Add test that global network is applied if otherwise unspecified

Signed-off-by: Andy Caldwell <andrew.caldwell@metaswitch.com>
2019-08-20 14:57:31 +01:00 · 2019-08-20 14:57:31 +01:00 · cc1b7b56c7
parent 588c07f9b4
commit cc1b7b56c7
3 changed files with 52 additions and 2 deletions
--- a/frontend/dockerfile/dockerfile2llb/convert.go
+++ b/frontend/dockerfile/dockerfile2llb/convert.go
@ -650,7 +650,9 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE
 	if err != nil {
 		return err
 	}
-	opt = append(opt, networkOpt)
+	if networkOpt != nil {
+		opt = append(opt, networkOpt)
+	}

 	shlex := *dopt.shlex
 	shlex.RawQuotes = true
--- a/frontend/dockerfile/dockerfile2llb/convert_runnetwork.go
+++ b/frontend/dockerfile/dockerfile2llb/convert_runnetwork.go
@ -15,7 +15,7 @@ func dispatchRunNetwork(c *instructions.RunCommand) (llb.RunOption, error) {

 	switch network {
 	case instructions.NetworkDefault:
-		return llb.Network(pb.NetMode_UNSET), nil
+		return nil, nil
 	case instructions.NetworkNone:
 		return llb.Network(pb.NetMode_NONE), nil
 	case instructions.NetworkHost:
--- a/frontend/dockerfile/dockerfile_runnetwork_test.go
+++ b/frontend/dockerfile/dockerfile_runnetwork_test.go
@ -22,6 +22,7 @@ var runNetworkTests = []integration.Test{
 	runDefaultNetwork,
 	runNoNetwork,
 	runHostNetwork,
+	runGlobalNetwork,
 }

 func init() {
@ -127,3 +128,50 @@ RUN ! nc -z 127.0.0.1 %s
 		require.Fail(t, "unexpected network.host mode %q", hostAllowed)
 	}
 }
+
+func runGlobalNetwork(t *testing.T, sb integration.Sandbox) {
+	f := getFrontend(t, sb)
+
+	s, err := echoserver.NewTestServer("foo")
+	require.NoError(t, err)
+	addrParts := strings.Split(s.Addr().String(), ":")
+	port := addrParts[len(addrParts)-1]
+
+	dockerfile := fmt.Sprintf(`
+FROM busybox
+RUN nc 127.0.0.1 %s | grep foo
+RUN --network=none ! nc -z 127.0.0.1 %s
+`, port, port)
+
+	dir, err := tmpdir(
+		fstest.CreateFile("Dockerfile", []byte(dockerfile), 0600),
+	)
+	require.NoError(t, err)
+	defer os.RemoveAll(dir)
+
+	c, err := client.New(context.TODO(), sb.Address())
+	require.NoError(t, err)
+	defer c.Close()
+
+	_, err = f.Solve(context.TODO(), c, client.SolveOpt{
+		LocalDirs: map[string]string{
+			builder.DefaultLocalNameDockerfile: dir,
+			builder.DefaultLocalNameContext:    dir,
+		},
+		AllowedEntitlements: []entitlements.Entitlement{entitlements.EntitlementNetworkHost},
+		FrontendAttrs: map[string]string{
+			"force-network-mode": "host",
+		},
+	}, nil)
+
+	hostAllowed := sb.Value("network.host")
+	switch hostAllowed {
+	case networkHostGranted:
+		require.NoError(t, err)
+	case networkHostDenied:
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "entitlement network.host is not allowed")
+	default:
+		require.Fail(t, "unexpected network.host mode %q", hostAllowed)
+	}
+}