github-advanced-security[bot] commented on code in PR #18413:
URL: https://github.com/apache/druid/pull/18413#discussion_r2290725143
##########
embedded-tests/src/test/java/org/apache/druid/testing/embedded/k8s/K3sClusterWithOperatorResource.java:
##########
@@ -0,0 +1,282 @@
+package org.apache.druid.testing.embedded.k8s;
+
+import io.fabric8.kubernetes.client.Config;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+import org.apache.druid.java.util.common.StringUtils;
+import org.apache.druid.java.util.common.logger.Logger;
+import org.apache.druid.testing.embedded.EmbeddedDruidCluster;
+import org.apache.druid.testing.embedded.TestFolder;
+import org.apache.druid.testing.embedded.docker.DruidContainerResource;
+import org.apache.druid.testing.embedded.indexing.Resources;
+import org.testcontainers.containers.Container;
+import org.testcontainers.utility.MountableFile;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.file.Files;
+import java.nio.file.attribute.PosixFilePermission;
+import java.time.Duration;
+import java.util.Properties;
+import java.util.Set;
+import java.util.zip.GZIPInputStream;
+
+public class K3sClusterWithOperatorResource extends K3sClusterResource
+{
+ private static final Logger log = new
Logger(K3sClusterWithOperatorResource.class);
+ private static final String RBAC_MANIFEST =
"manifests/druid-operator-rbac.yaml";
+ private static final String OPERATOR_NAMESPACE_MANIFEST =
"manifests/druid-operator-namespace.yaml";
+ private static final String OPERATOR_NAMESPACE = "druid-operator-system";
+ private static final String HELM_RELEASE_NAME = "druid-operator";
+ private static final String HELM_REPO_NAME = "datainfra";
+ private static final String HELM_REPO_URL = "https://charts.datainfra.io";;
+ private static final String HELM_CHART_NAME = "datainfra/druid-operator";
+ private static final String HELM_VERSION = "v3.13.1";
+ private static final String HELM_PLATFORM = "linux-amd64";
+ private static final String HELM_MOUNT_PATH = "/usr/local/bin/helm";
+
+ public static final String KEY_NODE = "node";
+ public static final String KEY_DRUID_SERVICE = "druidServiceType";
+ public static final String KEY_HEALTH_PATH = "healthPath";
+ public static final String KEY_READINESS_PROBE_PATH = "readinessProbePath";
+ public static final String KEY_SHARED_STORAGE_DIR = "sharedStorageDir";
+
+
+
+ public K3sClusterWithOperatorResource()
+ {
+ super();
+ manifestFiles.add(Resources.getFileForResource(RBAC_MANIFEST));
+
manifestFiles.add(Resources.getFileForResource(OPERATOR_NAMESPACE_MANIFEST));
+ }
+
+ public K3sClusterWithOperatorResource usingTestImage()
+ {
+ return usingDruidImage(DruidContainerResource.getTestDruidImageName());
+ }
+
+ public K3sClusterWithOperatorResource usingDruidImage(String druidImageName)
Review Comment:
## Missing Override annotation
This method overrides [K3sClusterResource.usingDruidImage](1); it is
advisable to add an Override annotation.
[Show more
details](https://github.com/apache/druid/security/code-scanning/10245)
##########
embedded-tests/src/test/java/org/apache/druid/testing/embedded/k8s/K3sClusterWithOperatorResource.java:
##########
@@ -0,0 +1,282 @@
+package org.apache.druid.testing.embedded.k8s;
+
+import io.fabric8.kubernetes.client.Config;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+import org.apache.druid.java.util.common.StringUtils;
+import org.apache.druid.java.util.common.logger.Logger;
+import org.apache.druid.testing.embedded.EmbeddedDruidCluster;
+import org.apache.druid.testing.embedded.TestFolder;
+import org.apache.druid.testing.embedded.docker.DruidContainerResource;
+import org.apache.druid.testing.embedded.indexing.Resources;
+import org.testcontainers.containers.Container;
+import org.testcontainers.utility.MountableFile;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.file.Files;
+import java.nio.file.attribute.PosixFilePermission;
+import java.time.Duration;
+import java.util.Properties;
+import java.util.Set;
+import java.util.zip.GZIPInputStream;
+
+public class K3sClusterWithOperatorResource extends K3sClusterResource
+{
+ private static final Logger log = new
Logger(K3sClusterWithOperatorResource.class);
+ private static final String RBAC_MANIFEST =
"manifests/druid-operator-rbac.yaml";
+ private static final String OPERATOR_NAMESPACE_MANIFEST =
"manifests/druid-operator-namespace.yaml";
+ private static final String OPERATOR_NAMESPACE = "druid-operator-system";
+ private static final String HELM_RELEASE_NAME = "druid-operator";
+ private static final String HELM_REPO_NAME = "datainfra";
+ private static final String HELM_REPO_URL = "https://charts.datainfra.io";;
+ private static final String HELM_CHART_NAME = "datainfra/druid-operator";
+ private static final String HELM_VERSION = "v3.13.1";
+ private static final String HELM_PLATFORM = "linux-amd64";
+ private static final String HELM_MOUNT_PATH = "/usr/local/bin/helm";
+
+ public static final String KEY_NODE = "node";
+ public static final String KEY_DRUID_SERVICE = "druidServiceType";
+ public static final String KEY_HEALTH_PATH = "healthPath";
+ public static final String KEY_READINESS_PROBE_PATH = "readinessProbePath";
+ public static final String KEY_SHARED_STORAGE_DIR = "sharedStorageDir";
+
+
+
+ public K3sClusterWithOperatorResource()
+ {
+ super();
+ manifestFiles.add(Resources.getFileForResource(RBAC_MANIFEST));
+
manifestFiles.add(Resources.getFileForResource(OPERATOR_NAMESPACE_MANIFEST));
+ }
+
+ public K3sClusterWithOperatorResource usingTestImage()
+ {
+ return usingDruidImage(DruidContainerResource.getTestDruidImageName());
+ }
+
+ public K3sClusterWithOperatorResource usingDruidImage(String druidImageName)
+ {
+ this.druidImageName = druidImageName;
+ return this;
+ }
+
+ @Override
+ public K3sClusterWithOperatorResource addService(K3sDruidService service)
+ {
+ services.add(service);
+ return this;
+ }
+
+ @Override
+ public void onStarted(EmbeddedDruidCluster cluster)
+ {
+ client = new KubernetesClientBuilder()
+ .withConfig(Config.fromKubeconfig(getContainer().getKubeConfigYaml()))
+ .build();
+ closer.register(client);
+
+ loadLocalDockerImageIntoContainer(druidImageName, cluster.getTestFolder());
+
+ manifestFiles.forEach(this::applyManifest);
+
+ // install helm and set up the operator
+ installHelm(cluster);
+ setupOperatorWithHelm();
+
+
client.pods().inNamespace(OPERATOR_NAMESPACE).resources().forEach(this::waitUntilPodIsReady);
+
+ final Properties commonProperties = new Properties();
+ commonProperties.putAll(cluster.getCommonProperties());
+ commonProperties.remove("druid.extensions.modulesForEmbeddedTests");
+ applyConfigMap(
+ newConfigMap(COMMON_CONFIG_MAP, commonProperties,
"common.runtime.properties")
+ );
+
+ initializeDruidTestFolders(cluster.getTestFolder());
+
+ for (K3sDruidService druidService : services) {
+ final String serviceConfigMap = StringUtils.format(SERVICE_CONFIG_MAP,
druidService.getName());
+ applyConfigMap(
+ newConfigMap(serviceConfigMap, druidService.getProperties(),
"runtime.properties")
+ );
+ applyManifest(druidService);
+ }
+
+
client.pods().inNamespace(DRUID_NAMESPACE).resources().forEach(this::waitUntilPodIsReady);
+ services.forEach(this::waitUntilServiceIsHealthy);
+ }
+
+ private void initializeDruidTestFolders(TestFolder testFolder) {
+ testFolder.getOrCreateFolder("druid-storage");
+ testFolder.getOrCreateFolder("druid-storage/segments");
+ testFolder.getOrCreateFolder("druid-storage/segment-cache");
+ testFolder.getOrCreateFolder("druid-storage/metadata");
+ testFolder.getOrCreateFolder("druid-storage/indexing-logs");
+ }
+
+ /**
+ * Installs Helm binary in the K3s cluster.
+ */
+ private void installHelm(EmbeddedDruidCluster cluster)
+ {
+ try {
+ File helmBinary = downloadHelmBinary(cluster);
+ this.getContainer().copyFileToContainer(
+ MountableFile.forHostPath(helmBinary.getAbsolutePath()),
+ HELM_MOUNT_PATH
+ );
+ this.getContainer().execInContainer("chmod", "+x", HELM_MOUNT_PATH);
+ log.info("Helm binary installed to /usr/local/bin/helm");
+ }
+ catch (Exception e) {
+ log.error(e, "Failed to download or install Helm binary");
+ throw new RuntimeException("Helm installation failed", e);
+ }
+ }
+
+ private File downloadHelmBinary(EmbeddedDruidCluster cluster) throws
Exception
+ {
+ String helmUrl = StringUtils.format(
+ "https://get.helm.sh/helm-%s-%s.tar.gz";,
+ HELM_VERSION,
+ HELM_PLATFORM
+ );
+ log.debug("Downloading Helm from: %s", helmUrl);
+
+ File helmFolder = cluster.getTestFolder().getOrCreateFolder("helm");
+ File tarFile = new File(helmFolder, "helm.tar.gz");
+ File helmBinary = new File(helmFolder, "helm");
+
+ if (helmBinary.exists() && helmBinary.canExecute()) {
+ log.debug("Helm binary already exists: %s",
helmBinary.getAbsolutePath());
+ return helmBinary;
+ }
+
+ HttpClient client = HttpClient.newBuilder()
+ .connectTimeout(Duration.ofSeconds(30))
+ .build();
+
+ HttpRequest request = HttpRequest.newBuilder()
+ .uri(URI.create(helmUrl))
+ .timeout(Duration.ofSeconds(120))
+ .build();
+
+ HttpResponse<InputStream> response = client.send(request,
HttpResponse.BodyHandlers.ofInputStream());
+
+ if (response.statusCode() != 200) {
+ throw new RuntimeException("Failed to download Helm. Status: " +
response.statusCode());
+ }
+
+ try (InputStream inputStream = response.body();
+ FileOutputStream outputStream = new FileOutputStream(tarFile)) {
+ inputStream.transferTo(outputStream);
+ }
+
+ extractTarGz(tarFile, helmFolder, HELM_PLATFORM + "/helm", "helm");
+
+ Set<PosixFilePermission> permissions = Set.of(
+ PosixFilePermission.OWNER_READ,
+ PosixFilePermission.OWNER_WRITE,
+ PosixFilePermission.OWNER_EXECUTE,
+ PosixFilePermission.GROUP_READ,
+ PosixFilePermission.GROUP_EXECUTE,
+ PosixFilePermission.OTHERS_READ,
+ PosixFilePermission.OTHERS_EXECUTE
+ );
+
+ try {
+ Files.setPosixFilePermissions(helmBinary.toPath(), permissions);
+ }
+ catch (IOException e) {
+ helmBinary.setExecutable(true);
+ }
+
+ tarFile.delete();
+ log.info("Helm binary downloaded and extracted to: %s",
helmBinary.getAbsolutePath());
+ return helmBinary;
+ }
+
+ /**
+ * Extract a specific file from a tar.gz archive.
+ */
+ private void extractTarGz(File tarGzFile, File destFolder, String
sourceEntryPath, String destFileName)
+ throws IOException
+ {
+ try (FileInputStream fis = new FileInputStream(tarGzFile);
+ BufferedInputStream bis = new BufferedInputStream(fis);
+ GZIPInputStream gis = new GZIPInputStream(bis);
+ TarArchiveInputStream tais = new TarArchiveInputStream(gis)) {
+
+ TarArchiveEntry entry;
+ while ((entry = tais.getNextTarEntry()) != null) {
Review Comment:
## Deprecated method or constructor invocation
Invoking [TarArchiveInputStream.getNextTarEntry](1) should be avoided
because it has been deprecated.
[Show more
details](https://github.com/apache/druid/security/code-scanning/10244)
##########
embedded-tests/src/test/java/org/apache/druid/testing/embedded/k8s/K3sClusterWithOperatorResource.java:
##########
@@ -0,0 +1,282 @@
+package org.apache.druid.testing.embedded.k8s;
+
+import io.fabric8.kubernetes.client.Config;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+import org.apache.druid.java.util.common.StringUtils;
+import org.apache.druid.java.util.common.logger.Logger;
+import org.apache.druid.testing.embedded.EmbeddedDruidCluster;
+import org.apache.druid.testing.embedded.TestFolder;
+import org.apache.druid.testing.embedded.docker.DruidContainerResource;
+import org.apache.druid.testing.embedded.indexing.Resources;
+import org.testcontainers.containers.Container;
+import org.testcontainers.utility.MountableFile;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.file.Files;
+import java.nio.file.attribute.PosixFilePermission;
+import java.time.Duration;
+import java.util.Properties;
+import java.util.Set;
+import java.util.zip.GZIPInputStream;
+
+public class K3sClusterWithOperatorResource extends K3sClusterResource
+{
+ private static final Logger log = new
Logger(K3sClusterWithOperatorResource.class);
+ private static final String RBAC_MANIFEST =
"manifests/druid-operator-rbac.yaml";
+ private static final String OPERATOR_NAMESPACE_MANIFEST =
"manifests/druid-operator-namespace.yaml";
+ private static final String OPERATOR_NAMESPACE = "druid-operator-system";
+ private static final String HELM_RELEASE_NAME = "druid-operator";
+ private static final String HELM_REPO_NAME = "datainfra";
+ private static final String HELM_REPO_URL = "https://charts.datainfra.io";;
+ private static final String HELM_CHART_NAME = "datainfra/druid-operator";
+ private static final String HELM_VERSION = "v3.13.1";
+ private static final String HELM_PLATFORM = "linux-amd64";
+ private static final String HELM_MOUNT_PATH = "/usr/local/bin/helm";
+
+ public static final String KEY_NODE = "node";
+ public static final String KEY_DRUID_SERVICE = "druidServiceType";
+ public static final String KEY_HEALTH_PATH = "healthPath";
+ public static final String KEY_READINESS_PROBE_PATH = "readinessProbePath";
+ public static final String KEY_SHARED_STORAGE_DIR = "sharedStorageDir";
+
+
+
+ public K3sClusterWithOperatorResource()
+ {
+ super();
+ manifestFiles.add(Resources.getFileForResource(RBAC_MANIFEST));
+
manifestFiles.add(Resources.getFileForResource(OPERATOR_NAMESPACE_MANIFEST));
+ }
+
+ public K3sClusterWithOperatorResource usingTestImage()
Review Comment:
## Missing Override annotation
This method overrides [K3sClusterResource.usingTestImage](1); it is
advisable to add an Override annotation.
[Show more
details](https://github.com/apache/druid/security/code-scanning/10246)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
