diff --git a/docker/README.rst b/docker/README.rst deleted file mode 100644 index d729a7c952..0000000000 --- a/docker/README.rst +++ /dev/null @@ -1,33 +0,0 @@ -******************************************************************************** -Docker images -******************************************************************************** - -This directory includes docker files to for Docker images. - -Build Docker images for tests -====================================================================== - -See test-base directory. - -Testing Code -====================================================================== - -Before running a container ----------------------------------------------------------------------- - -Set the Snowflake connection info in ``parameters.json`` and place it in ``libsnowflakeclient`` directory: - -.. code-block:: json - - { - "testconnection": { - "SNOWFLAKE_TEST_USER": "", - "SNOWFLAKE_TEST_PASSWORD": "", - "SNOWFLAKE_TEST_ACCOUNT": "", - "SNOWFLAKE_TEST_WAREHOUSE": "", - "SNOWFLAKE_TEST_DATABASE": "", - "SNOWFLAKE_TEST_SCHEMA": "", - "SNOWFLAKE_TEST_ROLE": "" - } - } - diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile deleted file mode 100644 index 4fd54703de..0000000000 --- a/docker/proxy/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Based on the Fedora image -FROM fedora - -# File Author / Maintainer -MAINTAINER http://fedoraproject.org/wiki/Cloud - -# Install Squid -RUN dnf -y update && dnf clean all -RUN dnf -y install squid && dnf clean all -RUN dnf -y install httpd-tools && dnf clean all - -# Change the first occurrence squid.conf to auth_squid.conf -# if you would like to use authentication -ADD squid.conf /etc/squid/squid.conf - -RUN squid -z -F -RUN htpasswd -b -c /etc/squid/passwd user1 password - -# Expose ports -EXPOSE 3128 - -# Set the default command to execute -# when creating a new container -CMD squid -N -d 1 diff --git a/docker/proxy/Dockerfile.auth b/docker/proxy/Dockerfile.auth deleted file mode 100644 index 06281f20e4..0000000000 --- a/docker/proxy/Dockerfile.auth +++ /dev/null @@ -1,24 +0,0 @@ -# Based on the Fedora image -FROM fedora - -# File Author / Maintainer -MAINTAINER http://fedoraproject.org/wiki/Cloud - -# Install Squid -RUN dnf -y update && dnf clean all -RUN dnf -y install squid && dnf clean all -RUN dnf -y install httpd-tools && dnf clean all - -# Change the first occurrence squid.conf to auth_squid.conf -# if you would like to use authentication -ADD auth_squid.conf /etc/squid/squid.conf - -RUN squid -z -F -RUN htpasswd -b -c /etc/squid/passwd user1 password - -# Expose ports -EXPOSE 3128 - -# Set the default command to execute -# when creating a new container -CMD squid -N -d 1 diff --git a/docker/proxy/README.rst b/docker/proxy/README.rst deleted file mode 100644 index 0acc6a8bb2..0000000000 --- a/docker/proxy/README.rst +++ /dev/null @@ -1,26 +0,0 @@ -******************************************************************************** -Squid proxy server on the docker -******************************************************************************** - -This docker file was copied from: - -https://github.com/fedora-cloud/Fedora-Dockerfiles/tree/master/squid - -To build: - -.. code-block:: bash - - docker build --rm -t squid . - -To run by binding the port 3128 of the container with the port 8765 on the host: - -.. code-block:: bash - - docker run --name proxy -d -p 8765:3128 squid - -To test, - -.. code-block:: bash - - curl -x http://localhost:8765 https://www.snowflake.net/ - diff --git a/docker/proxy/auth_squid.conf b/docker/proxy/auth_squid.conf deleted file mode 100644 index 072d15ce12..0000000000 --- a/docker/proxy/auth_squid.conf +++ /dev/null @@ -1,82 +0,0 @@ -# -# Recommended minimum configuration: -# - -# Example rule allowing access from your local networks. -# Adapt to list your (internal) IP networks from where browsing -# should be allowed -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.20.0.0/16 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl localnet src fc00::/7 # RFC 4193 local private network range -acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines - -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT - -auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd -#auth_param basic children 5 -auth_param basic realm proxy -# auth_param basic credentialsttl 2 hours -# auth_param basic casesensitive off -acl authenticated proxy_auth REQUIRED -# -# Recommended minimum Access Permission configuration: -# -# Deny requests to certain unsafe ports -http_access deny !Safe_ports - -# Deny CONNECT to other than secure SSL ports -http_access deny CONNECT !SSL_ports - -# Only allow cachemgr access from localhost -# http_access allow localhost manager -http_access allow authenticated -http_access deny manager - -# We strongly recommend the following be uncommented to protect innocent -# web applications running on the proxy server who think the only -# one who can access services on "localhost" is a local user -#http_access deny to_localhost - -# -# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS -# - -# Example rule allowing access from your local networks. -# Adapt localnet in the ACL section to list your (internal) IP networks -# from where browsing should be allowed -http_access allow localnet -http_access allow localhost -acl ncsa_users proxy_auth REQUIRED -http_access allow ncsa_users - -# And finally deny all other access to this proxy -http_access deny all - -# Squid normally listens to port 3128 -http_port 3128 - -# Uncomment and adjust the following to add a disk cache directory. -#cache_dir ufs /var/spool/squid 100 16 256 - -# Leave coredumps in the first cache dir -coredump_dir /var/spool/squid - -# -# Add any of your own refresh_pattern entries above these. -# -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern . 0 20% 4320 diff --git a/docker/proxy/build.sh b/docker/proxy/build.sh deleted file mode 100755 index 0bb2281920..0000000000 --- a/docker/proxy/build.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -e -# -# Build Squid proxy server image -# - -set -o pipefail -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -cd $DIR -# Squid without auth -docker build --rm -t squid . -# Squid with auth -docker build -f Dockerfile.auth --rm -t squid-auth . diff --git a/docker/proxy/squid.conf b/docker/proxy/squid.conf deleted file mode 100644 index fee5a1cdb3..0000000000 --- a/docker/proxy/squid.conf +++ /dev/null @@ -1,73 +0,0 @@ -# -# Recommended minimum configuration: -# - -# Example rule allowing access from your local networks. -# Adapt to list your (internal) IP networks from where browsing -# should be allowed -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl localnet src fc00::/7 # RFC 4193 local private network range -acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines - -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT - -# -# Recommended minimum Access Permission configuration: -# -# Deny requests to certain unsafe ports -http_access deny !Safe_ports - -# Deny CONNECT to other than secure SSL ports -http_access deny CONNECT !SSL_ports - -# Only allow cachemgr access from localhost -http_access allow localhost manager -http_access deny manager - -# We strongly recommend the following be uncommented to protect innocent -# web applications running on the proxy server who think the only -# one who can access services on "localhost" is a local user -#http_access deny to_localhost - -# -# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS -# - -# Example rule allowing access from your local networks. -# Adapt localnet in the ACL section to list your (internal) IP networks -# from where browsing should be allowed -http_access allow localnet -http_access allow localhost - -# And finally deny all other access to this proxy -http_access deny all - -# Squid normally listens to port 3128 -http_port 3128 - -# Uncomment and adjust the following to add a disk cache directory. -#cache_dir ufs /var/spool/squid 100 16 256 - -# Leave coredumps in the first cache dir -coredump_dir /var/spool/squid - -# -# Add any of your own refresh_pattern entries above these. -# -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern . 0 20% 4320 diff --git a/docker/test-libsnowflakeclient/.gitignore b/docker/test-libsnowflakeclient/.gitignore deleted file mode 100644 index 4575619c37..0000000000 --- a/docker/test-libsnowflakeclient/.gitignore +++ /dev/null @@ -1 +0,0 @@ -parameters.json diff --git a/docker/test-libsnowflakeclient/Dockerfile b/docker/test-libsnowflakeclient/Dockerfile deleted file mode 100644 index e3a09f08fd..0000000000 --- a/docker/test-libsnowflakeclient/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM ubuntu:16.04 - -ARG SNOWSQL_VERSION=1.1.53 -ARG PROXY_IP=172.20.128.10 -ARG PROXY_PORT=3128 - -RUN apt-get update -q -y -RUN apt-get upgrade -q -y -RUN apt-get install -q -y iptables -RUN apt-get install -q -y git vim cmake pkg-config curl gcc g++ zlib1g-dev jq lcov -RUN apt-get install -q -y language-pack-en-base software-properties-common - -ENV LC_ALL C.UTF-8 -ENV LANG C.UTF-8 - -COPY iptables.txt /root -RUN echo "source ~/iptables.txt" >> /root/.bashrc - -ENV http_proxy http://${PROXY_IP}:${PROXY_PORT} -ENV https_proxy http://${PROXY_IP}:${PROXY_PORT} -ENV HTTP_PROXY http://${PROXY_IP}:${PROXY_PORT} -ENV HTTPS_PROXY http://${PROXY_IP}:${PROXY_PORT} - -COPY build_run_libsnowflakeclient_proxy_test.sh /root diff --git a/docker/test-libsnowflakeclient/build.sh b/docker/test-libsnowflakeclient/build.sh deleted file mode 100755 index e495dcefad..0000000000 --- a/docker/test-libsnowflakeclient/build.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -e -# -# Build libsnowflakeclient proxy test docker image -# - -set -o pipefail -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -PROXY_IP=${PROXY_IP:-172.20.128.10} -PROXY_PORT=${PROXY_PORT:-3128} - -cd $DIR -docker build \ - --build-arg PROXY_IP=${PROXY_IP} \ - --build-arg PROXY_PORT=${PROXY_PORT} \ - -t test-libsnowflakeclient . diff --git a/docker/test-libsnowflakeclient/build_run_libsnowflakeclient_proxy_test.sh b/docker/test-libsnowflakeclient/build_run_libsnowflakeclient_proxy_test.sh deleted file mode 100755 index 851fdf7dae..0000000000 --- a/docker/test-libsnowflakeclient/build_run_libsnowflakeclient_proxy_test.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -e -# -# Build and Test libsnowflakeclient on Ubuntu -# - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cd $DIR - -#!/bin/bash -e -# -# Run a SnowSQL test -# -set -o pipefail - -source ~/iptables.txt - -echo "==> iptables" -iptables -L - -# Test that proxy connection is really established -echo "==> checking noproxy connection that should not work" -if curl --noproxy "*" https://www.snowflake.net/ >& /dev/null; then - echo "The outgoing network is not blocked. The connection should require a proxy at all times." - exit 1 -fi - -# Check that the proper parameters were passed into the docker image -if [[ -z "$SNOWFLAKE_TEST_USER" || -z "$SNOWFLAKE_TEST_PASSWORD" || -z "$SNOWFLAKE_TEST_ACCOUNT" || -z "$SNOWFLAKE_TEST_WAREHOUSE" || \ - -z "$SNOWFLAKE_TEST_SCHEMA" || -z "$SNOWFLAKE_TEST_DATABASE" || -z "$SNOWFLAKE_TEST_ROLE" ]]; then - echo "SNOWFLAKE_TEST_USER, SNOWFLAKE_TEST_PASSWORD, SNOWFLAKE_TEST_ACCOUNT, " \ - "SNOWFLAKE_TEST_WAREHOUSE, SNOWFLAKE_TEST_SCHEMA, SNOWFLAKE_TEST_DATABASE " \ - "and SNOWFLAKE_TEST_ROLE must all be set." - exit 1 -fi - -# Download libsnowflakeclient -echo "==> downloading libsnowflakeclient" -git clone https://github.com/snowflakedb/libsnowflakeclient.git -cd libsnowflakeclient -SNOWFLAKE_TEST_CA_BUNDLE_FILE="${DIR}/libsnowflakeclient/cacert.pem" -export SNOWFLAKE_TEST_CA_BUNDLE_FILE - -# Build dependencies, libsnowflakeclient and run tests -export GCC=gcc-5 GXX=g++-5 -echo "==> building dependencies" -./scripts/build_dependencies.sh -t Debug -mv deps-build/linux/aws/lib deps-build/linux/aws/lib64 -echo "==> building libsnowflakeclient" -./scripts/build_libsnowflakeclient.sh -t Debug -echo "==> build complete" -echo "==> env var proxies http_proxy=${http_proxy} and https_proxy=${https_proxy}" -echo "==> running libsnowflakeclient tests" -./scripts/run_tests.sh -s - diff --git a/docker/test-libsnowflakeclient/iptables.txt b/docker/test-libsnowflakeclient/iptables.txt deleted file mode 100644 index 26722b0b12..0000000000 --- a/docker/test-libsnowflakeclient/iptables.txt +++ /dev/null @@ -1,7 +0,0 @@ -iptables -P INPUT DROP -iptables -P OUTPUT DROP -iptables -P FORWARD DROP -iptables -A INPUT -i lo -j ACCEPT -iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -iptables -A INPUT -j DROP -iptables -A OUTPUT -p tcp -d 172.20.128.10 -j ACCEPT diff --git a/docker/test-libsnowflakeclient/run.sh b/docker/test-libsnowflakeclient/run.sh deleted file mode 100755 index 78a6cb09ad..0000000000 --- a/docker/test-libsnowflakeclient/run.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -e -# -# Build and Test libsnowflakeclient on Ubuntu -# - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cd $DIR - -NETWORK_NAME=proxytest -PROXY_NAME=squid -PROXY_IP=172.20.128.10 -PROXY_PORT=3128 - -SNOWFLAKE_TEST_USER="${1:-$SNOWFLAKE_TEST_USER}" -SNOWFLAKE_TEST_PASSWORD="${2:-$SNOWFLAKE_TEST_PASSWORD}" -SNOWFLAKE_TEST_ACCOUNT="${3:-$SNOWFLAKE_TEST_ACCOUNT}" -SNOWFLAKE_TEST_WAREHOUSE="${4:-$SNOWFLAKE_TEST_WAREHOUSE}" -SNOWFLAKE_TEST_DATABASE="${5:-$SNOWFLAKE_TEST_DATABASE}" -SNOWFLAKE_TEST_SCHEMA="${6:-$SNOWFLAKE_TEST_SCHEMA}" -SNOWFLAKE_TEST_ROLE="${7:-$SNOWFLAKE_TEST_ROLE}" - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cd $DIR - -if ! docker network ls | awk '{print $2}' | grep -q $NETWORK_NAME; then - echo "==> Creating a network $NETWORK_NAME" - docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 $NETWORK_NAME -fi - -if ! docker ps | awk '{print $2}' | grep -q $PROXY_NAME; then - echo "==> Starting Squid Proxy server" - docker run --net proxytest --ip $PROXY_IP -d squid -fi - -echo "==> Starting libsnowflakeclient tests" -docker run --net proxytest \ - --privileged \ - -e "SNOWFLAKE_TEST_USER=$SNOWFLAKE_TEST_USER" \ - -e "SNOWFLAKE_TEST_PASSWORD=$SNOWFLAKE_TEST_PASSWORD" \ - -e "SNOWFLAKE_TEST_ACCOUNT=$SNOWFLAKE_TEST_ACCOUNT" \ - -e "SNOWFLAKE_TEST_WAREHOUSE=$SNOWFLAKE_TEST_WAREHOUSE" \ - -e "SNOWFLAKE_TEST_DATABASE=$SNOWFLAKE_TEST_DATABASE" \ - -e "SNOWFLAKE_TEST_SCHEMA=$SNOWFLAKE_TEST_SCHEMA" \ - -e "SNOWFLAKE_TEST_ROLE=$SNOWFLAKE_TEST_ROLE" \ - -it test-libsnowflakeclient /bin/bash -c "/root/build_run_libsnowflakeclient_proxy_test.sh"