-
-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathdocker-compose.test.yml
More file actions
153 lines (141 loc) · 3.62 KB
/
docker-compose.test.yml
File metadata and controls
153 lines (141 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Docker Compose Override for Testing Scenarios
# Usage: docker compose -f docker-compose.yml -f docker-compose.test.yml up -d
#
# This file adds test-specific configurations and additional test services
version: '3.8'
services:
# Override proxy with test-specific settings
proxy:
environment:
RUST_LOG: debug,zentinel_proxy=trace
ZENTINEL_CONFIG: /etc/zentinel/config.kdl
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9090/health"]
interval: 5s
timeout: 3s
retries: 5
start_period: 10s
# Add auth agent for testing
auth:
build:
context: .
target: runtime-base
container_name: zentinel-auth-test
command: >
sh -c "
echo 'Mock auth agent - echoes allow for all requests'
while true; do sleep 3600; done
"
volumes:
- agent-sockets:/var/run/zentinel
networks:
- zentinel
restart: "no"
# Add denylist agent for testing
denylist:
build:
context: .
target: runtime-base
container_name: zentinel-denylist-test
command: >
sh -c "
echo 'Mock denylist agent'
while true; do sleep 3600; done
"
volumes:
- agent-sockets:/var/run/zentinel
networks:
- zentinel
restart: "no"
# Test load generator service
loadgen:
image: alpine/curl:latest
container_name: zentinel-loadgen
profiles: ["load"]
command: >
sh -c "
echo 'Load generator ready'
echo 'Run: docker exec zentinel-loadgen sh -c \"for i in \$\$(seq 1 100); do curl -s http://proxy:8080/get; done\"'
sleep infinity
"
networks:
- zentinel
depends_on:
- proxy
# Test reporter service - generates test reports
reporter:
image: alpine:latest
container_name: zentinel-reporter
profiles: ["report"]
volumes:
- ./tests:/tests:ro
- ./reports:/reports
command: >
sh -c "
apk add --no-cache curl jq bash
echo 'Test reporter ready'
sleep infinity
"
networks:
- zentinel
# Additional backend service for testing failover
backend-secondary:
image: kennethreitz/httpbin:latest
container_name: zentinel-backend-secondary
profiles: ["ha"]
networks:
- zentinel
ports:
- "8082:80"
environment:
GUNICORN_CMD_ARGS: "--workers=2"
restart: "no"
# Redis for rate limiting persistence tests
redis:
image: redis:7-alpine
container_name: zentinel-redis
profiles: ["persistence"]
networks:
- zentinel
ports:
- "6379:6379"
command: redis-server --appendonly yes
volumes:
- redis-data:/data
restart: "no"
# Memcached for rate limiting tests
memcached:
image: memcached:1.6-alpine
container_name: zentinel-memcached
profiles: ["persistence"]
networks:
- zentinel
ports:
- "11211:11211"
command: memcached -m 64
restart: "no"
# Mock malicious traffic generator for WAF testing
attacker:
image: alpine/curl:latest
container_name: zentinel-attacker
profiles: ["security"]
command: >
sh -c "
echo 'Attack simulator ready'
echo 'Available attacks:'
echo ' SQL injection: curl http://proxy:8080/protected/?id=1%27%20OR%20%271%27=%271'
echo ' XSS: curl -X POST http://proxy:8080/protected/ -d \"input=<script>alert(1)</script>\"'
echo ' Path traversal: curl http://proxy:8080/protected/../../../etc/passwd'
sleep infinity
"
networks:
- zentinel
depends_on:
- proxy
- waf
volumes:
redis-data:
driver: local
networks:
zentinel:
driver: bridge