Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Fabio Falci authored on 2014/05/11 02:27:24... | ... |
@@ -2,6 +2,7 @@ package main |
2 | 2 |
|
3 | 3 |
import ( |
4 | 4 |
"fmt" |
5 |
+ "github.com/dotcloud/docker/pkg/iptables" |
|
5 | 6 |
"os/exec" |
6 | 7 |
"testing" |
7 | 8 |
) |
... | ... |
@@ -28,3 +29,28 @@ func TestPingLinkedContainers(t *testing.T) { |
28 | 28 |
cmd(t, "kill", idB) |
29 | 29 |
deleteAllContainers() |
30 | 30 |
} |
31 |
+ |
|
32 |
+func TestIpTablesRulesWhenLinkAndUnlink(t *testing.T) { |
|
33 |
+ cmd(t, "run", "-d", "--name", "child", "--publish", "8080:80", "busybox", "sleep", "10") |
|
34 |
+ cmd(t, "run", "-d", "--name", "parent", "--link", "child:http", "busybox", "sleep", "10") |
|
35 |
+ |
|
36 |
+ childIp := findContainerIp(t, "child") |
|
37 |
+ parentIp := findContainerIp(t, "parent") |
|
38 |
+ |
|
39 |
+ sourceRule := []string{"FORWARD", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-s", childIp, "--sport", "80", "-d", parentIp, "-j", "ACCEPT"} |
|
40 |
+ destinationRule := []string{"FORWARD", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-s", parentIp, "--dport", "80", "-d", childIp, "-j", "ACCEPT"} |
|
41 |
+ if !iptables.Exists(sourceRule...) || !iptables.Exists(destinationRule...) { |
|
42 |
+ t.Fatal("Iptables rules not found") |
|
43 |
+ } |
|
44 |
+ |
|
45 |
+ cmd(t, "rm", "--link", "parent/http") |
|
46 |
+ if iptables.Exists(sourceRule...) || iptables.Exists(destinationRule...) { |
|
47 |
+ t.Fatal("Iptables rules should be removed when unlink") |
|
48 |
+ } |
|
49 |
+ |
|
50 |
+ cmd(t, "kill", "child") |
|
51 |
+ cmd(t, "kill", "parent") |
|
52 |
+ deleteAllContainers() |
|
53 |
+ |
|
54 |
+ logDone("link - verify iptables when link and unlink") |
|
55 |
+} |
... | ... |
@@ -61,3 +61,13 @@ func cmd(t *testing.T, args ...string) (string, int, error) { |
61 | 61 |
errorOut(err, t, fmt.Sprintf("'%s' failed with errors: %v (%v)", strings.Join(args, " "), err, out)) |
62 | 62 |
return out, status, err |
63 | 63 |
} |
64 |
+ |
|
65 |
+func findContainerIp(t *testing.T, id string) string { |
|
66 |
+ cmd := exec.Command(dockerBinary, "inspect", "--format='{{ .NetworkSettings.IPAddress }}'", id) |
|
67 |
+ out, _, err := runCommandWithOutput(cmd) |
|
68 |
+ if err != nil { |
|
69 |
+ t.Fatal(err, out) |
|
70 |
+ } |
|
71 |
+ |
|
72 |
+ return strings.Trim(out, " \r\n'") |
|
73 |
+} |