Add debug logs in test

Signed-off-by: Swagat Bora <[email protected]>

Author: swagatbora90

cmd/nerdctl/network/network_create_linux_test.go

@@ -19,6 +19,7 @@ package network
 import (
 	"fmt"
 	"net"
+	"path/filepath"
 	"strings"
 	"testing"
 
@@ -29,6 +30,7 @@ import (
 	"github.com/containerd/nerdctl/mod/tigron/test"
 	"github.com/containerd/nerdctl/mod/tigron/tig"
 
+	"github.com/containerd/nerdctl/v2/pkg/defaults"
 	"github.com/containerd/nerdctl/v2/pkg/testutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
 )
@@ -122,6 +124,47 @@ func TestNetworkCreateICC(t *testing.T) {
 	)
 
 	testCase.SubTests = []*test.Case{
+		{
+			Description: "debug ICC feature",
+			Require:     nerdtest.CNIFirewallVersion("1.7.1"),
+			NoParallel:  true,
+			Setup: func(data test.Data, helpers test.Helpers) {
+				// Create a network with ICC disabled
+				helpers.Ensure("network", "create", data.Identifier(), "--driver", "bridge",
+					"--opt", "com.docker.network.bridge.enable_icc=false")
+
+				// Run a container in that network
+				data.Labels().Set("container1", helpers.Capture("run", "-d", "--net", data.Identifier(),
+					"--name", data.Identifier("c1"), testutil.CommonImage, "sleep", "infinity"))
+
+				// Wait for container to be running
+				nerdtest.EnsureContainerStarted(helpers, data.Identifier("c1"))
+			},
+			Cleanup: func(data test.Data, helpers test.Helpers) {
+				helpers.Anyhow("container", "rm", "-f", data.Identifier("c1"))
+				helpers.Anyhow("network", "rm", data.Identifier())
+			},
+			Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+				// DEBUG: Show firewall plugin version
+				firewallCniPath := filepath.Join(defaults.CNIPath(), "firewall")
+				helpers.Custom("sh", "-ec", fmt.Sprintf("%s --version || echo 'firewall plugin not found'", firewallCniPath)).Run(&test.Expected{})
+				helpers.Ensure("network", "ls")
+				helpers.Ensure("network", "inspect", data.Identifier())
+				helpers.Custom("sh", "-ec", "ls /etc/cni/net.d").Run(&test.Expected{})
+				helpers.Custom("iptables-save").Run(&test.Expected{})
+				containerIP := helpers.Capture("container", "inspect", data.Identifier("c1"), "--format", "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}")
+				helpers.Custom("echo", fmt.Sprintf("Container IP: %s", containerIP)).Run(&test.Expected{})
+				helpers.Custom("sh", "-ec", "ip link show | grep br- || true").Run(&test.Expected{})
+				helpers.Custom("sh", "-ec", "brctl show || true").Run(&test.Expected{})
+				helpers.Custom("sleep", "3").Run(&test.Expected{})
+
+				// Try to ping the other container in the same network
+				// This should fail when ICC is disabled
+				return helpers.Command("run", "--rm", "--net", data.Identifier(),
+					testutil.CommonImage, "ping", "-c", "1", "-W", "1", data.Identifier("c1"))
+			},
+			Expected: test.Expects(expect.ExitCodeGenericFail, nil, nil), // Expect ping to fail with exit code 1
+		},
 		{
 			Description: "with enable_icc=false",
 			Require:     nerdtest.CNIFirewallVersion("1.7.1"),
@@ -143,9 +186,16 @@ func TestNetworkCreateICC(t *testing.T) {
 				helpers.Anyhow("network", "rm", data.Identifier())
 			},
 			Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
-				// DEBUG
-				iptablesSave := "iptables-save | grep CNI-ISOLATION || true"
-				helpers.Custom("sh", "-ec", iptablesSave).Run(&test.Expected{})
+				firewallCniPath := filepath.Join(defaults.CNIPath(), "firewall")
+				helpers.Custom("sh", "-ec", fmt.Sprintf("%s --version || echo 'firewall plugin not found'", firewallCniPath)).Run(&test.Expected{})
+				helpers.Ensure("network", "inspect", data.Identifier())
+				helpers.Custom("sh", "-ec", fmt.Sprintf("find /etc/cni/net.d/ -name '*%s*' -exec cat {} \\; || true", data.Identifier())).Run(&test.Expected{})
+				helpers.Custom("iptables-save").Run(&test.Expected{})
+				containerIP := helpers.Capture("container", "inspect", data.Identifier("c1"), "--format", "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}")
+				helpers.Custom("echo", fmt.Sprintf("Container IP: %s", containerIP)).Run(&test.Expected{})
+				helpers.Custom("sh", "-ec", "ip link show | grep br- || true").Run(&test.Expected{})
+				helpers.Custom("sh", "-ec", "brctl show || true").Run(&test.Expected{})
+				helpers.Custom("sleep", "3").Run(&test.Expected{})
 				// Try to ping the other container in the same network
 				// This should fail when ICC is disabled
 				return helpers.Command("run", "--rm", "--net", data.Identifier(),

dns-config-implementation-plan.md

@@ -0,0 +1,116 @@
+# DNS Configuration Implementation Plan for nerdctl
+
+## Overview
+Add support for DNS configuration options in nerdctl.toml config file to provide default DNS settings that can be overridden at runtime.
+
+## New Configuration Options
+The following options will be added to nerdctl.toml:
+- `dns`: Array of DNS server IP addresses
+- `dns_opts`: Array of DNS options (note: using underscore for TOML compatibility)
+- `dns_search`: Array of DNS search domains
+
+## Implementation Status: ✅ COMPLETED
+
+### Phase 1: Core Configuration ✅
+1. ✅ Updated Config struct in `pkg/config/config.go`
+   - Added DNS, DNSOpts, DNSSearch fields with proper TOML tags
+   - Updated New() function to initialize empty slices
+2. ✅ Added DNS flags as persistent flags in `cmd/nerdctl/main.go`
+   - DNS options are now available globally with config defaults
+3. ✅ Updated ProcessRootCmdFlags in `cmd/nerdctl/helpers/flagutil.go`
+   - Added DNS flag processing to include in GlobalCommandOptions
+
+### Phase 2: Runtime Integration ✅
+1. ✅ Modified `loadNetworkFlags` function in `cmd/nerdctl/container/container_run_network.go`
+   - Updated function signature to accept GlobalCommandOptions
+   - Implemented proper precedence: command flags > global flags > config defaults
+   - Updated DNS, DNS search, and DNS options processing
+2. ✅ Updated function calls in container commands
+   - Updated `cmd/nerdctl/container/container_run.go`
+   - Updated `cmd/nerdctl/container/container_create.go`
+
+### Phase 3: Testing (Pending)
+- [ ] Add unit tests for config loading
+- [ ] Add unit tests for DNS flag precedence
+- [ ] Add integration tests for end-to-end behavior
+
+### Phase 4: Documentation (Pending)
+- [ ] Update `docs/config.md` with new DNS configuration options
+- [ ] Add examples and usage patterns
+- [ ] Document behavior and precedence rules
+
+## Files Modified
+
+### Core Implementation ✅
+- ✅ `pkg/config/config.go` - Added DNS fields and initialization
+- ✅ `cmd/nerdctl/main.go` - Added persistent DNS flags with config defaults
+- ✅ `cmd/nerdctl/helpers/flagutil.go` - Added DNS flag processing
+- ✅ `cmd/nerdctl/container/container_run_network.go` - Updated DNS processing with precedence
+- ✅ `cmd/nerdctl/container/container_run.go` - Updated function call
+- ✅ `cmd/nerdctl/container/container_create.go` - Updated function call
+
+## Expected Behavior ✅
+
+### Configuration File Example
+```toml
+dns = ["8.8.8.8", "8.8.4.4"]
+dns_opts = ["ndots:2", "timeout:3"]
+dns_search = ["example.com", "local"]
+```
+
+### CLI Override Example
+```bash
+# Uses config defaults
+nerdctl run alpine
+
+# Overrides config DNS servers
+nerdctl run --dns 1.1.1.1 alpine
+
+# Overrides config DNS search domains
+nerdctl run --dns-search custom.local alpine
+
+# Global flags also work
+nerdctl --dns 1.1.1.1 run alpine
+```
+
+### Precedence Rules ✅
+1. **Command-specific flags** (highest precedence)
+   - `nerdctl run --dns 1.1.1.1 alpine`
+2. **Global flags** 
+   - `nerdctl --dns 1.1.1.1 run alpine`
+3. **Config file values** (lowest precedence)
+   - Values from nerdctl.toml
+
+## Implementation Details ✅
+
+### DNS Flag Processing Logic
+The `loadNetworkFlags` function now implements proper precedence:
+
+```go
+// DNS servers
+if cmd.Flags().Changed("dns") {
+    // Command-specific flag takes precedence
+    dnsSlice, err = cmd.Flags().GetStringSlice("dns")
+} else {
+    // Use global config defaults
+    dnsSlice = globalOpts.DNS
+}
+```
+
+### Global Flag Integration
+DNS flags are now persistent flags available to all commands:
+- `--dns`: Default DNS servers for containers
+- `--dns-opts`: Default DNS options for containers  
+- `--dns-search`: Default DNS search domains for containers
+
+## Backward Compatibility ✅
+- ✅ Existing behavior preserved when config options are not set
+- ✅ No breaking changes to existing CLI functionality
+- ✅ Config file remains optional
+- ✅ All existing DNS flag behavior maintained
+
+## Next Steps
+1. Add comprehensive unit tests
+2. Add integration tests
+3. Update documentation
+4. Test with various scenarios