Improve the docs about Stub Runner standalone executions in terms of security concerns; fixes gh-1806
This commit is contained in:
@@ -619,9 +619,15 @@ by setting the following system properties or by setting the corresponding envir
|
||||
Spring Cloud Contract Stub Runner Boot is a Spring Boot application that exposes REST endpoints to
|
||||
trigger the messaging labels and to access WireMock servers.
|
||||
|
||||
One of the use cases is to run some smoke (end-to-end) tests on a deployed application.
|
||||
You can check out the https://github.com/spring-cloud/spring-cloud-pipelines[Spring Cloud Pipelines]
|
||||
project for more information.
|
||||
[[features-stub-runner-boot-security]]
|
||||
==== Stub Runner Boot Security
|
||||
|
||||
The Stub Runner Boot application is not secured by design - securing it would require to add security to all
|
||||
stubs even if they don't actually require it. Since this is a testing utility - the server is **not intended**
|
||||
to be used in production environments.
|
||||
|
||||
IMPORTANT: It is expected that **only a trusted client** has access to the Stub Runner Boot server. You should not
|
||||
run this application as a Fat Jar or a link:docker-project.html#docker-stubrunner[Docker Image] in untrusted locations.
|
||||
|
||||
[[features-stub-runner-boot-server]]
|
||||
==== Stub Runner Server
|
||||
|
||||
@@ -389,6 +389,11 @@ This section describes how to use Docker on the consumer side to fetch and run s
|
||||
We publish a `spring-cloud/spring-cloud-contract-stub-runner` Docker image
|
||||
that starts the standalone version of Stub Runner.
|
||||
|
||||
[[docker-stubrunner-security]]
|
||||
=== Security
|
||||
|
||||
Since the Spring Cloud Contract Stub Runner Docker Image uses the standalone version of Stub Runner the same security considerations need to be taken. You can read more about those link:project-features.html#features-stub-runner-boot-security[in this section of the documentation].
|
||||
|
||||
[[docker-stubrunner-env-vars]]
|
||||
=== Environment Variables
|
||||
|
||||
|
||||
Reference in New Issue
Block a user