Skip libnetwork integration tests on Windows

Most of these tests are making use of the bridge network and do not work on Windows. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-05-28 20:59:41 +00:00 · 2021-05-28 20:59:41 +00:00 · b3c883bb2f
commit b3c883bb2f
parent 7186fd8a95
10 changed files with 238 additions and 104 deletions
--- a/libnetwork/firewall_linux_test.go
+++ b/libnetwork/firewall_linux_test.go
@ -0,0 +1,103 @@
+package libnetwork
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"gotest.tools/v3/assert"
+)
+
+const (
+	fwdChainName = "FORWARD"
+	usrChainName = userChain
+)
+
+func TestUserChain(t *testing.T) {
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	nc, err := New()
+	assert.NilError(t, err)
+
+	tests := []struct {
+		iptables  bool
+		insert    bool // insert other rules to FORWARD
+		fwdChain  []string
+		userChain []string
+	}{
+		{
+			iptables: false,
+			insert:   false,
+			fwdChain: []string{"-P FORWARD ACCEPT"},
+		},
+		{
+			iptables:  true,
+			insert:    false,
+			fwdChain:  []string{"-P FORWARD ACCEPT", "-A FORWARD -j DOCKER-USER"},
+			userChain: []string{"-N DOCKER-USER", "-A DOCKER-USER -j RETURN"},
+		},
+		{
+			iptables:  true,
+			insert:    true,
+			fwdChain:  []string{"-P FORWARD ACCEPT", "-A FORWARD -j DOCKER-USER", "-A FORWARD -j DROP"},
+			userChain: []string{"-N DOCKER-USER", "-A DOCKER-USER -j RETURN"},
+		},
+	}
+
+	resetIptables(t)
+	for _, tc := range tests {
+		tc := tc
+		t.Run(fmt.Sprintf("iptables=%v,insert=%v", tc.iptables, tc.insert), func(t *testing.T) {
+			c := nc.(*controller)
+			c.cfg.Daemon.DriverCfg["bridge"] = map[string]interface{}{
+				netlabel.GenericData: options.Generic{
+					"EnableIPTables": tc.iptables,
+				},
+			}
+
+			// init. condition, FORWARD chain empty DOCKER-USER not exist
+			assert.DeepEqual(t, getRules(t, fwdChainName), []string{"-P FORWARD ACCEPT"})
+
+			if tc.insert {
+				_, err = iptable.Raw("-A", fwdChainName, "-j", "DROP")
+				assert.NilError(t, err)
+			}
+			arrangeUserFilterRule()
+
+			assert.DeepEqual(t, getRules(t, fwdChainName), tc.fwdChain)
+			if tc.userChain != nil {
+				assert.DeepEqual(t, getRules(t, usrChainName), tc.userChain)
+			} else {
+				_, err := iptable.Raw("-S", usrChainName)
+				assert.Assert(t, err != nil, "chain %v: created unexpectedly", usrChainName)
+			}
+		})
+		resetIptables(t)
+	}
+}
+
+func getRules(t *testing.T, chain string) []string {
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	t.Helper()
+	output, err := iptable.Raw("-S", chain)
+	assert.NilError(t, err, "chain %s: failed to get rules", chain)
+
+	rules := strings.Split(string(output), "\n")
+	if len(rules) > 0 {
+		rules = rules[:len(rules)-1]
+	}
+	return rules
+}
+
+func resetIptables(t *testing.T) {
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	t.Helper()
+	_, err := iptable.Raw("-F", fwdChainName)
+	assert.NilError(t, err)
+	_ = iptable.RemoveExistingChain(usrChainName, "")
+}
--- a/libnetwork/libnetwork_internal_test.go
+++ b/libnetwork/libnetwork_internal_test.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
+	"runtime"
 	"testing"
 	"time"

@ -16,6 +17,7 @@ import (
 	"github.com/docker/docker/libnetwork/netutils"
 	"github.com/docker/docker/libnetwork/testutils"
 	"github.com/docker/docker/libnetwork/types"
+	"gotest.tools/v3/skip"
 )

 func TestNetworkMarshalling(t *testing.T) {
@ -346,6 +348,8 @@ func TestAuxAddresses(t *testing.T) {
 }

 func TestSRVServiceQuery(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	c, err := New()
 	if err != nil {
 		t.Fatal(err)
@ -442,6 +446,8 @@ func TestSRVServiceQuery(t *testing.T) {
 }

 func TestServiceVIPReuse(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	c, err := New()
 	if err != nil {
 		t.Fatal(err)
@ -555,6 +561,8 @@ func TestServiceVIPReuse(t *testing.T) {
 }

 func TestIpamReleaseOnNetDriverFailures(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	if !testutils.IsRunningInContainer() {
 		defer testutils.SetupTestOSContext(t)()
 	}
--- a/libnetwork/libnetwork_linux_test.go
+++ b/libnetwork/libnetwork_linux_test.go
@ -12,6 +12,7 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
+	"sync"
 	"testing"

 	"github.com/docker/docker/libnetwork"
@ -27,6 +28,10 @@ import (
 	"github.com/vishvananda/netns"
 )

+const (
+	bridgeNetType = "bridge"
+)
+
 var (
 	origins = netns.None()
 	testns  = netns.None()
@ -1069,6 +1074,95 @@ func TestParallel2(t *testing.T) {
 	runParallelTests(t, 2)
 }

+func TestBridge(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.EnableIPv6: true,
+		netlabel.GenericData: options.Generic{
+			"BridgeName":         "testnetwork",
+			"EnableICC":          true,
+			"EnableIPMasquerade": true,
+		},
+	}
+	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24", Gateway: "192.168.100.1"}}
+	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::22"}}
+
+	network, err := createTestNetwork(bridgeNetType, "testnetwork", netOption, ipamV4ConfList, ipamV6ConfList)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := network.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := network.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sb, err := controller.NewSandbox(containerID, libnetwork.OptionPortMapping(getPortMapping()))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	epInfo, err := ep.DriverInfo()
+	if err != nil {
+		t.Fatal(err)
+	}
+	pmd, ok := epInfo[netlabel.PortMap]
+	if !ok {
+		t.Fatalf("Could not find expected info in endpoint data")
+	}
+	pm, ok := pmd.([]types.PortBinding)
+	if !ok {
+		t.Fatalf("Unexpected format for port mapping in endpoint operational data")
+	}
+	expectedLen := 10
+	if !isV6Listenable() {
+		expectedLen = 5
+	}
+	if len(pm) != expectedLen {
+		t.Fatalf("Incomplete data for port mapping in endpoint operational data: %d", len(pm))
+	}
+}
+
+var (
+	v6ListenableCached bool
+	v6ListenableOnce   sync.Once
+)
+
+// This is copied from the bridge driver package b/c the bridge driver is not platform agnostic.
+func isV6Listenable() bool {
+	v6ListenableOnce.Do(func() {
+		ln, err := net.Listen("tcp6", "[::1]:0")
+		if err != nil {
+			// When the kernel was booted with `ipv6.disable=1`,
+			// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
+			// https://github.com/moby/moby/issues/42288
+			logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
+		} else {
+			v6ListenableCached = true
+			ln.Close()
+		}
+	})
+	return v6ListenableCached
+}
+
 func TestParallel3(t *testing.T) {
 	runParallelTests(t, 3)
 }
--- a/libnetwork/libnetwork_test.go
+++ b/libnetwork/libnetwork_test.go
@ -1,3 +1,5 @@
+// +build linux
+
 package libnetwork_test

 import (
@ -8,7 +10,7 @@ import (
 	"net/http/httptest"
 	"os"
 	"path/filepath"
-	"sync"
+	"runtime"
 	"testing"

 	"github.com/docker/docker/libnetwork"
@ -25,13 +27,13 @@ import (
 	"github.com/sirupsen/logrus"
 )

-const (
-	bridgeNetType = "bridge"
-)
-
 var controller libnetwork.NetworkController

 func TestMain(m *testing.M) {
+	if runtime.GOOS == "windows" {
+		logrus.Info("Test suite does not currently support windows")
+		os.Exit(0)
+	}
 	if reexec.Init() {
 		return
 	}
@ -75,7 +77,7 @@ func createTestNetwork(networkType, networkName string, netOption options.Generi

 func getEmptyGenericOption() map[string]interface{} {
 	genericOption := make(map[string]interface{})
-	genericOption[netlabel.GenericData] = options.Generic{}
+	genericOption[netlabel.GenericData] = map[string]string{}
 	return genericOption
 }

@ -141,95 +143,6 @@ func TestNull(t *testing.T) {
 	}
 }

-func TestBridge(t *testing.T) {
-	if !testutils.IsRunningInContainer() {
-		defer testutils.SetupTestOSContext(t)()
-	}
-
-	netOption := options.Generic{
-		netlabel.EnableIPv6: true,
-		netlabel.GenericData: options.Generic{
-			"BridgeName":         "testnetwork",
-			"EnableICC":          true,
-			"EnableIPMasquerade": true,
-		},
-	}
-	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24", Gateway: "192.168.100.1"}}
-	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::22"}}
-
-	network, err := createTestNetwork(bridgeNetType, "testnetwork", netOption, ipamV4ConfList, ipamV6ConfList)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := network.Delete(); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	ep, err := network.CreateEndpoint("testep")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	sb, err := controller.NewSandbox(containerID, libnetwork.OptionPortMapping(getPortMapping()))
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := sb.Delete(); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	err = ep.Join(sb)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	epInfo, err := ep.DriverInfo()
-	if err != nil {
-		t.Fatal(err)
-	}
-	pmd, ok := epInfo[netlabel.PortMap]
-	if !ok {
-		t.Fatalf("Could not find expected info in endpoint data")
-	}
-	pm, ok := pmd.([]types.PortBinding)
-	if !ok {
-		t.Fatalf("Unexpected format for port mapping in endpoint operational data")
-	}
-	expectedLen := 10
-	if !isV6Listenable() {
-		expectedLen = 5
-	}
-	if len(pm) != expectedLen {
-		t.Fatalf("Incomplete data for port mapping in endpoint operational data: %d", len(pm))
-	}
-}
-
-var (
-	v6ListenableCached bool
-	v6ListenableOnce   sync.Once
-)
-
-// This is copied from the bridge driver package b/c the bridge driver is not platform agnostic.
-func isV6Listenable() bool {
-	v6ListenableOnce.Do(func() {
-		ln, err := net.Listen("tcp6", "[::1]:0")
-		if err != nil {
-			// When the kernel was booted with `ipv6.disable=1`,
-			// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
-			// https://github.com/moby/moby/issues/42288
-			logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
-		} else {
-			v6ListenableCached = true
-			ln.Close()
-		}
-	})
-	return v6ListenableCached
-}
-
 func TestUnknownDriver(t *testing.T) {
 	if !testutils.IsRunningInContainer() {
 		defer testutils.SetupTestOSContext(t)()
@ -1272,7 +1185,7 @@ func TestEndpointUpdateParent(t *testing.T) {
 		defer testutils.SetupTestOSContext(t)()
 	}

-	n, err := createTestNetwork("bridge", "testnetwork", options.Generic{
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", options.Generic{
 		netlabel.GenericData: options.Generic{
 			"BridgeName": "testnetwork",
 		},
--- a/libnetwork/libnetwork_windows_test.go
+++ b/libnetwork/libnetwork_windows_test.go
@ -5,4 +5,8 @@ import (
 	"path/filepath"
 )

-var specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins")
+const bridgeNetType = "nat"
+
+var (
+	specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins")
+)
--- a/libnetwork/networkdb/networkdb_test.go
+++ b/libnetwork/networkdb/networkdb_test.go
@ -6,7 +6,6 @@ import (
 	"log"
 	"net"
 	"os"
-	"strings"
 	"sync/atomic"
 	"testing"
 	"time"
@ -457,7 +456,7 @@ func TestNetworkDBCRUDMediumCluster(t *testing.T) {
 	for i := 1; i < n; i++ {
 		_, err = dbs[i].GetEntry("test_table", "network1", "test_key")
 		assert.Check(t, is.ErrorContains(err, ""))
-		assert.Check(t, strings.Contains(err.Error(), "deleted and pending garbage collection"))
+		assert.Check(t, is.Contains(err.Error(), "deleted and pending garbage collection"), err)
 	}

 	closeNetworkDBInstances(dbs)
--- a/libnetwork/resolver.go
+++ b/libnetwork/resolver.go
@ -383,6 +383,8 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		resp, err = r.handlePTRQuery(name, query)
 	case dns.TypeSRV:
 		resp, err = r.handleSRVQuery(name, query)
+	default:
+		panic("error")
 	}

 	if err != nil {
@ -455,7 +457,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 				}
 			}
 			if err != nil {
-				logrus.Warnf("[resolver] connect failed: %s", err)
+				logrus.WithField("retries", i).Warnf("[resolver] connect failed: %s", err)
 				continue
 			}
 			queryType := dns.TypeToString[query.Question[0].Qtype]
--- a/libnetwork/resolver_test.go
+++ b/libnetwork/resolver_test.go
@ -9,6 +9,7 @@ import (

 	"github.com/miekg/dns"
 	"github.com/sirupsen/logrus"
+	"gotest.tools/v3/skip"
 )

 // a simple/null address type that will be used to fake a local address for unit testing
@ -73,6 +74,8 @@ func checkDNSRRType(t *testing.T, actual, expected uint16) {
 }

 func TestDNSIPQuery(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	c, err := New()
 	if err != nil {
 		t.Fatal(err)
@ -210,9 +213,7 @@ func waitForLocalDNSServer(t *testing.T) {
 }

 func TestDNSProxyServFail(t *testing.T) {
-	if runtime.GOARCH == "arm64" {
-		t.Skip("This test fails on arm64 foor some reason... this need to be fixed")
-	}
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")

 	c, err := New()
 	if err != nil {
@ -245,7 +246,7 @@ func TestDNSProxyServFail(t *testing.T) {
 	// initialize a local DNS server and configure it to fail the first query
 	dns.HandleFunc(".", newDNSHandlerServFailOnce(&nRequests))
 	// use TCP for predictable results. Connection tests (to figure out DNS server initialization) don't work with UDP
-	server := &dns.Server{Addr: ":53", Net: "tcp"}
+	server := &dns.Server{Addr: "127.0.0.1:53", Net: "tcp"}
 	srvErrCh := make(chan error, 1)
 	go func() {
 		srvErrCh <- server.ListenAndServe()
--- a/libnetwork/sandbox_test.go
+++ b/libnetwork/sandbox_test.go
@ -2,6 +2,7 @@ package libnetwork

 import (
 	"fmt"
+	"runtime"
 	"testing"

 	"github.com/docker/docker/libnetwork/config"
@ -10,9 +11,12 @@ import (
 	"github.com/docker/docker/libnetwork/options"
 	"github.com/docker/docker/libnetwork/osl"
 	"github.com/docker/docker/libnetwork/testutils"
+	"gotest.tools/v3/skip"
 )

 func getTestEnv(t *testing.T, opts ...[]NetworkOption) (NetworkController, []Network) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	netType := "bridge"

 	option := options.Generic{
--- a/libnetwork/service_common_test.go
+++ b/libnetwork/service_common_test.go
@ -2,14 +2,18 @@ package libnetwork

 import (
 	"net"
+	"runtime"
 	"testing"

 	"github.com/docker/docker/libnetwork/resolvconf"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )

 func TestCleanupServiceDiscovery(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	c, err := New()
 	assert.NilError(t, err)
 	defer c.Stop()
@ -52,6 +56,8 @@ func TestCleanupServiceDiscovery(t *testing.T) {
 }

 func TestDNSOptions(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
 	c, err := New()
 	assert.NilError(t, err)