test: add e2e test for com.docker.network.bridge.enable_icc option (runfinch#104)

swagatbora90 · web-flow · commit 3d6a53160250 · 2024-11-26T13:39:31.000-08:00
Signed-off-by: Swagat Bora &lt;sbora@amazon.com&gt;
diff --git a/e2e/tests/network_create.go b/e2e/tests/network_create.go
@@ -64,6 +64,17 @@ func NetworkCreate(opt *option.Option) {
 			}
 		}
 
+		cleanupNetworkWithHTTP := func(network string) func() {
+			return func() {
+				relativeUrl := fmt.Sprintf("/networks/%s", network)
+				apiUrl := client.ConvertToFinchUrl(version, relativeUrl)
+				req, err := http.NewRequest(http.MethodDelete, apiUrl, nil)
+				Expect(err).ShouldNot(HaveOccurred())
+				_, err = uclient.Do(req)
+				Expect(err).Should(BeNil())
+			}
+		}
+
 		When("a create network request is received with required configuration", func() {
 			It("should return 201 Created and the network ID", func() {
 				request := types.NewCreateNetworkRequest(testNetwork)
@@ -172,6 +183,54 @@ func NetworkCreate(opt *option.Option) {
 				Expect(httpResponse).Should(HaveHTTPStatus(http.StatusNotFound))
 			})
 		})
+
+		When("a network create request is made with network option com.docker.network.bridge.enable_icc set to false", func() {
+			It("should return 201 Created and the network ID", func() {
+				testBridge := "br-test"
+				request := types.NewCreateNetworkRequest(testNetwork, withEnableICCdNetworkOptions("false", testBridge)...)
+
+				httpResponse := createNetwork(*request)
+				Expect(httpResponse).Should(HaveHTTPStatus(http.StatusCreated))
+
+				response := unmarshallHTTPResponse(httpResponse)
+				Expect(response.ID).ShouldNot(BeEmpty())
+				Expect(response.Warning).Should(BeEmpty())
+
+				DeferCleanup(cleanupNetworkWithHTTP(testNetwork))
+
+				stdout := command.Stdout(opt, "network", "inspect", testNetwork)
+				Expect(stdout).To(ContainSubstring(`"finch.network.bridge.enable_icc.ipv4": "false"`))
+
+				// check iptables rules exists
+				iptOpt, _ := option.New([]string{"iptables"})
+				command.Run(iptOpt, "-C", "FINCH-ISOLATE-CHAIN",
+					"-i", testBridge, "-o", testBridge, "-j", "DROP")
+			})
+		})
+
+		When("a network create request is made with network option com.docker.network.bridge.enable_icc set to true", func() {
+			It("should create the network without the enable_icc label", func() {
+				testBridge := "br-test"
+				request := types.NewCreateNetworkRequest(testNetwork, withEnableICCdNetworkOptions("true", testBridge)...)
+
+				httpResponse := createNetwork(*request)
+				Expect(httpResponse).Should(HaveHTTPStatus(http.StatusCreated))
+
+				DeferCleanup(cleanupNetworkWithHTTP(testNetwork))
+
+				response := unmarshallHTTPResponse(httpResponse)
+				Expect(response.ID).ShouldNot(BeEmpty())
+				Expect(response.Warning).Should(BeEmpty())
+
+				stdout := command.Stdout(opt, "network", "inspect", testNetwork)
+				Expect(stdout).ShouldNot(ContainSubstring(`"finch.network.bridge.enable_icc.ipv4"`))
+
+				// check iptables rules does not exist
+				iptOpt, _ := option.New([]string{"iptables"})
+				command.RunWithoutSuccessfulExit(iptOpt, "-C", "FINCH-ISOLATE-CHAIN",
+					"-i", testBridge, "-o", testBridge, "-j", "DROP")
+			})
+		})
 	})
 }
 
@@ -245,3 +304,20 @@ func withUnsupportedNetworkOptions() []types.NetworkCreateOption {
 		}),
 	}
 }
+
+func withEnableICCdNetworkOptions(enableICC string, bridgeName string) []types.NetworkCreateOption {
+	return []types.NetworkCreateOption{
+		types.WithIPAM(types.IPAM{
+			Driver: "default",
+			Config: []map[string]string{
+				{
+					"Subnet": "240.11.0.0/24",
+				},
+			},
+		}),
+		types.WithOptions(map[string]string{
+			"com.docker.network.bridge.enable_icc": enableICC,
+			"com.docker.network.bridge.name":       bridgeName,
+		}),
+	}
+}
