@useoptic/openapi-diff
Advanced tools
openapi-diff provides a simple way to generate an OpenAPI spec from captured traffic. It sniffs network traffic to generate the spec but does not store the data itself.
The simplest use-case is to attach to a running docker container and observe its traffic:
docker run -it -e SNIFF_PORT=80 -e SNIFF_INTERFACE=any \
--network=container:4dd7916f077e \
--mount type=bind,source=`pwd`,target=/out \
public.ecr.aws/optic/baseline:latest
where --network=container:4dd7916f077e uses the container ID from docker ps of the target container.
There are 3 environment values, set with -e for docker run to customize with:
SNIFF_PORT: The port to sniff. This is the internal port of the container,
not the host-side value (e.g. 80 for a --expose 8000:80).
SNIFF_INTERFACE: The interface to sniff. In containers, this is almost
always eth0.
OPTIC_OPENAPI_PATH: The in-container path for the OpenAPI spec. The
directory that contains this needs to be mounted with a --mount.
You can start the container with the -d/--detach option so that it continues
running in the background without a terminal attached. It is also possible to
detach from a container with CTRL-P CTRL-Q.
Attach to a detached container with
docker attach <id of container from docker ps>
where the container ID is the first column of the docker ps output.
The package install provides an optic CLI tool with the baseline command.
optic baseline /path/to/openapi/file
This can be further configured with
--sniff-port: The port on which to sniff. The default is 80.
--sniff-interface: The interface to sniff. This can be any for all
interfaces. The default is eth0.
The simplest way to install is from the release package:
npm install -g @useoptic/openapi-diff
If you wish to develop against the code here or simply run it directly from source. Clone the repository and at the repository root run
task postpull
This will install all needed dependencies within npm. It will not install libpcap!
libpcapoptic baseline uses libpcap to capture traffic, similar to tools such as
tcpdump and wireshark. This library is provided at the system level and must be
installed manually. The npm pcap package will compile against the development
version of libpcap. This can be a different package than the production
libpcap in some cases.
libpcap is installed by default.apt install libpcap-dev will install the correct bindings.apk add libpcap-dev will install the correct bindings.Note: Refer to the Dockerfile for an example of repackaging to use only the
production libpcap.
The source is in typescript, which needs to be compiled to javascript. You can build directly with
yarn build
Alternatively, you can use ts-node to more simply invoke the code:
sudo ts-node src/cli/index.ts baseline openapi.yaml --sniff-port 3001 --sniff-interface lo0
Run task openapi-diff:docker:build to build a container. It will locally build to
To test against a development build or to check that things are working as
expected, use the httpbin container image as an echo server and run the
baseline container.
$ docker run -d -p 127.0.0.1:8000:80 kennethreitz/httpbin
5ffd48c7f1549aba47314f149be392510ed8dbba833d138ee20cc9a75b24dc50
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ffd48c7f154 kennethreitz/httpbin "gunicorn -b 0.0.0.0…" 4 seconds ago Up 3 seconds 127.0.0.1:8000->80/tcp strange_curie
docker run -it -e SNIFF_PORT=80 --network=container:5ffd48c7f154 --mount type=bind,source=`pwd`,target=/out public.ecr.aws/optic/baseline:latest public.ecr.aws/optic/baseline
↪ reading specification from out/optic.openapi.yaml
Diff GET /get 200 response
You will see the Diff GET line if you issue a request with curl 127.0.0.1:8000/get. An optic.openapi.yaml is created in the local directory.
Coming Soon! You can run the (failing) tests with
sudo yarn dev:test
Root is required for sniffing.
This is manual for now.
The docker image relies on the public @useoptic/openapi-diff npm package. This needs to be released first.
Manually run the release job at https://github.com/opticdev/poc-governance-tools/actions/workflows/release.yaml
Use the task commands to build the docker image and push it with the current version of the npm package.
PUBLIC_TAG=$(npm view @useoptic/openapi-diff version) task openapi-diff:docker:build openapi-diff:docker:push:public
Note: You will need to be authenticated into the optic account to push to the optic container registry.
FAQs
Unknown package
We found that @useoptic/openapi-diff demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.
Security News
Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.
Research
/Security News
Campaign of 108 extensions harvests identities, steals sessions, and adds backdoors to browsers, all tied to the same C2 infrastructure.