From 3b479ceb0f09269e678ff6c7812a2b585c3b149a Mon Sep 17 00:00:00 2001
From: Vasili Novikov <vasili.memri+gitlab@gmail.com>
Date: Thu, 23 Sep 2021 14:26:06 +0200
Subject: [PATCH] Revert "Add port mapping for Plugins in docker"
This reverts commit bc9bf26abb5e59ff616dd5ed416700f449768be2.
(Accidental.)
---
docs/Plugins.md | 4 ----
src/plugin_run.rs | 54 +++++++++++++----------------------------------
2 files changed, 15 insertions(+), 43 deletions(-)
diff --git a/docs/Plugins.md b/docs/Plugins.md
index b908b241..de66a9fb 100644
--- a/docs/Plugins.md
+++ b/docs/Plugins.md
@@ -109,10 +109,6 @@ Pod will set the following environment variables for plugins:
e.g. `https://x.x.x.x:80` or `http://localhost:3030`.
You can call the endpoints via a URL like `$POD_FULL_ADDRESS/version`.
-* `PLUGIN_DNS` = the public address of the Plugin, as visible from the outside,
- by Memri clients and users.
- Note that plugins themselves should only listen on http port 8080.
-
* `POD_TARGET_ITEM` = the JSON of the item that the plugin needs to run against.
For example:
```json
diff --git a/src/plugin_run.rs b/src/plugin_run.rs
index 4095d220..3456a58e 100644
--- a/src/plugin_run.rs
+++ b/src/plugin_run.rs
@@ -6,10 +6,8 @@ use crate::internal_api::new_random_string;
use crate::plugin_auth_crypto::DatabaseKey;
use crate::schema::Schema;
use log::info;
-use rand::Rng;
use rusqlite::Transaction;
use std::collections::HashMap;
-use std::net::TcpListener;
use std::process::Command;
use warp::http::status::StatusCode;
@@ -99,7 +97,6 @@ fn run_local_script(
env_vars.insert("POD_PLUGINRUN_ID", triggered_by_item_id);
env_vars.insert("POD_OWNER", pod_owner);
env_vars.insert("POD_AUTH_JSON", pod_auth);
- env_vars.insert("PLUGIN_DNS", "http://localhost:8080");
run_any_command(plugin_path, &args, &env_vars, triggered_by_item_id)
}
@@ -141,29 +138,21 @@ fn run_docker_container(
.filter(|c| c.is_ascii_alphanumeric())
.collect::<String>()
);
- let port = if let Some(p) = find_unused_tcp_port() {
- p
- } else {
- return Err(Error {
- code: StatusCode::INTERNAL_SERVER_ERROR,
- msg: "Failed to find unused TCP port to open port for a Plugin".to_string(),
- });
- };
- let args: Vec<String> = vec![
- "run".to_string(),
- format!("--network={}", docker_network),
- format!("--env=POD_FULL_ADDRESS={}", callback_address(cli_options, true)),
- format!("--env=POD_TARGET_ITEM={}", target_item_json),
- format!("--env=POD_PLUGINRUN_ID={}", triggered_by_item_id),
- format!("--env=POD_OWNER={}", pod_owner),
- format!("--env=POD_AUTH_JSON={}", pod_auth),
- format!("--env=PLUGIN_DNS=http://localhost:{}", port),
- format!("--publish={}:8080", port),
- format!("--name={}", sanitize_docker_name(&container_id)),
- "--rm".to_string(),
- "--".to_string(),
- container_image.to_string(),
- ];
+ let mut args: Vec<String> = Vec::with_capacity(10);
+ args.push("run".to_string());
+ args.push(format!("--network={}", docker_network));
+ args.push(format!(
+ "--env=POD_FULL_ADDRESS={}",
+ callback_address(cli_options, true)
+ ));
+ args.push(format!("--env=POD_TARGET_ITEM={}", target_item_json));
+ args.push(format!("--env=POD_PLUGINRUN_ID={}", triggered_by_item_id));
+ args.push(format!("--env=POD_OWNER={}", pod_owner));
+ args.push(format!("--env=POD_AUTH_JSON={}", pod_auth));
+ args.push(format!("--name={}", sanitize_docker_name(&container_id)));
+ args.push("--rm".to_string());
+ args.push("--".to_string());
+ args.push(container_image.to_string());
let envs: HashMap<&str, &str> = HashMap::new();
run_any_command("docker", &args, &envs, triggered_by_item_id)
}
@@ -318,16 +307,3 @@ pub fn escape_bash_arg(str: &str) -> String {
return format!("'{}'", quoted);
}
}
-
-/// WARNING: this method is not solid against TOCTOU problem.
-/// By the time this port will be used, it might already be taken
-fn find_unused_tcp_port() -> Option<u16> {
- let mut rng = rand::thread_rng();
- for _ in 0..10 {
- let port = rng.gen_range(15_000..25_000);
- if TcpListener::bind(("127.0.0.1", port)).is_ok() {
- return Some(port);
- }
- }
- None
-}
--
GitLab