We can't access DinD by localhost

from within the installer image, this would only resolve to container's loopback
so we use computer external IP

Signed-off-by: Nicolas De Loof <[email protected]>

Author: ndeloof

e2e/commands_test.go

@@ -65,12 +65,16 @@ func testRenderApp(appPath string, env ...string) func(*testing.T) {
 		cmd.Env = append(cmd.Env, env...)
 		t.Run("stdout", func(t *testing.T) {
 			result := icmd.RunCmd(cmd).Assert(t, icmd.Success)
-			assert.Assert(t, is.Equal(readFile(t, filepath.Join(appPath, "expected.txt")), result.Stdout()), "rendering mismatch")
+			expected := readFile(t, filepath.Join(appPath, "expected.txt"))
+			actual := result.Stdout()
+			assert.Assert(t, is.Equal(expected, actual), "rendering mismatch")
 		})
 		t.Run("file", func(t *testing.T) {
 			cmd.Command = append(cmd.Command, "--output="+dir.Join("actual.yaml"))
 			icmd.RunCmd(cmd).Assert(t, icmd.Success)
-			assert.Assert(t, is.Equal(readFile(t, filepath.Join(appPath, "expected.txt")), readFile(t, dir.Join("actual.yaml"))), "rendering mismatch")
+			expected := readFile(t, filepath.Join(appPath, "expected.txt"))
+			actual := readFile(t, dir.Join("actual.yaml"))
+			assert.Assert(t, is.Equal(expected, actual), "rendering mismatch")
 		})
 	}
 }
@@ -233,100 +237,86 @@ func TestRunWithLabels(t *testing.T) {
 }
 
 func TestDockerAppLifecycle(t *testing.T) {
-	t.Run("withBindMounts", func(t *testing.T) {
-		testDockerAppLifecycle(t, true)
-	})
-	t.Run("withoutBindMounts", func(t *testing.T) {
-		testDockerAppLifecycle(t, false)
-	})
-}
+	runWithDindSwarmAndRegistry(t, func(info dindSwarmAndRegistryInfo) {
+		cmd := info.configuredCmd
+		appName := strings.ToLower(strings.Replace(t.Name(), "/", "_", 1))
+		tmpDir := fs.NewDir(t, appName)
+		defer tmpDir.Remove()
 
-func testDockerAppLifecycle(t *testing.T, useBindMount bool) {
-	cmd, cleanup := dockerCli.createTestCmd()
-	defer cleanup()
-	appName := strings.ToLower(strings.Replace(t.Name(), "/", "_", 1))
-	tmpDir := fs.NewDir(t, appName)
-	defer tmpDir.Remove()
-	// Running a swarm using docker in docker to install the application
-	// and run the invocation image
-	swarm := NewContainer("docker:19.03.3-dind", 2375)
-	swarm.Start(t, "-e", "DOCKER_TLS_CERTDIR=")
-	defer swarm.Stop(t)
-	initializeDockerAppEnvironment(t, &cmd, tmpDir, swarm, useBindMount)
-
-	cmd.Command = dockerCli.Command("app", "build", "--tag", appName, "testdata/simple")
-	icmd.RunCmd(cmd).Assert(t, icmd.Success)
-
-	// Install an illformed Docker Application Package
-	cmd.Command = dockerCli.Command("app", "run", appName, "--set", "web_port=-1", "--name", appName)
-	icmd.RunCmd(cmd).Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      "error decoding 'Ports': Invalid hostPort: -1",
-	})
+		cmd.Command = dockerCli.Command("app", "build", "--tag", appName, "testdata/simple")
+		icmd.RunCmd(cmd).Assert(t, icmd.Success)
 
-	// List the installation and check the failed status
-	cmd.Command = dockerCli.Command("app", "ls")
-	checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
-		[]string{
-			`INSTALLATION\s+APPLICATION\s+LAST ACTION\s+RESULT\s+CREATED\s+MODIFIED\s+REFERENCE`,
-			fmt.Sprintf(`%s\s+simple \(1.1.0-beta1\)\s+install\s+failure\s+.+second[s]?\sago\s+.+second[s]?\sago\s+`, appName),
+		// Install an illformed Docker Application Package
+		cmd.Command = dockerCli.Command("app", "run", appName, "--set", "web_port=-1", "--name", appName)
+		icmd.RunCmd(cmd).Assert(t, icmd.Expected{
+			ExitCode: 1,
+			Err:      "error decoding 'Ports': Invalid hostPort: -1",
 		})
 
-	// Upgrading a failed installation is not allowed
-	cmd.Command = dockerCli.Command("app", "update", appName)
-	icmd.RunCmd(cmd).Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      fmt.Sprintf("Running App %q cannot be updated, please use 'docker app run' instead", appName),
-	})
-
-	// Install a Docker Application Package with an existing failed installation is fine
-	cmd.Command = dockerCli.Command("app", "run", appName, "--name", appName)
-	checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
-		[]string{
-			fmt.Sprintf("WARNING: installing over previously failed installation %q", appName),
-			fmt.Sprintf("Creating network %s_back", appName),
-			fmt.Sprintf("Creating network %s_front", appName),
-			fmt.Sprintf("Creating service %s_db", appName),
-			fmt.Sprintf("Creating service %s_api", appName),
-			fmt.Sprintf("Creating service %s_web", appName),
-		})
-	assertAppLabels(t, &cmd, appName, "db")
+		// List the installation and check the failed status
+		cmd.Command = dockerCli.Command("app", "ls")
+		checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
+			[]string{
+				`INSTALLATION\s+APPLICATION\s+LAST ACTION\s+RESULT\s+CREATED\s+MODIFIED\s+REFERENCE`,
+				fmt.Sprintf(`%s\s+simple \(1.1.0-beta1\)\s+install\s+failure\s+.+second[s]?\sago\s+.+second[s]?\sago\s+`, appName),
+			})
 
-	// List the installed application
-	cmd.Command = dockerCli.Command("app", "ls")
-	checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
-		[]string{
-			`INSTALLATION\s+APPLICATION\s+LAST ACTION\s+RESULT\s+CREATED\s+MODIFIED\s+REFERENCE`,
-			fmt.Sprintf(`%s\s+simple \(1.1.0-beta1\)\s+install\s+success\s+.+second[s]?\sago\s+.+second[s]?\sago\s+`, appName),
+		// Upgrading a failed installation is not allowed
+		cmd.Command = dockerCli.Command("app", "update", appName)
+		icmd.RunCmd(cmd).Assert(t, icmd.Expected{
+			ExitCode: 1,
+			Err:      fmt.Sprintf("Running App %q cannot be updated, please use 'docker app run' instead", appName),
 		})
 
-	// Installing again the same application is forbidden
-	cmd.Command = dockerCli.Command("app", "run", appName, "--name", appName)
-	icmd.RunCmd(cmd).Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      fmt.Sprintf("Installation %q already exists, use 'docker app update' instead", appName),
-	})
+		// Install a Docker Application Package with an existing failed installation is fine
+		cmd.Command = dockerCli.Command("app", "run", appName, "--name", appName)
+		checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
+			[]string{
+				fmt.Sprintf("WARNING: installing over previously failed installation %q", appName),
+				fmt.Sprintf("Creating network %s_back", appName),
+				fmt.Sprintf("Creating network %s_front", appName),
+				fmt.Sprintf("Creating service %s_db", appName),
+				fmt.Sprintf("Creating service %s_api", appName),
+				fmt.Sprintf("Creating service %s_web", appName),
+			})
+		assertAppLabels(t, &cmd, appName, "db")
+
+		// List the installed application
+		cmd.Command = dockerCli.Command("app", "ls")
+		checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
+			[]string{
+				`INSTALLATION\s+APPLICATION\s+LAST ACTION\s+RESULT\s+CREATED\s+MODIFIED\s+REFERENCE`,
+				fmt.Sprintf(`%s\s+simple \(1.1.0-beta1\)\s+install\s+success\s+.+second[s]?\sago\s+.+second[s]?\sago\s+`, appName),
+			})
 
-	// Update the application, changing the port
-	cmd.Command = dockerCli.Command("app", "update", appName, "--set", "web_port=8081")
-	checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
-		[]string{
-			fmt.Sprintf("Updating service %s_db", appName),
-			fmt.Sprintf("Updating service %s_api", appName),
-			fmt.Sprintf("Updating service %s_web", appName),
+		// Installing again the same application is forbidden
+		cmd.Command = dockerCli.Command("app", "run", appName, "--name", appName)
+		icmd.RunCmd(cmd).Assert(t, icmd.Expected{
+			ExitCode: 1,
+			Err:      fmt.Sprintf("Installation %q already exists, use 'docker app update' instead", appName),
 		})
-	assertAppLabels(t, &cmd, appName, "db")
 
-	// Uninstall the application
-	cmd.Command = dockerCli.Command("app", "rm", appName)
-	checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
-		[]string{
-			fmt.Sprintf("Removing service %s_api", appName),
-			fmt.Sprintf("Removing service %s_db", appName),
-			fmt.Sprintf("Removing service %s_web", appName),
-			fmt.Sprintf("Removing network %s_front", appName),
-			fmt.Sprintf("Removing network %s_back", appName),
-		})
+		// Update the application, changing the port
+		cmd.Command = dockerCli.Command("app", "update", appName, "--set", "web_port=8081")
+		checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
+			[]string{
+				fmt.Sprintf("Updating service %s_db", appName),
+				fmt.Sprintf("Updating service %s_api", appName),
+				fmt.Sprintf("Updating service %s_web", appName),
+			})
+		assertAppLabels(t, &cmd, appName, "db")
+
+		// Uninstall the application
+		cmd.Command = dockerCli.Command("app", "rm", appName)
+		checkContains(t, icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(),
+			[]string{
+				fmt.Sprintf("Removing service %s_api", appName),
+				fmt.Sprintf("Removing service %s_db", appName),
+				fmt.Sprintf("Removing service %s_web", appName),
+				fmt.Sprintf("Removing network %s_front", appName),
+				fmt.Sprintf("Removing network %s_back", appName),
+			})
+	})
 }
 
 func TestCredentials(t *testing.T) {
@@ -417,7 +407,8 @@ func TestCredentials(t *testing.T) {
 			"--cnab-bundle-json", bundle,
 		)
 		result := icmd.RunCmd(cmd).Assert(t, icmd.Success)
-		golden.Assert(t, result.Stdout(), "credential-install-mixed-local-cred.golden")
+		stdout := result.Stdout()
+		golden.Assert(t, stdout, "credential-install-mixed-local-cred.golden")
 	})
 
 	t.Run("overload", func(t *testing.T) {
@@ -437,41 +428,6 @@ func TestCredentials(t *testing.T) {
 	})
 }
 
-func initializeDockerAppEnvironment(t *testing.T, cmd *icmd.Cmd, tmpDir *fs.Dir, swarm *Container, useBindMount bool) {
-	cmd.Env = append(cmd.Env, "DOCKER_TARGET_CONTEXT=swarm-target-context")
-
-	// The dind doesn't have the cnab-app-base image so we save it in order to load it later
-	icmd.RunCommand(dockerCli.path, "save", fmt.Sprintf("docker/cnab-app-base:%s", internal.Version), "--output", tmpDir.Join("cnab-app-base.tar.gz")).Assert(t, icmd.Success)
-
-	// We  need two contexts:
-	// - one for `docker` so that it connects to the dind swarm created before
-	// - the target context for the invocation image to install within the swarm
-	cmd.Command = dockerCli.Command("context", "create", "swarm-context", "--docker", fmt.Sprintf(`"host=tcp://%s"`, swarm.GetAddress(t)), "--default-stack-orchestrator", "swarm")
-	icmd.RunCmd(*cmd).Assert(t, icmd.Success)
-
-	// When creating a context on a Windows host we cannot use
-	// the unix socket but it's needed inside the invocation image.
-	// The workaround is to create a context with an empty host.
-	// This host will default to the unix socket inside the
-	// invocation image
-	host := "host="
-	if !useBindMount {
-		host += fmt.Sprintf("tcp://%s", swarm.GetPrivateAddress(t))
-	}
-
-	cmd.Command = dockerCli.Command("context", "create", "swarm-target-context", "--docker", host, "--default-stack-orchestrator", "swarm")
-	icmd.RunCmd(*cmd).Assert(t, icmd.Success)
-
-	// Initialize the swarm
-	cmd.Env = append(cmd.Env, "DOCKER_CONTEXT=swarm-context")
-	cmd.Command = dockerCli.Command("swarm", "init")
-	icmd.RunCmd(*cmd).Assert(t, icmd.Success)
-
-	// Load the needed base cnab image into the swarm docker engine
-	cmd.Command = dockerCli.Command("load", "--input", tmpDir.Join("cnab-app-base.tar.gz"))
-	icmd.RunCmd(*cmd).Assert(t, icmd.Success)
-}
-
 func assertAppLabels(t *testing.T, cmd *icmd.Cmd, appName, containerName string) {
 	cmd.Command = dockerCli.Command("inspect", fmt.Sprintf("%s_%s", appName, containerName))
 	checkContains(t, icmd.RunCmd(*cmd).Assert(t, icmd.Success).Combined(),

e2e/helper_test.go

@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	"io/ioutil"
+	"net"
 	"strconv"
 	"strings"
 	"testing"
@@ -27,63 +28,54 @@ func runWithDindSwarmAndRegistry(t *testing.T, todo func(dindSwarmAndRegistryInf
 	cmd, cleanup := dockerCli.createTestCmd()
 	defer cleanup()
 
-	registryPort := findAvailablePort()
 	tmpDir := fs.NewDir(t, t.Name())
 	defer tmpDir.Remove()
 
-	cmd.Env = append(cmd.Env, "DOCKER_TARGET_CONTEXT=swarm-target-context")
-
 	// The dind doesn't have the cnab-app-base image so we save it in order to load it later
 	saveCmd := icmd.Cmd{Command: dockerCli.Command("save", fmt.Sprintf("docker/cnab-app-base:%s", internal.Version), "-o", tmpDir.Join("cnab-app-base.tar.gz"))}
 	icmd.RunCmd(saveCmd).Assert(t, icmd.Success)
 
+	// Busybox is used in a few e2e test, let's pre-load it
+	cmd.Command = dockerCli.Command("pull", "busybox:1.30.1")
+	icmd.RunCmd(cmd).Assert(t, icmd.Success)
+	saveCmd = icmd.Cmd{Command: dockerCli.Command("save", "busybox:1.30.1", "-o", tmpDir.Join("busybox.tar.gz"))}
+	icmd.RunCmd(saveCmd).Assert(t, icmd.Success)
+
 	// we have a difficult constraint here:
 	// - the registry must be reachable from the client side (for cnab-to-oci, which does not use the docker daemon to access the registry)
 	// - the registry must be reachable from the dind daemon on the same address/port
-	// Solution found is: fix the port of the registry to be the same internally and externally
-	// and run the dind container in the same network namespace: this way 127.0.0.1:<registry-port> both resolves to the registry from the client and from dind
-
-	swarm := NewContainer("docker:19.03.3-dind", 2375, "--insecure-registry", fmt.Sprintf("127.0.0.1:%d", registryPort))
-	swarm.Start(t, "--expose", strconv.FormatInt(int64(registryPort), 10),
-		"-p", fmt.Sprintf("%d:%d", registryPort, registryPort),
-		"-p", "2375",
-		"-e", "DOCKER_TLS_CERTDIR=") // Disable certificate generate on DinD startup
-	defer swarm.Stop(t)
+	// - the installer image need to target the same docker context (dind) as the client, while running on default (or another) context, which means we can't use 'localhost'
+	// Solution found is: use host external IP (not loopback) so accessing from within installer container will reach the right container
 
-	registry := NewContainer("registry:2", registryPort)
-	registry.StartWithContainerNetwork(t, swarm, "-e", "REGISTRY_VALIDATION_MANIFESTS_URLS_ALLOW=[^http]",
-		"-e", fmt.Sprintf("REGISTRY_HTTP_ADDR=0.0.0.0:%d", registryPort))
+	registry := NewContainer("registry:2", 5000)
+	registry.Start(t, "-e", "REGISTRY_VALIDATION_MANIFESTS_URLS_ALLOW=[^http]",
+		"-e", "REGISTRY_HTTP_ADDR=0.0.0.0:5000")
 	defer registry.StopNoFail()
+	registryAddress := registry.GetAddress(t)
 
-	// We  need two contexts:
-	// - one for `docker` so that it connects to the dind swarm created before
-	// - the target context for the invocation image to install within the swarm
-	cmd.Command = dockerCli.Command("context", "create", "swarm-context", "--docker", fmt.Sprintf(`"host=tcp://%s"`, swarm.GetAddress(t)), "--default-stack-orchestrator", "swarm")
-	icmd.RunCmd(cmd).Assert(t, icmd.Success)
+	swarm := NewContainer("docker:19.03.3-dind", 2375, "--insecure-registry", registryAddress)
+	swarm.Start(t, "-e", "DOCKER_TLS_CERTDIR=") // Disable certificate generate on DinD startup
+	defer swarm.Stop(t)
+	swarmAddress := swarm.GetAddress(t)
 
-	// When creating a context on a Windows host we cannot use
-	// the unix socket but it's needed inside the invocation image.
-	// The workaround is to create a context with an empty host.
-	// This host will default to the unix socket inside the
-	// invocation image
-	cmd.Command = dockerCli.Command("context", "create", "swarm-target-context", "--docker", "host=", "--default-stack-orchestrator", "swarm")
+	cmd.Command = dockerCli.Command("context", "create", "swarm-context", "--docker", fmt.Sprintf(`"host=tcp://%s"`, swarmAddress), "--default-stack-orchestrator", "swarm")
 	icmd.RunCmd(cmd).Assert(t, icmd.Success)
 
+	cmd.Env = append(cmd.Env, "DOCKER_CONTEXT=swarm-context", "DOCKER_INSTALLER_CONTEXT=swarm-context")
 	// Initialize the swarm
-	cmd.Env = append(cmd.Env, "DOCKER_CONTEXT=swarm-context")
 	cmd.Command = dockerCli.Command("swarm", "init")
 	icmd.RunCmd(cmd).Assert(t, icmd.Success)
 	// Load the needed base cnab image into the swarm docker engine
 	cmd.Command = dockerCli.Command("load", "-i", tmpDir.Join("cnab-app-base.tar.gz"))
 	icmd.RunCmd(cmd).Assert(t, icmd.Success)
-
-	cmd.Command = dockerCli.Command("pull", "busybox:1.30.1")
+	// Pre-load busybox image used by a few e2e tests
+	cmd.Command = dockerCli.Command("load", "-i", tmpDir.Join("busybox.tar.gz"))
 	icmd.RunCmd(cmd).Assert(t, icmd.Success)
 
 	info := dindSwarmAndRegistryInfo{
 		configuredCmd:   cmd,
-		registryAddress: registry.GetAddress(t),
-		swarmAddress:    swarm.GetAddress(t),
+		registryAddress: registryAddress,
+		swarmAddress:    swarmAddress,
 		stopRegistry:    registry.StopNoFail,
 		registryLogs:    registry.Logs(t),
 	}
@@ -147,23 +139,32 @@ func (c *Container) GetAddress(t *testing.T) string {
 	if c.address != "" {
 		return c.address
 	}
-	container := c.parentContainer
-	if container == "" {
-		container = c.container
-	}
-	result := icmd.RunCommand(dockerCli.path, "port", container, strconv.Itoa(c.privatePort)).Assert(t, icmd.Success)
-	c.address = fmt.Sprintf("127.0.0.1:%v", strings.Trim(strings.Split(result.Stdout(), ":")[1], " \r\n"))
+	ip := c.getIP(t)
+	port := c.getPort(t)
+	c.address = fmt.Sprintf("%s:%v", ip, port)
 	return c.address
 }
 
-// GetPrivateAddress returns the host:port this container listens on
-func (c *Container) GetPrivateAddress(t *testing.T) string {
-	container := c.parentContainer
-	if container == "" {
-		container = c.container
+func (c *Container) getPort(t *testing.T) string {
+	result := icmd.RunCommand(dockerCli.path, "port", c.container, strconv.Itoa(c.privatePort)).Assert(t, icmd.Success)
+	port := strings.Trim(strings.Split(result.Stdout(), ":")[1], " \r\n")
+	return port
+}
+
+func (c *Container) getIP(t *testing.T) string {
+	ip := "127.0.0.1"
+	// This won't work, but we can't guarantee computer has another IP
+	addrs, err := net.InterfaceAddrs()
+	assert.NilError(t, err)
+	for _, a := range addrs {
+		if ipnet, ok := a.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
+			if ipnet.IP.To4() != nil {
+				ip = ipnet.IP.String()
+				break
+			}
+		}
 	}
-	result := icmd.RunCommand(dockerCli.path, "inspect", container, "-f", "{{.NetworkSettings.IPAddress}}").Assert(t, icmd.Success)
-	return fmt.Sprintf("%s:%d", strings.TrimSpace(result.Stdout()), c.privatePort)
+	return ip
 }
 
 func (c *Container) Logs(t *testing.T) func() string {