/blob/master/LICENSE) | [![](https://images.microbadger.com/badges/version/homecentr/dns.svg)](https://hub.docker.com/repository/docker/homecentr/dns) | | [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/homecentr/docker-dns/graphs/commit-activity) | | ![](https://github.com/homecentr/docker-dns/workflows/CI%2FCD%20on%20master/badge.svg) | @@ -35,10 +36,27 @@ services: ### Configuration See the `example/named.conf` for a quickstart or [BIND9 documentation](https://kb.isc.org/docs/aa-01031) for full configuration reference. The root configuration file (named.conf) is expected to be at `/config/named.conf`. The container contains a piece of built-in configuration which automatically sets up the statistics endpoint and a zone for health check. +> Please note that the directory with zone files must be writable. BIND creates journal files next to the zone files (this cannot be changed) and will fail if it cannot create them. Please refer to the Security section below for details on container UID/GID. + ## Exposed ports | Port | Description | |------|-------------| | 53/tcp | DNS protocol over TCP | | 53/udp | DNS protocol over UDP | -| 8888/tcp | Default port for statistics, is not opened by default, must be configured in named.conf | \ No newline at end of file +| 8888/tcp | Default port for statistics, is not opened by default, must be configured in named.conf | + +## Security + +### Vulnerabilities + +The image is periodically (daily) scanned by Phonito.io for possible vulnerabilities. The results are publically available, just check the [output of the daily scan](https://github.com/homecentr/docker-dns/actions?query=workflow%3A%22Regular+Docker+image+vulnerability+scan%22). + +### Container user +The container runs as non-root user created during the build with UID and GID **7001**. In case this collides with another image/user, you can rebuild the image using the command below and supply a custom UID and GID. + +```bash +docker build . --build-arg UID=9999 --build-arg GID=8888 +``` + +The container will not work if you try to change the UID/GID using the `docker run` because the process would not have access to the required files in the image itself. \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8464e43..92810a6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,13 +2,33 @@ version: "3.7" services: dns: build: . - user: 1050:1050 + image: homecentr/dns + container_name: dns dns: - 127.0.0.1 # important for health check restart: unless-stopped volumes: - "./example:/config:rw" ports: - - 53:53/tcp - - 53:53/udp - - 9000:9000/tcp \ No newline at end of file + - "53:53/tcp" + - "53:53/udp" + - "953:953/tcp" + - "8888:8888/tcp" + + test: + build: ./tests + volumes: + - /var/run/docker.sock:/var/run/docker.sock:rw + environment: + TESTED_CONTAINER_NAME: dns + TESTED_CONTAINER_IP: 172.177.0.10 + networks: + dummy: + ipv4_address: 172.177.0.20 + +networks: + dummy: + driver: bridge + ipam: + config: + - subnet: 172.177.0.0/16 diff --git a/example/named.conf b/example/named.conf index a39254a..fa83891 100644 --- a/example/named.conf +++ b/example/named.conf @@ -10,4 +10,9 @@ options { 8.8.8.8; 8.8.4.4; }; +}; + +zone test { + type master; + file "/config/test.zone"; }; \ No newline at end of file diff --git a/example/test.zone b/example/test.zone new file mode 100644 index 0000000..78a3ca1 --- /dev/null +++ b/example/test.zone @@ -0,0 +1,11 @@ +$ORIGIN test. +$TTL 86400 +@ SOA ns1.test. hostmaster.test. ( + 2001062501 ; serial + 10 + 10 + 10 + 10 ) +; + NS ns1.bind9-healthcheck. +some-record A 127.0.0.122 diff --git a/config/healthcheck.conf b/fs/config-default/healthcheck.conf similarity index 100% rename from config/healthcheck.conf rename to fs/config-default/healthcheck.conf diff --git a/config/healthcheck.zone b/fs/config-default/healthcheck.zone similarity index 100% rename from config/healthcheck.zone rename to fs/config-default/healthcheck.zone diff --git a/config/named.conf b/fs/config-default/named.conf similarity index 100% rename from config/named.conf rename to fs/config-default/named.conf diff --git a/fs/etc/cont-init.d/20-file-permissions.sh b/fs/etc/cont-init.d/20-file-permissions.sh new file mode 100644 index 0000000..5a11997 --- /dev/null +++ b/fs/etc/cont-init.d/20-file-permissions.sh @@ -0,0 +1,4 @@ +#!/usr/bin/with-contenv ash + +chown -R nonroot:nonroot /var/run/named +chown -R nonroot:nonroot /config-default \ No newline at end of file diff --git a/fs/etc/services.d/dns/finish b/fs/etc/services.d/dns/finish new file mode 100644 index 0000000..010f8ca --- /dev/null +++ b/fs/etc/services.d/dns/finish @@ -0,0 +1,3 @@ +#!/usr/bin/execlineb -S1 + +s6-svscanctl -t /var/run/s6/services \ No newline at end of file diff --git a/fs/etc/services.d/dns/run b/fs/etc/services.d/dns/run new file mode 100644 index 0000000..a8f44e8 --- /dev/null +++ b/fs/etc/services.d/dns/run @@ -0,0 +1,5 @@ +#!/usr/bin/execlineb -P + +s6-setuidgid nonroot + +/usr/sbin/named -f -g -4 -c /config-default/named.conf \ No newline at end of file diff --git a/tests/.classpath b/tests/.classpath new file mode 100644 index 0000000..540156a --- /dev/null +++ b/tests/.classpath @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/.idea/.gitignore b/tests/.idea/.gitignore new file mode 100644 index 0000000..5c98b42 --- /dev/null +++ b/tests/.idea/.gitignore @@ -0,0 +1,2 @@ +# Default ignored files +/workspace.xml \ No newline at end of file diff --git a/tests/.idea/.name b/tests/.idea/.name new file mode 100644 index 0000000..28a4d53 --- /dev/null +++ b/tests/.idea/.name @@ -0,0 +1 @@ +docker-dns-tests \ No newline at end of file diff --git a/tests/.idea/gradle.xml b/tests/.idea/gradle.xml new file mode 100644 index 0000000..dea8515 --- /dev/null +++ b/tests/.idea/gradle.xml @@ -0,0 +1,19 @@ + + + + + + + \ No newline at end of file diff --git a/tests/.idea/jarRepositories.xml b/tests/.idea/jarRepositories.xml new file mode 100644 index 0000000..fdc392f --- /dev/null +++ b/tests/.idea/jarRepositories.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/tests/.idea/misc.xml b/tests/.idea/misc.xml new file mode 100644 index 0000000..29af3ee --- /dev/null +++ b/tests/.idea/misc.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/tests/.idea/vcs.xml b/tests/.idea/vcs.xml new file mode 100644 index 0000000..6c0b863 --- /dev/null +++ b/tests/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/tests/.project b/tests/.project new file mode 100644 index 0000000..3c292e9 --- /dev/null +++ b/tests/.project @@ -0,0 +1,23 @@ + + + docker-dns-tests + Project tests created by Buildship. + + + + + org.eclipse.jdt.core.javabuilder + + + + + org.eclipse.buildship.core.gradleprojectbuilder + + + + + + org.eclipse.jdt.core.javanature + org.eclipse.buildship.core.gradleprojectnature + + diff --git a/tests/.settings/org.eclipse.buildship.core.prefs b/tests/.settings/org.eclipse.buildship.core.prefs new file mode 100644 index 0000000..e889521 --- /dev/null +++ b/tests/.settings/org.eclipse.buildship.core.prefs @@ -0,0 +1,2 @@ +connection.project.dir= +eclipse.preferences.version=1 diff --git a/tests/build.gradle b/tests/build.gradle new file mode 100644 index 0000000..40ef84f --- /dev/null +++ b/tests/build.gradle @@ -0,0 +1,27 @@ +plugins { + id 'java' +} + +group 'org.homecentr' +version '1.0-SNAPSHOT' + +sourceCompatibility = 1.8 + +repositories { + mavenCentral() +} + +dependencies { + testImplementation group: 'junit', name: 'junit', version: '4.12' + testImplementation "org.testcontainers:testcontainers:1.12.5" + testImplementation "dnsjava:dnsjava:2.1.9" + testImplementation group: 'org.slf4j', name: 'slf4j-api', version: '1.7.30' + testImplementation group: 'org.slf4j', name: 'slf4j-simple', version: '1.7.30' +} + +test { + systemProperty 'image_tag', System.getProperty('image_tag') + afterTest { desc, result -> + logger.quiet "Executing test ${desc.name} [${desc.className}] with result: ${result.resultType}" + } +} \ No newline at end of file diff --git a/tests/gradle/wrapper/gradle-wrapper.jar b/tests/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..87b738c Binary files /dev/null and b/tests/gradle/wrapper/gradle-wrapper.jar differ diff --git a/tests/gradle/wrapper/gradle-wrapper.properties b/tests/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..44e7c4d --- /dev/null +++ b/tests/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-5.2.1-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/tests/gradlew b/tests/gradlew new file mode 100644 index 0000000..af6708f --- /dev/null +++ b/tests/gradlew @@ -0,0 +1,172 @@ +#!/usr/bin/env sh + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=$(save "$@") + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "$@" diff --git a/tests/gradlew.bat b/tests/gradlew.bat new file mode 100644 index 0000000..6d57edc --- /dev/null +++ b/tests/gradlew.bat @@ -0,0 +1,84 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/tests/settings.gradle b/tests/settings.gradle new file mode 100644 index 0000000..22c6e0c --- /dev/null +++ b/tests/settings.gradle @@ -0,0 +1,2 @@ +rootProject.name = 'docker-dns-tests' + diff --git a/tests/src/test/java/ContainerTestBase.java b/tests/src/test/java/ContainerTestBase.java new file mode 100644 index 0000000..0c93deb --- /dev/null +++ b/tests/src/test/java/ContainerTestBase.java @@ -0,0 +1,42 @@ +import com.github.dockerjava.api.model.ExposedPort; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testcontainers.containers.GenericContainer; +import org.testcontainers.containers.output.Slf4jLogConsumer; +import org.testcontainers.containers.wait.strategy.Wait; + +import java.nio.file.Paths; + +public abstract class ContainerTestBase { + private static final Logger logger = LoggerFactory.getLogger(ContainerTestBase.class); + + private static GenericContainer _container; + + @BeforeClass + public static void setUp() { + String dockerImageTag = System.getProperty("image_tag", "homecentr/dns"); + String configDirPath = Paths.get(System.getProperty("user.dir"), "..", "example").normalize().toString(); + + logger.info("Tested Docker image tag : " + dockerImageTag); + logger.info("Config directory : " + configDirPath); + + _container = new GenericContainer<>(System.getProperty("image_tag", "homecentr/dns")) + .withFileSystemBind(Paths.get(System.getProperty("user.dir"), "..", "example").normalize().toString(), "/config") + .waitingFor(Wait.forHealthcheck()); + + _container.start(); + _container.followOutput(new Slf4jLogConsumer(logger)); + } + + @AfterClass + public static void cleanUp() { + _container.stop(); + _container.close(); + } + + protected static Integer getMappedUdpPort(int originalPort) { + return Integer.parseInt(_container.getContainerInfo().getNetworkSettings().getPorts().getBindings().get(ExposedPort.udp(originalPort))[0].getHostPortSpec()); + } +} \ No newline at end of file diff --git a/tests/src/test/java/DnsContainerShould.java b/tests/src/test/java/DnsContainerShould.java new file mode 100644 index 0000000..612595d --- /dev/null +++ b/tests/src/test/java/DnsContainerShould.java @@ -0,0 +1,50 @@ +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xbill.DNS.*; + +import java.net.InetAddress; +import java.net.UnknownHostException; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class DnsContainerShould extends ContainerTestBase { + private static final Logger logger = LoggerFactory.getLogger(ContainerTestBase.class); + + @Test + public void resolveExternalZoneViaForwarders() throws UnknownHostException, TextParseException { + Lookup lookup = new Lookup("google.com", Type.A); + lookup.setResolver(createResolver()); + + Record[] results = lookup.run(); + + assertEquals("google.com.", results[0].getName().toString()); + assertEquals(Type.A, results[0].getType()); + } + + @Test + public void resolveInternallyDefinedZone() throws TextParseException, UnknownHostException { + Lookup lookup = new Lookup("some-record.test", Type.A); + lookup.setResolver(createResolver()); + + Record[] results = lookup.run(); + + assertTrue(results[0] instanceof ARecord); + + ARecord aRecord = (ARecord)results[0]; + + assertEquals("some-record.test.", aRecord.getName().toString()); + assertEquals(Type.A, aRecord.getType()); + + // The address is configured in the example configs + assertEquals(InetAddress.getByName("127.0.0.122"), aRecord.getAddress()); + } + + private SimpleResolver createResolver() throws UnknownHostException { + SimpleResolver resolver = new SimpleResolver("127.0.0.1"); + resolver.setPort(super.getMappedUdpPort(53)); + + return resolver; + } +}