github.com/chenbh/concourse/v6@v6.4.2/worker/runtime/cni_network_test.go (about) 1 package runtime_test 2 3 import ( 4 "context" 5 "errors" 6 "github.com/chenbh/concourse/v6/worker/runtime" 7 "github.com/chenbh/concourse/v6/worker/runtime/libcontainerd/libcontainerdfakes" 8 "github.com/chenbh/concourse/v6/worker/runtime/iptables/iptablesfakes" 9 "github.com/chenbh/concourse/v6/worker/runtime/runtimefakes" 10 "github.com/opencontainers/runtime-spec/specs-go" 11 "github.com/stretchr/testify/require" 12 "github.com/stretchr/testify/suite" 13 ) 14 15 type CNINetworkSuite struct { 16 suite.Suite 17 *require.Assertions 18 19 network runtime.Network 20 cni *runtimefakes.FakeCNI 21 store *runtimefakes.FakeFileStore 22 } 23 24 func (s *CNINetworkSuite) SetupTest() { 25 var err error 26 27 s.store = new(runtimefakes.FakeFileStore) 28 s.cni = new(runtimefakes.FakeCNI) 29 30 s.network, err = runtime.NewCNINetwork( 31 runtime.WithCNIFileStore(s.store), 32 runtime.WithCNIClient(s.cni), 33 runtime.WithIptables(new(iptablesfakes.FakeIptables)), 34 ) 35 s.NoError(err) 36 } 37 38 func (s *CNINetworkSuite) TestNewCNINetworkWithInvalidConfigDoesntFail() { 39 // CNI defers the actual interpretation of the network configuration to 40 // the plugins. 41 // 42 _, err := runtime.NewCNINetwork( 43 runtime.WithCNINetworkConfig(runtime.CNINetworkConfig{ 44 Subnet: "_____________", 45 }), 46 ) 47 s.NoError(err) 48 } 49 50 func (s *CNINetworkSuite) TestSetupMountsEmptyHandle() { 51 _, err := s.network.SetupMounts("") 52 s.EqualError(err, "empty handle") 53 } 54 55 func (s *CNINetworkSuite) TestSetupMountsFailToCreateHosts() { 56 s.store.CreateReturnsOnCall(0, "", errors.New("create-hosts-err")) 57 58 _, err := s.network.SetupMounts("handle") 59 s.EqualError(errors.Unwrap(err), "create-hosts-err") 60 61 s.Equal(1, s.store.CreateCallCount()) 62 fname, _ := s.store.CreateArgsForCall(0) 63 64 s.Equal("handle/hosts", fname) 65 } 66 67 func (s *CNINetworkSuite) TestSetupMountsFailToCreateResolvConf() { 68 s.store.CreateReturnsOnCall(1, "", errors.New("create-resolvconf-err")) 69 70 _, err := s.network.SetupMounts("handle") 71 s.EqualError(errors.Unwrap(err), "create-resolvconf-err") 72 73 s.Equal(2, s.store.CreateCallCount()) 74 fname, _ := s.store.CreateArgsForCall(1) 75 76 s.Equal("handle/resolv.conf", fname) 77 } 78 79 func (s *CNINetworkSuite) TestSetupMountsReturnsMountpoints() { 80 s.store.CreateReturnsOnCall(0, "/tmp/handle/etc/hosts", nil) 81 s.store.CreateReturnsOnCall(1, "/tmp/handle/etc/resolv.conf", nil) 82 83 mounts, err := s.network.SetupMounts("some-handle") 84 s.NoError(err) 85 86 s.Len(mounts, 2) 87 s.Equal(mounts, []specs.Mount{ 88 { 89 Destination: "/etc/hosts", 90 Type: "bind", 91 Source: "/tmp/handle/etc/hosts", 92 Options: []string{"bind", "rw"}, 93 }, 94 { 95 Destination: "/etc/resolv.conf", 96 Type: "bind", 97 Source: "/tmp/handle/etc/resolv.conf", 98 Options: []string{"bind", "rw"}, 99 }, 100 }) 101 } 102 103 func (s *CNINetworkSuite) TestSetupMountsCallsStoreWithNoNameServer() { 104 network, err := runtime.NewCNINetwork( 105 runtime.WithCNIFileStore(s.store), 106 ) 107 s.NoError(err) 108 109 _, err = network.SetupMounts("some-handle") 110 s.NoError(err) 111 112 _, resolvConfContents := s.store.CreateArgsForCall(1) 113 s.Equal(resolvConfContents, []byte("nameserver 8.8.8.8\n")) 114 } 115 116 func (s *CNINetworkSuite) TestSetupMountsCallsStoreWithOneNameServer() { 117 network, err := runtime.NewCNINetwork( 118 runtime.WithCNIFileStore(s.store), 119 runtime.WithNameServers([]string{"6.6.7.7", "1.2.3.4"}), 120 ) 121 s.NoError(err) 122 123 _, err = network.SetupMounts("some-handle") 124 s.NoError(err) 125 126 _, resolvConfContents := s.store.CreateArgsForCall(1) 127 s.Equal(resolvConfContents, []byte("nameserver 6.6.7.7\nnameserver 1.2.3.4\n")) 128 } 129 130 func (s *CNINetworkSuite) TestSetupRestrictedNetworksCreatesEmptyAdminChain() { 131 fakeIpt := new(iptablesfakes.FakeIptables) 132 network, err := runtime.NewCNINetwork( 133 runtime.WithRestrictedNetworks([]string{"1.1.1.1", "8.8.8.8"}), 134 runtime.WithIptables(fakeIpt), 135 ) 136 137 err = network.SetupRestrictedNetworks() 138 s.NoError(err) 139 140 tablename, chainName := fakeIpt.CreateChainOrFlushIfExistsArgsForCall(0) 141 s.Equal(tablename, "filter") 142 s.Equal(chainName, "CONCOURSE-OPERATOR") 143 144 tablename, chainName, rulespec := fakeIpt.AppendRuleArgsForCall(0) 145 s.Equal(tablename, "filter") 146 s.Equal(chainName, "CONCOURSE-OPERATOR") 147 s.Equal(rulespec, []string{"-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"}) 148 149 tablename, chainName, rulespec = fakeIpt.AppendRuleArgsForCall(1) 150 s.Equal(tablename, "filter") 151 s.Equal(chainName, "CONCOURSE-OPERATOR") 152 s.Equal(rulespec, []string{"-d", "1.1.1.1", "-j", "REJECT"}) 153 154 tablename, chainName, rulespec = fakeIpt.AppendRuleArgsForCall(2) 155 s.Equal(tablename, "filter") 156 s.Equal(chainName, "CONCOURSE-OPERATOR") 157 s.Equal(rulespec, []string{"-d", "8.8.8.8", "-j", "REJECT"}) 158 } 159 160 func (s *CNINetworkSuite) TestAddNilTask() { 161 err := s.network.Add(context.Background(), nil) 162 s.EqualError(err, "nil task") 163 } 164 165 func (s *CNINetworkSuite) TestAddSetupErrors() { 166 s.cni.SetupReturns(nil, errors.New("setup-err")) 167 task := new(libcontainerdfakes.FakeTask) 168 169 err := s.network.Add(context.Background(), task) 170 s.EqualError(errors.Unwrap(err), "setup-err") 171 } 172 173 func (s *CNINetworkSuite) TestAdd() { 174 task := new(libcontainerdfakes.FakeTask) 175 task.PidReturns(123) 176 task.IDReturns("id") 177 178 err := s.network.Add(context.Background(), task) 179 s.NoError(err) 180 181 s.Equal(1, s.cni.SetupCallCount()) 182 _, id, netns, _ := s.cni.SetupArgsForCall(0) 183 s.Equal("id", id) 184 s.Equal("/proc/123/ns/net", netns) 185 } 186 187 func (s *CNINetworkSuite) TestRemoveNilTask() { 188 err := s.network.Remove(context.Background(), nil) 189 s.EqualError(err, "nil task") 190 } 191 192 func (s *CNINetworkSuite) TestRemoveSetupErrors() { 193 s.cni.RemoveReturns(errors.New("remove-err")) 194 task := new(libcontainerdfakes.FakeTask) 195 196 err := s.network.Remove(context.Background(), task) 197 s.EqualError(errors.Unwrap(err), "remove-err") 198 } 199 200 func (s *CNINetworkSuite) TestRemove() { 201 task := new(libcontainerdfakes.FakeTask) 202 task.PidReturns(123) 203 task.IDReturns("id") 204 205 err := s.network.Remove(context.Background(), task) 206 s.NoError(err) 207 208 s.Equal(1, s.cni.RemoveCallCount()) 209 _, id, netns, _ := s.cni.RemoveArgsForCall(0) 210 s.Equal("id", id) 211 s.Equal("/proc/123/ns/net", netns) 212 }