testcontainers-java icon indicating copy to clipboard operation
testcontainers-java copied to clipboard
verified publisher icon testcontainers

Allow containers to start on host network mode

Open aidando73 opened this issue 3 years ago • 0 comments

Fixes #5151

@kiview RE:

I've been testing locally and I think there's a simple fix we could do. We could add to ContainerState.getMappedPort an additional condition:

    default Integer getMappedPort(int originalPort) {
        ...
        Ports.Binding[] binding = new Ports.Binding[0];
        final InspectContainerResponse containerInfo = this.getContainerInfo();
        if (containerInfo != null) {
            if (containerInfo.getHostConfig().getNetworkMode().equals("host")) {
                return originalPort;
            }
            binding = containerInfo.getNetworkSettings().getPorts().getBindings().get(new ExposedPort(originalPort));
        }
        ...
    }

Which simply returns the original port if the container is in host mode. Though this feels a bit wrong. host mode doesn't really have a concept of mapped ports - the ports are simply on the host. It seems like we'd be stretching this method beyond it's original abstraction.

The more semantically correct alternative would be to throw if getMappedPort is called when container is host mode:

    default Integer getMappedPort(int originalPort) {
        ...
        Ports.Binding[] binding = new Ports.Binding[0];
        final InspectContainerResponse containerInfo = this.getContainerInfo();
        if (containerInfo != null) {
            if (containerInfo.getHostConfig().getNetworkMode().equals("host")) {
                throw new IllegalArgumentException("getMappedPort is not supported for host network mode");
            }
            binding = containerInfo.getNetworkSettings().getPorts().getBindings().get(new ExposedPort(originalPort));
        }
        ...
    }

We would, however, need to check all references to getMapped port and add in a check for host mode and there's a lot: Screenshot from 2022-08-25 20-27-41

I tried going down the 2nd approach but I realised it really is not feasible - as you said, the blast radius is too large. Every module container that relies on getMapped port wouldn't work for "host" network mode unless we add a check for every use of getMappedPort.

So I went with the former approach here. I think this is fine. I suspect people don't use "host" network mode much and it doesn't really break the principal of least surprise.

aidando73 avatar Sep 17 '22 06:09 aidando73