add missing ExtraHosts to gateway exec

Also adding tests for ExtraHosts and NetMode via gateway exec Signed-off-by: Cory Bennett <cbennett@netflix.com>
moby · Aug 3, 2021 · da7c266 · da7c266
1 parent 1a7c480
commit da7c266
Show file tree

Hide file tree

Showing 10 changed files with 396 additions and 156 deletions.
diff --git a/client/build_test.go b/client/build_test.go
@@ -22,7 +22,9 @@ import (
 	"github.com/moby/buildkit/session/sshforward/sshprovider"
 	"github.com/moby/buildkit/solver/errdefs"
 	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/entitlements"
 	utilsystem "github.com/moby/buildkit/util/system"
+	"github.com/moby/buildkit/util/testutil/echoserver"
 	"github.com/moby/buildkit/util/testutil/integration"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/require"
@@ -48,7 +50,19 @@ func TestClientGatewayIntegration(t *testing.T) {
 		testClientGatewayExecError,
 		testClientGatewaySlowCacheExecError,
 		testClientGatewayExecFileActionError,
+		testClientGatewayContainerExtraHosts,
 	}, integration.WithMirroredImages(integration.OfficialImages("busybox:latest")))
+
+	integration.Run(t, []integration.Test{
+		testClientGatewayContainerHostNetworking,
+	},
+		integration.WithMirroredImages(integration.OfficialImages("busybox:latest")),
+		integration.WithMatrix("netmode", map[string]interface{}{
+			"default": defaultNetwork,
+			"host":    hostNetwork,
+		}),
+	)
+
 }
 
 func testClientGatewaySolve(t *testing.T, sb integration.Sandbox) {
@@ -1478,6 +1492,167 @@ func testClientGatewayExecFileActionError(t *testing.T, sb integration.Sandbox)
 	checkAllReleasable(t, c, sb, true)
 }
 
+func testClientGatewayContainerExtraHosts(t *testing.T, sb integration.Sandbox) {
+	requiresLinux(t)
+
+	ctx := sb.Context()
+	product := "buildkit_test"
+
+	c, err := New(ctx, sb.Address())
+	require.NoError(t, err)
+	defer c.Close()
+
+	b := func(ctx context.Context, c client.Client) (*client.Result, error) {
+		st := llb.Image("busybox")
+
+		def, err := st.Marshal(ctx)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal state")
+		}
+
+		r, err := c.Solve(ctx, client.SolveRequest{
+			Definition: def.ToPB(),
+		})
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to solve")
+		}
+
+		ctr, err := c.NewContainer(ctx, client.NewContainerRequest{
+			Mounts: []client.Mount{{
+				Dest:      "/",
+				MountType: pb.MountType_BIND,
+				Ref:       r.Ref,
+			}},
+			ExtraHosts: []*pb.HostIP{{
+				Host: "some.host",
+				IP:   "169.254.11.22",
+			}},
+		})
+
+		if err != nil {
+			return nil, err
+		}
+
+		stdout := bytes.NewBuffer(nil)
+		stderr := bytes.NewBuffer(nil)
+
+		pid, err := ctr.Start(ctx, client.StartRequest{
+			Args:   []string{"grep", "169.254.11.22\tsome.host", "/etc/hosts"},
+			Stdout: &nopCloser{stdout},
+			Stderr: &nopCloser{stderr},
+		})
+		if err != nil {
+			ctr.Release(ctx)
+			return nil, err
+		}
+		defer ctr.Release(ctx)
+
+		err = pid.Wait()
+
+		t.Logf("Stdout: %q", stdout.String())
+		t.Logf("Stderr: %q", stderr.String())
+
+		require.NoError(t, err)
+
+		return &client.Result{}, nil
+	}
+
+	_, err = c.Build(ctx, SolveOpt{}, product, b, nil)
+	require.NoError(t, err)
+
+	checkAllReleasable(t, c, sb, true)
+}
+
+func testClientGatewayContainerHostNetworking(t *testing.T, sb integration.Sandbox) {
+	if os.Getenv("BUILDKIT_RUN_NETWORK_INTEGRATION_TESTS") == "" {
+		t.SkipNow()
+	}
+
+	requiresLinux(t)
+
+	ctx := sb.Context()
+	product := "buildkit_test"
+
+	var allowedEntitlements []entitlements.Entitlement
+	netMode := pb.NetMode_UNSET
+	if sb.Value("netmode") == hostNetwork {
+		netMode = pb.NetMode_HOST
+		allowedEntitlements = []entitlements.Entitlement{entitlements.EntitlementNetworkHost}
+	}
+	c, err := New(sb.Context(), sb.Address())
+	require.NoError(t, err)
+	defer c.Close()
+
+	s, err := echoserver.NewTestServer("foo")
+	require.NoError(t, err)
+	addrParts := strings.Split(s.Addr().String(), ":")
+	port := addrParts[len(addrParts)-1]
+
+	b := func(ctx context.Context, c client.Client) (*client.Result, error) {
+		st := llb.Image("busybox")
+
+		def, err := st.Marshal(ctx)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal state")
+		}
+
+		r, err := c.Solve(ctx, client.SolveRequest{
+			Definition: def.ToPB(),
+		})
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to solve")
+		}
+
+		ctr, err := c.NewContainer(ctx, client.NewContainerRequest{
+			Mounts: []client.Mount{{
+				Dest:      "/",
+				MountType: pb.MountType_BIND,
+				Ref:       r.Ref,
+			}},
+			NetMode: netMode,
+		})
+
+		if err != nil {
+			return nil, err
+		}
+
+		stdout := bytes.NewBuffer(nil)
+		stderr := bytes.NewBuffer(nil)
+
+		pid, err := ctr.Start(ctx, client.StartRequest{
+			Args:   []string{"/bin/sh", "-c", fmt.Sprintf("nc 127.0.0.1 %s | grep foo", port)},
+			Stdout: &nopCloser{stdout},
+			Stderr: &nopCloser{stderr},
+		})
+		if err != nil {
+			ctr.Release(ctx)
+			return nil, err
+		}
+		defer ctr.Release(ctx)
+
+		err = pid.Wait()
+
+		t.Logf("Stdout: %q", stdout.String())
+		t.Logf("Stderr: %q", stderr.String())
+
+		if netMode == pb.NetMode_HOST {
+			require.NoError(t, err)
+		} else {
+			require.Error(t, err)
+		}
+
+		return &client.Result{}, nil
+	}
+
+	solveOpts := SolveOpt{
+		AllowedEntitlements: allowedEntitlements,
+	}
+	_, err = c.Build(ctx, solveOpts, product, b, nil)
+	require.NoError(t, err)
+
+	checkAllReleasable(t, c, sb, true)
+}
+
 type nopCloser struct {
 	io.Writer
 }

diff --git a/frontend/gateway/client/client.go b/frontend/gateway/client/client.go
@@ -25,6 +25,7 @@ type Client interface {
 type NewContainerRequest struct {
 	Mounts      []Mount
 	NetMode     pb.NetMode
+	ExtraHosts  []*pb.HostIP
 	Platform    *pb.Platform
 	Constraints *pb.WorkerConstraints
 }

diff --git a/frontend/gateway/container.go b/frontend/gateway/container.go
@@ -28,6 +28,7 @@ import (
 type NewContainerRequest struct {
 	ContainerID string
 	NetMode     opspb.NetMode
+	ExtraHosts  []executor.HostIP
 	Mounts      []Mount
 	Platform    *opspb.Platform
 	Constraints *opspb.WorkerConstraints
@@ -52,13 +53,14 @@ func NewContainer(ctx context.Context, w worker.Worker, sm *session.Manager, g s
 		platform = *req.Platform
 	}
 	ctr := &gatewayContainer{
-		id:       req.ContainerID,
-		netMode:  req.NetMode,
-		platform: platform,
-		executor: w.Executor(),
-		errGroup: eg,
-		ctx:      ctx,
-		cancel:   cancel,
+		id:         req.ContainerID,
+		netMode:    req.NetMode,
+		extraHosts: req.ExtraHosts,
+		platform:   platform,
+		executor:   w.Executor(),
+		errGroup:   eg,
+		ctx:        ctx,
+		cancel:     cancel,
 	}
 
 	var (
@@ -276,18 +278,19 @@ func PrepareMounts(ctx context.Context, mm *mounts.MountManager, cm cache.Manage
 }
 
 type gatewayContainer struct {
-	id       string
-	netMode  opspb.NetMode
-	platform opspb.Platform
-	rootFS   executor.Mount
-	mounts   []executor.Mount
-	executor executor.Executor
-	started  bool
-	errGroup *errgroup.Group
-	mu       sync.Mutex
-	cleanup  []func() error
-	ctx      context.Context
-	cancel   func()
+	id         string
+	netMode    opspb.NetMode
+	extraHosts []executor.HostIP
+	platform   opspb.Platform
+	rootFS     executor.Mount
+	mounts     []executor.Mount
+	executor   executor.Executor
+	started    bool
+	errGroup   *errgroup.Group
+	mu         sync.Mutex
+	cleanup    []func() error
+	ctx        context.Context
+	cancel     func()
 }
 
 func (gwCtr *gatewayContainer) Start(ctx context.Context, req client.StartRequest) (client.ContainerProcess, error) {
@@ -300,6 +303,7 @@ func (gwCtr *gatewayContainer) Start(ctx context.Context, req client.StartReques
 			Cwd:          req.Cwd,
 			Tty:          req.Tty,
 			NetMode:      gwCtr.netMode,
+			ExtraHosts:   gwCtr.extraHosts,
 			SecurityMode: req.SecurityMode,
 		},
 		Stdin:  req.Stdin,

diff --git a/frontend/gateway/forwarder/forward.go b/frontend/gateway/forwarder/forward.go
@@ -272,6 +272,11 @@ func (c *bridgeClient) NewContainer(ctx context.Context, req client.NewContainer
 		return nil, err
 	}
 
+	ctrReq.ExtraHosts, err = gateway.ParseExtraHosts(req.ExtraHosts)
+	if err != nil {
+		return nil, err
+	}
+
 	w, err := c.workers.GetDefault()
 	if err != nil {
 		return nil, err

diff --git a/frontend/gateway/gateway.go b/frontend/gateway/gateway.go
@@ -889,6 +889,11 @@ func (lbf *llbBridgeForwarder) NewContainer(ctx context.Context, in *pb.NewConta
 		return nil, stack.Enable(err)
 	}
 
+	ctrReq.ExtraHosts, err = ParseExtraHosts(in.ExtraHosts)
+	if err != nil {
+		return nil, stack.Enable(err)
+	}
+
 	ctr, err := NewContainer(context.Background(), w, lbf.sm, group, ctrReq)
 	if err != nil {
 		return nil, stack.Enable(err)

diff --git a/frontend/gateway/grpcclient/client.go b/frontend/gateway/grpcclient/client.go
@@ -710,6 +710,8 @@ func (c *grpcClient) NewContainer(ctx context.Context, req client.NewContainerRe
 		Mounts:      mounts,
 		Platform:    req.Platform,
 		Constraints: req.Constraints,
+		Network:     req.NetMode,
+		ExtraHosts:  req.ExtraHosts,
 	})
 	if err != nil {
 		return nil, err