moby/integration/network/network_test.go

package network // import "github.com/docker/docker/integration/network"

import (
	"bytes"
	"context"
	"net/http"
	"os/exec"
	"strings"
	"testing"

	"github.com/docker/docker/api/types"
	"github.com/docker/docker/integration/internal/container"
	"github.com/docker/docker/integration/internal/network"
	"github.com/docker/docker/testutil/daemon"
	"github.com/docker/docker/testutil/request"
	"gotest.tools/v3/assert"
	is "gotest.tools/v3/assert/cmp"
	"gotest.tools/v3/icmd"
	"gotest.tools/v3/skip"
)

func TestRunContainerWithBridgeNone(t *testing.T) {
	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
	skip.If(t, IsUserNamespace())
	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")

	d := daemon.New(t)
	d.StartWithBusybox(t, "-b", "none")
	defer d.Stop(t)

	c := d.NewClientT(t)
	ctx := context.Background()

	id1 := container.Run(ctx, t, c)
	defer c.ContainerRemove(ctx, id1, types.ContainerRemoveOptions{Force: true})

	result, err := container.Exec(ctx, c, id1, []string{"ip", "l"})
	assert.NilError(t, err)
	assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled")

	id2 := container.Run(ctx, t, c, container.WithNetworkMode("bridge"))
	defer c.ContainerRemove(ctx, id2, types.ContainerRemoveOptions{Force: true})

	result, err = container.Exec(ctx, c, id2, []string{"ip", "l"})
	assert.NilError(t, err)
	assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in bridge mode when bridge network is disabled")

	nsCommand := "ls -l /proc/self/ns/net | awk -F '->' '{print $2}'"
	cmd := exec.Command("sh", "-c", nsCommand)
	stdout := bytes.NewBuffer(nil)
	cmd.Stdout = stdout
	err = cmd.Run()
	assert.NilError(t, err, "Failed to get current process network namespace: %+v", err)

	id3 := container.Run(ctx, t, c, container.WithNetworkMode("host"))
	defer c.ContainerRemove(ctx, id3, types.ContainerRemoveOptions{Force: true})

	result, err = container.Exec(ctx, c, id3, []string{"sh", "-c", nsCommand})
	assert.NilError(t, err)
	assert.Check(t, is.Equal(stdout.String(), result.Combined()), "The network namespace of container should be the same with host when --net=host and bridge network is disabled")
}

func TestNetworkInvalidJSON(t *testing.T) {
	defer setupTest(t)()

	endpoints := []string{
		"/networks/create",
		"/networks/bridge/connect",
		"/networks/bridge/disconnect",
	}

	for _, ep := range endpoints {
		t.Run(ep, func(t *testing.T) {
			t.Parallel()

			res, body, err := request.Post(ep, request.RawString("{invalid json"), request.JSON)
			assert.NilError(t, err)
			assert.Equal(t, res.StatusCode, http.StatusBadRequest)

			buf, err := request.ReadBody(body)
			assert.NilError(t, err)
			assert.Check(t, is.Contains(string(buf), "invalid character 'i' looking for beginning of object key string"))

			res, body, err = request.Post(ep, request.JSON)
			assert.NilError(t, err)
			assert.Equal(t, res.StatusCode, http.StatusBadRequest)

			buf, err = request.ReadBody(body)
			assert.NilError(t, err)
			assert.Check(t, is.Contains(string(buf), "got EOF while reading request body"))
		})
	}
}

func TestHostIPv4BridgeLabel(t *testing.T) {
	skip.If(t, testEnv.OSType == "windows")
	skip.If(t, testEnv.IsRemoteDaemon)
	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
	d := daemon.New(t)
	d.Start(t)
	defer d.Stop(t)
	c := d.NewClientT(t)
	defer c.Close()
	ctx := context.Background()

	ipv4SNATAddr := "172.0.0.172"
	// Create a bridge network with --opt com.docker.network.host_ipv4=172.0.0.172
	bridgeName := "hostIPv4Bridge"
	network.CreateNoError(ctx, t, c, bridgeName,
		network.WithDriver("bridge"),
		network.WithOption("com.docker.network.host_ipv4", ipv4SNATAddr),
		network.WithOption("com.docker.network.bridge.name", bridgeName),
	)
	out, err := c.NetworkInspect(ctx, bridgeName, types.NetworkInspectOptions{Verbose: true})
	assert.NilError(t, err)
	assert.Assert(t, len(out.IPAM.Config) > 0)
	// Make sure the SNAT rule exists
	icmd.RunCommand("iptables", "-t", "nat", "-C", "POSTROUTING", "-s", out.IPAM.Config[0].Subnet, "!", "-o", bridgeName, "-j", "SNAT", "--to-source", ipv4SNATAddr).Assert(t, icmd.Success)
}
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`package network // import "github.com/docker/docker/integration/network"`

			`import (`
			`"bytes"`
			`"context"`
API: properly handle invalid JSON to return a 400 status The API did not treat invalid JSON payloads as a 400 error, as a result returning a 500 error; Before this change, an invalid JSON body would return a 500 error; ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" \ -d '{invalid json' ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.52.1 > Accept: / > Content-Type: application/json > Content-Length: 13 > * upload completely sent off: 13 out of 13 bytes < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Type: application/json < Docker-Experimental: false < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 05 Nov 2018 11:55:20 GMT < Content-Length: 79 < {"message":"invalid character 'i' looking for beginning of object key string"} ``` Empty request: ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.54.0 > Accept: / > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.38 < Content-Length: 18 < Content-Type: application/json < Date: Mon, 05 Nov 2018 12:00:18 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/18.06.1-ce (linux) < {"message":"EOF"} ``` After this change, a 400 is returned; ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" \ -d '{invalid json' ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.52.1 > Accept: / > Content-Type: application/json > Content-Length: 13 > * upload completely sent off: 13 out of 13 bytes < HTTP/1.1 400 Bad Request < Api-Version: 1.40 < Content-Type: application/json < Docker-Experimental: false < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 05 Nov 2018 11:57:15 GMT < Content-Length: 79 < {"message":"invalid character 'i' looking for beginning of object key string"} ``` Empty request: ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.52.1 > Accept: / > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.40 < Content-Type: application/json < Docker-Experimental: false < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 05 Nov 2018 11:59:22 GMT < Content-Length: 49 < {"message":"got EOF while reading request body"} ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-11-05 13:50:33 +00:00			`"net/http"`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`"os/exec"`
			`"strings"`
			`"testing"`

			`"github.com/docker/docker/api/types"`
			`"github.com/docker/docker/integration/internal/container"`
Add TC for com.docker.network.host_ipv4 label This PR adds a testcase for the com.docker.network.host_ipv4 label commited via https://github.com/docker/libnetwork/pull/2454 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-03-04 22:44:08 +00:00			`"github.com/docker/docker/integration/internal/network"`
testutil: make testing packages public This was done with something along the lines of: ``` mv internal/test testutil pushd testutil/; grep -IRl "package test" \| xargs -I '{}' sed -i -e 's\|package test\|package testutil\|g' {}; popd mv internal/testutil/*.go testutil/ && rm -rf internal/ grep -IRl "github.com\/docker\/docker\/internal\/test" \| xargs -I '{}' sed -i -e 's\|github.com/docker/docker/internal/test\|github.com/docker/docker/test\|g' {} goimports . ``` I also modified the basic plugin path in testutil/fixtures/plugin. Signed-off-by: Sam Whited <sam@samwhited.com> 2019-08-29 20:52:40 +00:00			`"github.com/docker/docker/testutil/daemon"`
			`"github.com/docker/docker/testutil/request"`
bump gotest.tools v3.0.1 for compatibility with Go 1.14 full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-02-07 13:39:24 +00:00			`"gotest.tools/v3/assert"`
			`is "gotest.tools/v3/assert/cmp"`
Add TC for com.docker.network.host_ipv4 label This PR adds a testcase for the com.docker.network.host_ipv4 label commited via https://github.com/docker/libnetwork/pull/2454 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-03-04 22:44:08 +00:00			`"gotest.tools/v3/icmd"`
bump gotest.tools v3.0.1 for compatibility with Go 1.14 full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-02-07 13:39:24 +00:00			`"gotest.tools/v3/skip"`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`)`

			`func TestRunContainerWithBridgeNone(t *testing.T) {`
			`skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")`
			`skip.If(t, testEnv.DaemonInfo.OSType != "linux")`
			`skip.If(t, IsUserNamespace())`
test-integration: support more rootless tests Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-13 13:37:09 +00:00			`skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00
			`d := daemon.New(t)`
			`d.StartWithBusybox(t, "-b", "none")`
			`defer d.Stop(t)`

Test: Replace NewClient() with NewClientT() Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-12-22 14:53:02 +00:00			`c := d.NewClientT(t)`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`ctx := context.Background()`

integration: change container.Run signature to fix linting Line 59: warning: context.Context should be the first parameter of a function (golint) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-06-06 11:15:31 +00:00			`id1 := container.Run(ctx, t, c)`
Test: Replace NewClient() with NewClientT() Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-12-22 14:53:02 +00:00			`defer c.ContainerRemove(ctx, id1, types.ContainerRemoveOptions{Force: true})`

			`result, err := container.Exec(ctx, c, id1, []string{"ip", "l"})`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`assert.NilError(t, err)`
			`assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled")`

integration: change container.Run signature to fix linting Line 59: warning: context.Context should be the first parameter of a function (golint) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-06-06 11:15:31 +00:00			`id2 := container.Run(ctx, t, c, container.WithNetworkMode("bridge"))`
Test: Replace NewClient() with NewClientT() Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-12-22 14:53:02 +00:00			`defer c.ContainerRemove(ctx, id2, types.ContainerRemoveOptions{Force: true})`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00
Test: Replace NewClient() with NewClientT() Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-12-22 14:53:02 +00:00			`result, err = container.Exec(ctx, c, id2, []string{"ip", "l"})`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`assert.NilError(t, err)`
			`assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in bridge mode when bridge network is disabled")`

			`nsCommand := "ls -l /proc/self/ns/net \| awk -F '->' '{print $2}'"`
			`cmd := exec.Command("sh", "-c", nsCommand)`
			`stdout := bytes.NewBuffer(nil)`
			`cmd.Stdout = stdout`
			`err = cmd.Run()`
			`assert.NilError(t, err, "Failed to get current process network namespace: %+v", err)`

integration: change container.Run signature to fix linting Line 59: warning: context.Context should be the first parameter of a function (golint) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-06-06 11:15:31 +00:00			`id3 := container.Run(ctx, t, c, container.WithNetworkMode("host"))`
Test: Replace NewClient() with NewClientT() Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-12-22 14:53:02 +00:00			`defer c.ContainerRemove(ctx, id3, types.ContainerRemoveOptions{Force: true})`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00
Test: Replace NewClient() with NewClientT() Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-12-22 14:53:02 +00:00			`result, err = container.Exec(ctx, c, id3, []string{"sh", "-c", nsCommand})`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`assert.NilError(t, err)`
Fix log Signed-off-by: maxwell <csuhp007@gmail.com> 2018-11-11 15:07:43 +00:00			`assert.Check(t, is.Equal(stdout.String(), result.Combined()), "The network namespace of container should be the same with host when --net=host and bridge network is disabled")`
fixed the race condition in the integration test TestRunContainerWithBridgeNone Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com> 2018-07-11 14:31:27 +00:00			`}`
API: properly handle invalid JSON to return a 400 status The API did not treat invalid JSON payloads as a 400 error, as a result returning a 500 error; Before this change, an invalid JSON body would return a 500 error; ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" \ -d '{invalid json' ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.52.1 > Accept: / > Content-Type: application/json > Content-Length: 13 > * upload completely sent off: 13 out of 13 bytes < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Type: application/json < Docker-Experimental: false < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 05 Nov 2018 11:55:20 GMT < Content-Length: 79 < {"message":"invalid character 'i' looking for beginning of object key string"} ``` Empty request: ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.54.0 > Accept: / > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.38 < Content-Length: 18 < Content-Type: application/json < Date: Mon, 05 Nov 2018 12:00:18 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/18.06.1-ce (linux) < {"message":"EOF"} ``` After this change, a 400 is returned; ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" \ -d '{invalid json' ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.52.1 > Accept: / > Content-Type: application/json > Content-Length: 13 > * upload completely sent off: 13 out of 13 bytes < HTTP/1.1 400 Bad Request < Api-Version: 1.40 < Content-Type: application/json < Docker-Experimental: false < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 05 Nov 2018 11:57:15 GMT < Content-Length: 79 < {"message":"invalid character 'i' looking for beginning of object key string"} ``` Empty request: ```bash curl -v \ --unix-socket /var/run/docker.sock \ -X POST \ "http://localhost/v1.30/networks/create" \ -H "Content-Type: application/json" ``` ``` > POST /v1.30/networks/create HTTP/1.1 > Host: localhost > User-Agent: curl/7.52.1 > Accept: / > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.40 < Content-Type: application/json < Docker-Experimental: false < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 05 Nov 2018 11:59:22 GMT < Content-Length: 49 < {"message":"got EOF while reading request body"} ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2018-11-05 13:50:33 +00:00
			`func TestNetworkInvalidJSON(t *testing.T) {`
			`defer setupTest(t)()`

			`endpoints := []string{`
			`"/networks/create",`
			`"/networks/bridge/connect",`
			`"/networks/bridge/disconnect",`
			`}`

			`for _, ep := range endpoints {`
			`t.Run(ep, func(t *testing.T) {`
			`t.Parallel()`

			`res, body, err := request.Post(ep, request.RawString("{invalid json"), request.JSON)`
			`assert.NilError(t, err)`
			`assert.Equal(t, res.StatusCode, http.StatusBadRequest)`

			`buf, err := request.ReadBody(body)`
			`assert.NilError(t, err)`
			`assert.Check(t, is.Contains(string(buf), "invalid character 'i' looking for beginning of object key string"))`

			`res, body, err = request.Post(ep, request.JSON)`
			`assert.NilError(t, err)`
			`assert.Equal(t, res.StatusCode, http.StatusBadRequest)`

			`buf, err = request.ReadBody(body)`
			`assert.NilError(t, err)`
			`assert.Check(t, is.Contains(string(buf), "got EOF while reading request body"))`
			`})`
			`}`
			`}`
Add TC for com.docker.network.host_ipv4 label This PR adds a testcase for the com.docker.network.host_ipv4 label commited via https://github.com/docker/libnetwork/pull/2454 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-03-04 22:44:08 +00:00
			`func TestHostIPv4BridgeLabel(t *testing.T) {`
			`skip.If(t, testEnv.OSType == "windows")`
			`skip.If(t, testEnv.IsRemoteDaemon)`
test-integration: support more rootless tests Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-13 13:37:09 +00:00			`skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")`
Add TC for com.docker.network.host_ipv4 label This PR adds a testcase for the com.docker.network.host_ipv4 label commited via https://github.com/docker/libnetwork/pull/2454 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-03-04 22:44:08 +00:00			`d := daemon.New(t)`
			`d.Start(t)`
			`defer d.Stop(t)`
			`c := d.NewClientT(t)`
			`defer c.Close()`
			`ctx := context.Background()`

			`ipv4SNATAddr := "172.0.0.172"`
			`// Create a bridge network with --opt com.docker.network.host_ipv4=172.0.0.172`
			`bridgeName := "hostIPv4Bridge"`
			`network.CreateNoError(ctx, t, c, bridgeName,`
			`network.WithDriver("bridge"),`
			`network.WithOption("com.docker.network.host_ipv4", ipv4SNATAddr),`
			`network.WithOption("com.docker.network.bridge.name", bridgeName),`
			`)`
			`out, err := c.NetworkInspect(ctx, bridgeName, types.NetworkInspectOptions{Verbose: true})`
			`assert.NilError(t, err)`
			`assert.Assert(t, len(out.IPAM.Config) > 0)`
			`// Make sure the SNAT rule exists`
			`icmd.RunCommand("iptables", "-t", "nat", "-C", "POSTROUTING", "-s", out.IPAM.Config[0].Subnet, "!", "-o", bridgeName, "-j", "SNAT", "--to-source", ipv4SNATAddr).Assert(t, icmd.Success)`
			`}`