forked from baron/baron-sso
29 lines
994 B
Bash
Executable File
29 lines
994 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Kratos/Hydra admin endpoints should be reachable only on ory-net.
|
|
# Frontend network (baron_net) must NOT reach admin endpoints.
|
|
|
|
IMAGE="curlimages/curl:8.10.1"
|
|
|
|
# ory-net should succeed
|
|
# 한국어: ory-net에서는 admin 포트 접근이 가능해야 함
|
|
|
|
docker run --rm --network ory-net "$IMAGE" -fsS http://hydra:4445/health/ready > /dev/null
|
|
|
|
docker run --rm --network ory-net "$IMAGE" -fsS http://kratos:4434/health/ready > /dev/null
|
|
|
|
# baron_net should fail
|
|
# 한국어: baron_net에서는 admin 포트 접근이 불가능해야 함
|
|
if docker run --rm --network baron_net "$IMAGE" -fsS http://hydra:4445/health/ready > /dev/null 2>&1; then
|
|
echo "ERROR: hydra admin is reachable from baron_net"
|
|
exit 1
|
|
fi
|
|
|
|
if docker run --rm --network baron_net "$IMAGE" -fsS http://kratos:4434/health/ready > /dev/null 2>&1; then
|
|
echo "ERROR: kratos admin is reachable from baron_net"
|
|
exit 1
|
|
fi
|
|
|
|
echo "OK: admin endpoints are reachable on ory-net only"
|