ensure container ports are not exposed aimlessly

pitabwire · pitabwire · commit c71a07214614 · 2025-08-11T01:55:33.000+03:00
diff --git a/frametests/definition/options.go b/frametests/definition/options.go
@@ -2,7 +2,6 @@ package definition
 
 import (
 	"context"
-	"strconv"
 	"time"
 
 	"github.com/docker/docker/api/types/container"
@@ -17,11 +16,11 @@ type ContainerOpts struct {
 	UserName  string
 	Password  string
 
-	Port           string
+	Ports          []string
 	UseHostMode    bool
 	NetworkAliases []string
 
-	Dependancies []DependancyConn
+	Dependencies []DependancyConn
 
 	EnableLogging  bool
 	LoggingTimeout time.Duration
@@ -50,7 +49,7 @@ func (o *ContainerOpts) Configure(
 			hostConfig.NetworkMode = "host"
 		}
 	} else {
-		containerRequest.ExposedPorts = []string{o.Port}
+		containerRequest.ExposedPorts = o.Ports
 
 		containerRequest.Networks = []string{ntwk.Name}
 		containerRequest.NetworkAliases = map[string][]string{
@@ -78,7 +77,7 @@ func (o *ContainerOpts) ConfigurationExtend(
 			}))
 	} else {
 		containerCustomize = append(containerCustomize,
-			testcontainers.WithExposedPorts(o.Port),
+			// testcontainers.WithExposedPorts(o.Ports...),
 			network.WithNetwork([]string{ntwk.Name}, ntwk),
 			network.WithNetworkName(o.NetworkAliases, ntwk.Name))
 	}
@@ -110,10 +109,10 @@ func WithPassword(password string) ContainerOption {
 	}
 }
 
-// WithPort allows to set the port to use for testing.
-func WithPort(port int) ContainerOption {
+// WithPorts allows to set the ports to use for testing.
+func WithPorts(ports ...string) ContainerOption {
 	return func(original *ContainerOpts) {
-		original.Port = strconv.Itoa(port)
+		original.Ports = ports
 	}
 }
 
@@ -148,6 +147,6 @@ func WithLoggingTimeout(loggingTimeout time.Duration) ContainerOption {
 // WithDependancies allows to set the dependancies to use for testing.
 func WithDependancies(dependancies ...DependancyConn) ContainerOption {
 	return func(original *ContainerOpts) {
-		original.Dependancies = dependancies
+		original.Dependencies = dependancies
 	}
 }
diff --git a/frametests/deps/testnats/nats.go b/frametests/deps/testnats/nats.go
@@ -44,10 +44,8 @@ func NewWithOpts(cluster string, containerOpts ...definition.ContainerOption) de
 		ImageName:      NatsImage,
 		UserName:       NatsUser,
 		Password:       NatsPass,
-		Port:           NatsPort,
+		Ports:          []string{NatsPort},
 		NetworkAliases: []string{"nats", "queue-nats"},
-		UseHostMode:    false,
-		EnableLogging:  true,
 	}
 	opts.Setup(containerOpts...)
 
@@ -77,6 +75,8 @@ func (d *natsDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerN
 		return fmt.Errorf("failed to start nats container: %w", err)
 	}
 
+	d.container = natsqContainer
+
 	conn, err := natsqContainer.ConnectionString(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get connection string for container: %w", err)
@@ -88,9 +88,8 @@ func (d *natsDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerN
 	if err != nil {
 		return fmt.Errorf("failed to get internal host ip for container: %w", err)
 	}
-	d.internalConn = frame.DataSource(fmt.Sprintf("nats://%s", net.JoinHostPort(internalIP, d.opts.Port)))
+	d.internalConn = frame.DataSource(fmt.Sprintf("nats://%s", net.JoinHostPort(internalIP, d.opts.Ports[0])))
 
-	d.container = natsqContainer
 	return nil
 }
 
diff --git a/frametests/deps/testoryhydra/hydra.go b/frametests/deps/testoryhydra/hydra.go
@@ -19,8 +19,6 @@ import (
 const (
 	// OryHydraImage is the Ory Hydra Image.
 	OryHydraImage = "oryd/hydra:latest"
-	// HydraPort is the default port for Hydra.
-	HydraPort = "4445"
 
 	HydraConfiguration = `
 ## ORY Hydra Configuration
@@ -73,10 +71,8 @@ func New() definition.TestResource {
 func NewWithOpts(configuration string, containerOpts ...definition.ContainerOption) definition.TestResource {
 	opts := definition.ContainerOpts{
 		ImageName:      OryHydraImage,
-		Port:           HydraPort,
+		Ports:          []string{"4444", "4445"},
 		NetworkAliases: []string{"hydra", "auth-hydra"},
-		UseHostMode:    false,
-		EnableLogging:  true,
 	}
 	opts.Setup(containerOpts...)
 
@@ -135,17 +131,17 @@ func (d *hydraDependancy) migrateContainer(
 }
 
 func (d *hydraDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerNetwork) error {
-	if len(d.opts.Dependancies) == 0 || !d.opts.Dependancies[0].GetDS().IsDB() {
+	if len(d.opts.Dependencies) == 0 || !d.opts.Dependencies[0].GetDS().IsDB() {
 		return errors.New("no Database dependencies was supplied")
 	}
 
-	databaseURL := d.opts.Dependancies[0].GetInternalDS().String()
+	databaseURL := d.opts.Dependencies[0].GetInternalDS().String()
 	err := d.migrateContainer(ctx, ntwk, databaseURL)
 	if err != nil {
 		return err
 	}
 
-	hydraPort, err := nat.NewPort("tcp", d.opts.Port)
+	adminPort, err := nat.NewPort("tcp", d.opts.Ports[1])
 	if err != nil {
 		return err
 	}
@@ -164,15 +160,11 @@ func (d *hydraDependancy) Setup(ctx context.Context, ntwk *testcontainers.Docker
 				FileMode:          definition.ContainerFileMode,
 			},
 		},
-		WaitingFor: wait.ForHTTP("/health/ready").WithPort(hydraPort),
+		WaitingFor: wait.ForHTTP("/health/ready").WithPort(adminPort),
 	}
 
 	d.opts.Configure(ctx, ntwk, &containerRequest)
 
-	if !d.opts.UseHostMode {
-		containerRequest.ExposedPorts = []string{fmt.Sprintf("%s/tcp", d.opts.Port), "4444/tcp"}
-	}
-
 	hydraContainer, err := testcontainers.GenericContainer(ctx,
 		testcontainers.GenericContainerRequest{
 			ContainerRequest: containerRequest,
@@ -183,7 +175,7 @@ func (d *hydraDependancy) Setup(ctx context.Context, ntwk *testcontainers.Docker
 		return fmt.Errorf("failed to start hydraContainer: %w", err)
 	}
 
-	port, err := hydraContainer.MappedPort(ctx, hydraPort)
+	port, err := hydraContainer.MappedPort(ctx, adminPort)
 	if err != nil {
 		return fmt.Errorf("failed to get connection string for hydraContainer: %w", err)
 	}
@@ -200,7 +192,7 @@ func (d *hydraDependancy) Setup(ctx context.Context, ntwk *testcontainers.Docker
 		return fmt.Errorf("failed to get internal host ip for hydraContainer: %w", err)
 	}
 	d.internalConn = frame.DataSource(
-		fmt.Sprintf("http://%s", net.JoinHostPort(internalIP, d.opts.Port)),
+		fmt.Sprintf("http://%s", net.JoinHostPort(internalIP, adminPort.Port())),
 	)
 
 	d.container = hydraContainer
diff --git a/frametests/deps/testoryketo/keto.go b/frametests/deps/testoryketo/keto.go
@@ -19,8 +19,6 @@ import (
 const (
 	// OryKetoImage is the Ory Keto Image.
 	OryKetoImage = "oryd/keto:latest"
-	// KetoPort is the default port for Keto.
-	KetoPort = "4467"
 
 	KetoConfiguration = `
 version: v0.12.0
@@ -67,10 +65,8 @@ func NewWithOpts(
 ) definition.TestResource {
 	opts := definition.ContainerOpts{
 		ImageName:      OryKetoImage,
-		Port:           KetoPort,
+		Ports:          []string{"4466", "4467"},
 		NetworkAliases: []string{"keto", "auth-keto"},
-		UseHostMode:    false,
-		EnableLogging:  true,
 	}
 	opts.Setup(containerOpts...)
 
@@ -130,16 +126,16 @@ func (d *ketoDependancy) migrateContainer(
 }
 
 func (d *ketoDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerNetwork) error {
-	if len(d.opts.Dependancies) == 0 || !d.opts.Dependancies[0].GetInternalDS().IsDB() {
+	if len(d.opts.Dependencies) == 0 || !d.opts.Dependencies[0].GetInternalDS().IsDB() {
 		return errors.New("no Database dependencies was supplied")
 	}
 
-	databaseURL := d.opts.Dependancies[0].GetInternalDS().String()
+	databaseURL := d.opts.Dependencies[0].GetInternalDS().String()
 	err := d.migrateContainer(ctx, ntwk, databaseURL)
 	if err != nil {
 		return err
 	}
-	ketoPort, err := nat.NewPort("tcp", d.opts.Port)
+	adminPort, err := nat.NewPort("tcp", d.opts.Ports[1])
 	if err != nil {
 		return err
 	}
@@ -158,13 +154,13 @@ func (d *ketoDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerN
 				FileMode:          definition.ContainerFileMode,
 			},
 		},
-		WaitingFor: wait.ForHTTP("/health/ready").WithPort(ketoPort),
+		WaitingFor: wait.ForHTTP("/health/ready").WithPort(adminPort),
 	}
 
 	d.opts.Configure(ctx, ntwk, &containerRequest)
 
 	if !d.opts.UseHostMode {
-		containerRequest.ExposedPorts = []string{fmt.Sprintf("%s/tcp", d.opts.Port), "4466/tcp"}
+		containerRequest.ExposedPorts = []string{fmt.Sprintf("%s/tcp", d.opts.Ports), "4466/tcp"}
 	}
 
 	ketoContainer, err := testcontainers.GenericContainer(ctx,
@@ -177,7 +173,7 @@ func (d *ketoDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerN
 		return fmt.Errorf("failed to start ketoContainer: %w", err)
 	}
 
-	port, err := ketoContainer.MappedPort(ctx, ketoPort)
+	port, err := ketoContainer.MappedPort(ctx, adminPort)
 	if err != nil {
 		return fmt.Errorf("failed to get connection string for ketoContainer: %w", err)
 	}
@@ -193,7 +189,7 @@ func (d *ketoDependancy) Setup(ctx context.Context, ntwk *testcontainers.DockerN
 	if err != nil {
 		return fmt.Errorf("failed to get internal host ip for ketoContainer: %w", err)
 	}
-	d.internalConn = frame.DataSource(fmt.Sprintf("http://%s", net.JoinHostPort(internalIP, d.opts.Port)))
+	d.internalConn = frame.DataSource(fmt.Sprintf("http://%s", net.JoinHostPort(internalIP, adminPort.Port())))
 
 	d.container = ketoContainer
 	return nil
diff --git a/frametests/deps/testpostgres/postgres.go b/frametests/deps/testpostgres/postgres.go
@@ -61,10 +61,8 @@ func NewWithOpts(dbName string, containerOpts ...definition.ContainerOption) def
 		ImageName:      PostgresqlDBImage,
 		UserName:       DBUser,
 		Password:       DBPassword,
-		Port:           DBPort,
+		Ports:          []string{DBPort},
 		NetworkAliases: []string{"postgres", "db-postgres"},
-		UseHostMode:    false,
-		EnableLogging:  true,
 	}
 	opts.Setup(containerOpts...)
 
@@ -116,7 +114,7 @@ func (d *postgreSQLDependancy) Setup(ctx context.Context, ntwk *testcontainers.D
 		"postgres://%s:%s@%s/%s",
 		d.opts.UserName,
 		d.opts.Password,
-		net.JoinHostPort(internalIP, d.opts.Port),
+		net.JoinHostPort(internalIP, d.opts.Ports[0]),
 		d.dbname,
 	)
 
diff --git a/frametests/deps/testvalkey/valkey.go b/frametests/deps/testvalkey/valkey.go
@@ -44,10 +44,8 @@ func NewWithOpts(cluster string, containerOpts ...definition.ContainerOption) de
 		ImageName:      ValKeyImage,
 		UserName:       ValKeyUser,
 		Password:       ValKeyPass,
-		Port:           ValKeyPort,
+		Ports:          []string{ValKeyPort},
 		NetworkAliases: []string{"valkey", "cache-valkey"},
-		UseHostMode:    false,
-		EnableLogging:  true,
 	}
 	opts.Setup(containerOpts...)
 
@@ -84,7 +82,7 @@ func (d *valKeyDependancy) Setup(ctx context.Context, ntwk *testcontainers.Docke
 	if err != nil {
 		return fmt.Errorf("failed to get internal host ip for valkeyContainer: %w", err)
 	}
-	d.internalConn = frame.DataSource(fmt.Sprintf("redis://%s", net.JoinHostPort(internalIP, d.opts.Port)))
+	d.internalConn = frame.DataSource(fmt.Sprintf("redis://%s", net.JoinHostPort(internalIP, d.opts.Ports[0])))
 	d.container = valkeyContainer
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -44,10 +44,8 @@ func NewWithOpts(cluster string, containerOpts ...definition.ContainerOption) de`
`44`	`44`	`ImageName: ValKeyImage,`
`45`	`45`	`UserName: ValKeyUser,`
`46`	`46`	`Password: ValKeyPass,`
`47`		`- Port: ValKeyPort,`
	`47`	`+ Ports: []string{ValKeyPort},`
`48`	`48`	`NetworkAliases: []string{"valkey", "cache-valkey"},`
`49`		`- UseHostMode: false,`
`50`		`- EnableLogging: true,`
`51`	`49`	`}`
`52`	`50`	`opts.Setup(containerOpts...)`
`53`	`51`
`@@ -84,7 +82,7 @@ func (d valKeyDependancy) Setup(ctx context.Context, ntwk testcontainers.Docke`
`84`	`82`	`if err != nil {`
`85`	`83`	`return fmt.Errorf("failed to get internal host ip for valkeyContainer: %w", err)`
`86`	`84`	`}`
`87`		`- d.internalConn = frame.DataSource(fmt.Sprintf("redis://%s", net.JoinHostPort(internalIP, d.opts.Port)))`
	`85`	`+ d.internalConn = frame.DataSource(fmt.Sprintf("redis://%s", net.JoinHostPort(internalIP, d.opts.Ports[0])))`
`88`	`86`	`d.container = valkeyContainer`
`89`	`87`	`return nil`
`90`	`88`	`}`