diff --git a/CHANGELOG.md b/CHANGELOG.md index b146a8c..b2e0b8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.0.1...HEAD) +## [3.0.2](https://github.com/passbolt/passbolt_docker/compare/v3.0.1...v3.0.2) - 2021-03-12 + +- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.0.1...v3.0.2) for passbolt_api + ## [3.0.1](https://github.com/passbolt/passbolt_docker/compare/v3.0.0...v3.0.1) - 2021-02-24 - This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.0.0...v3.0.1) for passbolt_api diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb index 8bb736b..a48a70d 100644 --- a/spec/docker_image/image_spec.rb +++ b/spec/docker_image/image_spec.rb @@ -11,7 +11,7 @@ describe 'Dockerfile' do 'PASSBOLT_GPG_KEYRING' => '/var/lib/passbolt/.gnupg' } - @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' }) + @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile }) set :docker_image, @image.id set :docker_container_create_options, { 'Cmd' => '/bin/sh' } end @@ -28,7 +28,7 @@ describe 'Dockerfile' do let(:passbolt_tmp) { '/var/lib/passbolt/tmp' } let(:passbolt_image) { "#{passbolt_home}/webroot/img/public" } let(:passbolt_owner) { 'www-data' } - let(:exposed_ports) { [ '80', '443' ] } + let(:exposed_ports) { [ $http_port, $https_port ] } let(:php_extensions) { [ 'gd', 'intl', 'json', 'mysqlnd', 'xsl', 'phar', 'posix', 'xml', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql' @@ -55,6 +55,10 @@ describe 'Dockerfile' do end end + describe file($cron_service) do + it { should exist and be_executable } + end + describe 'wait-for' do it 'is installed' do expect(file(wait_for)).to exist and be_executable @@ -99,7 +103,7 @@ describe 'Dockerfile' do end it 'has the correct permissions' do - expect(file(nginx_conf)).to be_owned_by 'root' + expect(file(nginx_conf)).to be_owned_by $root_user end end @@ -109,16 +113,12 @@ describe 'Dockerfile' do end it 'has the correct permissions' do - expect(file(site_conf)).to be_owned_by 'root' + expect(file(site_conf)).to be_owned_by $root_user end it 'points to the correct root folder' do expect(file(site_conf).content).to match "root #{passbolt_home}/webroot" end - - it 'has server tokens off' do - expect(file(nginx_conf).content).to match(/^\s+server_tokens off;/) - end end describe 'ports exposed' do diff --git a/spec/docker_runtime/runtime_spec.rb b/spec/docker_runtime/runtime_spec.rb index 972fadb..a5aca6d 100644 --- a/spec/docker_runtime/runtime_spec.rb +++ b/spec/docker_runtime/runtime_spec.rb @@ -24,7 +24,7 @@ describe 'passbolt_api service' do sleep 1 end - @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' }) + @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile }) @container = Docker::Container.create( 'Env' => [ "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}", @@ -48,7 +48,7 @@ describe 'passbolt_api service' do let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } let(:uri) { "/healthcheck/status.json" } - let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } + let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/#{uri}" } describe 'php service' do it 'is running supervised' do @@ -67,12 +67,12 @@ describe 'passbolt_api service' do expect(service('nginx')).to be_running.under('supervisor') end - it 'is listening on port 80' do - expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') + it "is listening on port #{$http_port}" do + expect(@container.json['Config']['ExposedPorts']).to have_key("#{$http_port}/tcp") end - it 'is listening on port 443' do - expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') + it "is listening on port #{$https_port}" do + expect(@container.json['Config']['ExposedPorts']).to have_key("#{$https_port}/tcp") end end @@ -90,13 +90,13 @@ describe 'passbolt_api service' do end describe 'hide information' do - let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" } + let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/" } it 'hides php version' do expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty end it 'hides nginx version' do - expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx$/) + expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx.*$/) end end diff --git a/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb b/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb index 1709459..5515320 100644 --- a/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb +++ b/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb @@ -24,7 +24,7 @@ describe 'passbolt_api service' do sleep 1 end - @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' }) + @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile }) @container = Docker::Container.create( 'Env' => [ @@ -47,7 +47,7 @@ describe 'passbolt_api service' do let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } let(:uri) { "/healthcheck/status.json" } - let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } + let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/#{uri}" } describe 'php service' do it 'is running supervised' do @@ -67,11 +67,11 @@ describe 'passbolt_api service' do end it 'is listening on port 80' do - expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') + expect(@container.json['Config']['ExposedPorts']).to have_key("#{$http_port}/tcp") end it 'is listening on port 443' do - expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') + expect(@container.json['Config']['ExposedPorts']).to have_key("#{$https_port}/tcp") end end @@ -89,13 +89,13 @@ describe 'passbolt_api service' do end describe 'hide information' do - let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" } + let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/" } it 'hides php version' do expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty end it 'hides nginx version' do - expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx$/) + expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx.*$/) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 39299aa..0f08e78 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -4,7 +4,23 @@ require 'docker' ROOT_DOCKERFILES = File.expand_path('../../', __FILE__) FIXTURES_PATH = File::expand_path("fixtures", File::dirname(__FILE__)) +$cron_binary = '/usr/sbin/cron' +$dockerfile = 'debian/Dockerfile' +$http_port = '80' +$https_port = '443' +$root_user = 'root' + set :backend, :docker Docker.options[:read_timeout] = 3600 Docker.options[:write_timeout] = 3600 +if ENV['ROOTLESS'] == "true" + $cron_binary = '/usr/local/bin/supercronic' + $dockerfile = 'debian/Dockerfile.rootless' + $http_port = '8080' + $https_port = '4433' + # Where www-data has to be the owner instead of root + $root_user = 'www-data' +end + +puts($root_user)