Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add integ test that validates full proxy traversal #33092

Merged
merged 2 commits into from
Jan 23, 2025

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Jan 23, 2025

Add a CLI integ test to validate that cdk deploy works in a fully network-isolated environment, with only a proxy to go through.

This validates that no parts of the CLI setup ignore the proxy configuration, which would otherwise be hard to test.

We achieve the network isolation by running the code inside a Docker container where we use iptables to drop all network traffic that doesn't go through the Docker host, where we run a proxy.

I temporarily bumped the tsconfig target to try out the using syntax (didn't work out with Jest), but that caused some compiler errors around class member initialization that I fixed as well.


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

Add a CLI integ test to validate that `cdk deploy` works in a fully
network-isolated environment, with only a proxy to go through.

This validates that no parts of the CLI setup ignore the proxy
configuration, which would otherwise be hard to test.

We achieve the network isolation by running the code inside a Docker
container where we use `iptables` to drop all network traffic that
doesn't go through the Docker host, where we run `mitmproxy`.
@rix0rrr rix0rrr requested a review from a team as a code owner January 23, 2025 12:28
@aws-cdk-automation aws-cdk-automation requested a review from a team January 23, 2025 12:28
@github-actions github-actions bot added the p2 label Jan 23, 2025
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jan 23, 2025
@rix0rrr rix0rrr changed the title chore: add integ tests that validate full proxy traversal chore: add integ test that validates full proxy traversal Jan 23, 2025
@aws-cdk-automation
Copy link
Collaborator

➡️ PR build request submitted to test-main-pipeline ⬅️

A maintainer must now check the pipeline and add the pr-linter/cli-integ-tested label once the pipeline succeeds.

Copy link

codecov bot commented Jan 23, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.52%. Comparing base (6d834c0) to head (944c038).
Report is 31 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #33092      +/-   ##
==========================================
+ Coverage   81.46%   81.52%   +0.06%     
==========================================
  Files         224      224              
  Lines       13748    13762      +14     
  Branches     2412     2414       +2     
==========================================
+ Hits        11200    11220      +20     
+ Misses       2273     2270       -3     
+ Partials      275      272       -3     
Flag Coverage Δ
suite.unit 81.52% <ø> (+0.06%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 80.93% <ø> (+0.07%) ⬆️
packages/aws-cdk-lib/core 82.15% <ø> (+0.04%) ⬆️

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jan 23, 2025
import { startProxyServer } from '../../lib/proxy';
import { TestFixture, withDefaultFixture } from '../../lib/with-cdk-app';

const docker = process.env.CDK_DOCKER ?? 'docker';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose the answer is yes, but does this work in an ECS container? Do we need any special setup?

Copy link
Contributor

mergify bot commented Jan 23, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 07ca101
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Copy link
Contributor

mergify bot commented Jan 23, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jan 23, 2025
Copy link
Contributor

mergify bot commented Jan 23, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mrgrain mrgrain merged commit 9e220c8 into main Jan 23, 2025
14 of 17 checks passed
@mrgrain mrgrain deleted the huijbers/isolated-proxy-test branch January 23, 2025 14:40
Copy link
Contributor

mergify bot commented Jan 23, 2025

This pull request has been removed from the queue for the following reason: pull request dequeued.

Pull request #33092 has been dequeued, merge conditions unmatch:

  • -closed
  • -merged
  • any of [🛡 GitHub branch protection]:
    • check-neutral = codecov/patch/packages/aws-cdk
    • check-skipped = codecov/patch/packages/aws-cdk
    • check-success = codecov/patch/packages/aws-cdk
  • any of [🛡 GitHub branch protection]:
    • check-neutral = codecov/patch/packages/aws-cdk-lib/core
    • check-skipped = codecov/patch/packages/aws-cdk-lib/core
    • check-success = codecov/patch/packages/aws-cdk-lib/core
  • any of [🛡 GitHub branch protection]:
    • check-neutral = codecov/project/packages/aws-cdk
    • check-skipped = codecov/project/packages/aws-cdk
    • check-success = codecov/project/packages/aws-cdk
  • any of [🛡 GitHub branch protection]:
    • check-neutral = codecov/project/packages/aws-cdk-lib/core
    • check-skipped = codecov/project/packages/aws-cdk-lib/core
    • check-success = codecov/project/packages/aws-cdk-lib/core
  • #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • #approved-reviews-by>=1
  • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by=0
  • -approved-reviews-by~=author
  • -label~=(blocked|do-not-merge|no-squash)
  • -title~=(WIP|wip)
  • base!=release
  • status-success=validate-pr
  • status-success~=AWS CodeBuild us-east-1
  • any of [🛡 GitHub branch protection]:
    • check-success = validate-pr
    • check-neutral = validate-pr
    • check-skipped = validate-pr
  • any of [🛡 GitHub branch protection]:
    • check-success = AWS CodeBuild us-east-1 (AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv)
    • check-neutral = AWS CodeBuild us-east-1 (AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv)
    • check-skipped = AWS CodeBuild us-east-1 (AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv)

You should look at the reason for the failure and decide if the pull request needs to be fixed or if you want to requeue it.

If you want to requeue this pull request, you need to post a comment with the text: @mergifyio requeue

Sorry, something went wrong.

Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@mrgrain
Copy link
Contributor

mrgrain commented Jan 23, 2025

Forced merged as this was blocked by Codecov and blocking the queue.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 23, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
contribution/core This is a PR that came from AWS. p2
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants