diff --git a/README.md b/README.md index 5b7f6d51..428d0af1 100644 --- a/README.md +++ b/README.md @@ -299,6 +299,7 @@ The following list of options are currently supported: containerRunOptions: user: "root" # set the --user/-u flag privileged: true # set the --privileged flag (default: false) + network: "bridge" # set the --net flag (default: bridge) allocateTty: true # set the --tty flag (default: false) envFile: path/to/.env # load environment variables from file and pass to container (equivalent to --env-file) envVars: # if not empty, read each envVar from the environment and pass to test (equivalent to --env/e) diff --git a/pkg/drivers/docker_driver.go b/pkg/drivers/docker_driver.go index 47083f98..282c232c 100644 --- a/pkg/drivers/docker_driver.go +++ b/pkg/drivers/docker_driver.go @@ -19,13 +19,14 @@ import ( "bufio" "bytes" "fmt" - "github.com/joho/godotenv" "io" "os" "path" "path/filepath" "strings" + "github.com/joho/godotenv" + "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -64,27 +65,22 @@ func NewDockerDriver(args DriverConfig) (Driver, error) { } func (d *DockerDriver) hostConfig() *docker.HostConfig { - if d.runOpts.IsSet() && d.runtime != "" { - return &docker.HostConfig{ - Capabilities: d.runOpts.Capabilities, - Binds: d.runOpts.BindMounts, - Privileged: d.runOpts.Privileged, - Runtime: d.runtime, - } - } + var hc *docker.HostConfig if d.runOpts.IsSet() { - return &docker.HostConfig{ + hc = &docker.HostConfig{ Capabilities: d.runOpts.Capabilities, Binds: d.runOpts.BindMounts, Privileged: d.runOpts.Privileged, + NetworkMode: d.runOpts.Network, } } if d.runtime != "" { - return &docker.HostConfig{ - Runtime: d.runtime, + if hc == nil { + hc = &docker.HostConfig{} } + hc.Runtime = d.runtime } - return nil + return hc } func (d *DockerDriver) Destroy() { diff --git a/pkg/types/unversioned/types.go b/pkg/types/unversioned/types.go index 84dfb602..975f7f52 100644 --- a/pkg/types/unversioned/types.go +++ b/pkg/types/unversioned/types.go @@ -52,6 +52,7 @@ type ContainerRunOptions struct { EnvFile string `yaml:"envFile"` Capabilities []string BindMounts []string `yaml:"bindMounts"` + Network string `yaml:"network"` } func (opts *ContainerRunOptions) IsSet() bool { @@ -61,7 +62,8 @@ func (opts *ContainerRunOptions) IsSet() bool { len(opts.EnvFile) > 0 || (opts.EnvVars != nil && len(opts.EnvVars) > 0) || (opts.Capabilities != nil && len(opts.Capabilities) > 0) || - (opts.BindMounts != nil && len(opts.BindMounts) > 0) + (opts.BindMounts != nil && len(opts.BindMounts) > 0) || + len(opts.Network) != 0 } type TestResult struct { diff --git a/tests/amd64/ubuntu_22_04_containeropts_network_host_test.yaml b/tests/amd64/ubuntu_22_04_containeropts_network_host_test.yaml new file mode 100644 index 00000000..81437bb0 --- /dev/null +++ b/tests/amd64/ubuntu_22_04_containeropts_network_host_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "host" +commandTests: + - name: "network host exposes host network interfaces" + command: "cat" + args: ["/proc/net/dev"] + expectedOutput: ["eth0|en[a-z0-9]+|ens|eno|wlan"] diff --git a/tests/amd64/ubuntu_22_04_containeropts_network_none_test.yaml b/tests/amd64/ubuntu_22_04_containeropts_network_none_test.yaml new file mode 100644 index 00000000..a5d3c66d --- /dev/null +++ b/tests/amd64/ubuntu_22_04_containeropts_network_none_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "none" +commandTests: + - name: "network none test" + command: "getent" + args: ["hosts", "google.com"] + exitCode: 2 diff --git a/tests/arm64/ubuntu_22_04_containeropts_network_host_test.yaml b/tests/arm64/ubuntu_22_04_containeropts_network_host_test.yaml new file mode 100644 index 00000000..81437bb0 --- /dev/null +++ b/tests/arm64/ubuntu_22_04_containeropts_network_host_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "host" +commandTests: + - name: "network host exposes host network interfaces" + command: "cat" + args: ["/proc/net/dev"] + expectedOutput: ["eth0|en[a-z0-9]+|ens|eno|wlan"] diff --git a/tests/arm64/ubuntu_22_04_containeropts_network_none_test.yaml b/tests/arm64/ubuntu_22_04_containeropts_network_none_test.yaml new file mode 100644 index 00000000..a5d3c66d --- /dev/null +++ b/tests/arm64/ubuntu_22_04_containeropts_network_none_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "none" +commandTests: + - name: "network none test" + command: "getent" + args: ["hosts", "google.com"] + exitCode: 2 diff --git a/tests/ppc64le/ubuntu_22_04_containeropts_network_host_test.yaml b/tests/ppc64le/ubuntu_22_04_containeropts_network_host_test.yaml new file mode 100644 index 00000000..81437bb0 --- /dev/null +++ b/tests/ppc64le/ubuntu_22_04_containeropts_network_host_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "host" +commandTests: + - name: "network host exposes host network interfaces" + command: "cat" + args: ["/proc/net/dev"] + expectedOutput: ["eth0|en[a-z0-9]+|ens|eno|wlan"] diff --git a/tests/ppc64le/ubuntu_22_04_containeropts_network_none_test.yaml b/tests/ppc64le/ubuntu_22_04_containeropts_network_none_test.yaml new file mode 100644 index 00000000..a5d3c66d --- /dev/null +++ b/tests/ppc64le/ubuntu_22_04_containeropts_network_none_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "none" +commandTests: + - name: "network none test" + command: "getent" + args: ["hosts", "google.com"] + exitCode: 2 diff --git a/tests/s390x/ubuntu_22_04_containeropts_network_host_test.yaml b/tests/s390x/ubuntu_22_04_containeropts_network_host_test.yaml new file mode 100644 index 00000000..81437bb0 --- /dev/null +++ b/tests/s390x/ubuntu_22_04_containeropts_network_host_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "host" +commandTests: + - name: "network host exposes host network interfaces" + command: "cat" + args: ["/proc/net/dev"] + expectedOutput: ["eth0|en[a-z0-9]+|ens|eno|wlan"] diff --git a/tests/s390x/ubuntu_22_04_containeropts_network_none_test.yaml b/tests/s390x/ubuntu_22_04_containeropts_network_none_test.yaml new file mode 100644 index 00000000..a5d3c66d --- /dev/null +++ b/tests/s390x/ubuntu_22_04_containeropts_network_none_test.yaml @@ -0,0 +1,8 @@ +schemaVersion: "2.0.0" +containerRunOptions: + network: "none" +commandTests: + - name: "network none test" + command: "getent" + args: ["hosts", "google.com"] + exitCode: 2 diff --git a/tests/structure_test_tests.sh b/tests/structure_test_tests.sh index 87fac56a..c024daac 100755 --- a/tests/structure_test_tests.sh +++ b/tests/structure_test_tests.sh @@ -144,6 +144,27 @@ else echo "PASS: Run options (envFile) test case passed" fi +res=$(./out/container-structure-test test --image "$test_image" --config "${test_config_dir}/ubuntu_22_04_containeropts_network_none_test.yaml") +code=$? +if ! [[ ("$res" =~ "PASS" && "$code" == "0") ]]; +then + echo "FAIL: Run options (network none) test case failed" + echo "$res" + failures=$((failures +1)) +else + echo "PASS: Run options (network none) test case passed" +fi + +res=$(./out/container-structure-test test --image "$test_image" --config "${test_config_dir}/ubuntu_22_04_containeropts_network_host_test.yaml") +code=$? +if ! [[ ("$res" =~ "PASS" && "$code" == "0") ]]; +then + echo "FAIL: Run options (network host) test case failed" + echo "$res" + failures=$((failures +1)) +else + echo "PASS: Run options (network host) test case passed" +fi HEADER "Metadata Test Case" # test image metadata @@ -218,8 +239,7 @@ HEADER "OCI layout test case" go install github.com/google/go-containerregistry/cmd/crane tmp="$(mktemp -d)" - -crane pull "$test_image" --format=oci "$tmp" --platform="linux/$go_architecture" +"$(go env GOPATH)/bin/crane" pull "$test_image" --format=oci "$tmp" --platform="linux/$go_architecture" res=$(./out/container-structure-test test --image-from-oci-layout="$tmp" --config "${test_config_dir}/ubuntu_22_04_test.yaml" 2>&1) @@ -263,7 +283,7 @@ fi res=$(./out/container-structure-test test --image "$test_image" --platform="linux/riscv64" --config "${test_config_dir}/ubuntu_22_04_test.yaml" 2>&1) code=$? -if ! [[ "$res" =~ image\ with\ reference.+was\ found\ but\ its\ platform\ \(linux\/${go_architecture}\)\ does\ not\ match\ the\ specified\ platform\ \(linux\/riscv64\) && "$code" == "1" ]]; +if ! [[ ("$res" =~ image\ with\ reference.+was\ found\ but\ does\ not\ provide\ the\ specified\ platform\ \(linux\/riscv64\) || "$res" =~ image\ with\ reference.+was\ found\ but\ its\ platform\ \(linux\/${go_architecture}\)\ does\ not\ match\ the\ specified\ platform\ \(linux\/riscv64\)) && "$code" == "1" ]]; then echo "FAIL: platform failing test case" echo "$res"