diff --git a/e2e/tests/network_create.go b/e2e/tests/network_create.go index 39866af9..00db7cc6 100644 --- a/e2e/tests/network_create.go +++ b/e2e/tests/network_create.go @@ -9,6 +9,7 @@ import ( "fmt" "io" "net/http" + "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -64,6 +65,17 @@ func NetworkCreate(opt *option.Option) { } } + cleanupNetworkWithHTTP := func(network string) func() { + return func() { + relativeUrl := fmt.Sprintf("/networks/%s", network) + apiUrl := client.ConvertToFinchUrl(version, relativeUrl) + req, err := http.NewRequest(http.MethodDelete, apiUrl, nil) + Expect(err).Should(BeNil()) + _, err = uclient.Do(req) + Expect(err).Should(BeNil()) + } + } + When("a create network request is received with required configuration", func() { It("should return 201 Created and the network ID", func() { request := types.NewCreateNetworkRequest(testNetwork) @@ -172,6 +184,55 @@ func NetworkCreate(opt *option.Option) { Expect(httpResponse).Should(HaveHTTPStatus(http.StatusNotFound)) }) }) + + When("a network create request is made with newtork option com.docker.network.bridge.enable_icc set to false", func() { + It("should return 201 Created and the network ID", func() { + request := types.NewCreateNetworkRequest(testNetwork, withEnableICCdNetworkOptions("false", "br-test")...) + + httpResponse := createNetwork(*request) + Expect(httpResponse).Should(HaveHTTPStatus(http.StatusCreated)) + + response := unmarshallHTTPResponse(httpResponse) + Expect(response.ID).ShouldNot(BeEmpty()) + Expect(response.Warning).Should(BeEmpty()) + + DeferCleanup(cleanupNetworkWithHTTP(testNetwork)) + + stdout := command.Stdout(opt, "network", "inspect", testNetwork) + Expect(stdout).To(ContainSubstring(`"finch.network.bridge.enable_icc.ipv4": "false"`)) + + // check iptables rules exists + iptOpt, _ := option.New([]string{"iptables"}) + command.Run(iptOpt, "-C", "FINCH-ISOLATE-CHAIN", + "-i", "br-test", "-o", "br-test", "-j", "DROP") + time.Sleep(30 * time.Second) + + }) + }) + + When("a network create request is made with network option com.docker.network.bridge.enable_icc set to true", func() { + It("should create the network without the enable_icc label", func() { + request := types.NewCreateNetworkRequest(testNetwork, withEnableICCdNetworkOptions("true", "br-test")...) + + httpResponse := createNetwork(*request) + Expect(httpResponse).Should(HaveHTTPStatus(http.StatusCreated)) + + DeferCleanup(cleanupNetworkWithHTTP(testNetwork)) + + response := unmarshallHTTPResponse(httpResponse) + Expect(response.ID).ShouldNot(BeEmpty()) + Expect(response.Warning).Should(BeEmpty()) + + stdout := command.Stdout(opt, "network", "inspect", testNetwork) + Expect(stdout).ShouldNot(ContainSubstring(`"finch.network.bridge.enable_icc.ipv4"`)) + + // check iptables rules does not exist + iptOpt, _ := option.New([]string{"iptables"}) + command.RunWithoutSuccessfulExit(iptOpt, "-C", "FINCH-ISOLATE-CHAIN", + "-i", "br-test", "-o", "br-test", "-j", "DROP") + }) + }) + }) } @@ -230,7 +291,7 @@ func withUnsupportedNetworkOptions() []types.NetworkCreateOption { Driver: "default", Config: []map[string]string{ { - "Subnet": "240.10.0.0/24", + "Subnet": "240.13.0.0/24", }, }, }), @@ -245,3 +306,20 @@ func withUnsupportedNetworkOptions() []types.NetworkCreateOption { }), } } + +func withEnableICCdNetworkOptions(enableICC string, bridgeName string) []types.NetworkCreateOption { + return []types.NetworkCreateOption{ + types.WithIPAM(types.IPAM{ + Driver: "default", + Config: []map[string]string{ + { + "Subnet": "240.11.0.0/24", + }, + }, + }), + types.WithOptions(map[string]string{ + "com.docker.network.bridge.enable_icc": enableICC, + "com.docker.network.bridge.name": bridgeName, + }), + } +}