func (ct PortFwdCase) Execute(t *testing.T) { ctx := testutils.NewRktRunCtx() defer ctx.Cleanup() prepareTestNet(t, ctx, portFwdBridge) httpPort, err := testutils.GetNextFreePort4Banned(bannedPorts) if err != nil { t.Fatalf("%v", err) } bannedPorts[httpPort] = struct{}{} httpServePort := ct.HttpServePort if httpServePort == 0 { httpServePort = httpPort } httpServeAddr := fmt.Sprintf("0.0.0.0:%d", httpServePort) testImageArgs := []string{ fmt.Sprintf("--ports=http,protocol=tcp,port=%d", httpServePort), fmt.Sprintf("--exec=/inspect --serve-http=%v", httpServeAddr), } t.Logf("testImageArgs: %v", testImageArgs) testImage := patchTestACI("rkt-inspect-networking.aci", testImageArgs...) defer os.Remove(testImage) cmd := fmt.Sprintf( "%s --debug --insecure-options=image run --port=http:%s%d %s --mds-register=false %s", ctx.Cmd(), ct.ListenAddress, httpPort, ct.RktArg, testImage) child := spawnOrFail(t, cmd) httpGetAddr := fmt.Sprintf("http://%v:%v", ct.HttpGetIP, httpPort) ga := testutils.NewGoroutineAssistant(t) ga.Add(2) // Child opens the server go func() { defer ga.Done() ga.WaitOrFail(child) }() // Host connects to the child via the forward port on localhost go func() { defer ga.Done() expectedRegex := `serving on` _, out, err := expectRegexWithOutput(child, expectedRegex) if err != nil { ga.Fatalf("Error: %v\nOutput: %v", err, out) } body, err := testutils.HTTPGet(httpGetAddr) switch { case err != nil && ct.ShouldSucceed: ga.Fatalf("%v\n", err) case err == nil && !ct.ShouldSucceed: ga.Fatalf("HTTP-Get to %q should have failed! But received %q", httpGetAddr, body) case err != nil && !ct.ShouldSucceed: t.Logf("HTTP-Get failed, as expected: %v", err) default: t.Logf("HTTP-Get received: %s", body) } }() ga.Wait() }
/* * Default net port forwarding connectivity * --- * Container launches http server on all its interfaces * Host must be able to connect to container's http server on it's own interfaces */ func TestNetDefaultPortFwdConnectivity(t *testing.T) { ctx := testutils.NewRktRunCtx() defer ctx.Cleanup() bannedPorts := make(map[int]struct{}, 0) f := func(httpGetIP string, rktArg string, shouldSucceed bool) { httpPort, err := testutils.GetNextFreePort4Banned(bannedPorts) if err != nil { t.Fatalf("%v", err) } bannedPorts[httpPort] = struct{}{} httpServeAddr := fmt.Sprintf("0.0.0.0:%d", httpPort) testImageArgs := []string{ fmt.Sprintf("--ports=http,protocol=tcp,port=%d", httpPort), fmt.Sprintf("--exec=/inspect --serve-http=%v", httpServeAddr), } testImage := patchTestACI("rkt-inspect-networking.aci", testImageArgs...) defer os.Remove(testImage) cmd := fmt.Sprintf( "%s --debug --insecure-options=image run --port=http:%d %s --mds-register=false %s", ctx.Cmd(), httpPort, rktArg, testImage) child := spawnOrFail(t, cmd) httpGetAddr := fmt.Sprintf("http://%v:%v", httpGetIP, httpPort) ga := testutils.NewGoroutineAssistant(t) ga.Add(2) // Child opens the server go func() { defer ga.Done() ga.WaitOrFail(child) }() // Host connects to the child via the forward port on localhost go func() { defer ga.Done() expectedRegex := `serving on` _, out, err := expectRegexWithOutput(child, expectedRegex) if err != nil { ga.Fatalf("Error: %v\nOutput: %v", err, out) } body, err := testutils.HTTPGet(httpGetAddr) switch { case err != nil && shouldSucceed: ga.Fatalf("%v\n", err) case err == nil && !shouldSucceed: ga.Fatalf("HTTP-Get to %q should have failed! But received %q", httpGetAddr, body) case err != nil && !shouldSucceed: child.Close() fallthrough default: t.Logf("HTTP-Get received: %s", body) } }() ga.Wait() } f("172.16.28.1", "--net=default", true) f("127.0.0.1", "--net=default", true) // TODO: ensure that default-restricted is not accessible from non-host // f("172.16.28.1", "--net=default-restricted", true) // f("127.0.0.1", "--net=default-restricted", true) }