From 4c7a99b7ea7516e7d240429236ec45140469a243 Mon Sep 17 00:00:00 2001 From: iandyh Date: Sat, 7 Dec 2024 17:43:19 +0900 Subject: [PATCH] chore: make the engine container more secure --- shibuya/Dockerfile.engines.jmeter | 21 +++++++++++++++------ shibuya/engines/jmeter/shibuya-agent.go | 19 ++++++++++++------- 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/shibuya/Dockerfile.engines.jmeter b/shibuya/Dockerfile.engines.jmeter index e17deec..6fcfade 100644 --- a/shibuya/Dockerfile.engines.jmeter +++ b/shibuya/Dockerfile.engines.jmeter @@ -7,12 +7,21 @@ RUN wget archive.apache.org/dist/jmeter/binaries/apache-jmeter-${JMETER_VERSION} RUN unzip -qq apache-jmeter-${JMETER_VERSION} FROM asia-northeast1-docker.pkg.dev/shibuya-214807/shibuya/openjdk:8u212-jdk +ARG GROUP=shibuya +ARG USER=shibuya-agent +ENV AGENT_ROOT=/shibuya-agent +RUN groupadd -r $GROUP && useradd -r -g $GROUP -m -d /home/$USER -s /bin/bash $USER +RUN mkdir -p $AGENT_ROOT && chown -R $USER:$GROUP $AGENT_ROOT +RUN mkdir /test-data && chown -R $USER:$GROUP /test-data + +USER ${USER} + ARG jmeter_ver ENV JMETER_VERSION=$jmeter_ver -RUN mkdir /test-conf /test-result -COPY --from=jmeter /apache-jmeter-${JMETER_VERSION} /apache-jmeter-${JMETER_VERSION} -ADD build/shibuya-agent /usr/local/bin/shibuya-agent -ADD engines/jmeter/shibuya.properties /test-conf/shibuya.properties -ADD engines/jmeter/jmeter.sh /apache-jmeter-${JMETER_VERSION}/bin/jmeter +RUN mkdir $AGENT_ROOT/test-conf $AGENT_ROOT/test-result +COPY --from=jmeter /apache-jmeter-${JMETER_VERSION} $AGENT_ROOT/apache-jmeter-${JMETER_VERSION} +ADD build/shibuya-agent $AGENT_ROOT/shibuya-agent +ADD engines/jmeter/shibuya.properties $AGENT_ROOT/test-conf/shibuya.properties +ADD engines/jmeter/jmeter.sh $AGENT_ROOT/apache-jmeter-${JMETER_VERSION}/bin/jmeter -CMD ["shibuya-agent"] +CMD ["sh", "-c", "$AGENT_ROOT/shibuya-agent"] diff --git a/shibuya/engines/jmeter/shibuya-agent.go b/shibuya/engines/jmeter/shibuya-agent.go index 51e0dec..c0c38ad 100644 --- a/shibuya/engines/jmeter/shibuya-agent.go +++ b/shibuya/engines/jmeter/shibuya-agent.go @@ -33,11 +33,12 @@ import ( "github.com/hpcloud/tail" ) -const ( - RESULT_ROOT = "/test-result" +var ( + AGENT_ROOT = os.Getenv("AGENT_ROOT") + RESULT_ROOT = path.Join(AGENT_ROOT, "/test-result") TEST_DATA_FOLDER = "/test-data" - PROPERTY_FILE = "/test-conf/shibuya.properties" - JMETER_BIN_FOLER = "/apache-jmeter-3.3/bin" + PROPERTY_FILE = path.Join(AGENT_ROOT, "/test-conf/shibuya.properties") + JMETER_BIN_FOLER = path.Join(AGENT_ROOT, "/apache-jmeter-3.3/bin") JMETER_BIN = "jmeter" STDERR = "/dev/stderr" JMX_FILENAME = "modified.jmx" @@ -313,11 +314,15 @@ func (sw *ShibuyaWrapper) runCommand() int { } func cleanTestData() error { - if err := os.RemoveAll(TEST_DATA_FOLDER); err != nil { + files, err := os.ReadDir(TEST_DATA_FOLDER) + if err != nil { return err } - if err := os.MkdirAll(TEST_DATA_FOLDER, os.ModePerm); err != nil { - return err + for _, file := range files { + f := path.Join(TEST_DATA_FOLDER, file.Name()) + if err := os.Remove(f); err != nil { + return err + } } return nil }