container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-20 17:23:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12642 from Luap99/libnetwork

Browse source 
use libnetwork from c/common
This commit is contained in:
OpenShift Merge Robot 2022-01-13 18:06:54 +01:00 committed by GitHub
parent ab7228b3c2 ece768ff9e
commit eeb76db0fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
204 changed files with 3327 additions and 7617 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/podman/common/completion.go
View file

@ -7,11 +7,11 @@ import (
"reflect"
"strings"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/image/v5/pkg/sysregistriesv2"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/rootless"
systemdDefine "github.com/containers/podman/v3/pkg/systemd/define"

2
cmd/podman/common/create_opts.go
View file

@ -8,11 +8,11 @@ import (
"strconv"
"strings"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/cgroups"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/api/handlers"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/rootless"

2
cmd/podman/common/netflags.go
View file

@ -3,10 +3,10 @@ package common
import (
"net"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/completion"
"github.com/containers/podman/v3/cmd/podman/parse"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/specgenutil"

2
cmd/podman/containers/ps.go
View file

@ -7,13 +7,13 @@ import (
"time"
tm "github.com/buger/goterm"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/completion"
"github.com/containers/common/pkg/report"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/cmd/podman/utils"
"github.com/containers/podman/v3/cmd/podman/validate"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/docker/go-units"
"github.com/pkg/errors"

4
cmd/podman/images/build.go
View file

@ -514,11 +514,10 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
opts := buildahDefine.BuildOptions{
AddCapabilities: flags.CapAdd,
AdditionalTags: tags,
AllPlatforms: flags.AllPlatforms,
Annotations: flags.Annotation,
Args: args,
BlobDirectory: flags.BlobCache,
CNIConfigDir: flags.CNIConfigDir,
CNIPluginPath: flags.CNIPlugInPath,
CommonBuildOpts: commonOpts,
Compression: compression,
ConfigureNetwork: networkPolicy,
@ -559,6 +558,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
SystemContext: systemContext,
Target: flags.Target,
TransientMounts: flags.Volumes,
UnsetEnvs: flags.UnsetEnvs,
}
if flags.IgnoreFile != "" {

2
cmd/podman/networks/connect.go
View file

@ -3,10 +3,10 @@ package network
import (
"net"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/completion"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/spf13/cobra"
)

4
cmd/podman/networks/create.go
View file

@ -4,12 +4,12 @@ import (
"fmt"
"net"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/libnetwork/util"
"github.com/containers/common/pkg/completion"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/parse"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/libpod/network/util"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"

2
cmd/podman/networks/list.go
View file

@ -6,12 +6,12 @@ import (
"sort"
"strings"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/completion"
"github.com/containers/common/pkg/report"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/cmd/podman/validate"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/pkg/errors"
"github.com/spf13/cobra"

2
cmd/rootlessport/main.go
View file

@ -13,7 +13,7 @@ import (
"strings"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/pkg/rootlessport"
"github.com/pkg/errors"
rkport "github.com/rootless-containers/rootlesskit/pkg/port"

27
docs/source/markdown/podman-build.1.md
View file

@ -54,6 +54,10 @@ Add a custom host-to-IP mapping (host:ip)
Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option
can be set multiple times.
#### **--all-platforms**
Instead of building for a set of platforms specified using the **--platform** option, inspect the build's base images, and build for all of the platforms for which they are all available. Stages that use *scratch* as a starting point can not be inspected, so at least one non-*scratch* stage must be present for detection to work usefully.
#### **--annotation**=*annotation*
Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can
@ -123,24 +127,19 @@ Path to cgroups under which the cgroup for the container will be created. If the
path is not absolute, the path is considered to be relative to the cgroups path
of the init process. Cgroups will be created if they do not already exist.
#### **--cgroupns**=*how*
Sets the configuration for cgroup namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "private" to indicate
that a new cgroup namespace should be created, or it can be "host" to indicate
that the cgroup namespace in which `buildah` itself is being run should be reused.
#### **--compress**
This option is added to be aligned with other containers CLIs.
Podman doesn't communicate with a daemon or a remote server.
Thus, compressing the data before sending it is irrelevant to Podman. (This option is not available with the remote Podman client)
#### **--cni-config-dir**=*directory*
Location of CNI configuration files which will dictate which plugins will be
used to configure network interfaces and routing for containers created for
handling `RUN` instructions, if those containers will be run in their own
network namespaces, and networking is not disabled.
#### **--cni-plugin-path**=*directory[:directory[:directory[...]]]*
List of directories in which the CNI plugins which will be used for configuring
network namespaces can be found.
#### **--cpu-period**=*limit*
Set the CPU period for the Completely Fair Scheduler (CFS), which is a
@ -625,6 +624,10 @@ types include:
"sigpending": maximum number of pending signals (ulimit -i)
"stack": maximum stack size (ulimit -s)
#### **--unsetenv** *env*
Unset environment variables from the final image.
#### **--userns**=*how*
Sets the configuration for user namespaces when handling `RUN` instructions.

8
go.mod
View file

@ -11,10 +11,10 @@ require (
github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9
github.com/containernetworking/cni v1.0.1
github.com/containernetworking/plugins v1.0.1
github.com/containers/buildah v1.23.1
github.com/containers/buildah v1.23.1-0.20220112160421-d744ebc4b1d5
github.com/containers/common v0.46.1-0.20220112112017-31e8cc4aeeab
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.17.1-0.20220106205022-73f80d60f0e1
github.com/containers/image/v5 v5.18.0
github.com/containers/ocicrypt v1.1.2
github.com/containers/psgo v1.7.1
github.com/containers/storage v1.37.1-0.20211213220314-73a749e4fec5
@ -46,7 +46,7 @@ require (
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.17.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84
github.com/opencontainers/image-spec v1.0.3-0.20211215212317-ea0209f50ae1
github.com/opencontainers/runc v1.0.3
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/runtime-tools v0.9.1-0.20211020193359-09d837bf40a7
@ -64,7 +64,7 @@ require (
github.com/vbauerster/mpb/v6 v6.0.4
github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5
go.etcd.io/bbolt v1.3.6
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/sys v0.0.0-20211214234402-4825e8c3871d
golang.org/x/text v0.3.7

368
go.sum
View file

File diff suppressed because it is too large Load diff

2
libpod/boltdb_state.go
View file

@ -8,8 +8,8 @@ import (
"strings"
"sync"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
jsoniter "github.com/json-iterator/go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"

2
libpod/common_test.go
View file

@ -7,10 +7,10 @@ import (
"testing"
"time"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/lock"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/opencontainers/runtime-tools/generate"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

4
libpod/container.go
View file

@ -10,13 +10,13 @@ import (
"time"
types040 "github.com/containernetworking/cni/pkg/types/040"
"github.com/containers/common/libnetwork/cni"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/common/pkg/secrets"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/lock"
"github.com/containers/podman/v3/libpod/network/cni"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/storage"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"

2
libpod/container_config.go
View file

@ -4,9 +4,9 @@ import (
"net"
"time"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/secrets"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/namespaces"
"github.com/containers/storage"
spec "github.com/opencontainers/runtime-spec/specs-go"

2
libpod/container_internal_linux.go
View file

@ -27,6 +27,7 @@ import (
"github.com/containers/buildah/pkg/chrootuser"
"github.com/containers/buildah/pkg/overlay"
butil "github.com/containers/buildah/util"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/cgroups"
"github.com/containers/common/pkg/chown"
@ -35,7 +36,6 @@ import (
"github.com/containers/common/pkg/umask"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/annotations"
"github.com/containers/podman/v3/pkg/checkpoint/crutils"
"github.com/containers/podman/v3/pkg/criu"

6
libpod/define/config.go
View file

@ -5,7 +5,7 @@ import (
"io"
"regexp"
"github.com/pkg/errors"
"github.com/containers/common/libnetwork/types"
)
var (
@ -17,9 +17,9 @@ var (
// NameRegex is a regular expression to validate container/pod names.
// This must NOT be changed from outside of Libpod. It should be a
// constant, but Go won't let us do that.
NameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$")
NameRegex = types.NameRegex
// RegexError is thrown in presence of an invalid container/pod name.
RegexError = errors.Wrapf(ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*")
RegexError = types.RegexError
// UmaskRegex is a regular expression to validate Umask.
UmaskRegex = regexp.MustCompile(`^[0-7]{1,4}$`)
)

8
libpod/define/errors.go
View file

@ -3,6 +3,8 @@ package define
import (
"errors"
"fmt"
"github.com/containers/common/libnetwork/types"
)
var (
@ -16,7 +18,7 @@ var (
ErrNoSuchVolume = errors.New("no such volume")
// ErrNoSuchNetwork indicates the requested network does not exist
ErrNoSuchNetwork = errors.New("network not found")
ErrNoSuchNetwork = types.ErrNoSuchNetwork
// ErrNoSuchExecSession indicates that the requested exec session does
// not exist.
@ -48,7 +50,7 @@ var (
ErrExecSessionExists = errors.New("exec session already exists")
// ErrNetworkExists indicates that a network with the given name already
// exists.
ErrNetworkExists = errors.New("network already exists")
ErrNetworkExists = types.ErrNetworkExists
// ErrCtrStateInvalid indicates a container is in an improper state for
// the requested operation
@ -73,7 +75,7 @@ var (
ErrVolumeFinalized = errors.New("volume has been finalized")
// ErrInvalidArg indicates that an invalid argument was passed
ErrInvalidArg = errors.New("invalid argument")
ErrInvalidArg = types.ErrInvalidArg
// ErrEmptyID indicates that an empty ID was passed
ErrEmptyID = errors.New("name or ID cannot be empty")

2
libpod/kube.go
View file

@ -11,9 +11,9 @@ import (
"strings"
"time"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/env"
"github.com/containers/podman/v3/pkg/lookup"
"github.com/containers/podman/v3/pkg/namespaces"

53
libpod/network/cni/cni_suite_test.go
View file

@ -1,53 +0,0 @@
// +build linux
package cni_test
import (
"os"
"path/filepath"
"testing"
"github.com/containers/podman/v3/libpod/network/cni"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/test/utils"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var cniPluginDirs = []string{
"/usr/libexec/cni",
"/usr/lib/cni",
"/usr/local/lib/cni",
"/opt/cni/bin",
}
func TestCni(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "CNI Suite")
}
func getNetworkInterface(cniConfDir string, machine bool) (types.ContainerNetwork, error) {
return cni.NewCNINetworkInterface(cni.InitConfig{
CNIConfigDir: cniConfDir,
CNIPluginDirs: cniPluginDirs,
IsMachine: machine,
LockFile: filepath.Join(cniConfDir, "cni.lock"),
})
}
func SkipIfNoDnsname() {
for _, path := range cniPluginDirs {
f, err := os.Stat(filepath.Join(path, "dnsname"))
if err == nil && f.Mode().IsRegular() {
return
}
}
Skip("dnsname cni plugin needs to be installed for this test")
}
func SkipIfNotFedora(msg string) {
info := utils.GetHostDistributionInfo()
if info.Distribution != "fedora" {
Skip("Test can only run on Fedora: " + msg)
}
}

1378
libpod/network/cni/config_test.go
View file

File diff suppressed because it is too large Load diff

1329
libpod/network/cni/run_test.go
View file

File diff suppressed because it is too large Load diff

25
libpod/network/cni/testfiles/invalid/broken.conflist
View file

@ -1,25 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "bridge",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman9",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1"
}
]
]

51
libpod/network/cni/testfiles/invalid/invalid_gateway.conflist
View file

@ -1,51 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "invalidgw",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman8",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8",
"rangeStart": "10.89.8.20",
"rangeEnd": "10.89.8.50"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

49
libpod/network/cni/testfiles/invalid/invalidname.conflist
View file

@ -1,49 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "bridge@123",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman9",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

48
libpod/network/cni/testfiles/invalid/noname.conflist
View file

@ -1,48 +0,0 @@
{
"cniVersion": "0.4.0",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman9",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

5
libpod/network/cni/testfiles/invalid/noplugin.conflist
View file

@ -1,5 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "bridge",
"plugins": []
}

49
libpod/network/cni/testfiles/invalid/samename1.conflist
View file

@ -1,49 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "bridge",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman9",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

49
libpod/network/cni/testfiles/invalid/samename2.conflist
View file

@ -1,49 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "bridge",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman9",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

37
libpod/network/cni/testfiles/valid/87-podman.conflist
View file

@ -1,37 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman0",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [{ "dst": "0.0.0.0/0" }],
"ranges": [
[
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall"
},
{
"type": "tuning"
}
]
}

51
libpod/network/cni/testfiles/valid/bridge.conflist
View file

@ -1,51 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "bridge",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman9",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1",
"rangeStart": "10.89.8.20",
"rangeEnd": "10.89.8.50"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

58
libpod/network/cni/testfiles/valid/dualstack.conflist
View file

@ -1,58 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "dualstack",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman21",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "::/0"
},
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "fd10:88:a::/64",
"gateway": "fd10:88:a::1"
}
],
[
{
"subnet": "10.89.19.0/24",
"gateway": "10.89.19.10"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

40
libpod/network/cni/testfiles/valid/internal.conflist
View file

@ -1,40 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "internal",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman8",
"isGateway": false,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.7.0/24"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
}
]
}

54
libpod/network/cni/testfiles/valid/label.conflist
View file

@ -1,54 +0,0 @@
{
"args": {
"podman_labels": {
"mykey": "value"
}
},
"cniVersion": "0.4.0",
"name": "label",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman15",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.13.0/24",
"gateway": "10.89.13.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

13
libpod/network/cni/testfiles/valid/macvlan.conflist
View file

@ -1,13 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "macvlan",
"plugins": [
{
"type": "macvlan",
"master": "lo",
"ipam": {
"type": "dhcp"
}
}
]
}

14
libpod/network/cni/testfiles/valid/macvlan_mtu.conflist
View file

@ -1,14 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "macvlan_mtu",
"plugins": [
{
"type": "macvlan",
"master": "lo",
"ipam": {
"type": "dhcp"
},
"mtu": 1300
}
]
}

49
libpod/network/cni/testfiles/valid/mtu.conflist
View file

@ -1,49 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "mtu",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman13",
"isGateway": true,
"ipMasq": true,
"mtu": 1500,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.11.0/24"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

50
libpod/network/cni/testfiles/valid/vlan.conflist
View file

@ -1,50 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "vlan",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman14",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"vlan": 5,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.12.0/24",
"gateway": "10.89.12.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": ""
},
{
"type": "tuning"
},
{
"type": "dnsname",
"domainName": "dns.podman",
"capabilities": {
"aliases": true
}
}
]
}

63
libpod/network/internal/util/ip_test.go
View file

@ -1,63 +0,0 @@
package util
import (
"fmt"
"net"
"reflect"
"testing"
)
func parseCIDR(n string) *net.IPNet {
_, parsedNet, _ := net.ParseCIDR(n)
return parsedNet
}
func TestNextSubnet(t *testing.T) {
type args struct {
subnet *net.IPNet
}
tests := []struct {
name string
args args
want *net.IPNet
wantErr bool
}{
{"class b", args{subnet: parseCIDR("192.168.0.0/16")}, parseCIDR("192.169.0.0/16"), false},
{"class c", args{subnet: parseCIDR("192.168.1.0/24")}, parseCIDR("192.168.2.0/24"), false},
}
for _, tt := range tests {
test := tt
t.Run(test.name, func(t *testing.T) {
got, err := NextSubnet(test.args.subnet)
if (err != nil) != test.wantErr {
t.Errorf("NextSubnet() error = %v, wantErr %v", err, test.wantErr)
return
}
if !reflect.DeepEqual(got, test.want) {
t.Errorf("NextSubnet() got = %v, want %v", got, test.want)
}
})
}
}
func TestGetRandomIPv6Subnet(t *testing.T) {
for i := 0; i < 1000; i++ {
t.Run(fmt.Sprintf("GetRandomIPv6Subnet %d", i), func(t *testing.T) {
sub, err := getRandomIPv6Subnet()
if err != nil {
t.Errorf("GetRandomIPv6Subnet() error should be nil: %v", err)
return
}
if sub.IP.To4() != nil {
t.Errorf("ip %s is not an ipv6 address", sub.IP)
}
if sub.IP[0] != 0xfd {
t.Errorf("ipv6 %s does not start with fd", sub.IP)
}
ones, bytes := sub.Mask.Size()
if ones != 64 || bytes != 128 {
t.Errorf("wrong network mask %v, it should be /64", sub.Mask)
}
})
}
}

1123
libpod/network/netavark/config_test.go
View file

File diff suppressed because it is too large Load diff

433
libpod/network/netavark/ipam_test.go
View file

@ -1,433 +0,0 @@
package netavark
import (
"bytes"
"fmt"
"io/ioutil"
"net"
"os"
"path/filepath"
"github.com/containers/podman/v3/libpod/network/types"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/sirupsen/logrus"
)
var _ = Describe("IPAM", func() {
var (
networkInterface *netavarkNetwork
networkConfDir string
logBuffer bytes.Buffer
)
BeforeEach(func() {
var err error
networkConfDir, err = ioutil.TempDir("", "podman_netavark_test")
if err != nil {
Fail("Failed to create tmpdir")
}
logBuffer = bytes.Buffer{}
logrus.SetOutput(&logBuffer)
})
JustBeforeEach(func() {
libpodNet, err := NewNetworkInterface(InitConfig{
NetworkConfigDir: networkConfDir,
IPAMDBPath: filepath.Join(networkConfDir, "ipam.db"),
LockFile: filepath.Join(networkConfDir, "netavark.lock"),
})
if err != nil {
Fail("Failed to create NewCNINetworkInterface")
}
networkInterface = libpodNet.(*netavarkNetwork)
// run network list to force a network load
networkInterface.NetworkList()
})
AfterEach(func() {
os.RemoveAll(networkConfDir)
})
It("simple ipam alloc", func() {
netName := types.DefaultNetworkName
for i := 2; i < 100; i++ {
opts := &types.NetworkOptions{
ContainerID: "someContainerID",
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err := networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP(fmt.Sprintf("10.88.0.%d", i)).To4()))
}
})
It("ipam try to alloc same ip", func() {
netName := types.DefaultNetworkName
opts := &types.NetworkOptions{
ContainerID: "someContainerID",
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err := networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP("10.88.0.2").To4()))
opts = &types.NetworkOptions{
ContainerID: "otherID",
Networks: map[string]types.PerNetworkOptions{
netName: {StaticIPs: []net.IP{net.ParseIP("10.88.0.2")}},
},
}
err = networkInterface.allocIPs(opts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("IPAM error: requested ip address 10.88.0.2 is already allocated to container ID someContainerID"))
})
It("ipam try to alloc more ips as in range", func() {
s, _ := types.ParseCIDR("10.0.0.1/24")
network, err := networkInterface.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{
Subnet: s,
LeaseRange: &types.LeaseRange{
StartIP: net.ParseIP("10.0.0.10"),
EndIP: net.ParseIP("10.0.0.20"),
},
},
},
})
Expect(err).ToNot(HaveOccurred())
netName := network.Name
for i := 10; i < 21; i++ {
opts := &types.NetworkOptions{
ContainerID: fmt.Sprintf("someContainerID-%d", i),
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP(fmt.Sprintf("10.0.0.%d", i)).To4()))
}
opts := &types.NetworkOptions{
ContainerID: "someContainerID-22",
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
// now this should fail because all free ips are already assigned
err = networkInterface.allocIPs(opts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("IPAM error: failed to find free IP in range: 10.0.0.10 - 10.0.0.20"))
})
It("ipam basic setup", func() {
netName := types.DefaultNetworkName
opts := &types.NetworkOptions{
ContainerID: "someContainerID",
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
expectedIP := net.ParseIP("10.88.0.2").To4()
err := networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(expectedIP))
// remove static ips from opts
netOpts := opts.Networks[netName]
netOpts.StaticIPs = nil
opts.Networks[netName] = netOpts
err = networkInterface.getAssignedIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(expectedIP))
err = networkInterface.allocIPs(opts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("IPAM error: requested ip address 10.88.0.2 is already allocated to container ID someContainerID"))
// dealloc the ip
err = networkInterface.deallocIPs(opts)
Expect(err).ToNot(HaveOccurred())
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(expectedIP))
})
It("ipam dual stack", func() {
s1, _ := types.ParseCIDR("10.0.0.0/26")
s2, _ := types.ParseCIDR("fd80::/24")
network, err := networkInterface.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{
Subnet: s1,
},
{
Subnet: s2,
},
},
})
Expect(err).ToNot(HaveOccurred())
netName := network.Name
opts := &types.NetworkOptions{
ContainerID: "someContainerID",
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(2))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP("10.0.0.2").To4()))
Expect(opts.Networks[netName].StaticIPs[1]).To(Equal(net.ParseIP("fd80::2")))
// remove static ips from opts
netOpts := opts.Networks[netName]
netOpts.StaticIPs = nil
opts.Networks[netName] = netOpts
err = networkInterface.getAssignedIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(2))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP("10.0.0.2").To4()))
Expect(opts.Networks[netName].StaticIPs[1]).To(Equal(net.ParseIP("fd80::2")))
err = networkInterface.deallocIPs(opts)
Expect(err).ToNot(HaveOccurred())
// try to alloc the same again
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(2))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP("10.0.0.2").To4()))
Expect(opts.Networks[netName].StaticIPs[1]).To(Equal(net.ParseIP("fd80::2")))
})
It("ipam with two networks", func() {
s, _ := types.ParseCIDR("10.0.0.0/24")
network, err := networkInterface.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{
Subnet: s,
},
},
})
Expect(err).ToNot(HaveOccurred())
netName1 := network.Name
s, _ = types.ParseCIDR("10.0.1.0/24")
network, err = networkInterface.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{
Subnet: s,
},
},
})
Expect(err).ToNot(HaveOccurred())
netName2 := network.Name
opts := &types.NetworkOptions{
ContainerID: "someContainerID",
Networks: map[string]types.PerNetworkOptions{
netName1: {},
netName2: {},
},
}
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName1))
Expect(opts.Networks[netName1].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName1].StaticIPs[0]).To(Equal(net.ParseIP("10.0.0.2").To4()))
Expect(opts.Networks).To(HaveKey(netName2))
Expect(opts.Networks[netName2].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName2].StaticIPs[0]).To(Equal(net.ParseIP("10.0.1.2").To4()))
// remove static ips from opts
netOpts := opts.Networks[netName1]
netOpts.StaticIPs = nil
opts.Networks[netName1] = netOpts
netOpts = opts.Networks[netName2]
netOpts.StaticIPs = nil
opts.Networks[netName2] = netOpts
err = networkInterface.getAssignedIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName1))
Expect(opts.Networks[netName1].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName1].StaticIPs[0]).To(Equal(net.ParseIP("10.0.0.2").To4()))
Expect(opts.Networks).To(HaveKey(netName2))
Expect(opts.Networks[netName2].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName2].StaticIPs[0]).To(Equal(net.ParseIP("10.0.1.2").To4()))
err = networkInterface.deallocIPs(opts)
Expect(err).ToNot(HaveOccurred())
// try to alloc the same again
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName1))
Expect(opts.Networks[netName1].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName1].StaticIPs[0]).To(Equal(net.ParseIP("10.0.0.2").To4()))
Expect(opts.Networks).To(HaveKey(netName2))
Expect(opts.Networks[netName2].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName2].StaticIPs[0]).To(Equal(net.ParseIP("10.0.1.2").To4()))
})
It("ipam alloc more ips as in subnet", func() {
s, _ := types.ParseCIDR("10.0.0.0/26")
network, err := networkInterface.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{
Subnet: s,
},
},
})
Expect(err).ToNot(HaveOccurred())
netName := network.Name
for i := 2; i < 64; i++ {
opts := &types.NetworkOptions{
ContainerID: fmt.Sprintf("id-%d", i),
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err = networkInterface.allocIPs(opts)
if i < 63 {
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP(fmt.Sprintf("10.0.0.%d", i)).To4()))
} else {
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("IPAM error: failed to find free IP in range: 10.0.0.1 - 10.0.0.62"))
}
}
})
It("ipam alloc -> dealloc -> alloc", func() {
s, _ := types.ParseCIDR("10.0.0.0/27")
network, err := networkInterface.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{
Subnet: s,
},
},
})
Expect(err).ToNot(HaveOccurred())
netName := network.Name
for i := 2; i < 10; i++ {
opts := types.NetworkOptions{
ContainerID: fmt.Sprintf("id-%d", i),
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err = networkInterface.allocIPs(&opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP(fmt.Sprintf("10.0.0.%d", i)).To4()))
err = networkInterface.deallocIPs(&opts)
Expect(err).ToNot(HaveOccurred())
}
for i := 0; i < 30; i++ {
opts := types.NetworkOptions{
ContainerID: fmt.Sprintf("id-%d", i),
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err = networkInterface.allocIPs(&opts)
if i < 29 {
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(1))
// The (i+8)%29+2 part looks cryptic but it is actually simple, we already have 8 ips allocated above
// so we expect the 8 available ip. We have 29 assignable ip addresses in this subnet because "i"+8 can
// be greater than 30 we have to modulo by 29 to go back to the beginning. Also the first free ip is
// network address + 2, so we have to add 2 to the result
Expect(opts.Networks[netName].StaticIPs[0]).To(Equal(net.ParseIP(fmt.Sprintf("10.0.0.%d", (i+8)%29+2)).To4()))
} else {
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("IPAM error: failed to find free IP in range: 10.0.0.1 - 10.0.0.30"))
}
}
})
It("ipam with dhcp driver should not set ips", func() {
network, err := networkInterface.NetworkCreate(types.Network{
IPAMOptions: map[string]string{
"driver": types.DHCPIPAMDriver,
},
})
Expect(err).ToNot(HaveOccurred())
netName := network.Name
opts := &types.NetworkOptions{
ContainerID: "someContainerID",
Networks: map[string]types.PerNetworkOptions{
netName: {},
},
}
err = networkInterface.allocIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(0))
err = networkInterface.getAssignedIPs(opts)
Expect(err).ToNot(HaveOccurred())
Expect(opts.Networks).To(HaveKey(netName))
Expect(opts.Networks[netName].StaticIPs).To(HaveLen(0))
// dealloc the ip
err = networkInterface.deallocIPs(opts)
Expect(err).ToNot(HaveOccurred())
})
})

75
libpod/network/netavark/netavark_suite_test.go
View file

@ -1,75 +0,0 @@
// +build linux
package netavark_test
import (
"fmt"
"net"
"os"
"path/filepath"
"reflect"
"testing"
"github.com/containers/podman/v3/libpod/network/netavark"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/libpod/network/util"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
gomegaTypes "github.com/onsi/gomega/types"
)
func TestNetavark(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Netavark Suite")
}
var netavarkBinary string
func init() {
netavarkBinary = os.Getenv("NETAVARK_BINARY")
if netavarkBinary == "" {
netavarkBinary = "/usr/libexec/podman/netavark"
}
}
func getNetworkInterface(confDir string, machine bool) (types.ContainerNetwork, error) {
return netavark.NewNetworkInterface(netavark.InitConfig{
NetworkConfigDir: confDir,
IsMachine: machine,
NetavarkBinary: netavarkBinary,
IPAMDBPath: filepath.Join(confDir, "ipam.db"),
LockFile: filepath.Join(confDir, "netavark.lock"),
})
}
// EqualSubnet is a custom GomegaMatcher to match a subnet
// This makes sure to not use the 16 bytes ip representation.
func EqualSubnet(subnet *net.IPNet) gomegaTypes.GomegaMatcher {
return &equalSubnetMatcher{
expected: subnet,
}
}
type equalSubnetMatcher struct {
expected *net.IPNet
}
func (m *equalSubnetMatcher) Match(actual interface{}) (bool, error) {
util.NormalizeIP(&m.expected.IP)
subnet, ok := actual.(*net.IPNet)
if !ok {
return false, fmt.Errorf("EqualSubnet expects a *net.IPNet")
}
util.NormalizeIP(&subnet.IP)
return reflect.DeepEqual(subnet, m.expected), nil
}
func (m *equalSubnetMatcher) FailureMessage(actual interface{}) string {
return fmt.Sprintf("Expected subnet %#v to equal subnet %#v", actual, m.expected)
}
func (m *equalSubnetMatcher) NegatedFailureMessage(actual interface{}) string {
return fmt.Sprintf("Expected subnet %#v not to equal subnet %#v", actual, m.expected)
}

699
libpod/network/netavark/run_test.go
View file

@ -1,699 +0,0 @@
// +build linux
package netavark_test
// The tests have to be run as root.
// For each test there will be two network namespaces created,
// netNSTest and netNSContainer. Each test must be run inside
// netNSTest to prevent leakage in the host netns, therefore
// it should use the following structure:
// It("test name", func() {
// runTest(func() {
// // add test logic here
// })
// })
import (
"io/ioutil"
"net"
"os"
"strconv"
"sync"
"time"
"github.com/containernetworking/plugins/pkg/ns"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/sirupsen/logrus"
"github.com/vishvananda/netlink"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/libpod/network/util"
"github.com/containers/podman/v3/pkg/netns"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/storage/pkg/stringid"
)
var _ = Describe("run netavark", func() {
var (
libpodNet types.ContainerNetwork
confDir string
netNSTest ns.NetNS
netNSContainer ns.NetNS
)
// runTest is a helper function to run a test. It ensures that each test
// is run in its own netns. It also creates a mountns to mount a tmpfs to /var/lib/cni.
runTest := func(run func()) {
netNSTest.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
// we have to setup the loopback adapter in this netns to use port forwarding
link, err := netlink.LinkByName("lo")
Expect(err).To(BeNil(), "Failed to get loopback adapter")
err = netlink.LinkSetUp(link)
Expect(err).To(BeNil(), "Failed to set loopback adapter up")
run()
return nil
})
}
BeforeEach(func() {
if _, ok := os.LookupEnv("NETAVARK_BINARY"); !ok {
Skip("NETAVARK_BINARY not set skip run tests")
}
// set the logrus settings
logrus.SetLevel(logrus.TraceLevel)
// disable extra quotes so we can easily copy the netavark command
logrus.SetFormatter(&logrus.TextFormatter{DisableQuote: true})
logrus.SetOutput(os.Stderr)
// The tests need root privileges.
// Technically we could work around that by using user namespaces and
// the rootless cni code but this is to much work to get it right for a unit test.
if rootless.IsRootless() {
Skip("this test needs to be run as root")
}
var err error
confDir, err = ioutil.TempDir("", "podman_netavark_test")
if err != nil {
Fail("Failed to create tmpdir")
}
netNSTest, err = netns.NewNS()
if err != nil {
Fail("Failed to create netns")
}
netNSContainer, err = netns.NewNS()
if err != nil {
Fail("Failed to create netns")
}
// Force iptables driver, firewalld is broken inside the extra
// namespace because it still connects to firewalld on the host.
_ = os.Setenv("NETAVARK_FW", "iptables")
})
JustBeforeEach(func() {
var err error
libpodNet, err = getNetworkInterface(confDir, false)
if err != nil {
Fail("Failed to create NewCNINetworkInterface")
}
})
AfterEach(func() {
logrus.SetFormatter(&logrus.TextFormatter{})
logrus.SetLevel(logrus.InfoLevel)
os.RemoveAll(confDir)
netns.UnmountNS(netNSTest)
netNSTest.Close()
netns.UnmountNS(netNSContainer)
netNSContainer.Close()
_ = os.Unsetenv("NETAVARK_FW")
})
It("test basic setup", func() {
runTest(func() {
defNet := types.DefaultNetworkName
intName := "eth0"
opts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: "someID",
ContainerName: "someName",
Networks: map[string]types.PerNetworkOptions{
defNet: {
InterfaceName: intName,
},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), opts)
Expect(err).ToNot(HaveOccurred())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(defNet))
Expect(res[defNet].Interfaces).To(HaveKey(intName))
Expect(res[defNet].Interfaces[intName].Subnets).To(HaveLen(1))
ip := res[defNet].Interfaces[intName].Subnets[0].IPNet.IP
Expect(ip.String()).To(ContainSubstring("10.88.0."))
gw := res[defNet].Interfaces[intName].Subnets[0].Gateway
util.NormalizeIP(&gw)
Expect(gw.String()).To(Equal("10.88.0.1"))
macAddress := res[defNet].Interfaces[intName].MacAddress
Expect(macAddress).To(HaveLen(6))
// default network has no dns
Expect(res[defNet].DNSServerIPs).To(BeEmpty())
Expect(res[defNet].DNSSearchDomains).To(BeEmpty())
// check in the container namespace if the settings are applied
err = netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
i, err := net.InterfaceByName(intName)
Expect(err).To(BeNil())
Expect(i.Name).To(Equal(intName))
Expect(i.HardwareAddr).To(Equal(net.HardwareAddr(macAddress)))
addrs, err := i.Addrs()
Expect(err).To(BeNil())
subnet := &net.IPNet{
IP: ip,
Mask: net.CIDRMask(16, 32),
}
Expect(addrs).To(ContainElements(EqualSubnet(subnet)))
// check loopback adapter
i, err = net.InterfaceByName("lo")
Expect(err).To(BeNil())
Expect(i.Name).To(Equal("lo"))
Expect(i.Flags & net.FlagLoopback).To(Equal(net.FlagLoopback))
Expect(i.Flags&net.FlagUp).To(Equal(net.FlagUp), "Loopback adapter should be up")
return nil
})
Expect(err).To(BeNil())
// default bridge name
bridgeName := "podman0"
// check settings on the host side
i, err := net.InterfaceByName(bridgeName)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(bridgeName))
addrs, err := i.Addrs()
Expect(err).ToNot(HaveOccurred())
// test that the gateway ip is assigned to the interface
subnet := &net.IPNet{
IP: gw,
Mask: net.CIDRMask(16, 32),
}
Expect(addrs).To(ContainElements(EqualSubnet(subnet)))
wg := &sync.WaitGroup{}
expected := stringid.GenerateNonCryptoID()
// now check ip connectivity
err = netNSContainer.Do(func(_ ns.NetNS) error {
wg.Add(1)
runNetListener(wg, "tcp", "0.0.0.0", 5000, expected)
return nil
})
Expect(err).ToNot(HaveOccurred())
conn, err := net.Dial("tcp", ip.String()+":5000")
Expect(err).To(BeNil())
_, err = conn.Write([]byte(expected))
Expect(err).To(BeNil())
conn.Close()
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(opts))
Expect(err).ToNot(HaveOccurred())
wg.Wait()
})
})
It("setup two containers", func() {
runTest(func() {
defNet := types.DefaultNetworkName
intName := "eth0"
setupOpts1 := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: stringid.GenerateNonCryptoID(),
Networks: map[string]types.PerNetworkOptions{
defNet: {InterfaceName: intName},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), setupOpts1)
Expect(err).ToNot(HaveOccurred())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(defNet))
Expect(res[defNet].Interfaces).To(HaveKey(intName))
Expect(res[defNet].Interfaces[intName].Subnets).To(HaveLen(1))
ip1 := res[defNet].Interfaces[intName].Subnets[0].IPNet.IP
Expect(ip1.String()).To(ContainSubstring("10.88.0."))
Expect(res[defNet].Interfaces[intName].MacAddress).To(HaveLen(6))
setupOpts2 := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: stringid.GenerateNonCryptoID(),
Networks: map[string]types.PerNetworkOptions{
defNet: {InterfaceName: intName},
},
},
}
netNSContainer2, err := netns.NewNS()
Expect(err).ToNot(HaveOccurred())
defer netns.UnmountNS(netNSContainer2)
defer netNSContainer2.Close()
res, err = libpodNet.Setup(netNSContainer2.Path(), setupOpts2)
Expect(err).ToNot(HaveOccurred())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(defNet))
Expect(res[defNet].Interfaces).To(HaveKey(intName))
Expect(res[defNet].Interfaces[intName].Subnets).To(HaveLen(1))
ip2 := res[defNet].Interfaces[intName].Subnets[0].IPNet.IP
Expect(ip2.String()).To(ContainSubstring("10.88.0."))
Expect(res[defNet].Interfaces[intName].MacAddress).To(HaveLen(6))
Expect(ip1.Equal(ip2)).To(BeFalse(), "IP1 %s should not be equal to IP2 %s", ip1.String(), ip2.String())
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(setupOpts1))
Expect(err).ToNot(HaveOccurred())
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(setupOpts2))
Expect(err).ToNot(HaveOccurred())
})
})
It("setup dualstack network", func() {
runTest(func() {
s1, _ := types.ParseCIDR("10.0.0.1/24")
s2, _ := types.ParseCIDR("fd10:88:a::/64")
network, err := libpodNet.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{Subnet: s1}, {Subnet: s2},
},
})
Expect(err).ToNot(HaveOccurred())
netName := network.Name
intName := "eth0"
setupOpts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: stringid.GenerateNonCryptoID(),
Networks: map[string]types.PerNetworkOptions{
netName: {InterfaceName: intName},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), setupOpts)
Expect(err).ToNot(HaveOccurred())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(netName))
Expect(res[netName].Interfaces).To(HaveKey(intName))
Expect(res[netName].Interfaces[intName].Subnets).To(HaveLen(2))
ip1 := res[netName].Interfaces[intName].Subnets[0].IPNet.IP
Expect(ip1.String()).To(ContainSubstring("10.0.0."))
gw1 := res[netName].Interfaces[intName].Subnets[0].Gateway
Expect(gw1.String()).To(Equal("10.0.0.1"))
ip2 := res[netName].Interfaces[intName].Subnets[1].IPNet.IP
Expect(ip2.String()).To(ContainSubstring("fd10:88:a::"))
gw2 := res[netName].Interfaces[intName].Subnets[0].Gateway
Expect(gw2.String()).To(Equal("fd10:88:a::1"))
Expect(res[netName].Interfaces[intName].MacAddress).To(HaveLen(6))
// check in the container namespace if the settings are applied
err = netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
i, err := net.InterfaceByName(intName)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(intName))
addrs, err := i.Addrs()
Expect(err).ToNot(HaveOccurred())
subnet1 := s1.IPNet
subnet1.IP = ip1
subnet2 := s2.IPNet
subnet2.IP = ip2
Expect(addrs).To(ContainElements(EqualSubnet(&subnet1), EqualSubnet(&subnet2)))
// check loopback adapter
i, err = net.InterfaceByName("lo")
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal("lo"))
Expect(i.Flags & net.FlagLoopback).To(Equal(net.FlagLoopback))
Expect(i.Flags&net.FlagUp).To(Equal(net.FlagUp), "Loopback adapter should be up")
return nil
})
Expect(err).ToNot(HaveOccurred())
bridgeName := network.NetworkInterface
// check settings on the host side
i, err := net.InterfaceByName(bridgeName)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(bridgeName))
addrs, err := i.Addrs()
Expect(err).ToNot(HaveOccurred())
// test that the gateway ip is assigned to the interface
subnet1 := s1.IPNet
subnet1.IP = gw1
subnet2 := s2.IPNet
subnet2.IP = gw2
Expect(addrs).To(ContainElements(EqualSubnet(&subnet1), EqualSubnet(&subnet2)))
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(setupOpts))
Expect(err).ToNot(HaveOccurred())
})
})
It("setup two networks", func() {
runTest(func() {
s1, _ := types.ParseCIDR("10.0.0.1/24")
network1, err := libpodNet.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{Subnet: s1},
},
})
Expect(err).ToNot(HaveOccurred())
netName1 := network1.Name
intName1 := "eth0"
s2, _ := types.ParseCIDR("10.1.0.0/24")
network2, err := libpodNet.NetworkCreate(types.Network{
Subnets: []types.Subnet{
{Subnet: s2},
},
})
Expect(err).ToNot(HaveOccurred())
netName2 := network2.Name
intName2 := "eth1"
setupOpts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: stringid.GenerateNonCryptoID(),
Networks: map[string]types.PerNetworkOptions{
netName1: {InterfaceName: intName1},
netName2: {InterfaceName: intName2},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), setupOpts)
Expect(err).ToNot(HaveOccurred())
Expect(res).To(HaveLen(2))
Expect(res).To(HaveKey(netName1))
Expect(res).To(HaveKey(netName2))
Expect(res[netName1].Interfaces).To(HaveKey(intName1))
Expect(res[netName2].Interfaces).To(HaveKey(intName2))
Expect(res[netName1].Interfaces[intName1].Subnets).To(HaveLen(1))
ip1 := res[netName1].Interfaces[intName1].Subnets[0].IPNet.IP
Expect(ip1.String()).To(ContainSubstring("10.0.0."))
gw1 := res[netName1].Interfaces[intName1].Subnets[0].Gateway
Expect(gw1.String()).To(Equal("10.0.0.1"))
ip2 := res[netName2].Interfaces[intName2].Subnets[0].IPNet.IP
Expect(ip2.String()).To(ContainSubstring("10.1.0."))
gw2 := res[netName2].Interfaces[intName2].Subnets[0].Gateway
Expect(gw2.String()).To(Equal("10.1.0.1"))
mac1 := res[netName1].Interfaces[intName1].MacAddress
Expect(mac1).To(HaveLen(6))
mac2 := res[netName2].Interfaces[intName2].MacAddress
Expect(mac2).To(HaveLen(6))
// check in the container namespace if the settings are applied
err = netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
i, err := net.InterfaceByName(intName1)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(intName1))
addrs, err := i.Addrs()
Expect(err).ToNot(HaveOccurred())
subnet1 := s1.IPNet
subnet1.IP = ip1
Expect(addrs).To(ContainElements(EqualSubnet(&subnet1)))
i, err = net.InterfaceByName(intName2)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(intName2))
addrs, err = i.Addrs()
Expect(err).ToNot(HaveOccurred())
subnet2 := s2.IPNet
subnet2.IP = ip2
Expect(addrs).To(ContainElements(EqualSubnet(&subnet2)))
// check loopback adapter
i, err = net.InterfaceByName("lo")
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal("lo"))
Expect(i.Flags & net.FlagLoopback).To(Equal(net.FlagLoopback))
Expect(i.Flags&net.FlagUp).To(Equal(net.FlagUp), "Loopback adapter should be up")
return nil
})
Expect(err).ToNot(HaveOccurred())
bridgeName1 := network1.NetworkInterface
// check settings on the host side
i, err := net.InterfaceByName(bridgeName1)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(bridgeName1))
addrs, err := i.Addrs()
Expect(err).ToNot(HaveOccurred())
// test that the gateway ip is assigned to the interface
subnet1 := s1.IPNet
subnet1.IP = gw1
Expect(addrs).To(ContainElements(EqualSubnet(&subnet1)))
bridgeName2 := network2.NetworkInterface
// check settings on the host side
i, err = net.InterfaceByName(bridgeName2)
Expect(err).ToNot(HaveOccurred())
Expect(i.Name).To(Equal(bridgeName2))
addrs, err = i.Addrs()
Expect(err).ToNot(HaveOccurred())
// test that the gateway ip is assigned to the interface
subnet2 := s2.IPNet
subnet2.IP = gw2
Expect(addrs).To(ContainElements(EqualSubnet(&subnet2)))
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(setupOpts))
Expect(err).ToNot(HaveOccurred())
})
})
for _, proto := range []string{"tcp", "udp"} {
// copy proto to extra var to keep correct references in the goroutines
protocol := proto
It("run with exposed ports protocol "+protocol, func() {
runTest(func() {
testdata := stringid.GenerateNonCryptoID()
defNet := types.DefaultNetworkName
intName := "eth0"
setupOpts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: stringid.GenerateNonCryptoID(),
PortMappings: []types.PortMapping{{
Protocol: protocol,
HostIP: "127.0.0.1",
HostPort: 5000,
ContainerPort: 5000,
}},
Networks: map[string]types.PerNetworkOptions{
defNet: {InterfaceName: intName},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), setupOpts)
Expect(err).To(BeNil())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(defNet))
Expect(res[defNet].Interfaces).To(HaveKey(intName))
Expect(res[defNet].Interfaces[intName].Subnets).To(HaveLen(1))
Expect(res[defNet].Interfaces[intName].Subnets[0].IPNet.IP.String()).To(ContainSubstring("10.88.0."))
Expect(res[defNet].Interfaces[intName].MacAddress).To(HaveLen(6))
// default network has no dns
Expect(res[defNet].DNSServerIPs).To(BeEmpty())
Expect(res[defNet].DNSSearchDomains).To(BeEmpty())
var wg sync.WaitGroup
wg.Add(1)
// start a listener in the container ns
err = netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
runNetListener(&wg, protocol, "0.0.0.0", 5000, testdata)
return nil
})
Expect(err).To(BeNil())
conn, err := net.Dial(protocol, "127.0.0.1:5000")
Expect(err).To(BeNil())
_, err = conn.Write([]byte(testdata))
Expect(err).To(BeNil())
conn.Close()
// wait for the listener to finish
wg.Wait()
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(setupOpts))
Expect(err).To(BeNil())
})
})
It("run with range ports protocol "+protocol, func() {
runTest(func() {
defNet := types.DefaultNetworkName
intName := "eth0"
setupOpts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: stringid.GenerateNonCryptoID(),
PortMappings: []types.PortMapping{{
Protocol: protocol,
HostIP: "127.0.0.1",
HostPort: 5001,
ContainerPort: 5000,
Range: 3,
}},
Networks: map[string]types.PerNetworkOptions{
defNet: {InterfaceName: intName},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), setupOpts)
Expect(err).To(BeNil())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(defNet))
Expect(res[defNet].Interfaces).To(HaveKey(intName))
Expect(res[defNet].Interfaces[intName].Subnets).To(HaveLen(1))
containerIP := res[defNet].Interfaces[intName].Subnets[0].IPNet.IP.String()
Expect(containerIP).To(ContainSubstring("10.88.0."))
Expect(res[defNet].Interfaces[intName].MacAddress).To(HaveLen(6))
// default network has no dns
Expect(res[defNet].DNSServerIPs).To(BeEmpty())
Expect(res[defNet].DNSSearchDomains).To(BeEmpty())
// loop over all ports
for p := 5001; p < 5004; p++ {
port := p
var wg sync.WaitGroup
wg.Add(1)
testdata := stringid.GenerateNonCryptoID()
// start a listener in the container ns
err = netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
runNetListener(&wg, protocol, containerIP, port-1, testdata)
return nil
})
Expect(err).To(BeNil())
conn, err := net.Dial(protocol, net.JoinHostPort("127.0.0.1", strconv.Itoa(port)))
Expect(err).To(BeNil())
_, err = conn.Write([]byte(testdata))
Expect(err).To(BeNil())
conn.Close()
// wait for the listener to finish
wg.Wait()
}
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(setupOpts))
Expect(err).To(BeNil())
})
})
}
It("simple teardown", func() {
runTest(func() {
defNet := types.DefaultNetworkName
intName := "eth0"
opts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: "someID",
ContainerName: "someName",
Networks: map[string]types.PerNetworkOptions{
defNet: {
InterfaceName: intName,
},
},
},
}
res, err := libpodNet.Setup(netNSContainer.Path(), opts)
Expect(err).ToNot(HaveOccurred())
Expect(res).To(HaveLen(1))
Expect(res).To(HaveKey(defNet))
Expect(res[defNet].Interfaces).To(HaveKey(intName))
Expect(res[defNet].Interfaces[intName].Subnets).To(HaveLen(1))
ip := res[defNet].Interfaces[intName].Subnets[0].IPNet.IP
Expect(ip.String()).To(ContainSubstring("10.88.0."))
gw := res[defNet].Interfaces[intName].Subnets[0].Gateway
Expect(gw.String()).To(Equal("10.88.0.1"))
macAddress := res[defNet].Interfaces[intName].MacAddress
Expect(macAddress).To(HaveLen(6))
err = libpodNet.Teardown(netNSContainer.Path(), types.TeardownOptions(opts))
Expect(err).ToNot(HaveOccurred())
err = netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
// check that the container interface is removed
_, err := net.InterfaceByName(intName)
Expect(err).To(HaveOccurred())
return nil
})
Expect(err).ToNot(HaveOccurred())
// default bridge name
bridgeName := "podman0"
// check that bridge interface was removed
_, err = net.InterfaceByName(bridgeName)
Expect(err).To(HaveOccurred())
})
})
It("test netavark error", func() {
runTest(func() {
intName := "eth0"
err := netNSContainer.Do(func(_ ns.NetNS) error {
defer GinkgoRecover()
attr := netlink.NewLinkAttrs()
attr.Name = "eth0"
err := netlink.LinkAdd(&netlink.Bridge{LinkAttrs: attr})
Expect(err).ToNot(HaveOccurred())
return nil
})
Expect(err).ToNot(HaveOccurred())
defNet := types.DefaultNetworkName
opts := types.SetupOptions{
NetworkOptions: types.NetworkOptions{
ContainerID: "someID",
ContainerName: "someName",
Networks: map[string]types.PerNetworkOptions{
defNet: {
InterfaceName: intName,
},
},
},
}
_, err = libpodNet.Setup(netNSContainer.Path(), opts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("interface eth0 already exists on container namespace"))
})
})
})
func runNetListener(wg *sync.WaitGroup, protocol, ip string, port int, expectedData string) {
switch protocol {
case "tcp":
ln, err := net.Listen(protocol, net.JoinHostPort(ip, strconv.Itoa(port)))
Expect(err).To(BeNil())
// make sure to read in a separate goroutine to not block
go func() {
defer GinkgoRecover()
defer wg.Done()
defer ln.Close()
conn, err := ln.Accept()
Expect(err).To(BeNil())
defer conn.Close()
conn.SetDeadline(time.Now().Add(1 * time.Second))
data, err := ioutil.ReadAll(conn)
Expect(err).To(BeNil())
Expect(string(data)).To(Equal(expectedData))
}()
case "udp":
conn, err := net.ListenUDP("udp", &net.UDPAddr{
IP: net.ParseIP(ip),
Port: port,
})
Expect(err).To(BeNil())
conn.SetDeadline(time.Now().Add(1 * time.Second))
go func() {
defer GinkgoRecover()
defer wg.Done()
defer conn.Close()
data := make([]byte, len(expectedData))
i, err := conn.Read(data)
Expect(err).To(BeNil())
Expect(i).To(Equal(len(expectedData)))
Expect(string(data)).To(Equal(expectedData))
}()
default:
Fail("unsupported protocol")
}
}

16
libpod/network/netavark/testfiles/invalid/broken.json
View file

@ -1,16 +0,0 @@
{
"name": "bridge",
"id": "17f29b073143d8cd97b5bbe492bdeffec1c5fee55cc1fe2112c8b9335f8b6121",
"driver": "bridge",
"network_interface": "podman9",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1",
"lease_range": {
"start_ip": "10.89.8.20",
"end_ip": "10.89.8.50"
}
}
],

19
libpod/network/netavark/testfiles/invalid/invalid name.json
View file

@ -1,19 +0,0 @@
{
"name": "invalid name",
"id": "6839f44f0fd01c5c5830856b66a1d7ce46842dd8798be0addf96f7255ce9f889",
"driver": "bridge",
"network_interface": "podman9",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}

19
libpod/network/netavark/testfiles/invalid/invalid_gateway.json
View file

@ -1,19 +0,0 @@
{
"name": "invalid_gateway",
"id": "49be6e401e7f8b9844afb969dcbc96e78205ed86ec1e5a46150bd4ab4fdd5686",
"driver": "bridge",
"network_interface": "podman9",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.9.0/24",
"gateway": "10.89.100.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}

19
libpod/network/netavark/testfiles/invalid/name_missmatch.json
View file

@ -1,19 +0,0 @@
{
"name": "name_miss",
"id": "3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f",
"driver": "bridge",
"network_interface": "podman8",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.7.0/24",
"gateway": "10.89.7.1"
}
],
"ipv6_enabled": false,
"internal": true,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}

19
libpod/network/netavark/testfiles/invalid/wrongID.json
View file

@ -1,19 +0,0 @@
{
"name": "wrongID",
"id": "someID",
"driver": "bridge",
"network_interface": "podman1",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.0.0/24",
"gateway": "10.89.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}

23
libpod/network/netavark/testfiles/valid/bridge.json
View file

@ -1,23 +0,0 @@
{
"name": "bridge",
"id": "17f29b073143d8cd97b5bbe492bdeffec1c5fee55cc1fe2112c8b9335f8b6121",
"driver": "bridge",
"network_interface": "podman9",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.8.0/24",
"gateway": "10.89.8.1",
"lease_range": {
"start_ip": "10.89.8.20",
"end_ip": "10.89.8.50"
}
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}

23
libpod/network/netavark/testfiles/valid/dualstack.json
View file

@ -1,23 +0,0 @@
{
"name": "dualstack",
"id": "6839f44f0fd01c5c5830856b66a1d7ce46842dd8798be0addf96f7255ce9f889",
"driver": "bridge",
"network_interface": "podman21",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "fd10:88:a::/64",
"gateway": "fd10:88:a::1"
},
{
"subnet": "10.89.19.0/24",
"gateway": "10.89.19.10"
}
],
"ipv6_enabled": true,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}

18
libpod/network/netavark/testfiles/valid/internal.json
View file

@ -1,18 +0,0 @@
{
"name": "internal",
"id": "3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f",
"driver": "bridge",
"network_interface": "podman8",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.7.0/24"
}
],
"ipv6_enabled": false,
"internal": true,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}

22
libpod/network/netavark/testfiles/valid/label.json
View file

@ -1,22 +0,0 @@
{
"name": "label",
"id": "1aca80e8b55c802f7b43740da2990e1b5735bbb323d93eb5ebda8395b04025e2",
"driver": "bridge",
"network_interface": "podman15",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.13.0/24",
"gateway": "10.89.13.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"labels": {
"mykey": "value"
},
"ipam_options": {
"driver": "host-local"
}
}

22
libpod/network/netavark/testfiles/valid/mtu.json
View file

@ -1,22 +0,0 @@
{
"name": "mtu",
"id": "49be6e401e7f8b9844afb969dcbc96e78205ed86ec1e5a46150bd4ab4fdd5686",
"driver": "bridge",
"network_interface": "podman13",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.11.0/24",
"gateway": "10.89.11.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"options": {
"mtu": "1500"
},
"ipam_options": {
"driver": "host-local"
}
}

19
libpod/network/netavark/testfiles/valid/podman.json
View file

@ -1,19 +0,0 @@
{
"name": "podman",
"id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9",
"driver": "bridge",
"network_interface": "podman0",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}

22
libpod/network/netavark/testfiles/valid/vlan.json
View file

@ -1,22 +0,0 @@
{
"name": "vlan",
"id": "c3b258168c41c0bce97616716bef315eeed33eb1142904bfe7f32eb392c7cf80",
"driver": "bridge",
"network_interface": "podman14",
"created": "2021-10-06T18:50:54.25770461+02:00",
"subnets": [
{
"subnet": "10.89.12.0/24",
"gateway": "10.89.12.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"options": {
"vlan": "5"
},
"ipam_options": {
"driver": "host-local"
}
}

82
libpod/network/types/network_test.go
View file

@ -1,82 +0,0 @@
package types_test
import (
"encoding/json"
"reflect"
"testing"
"github.com/containers/podman/v3/libpod/network/types"
)
func TestUnmarshalMacAddress(t *testing.T) {
tests := []struct {
name string
json string
want types.HardwareAddr
wantErr bool
}{
{
name: "mac as string with colon",
json: `"52:54:00:1c:2e:46"`,
want: types.HardwareAddr{0x52, 0x54, 0x00, 0x1c, 0x2e, 0x46},
},
{
name: "mac as string with dash",
json: `"52-54-00-1c-2e-46"`,
want: types.HardwareAddr{0x52, 0x54, 0x00, 0x1c, 0x2e, 0x46},
},
{
name: "mac as byte array",
json: `[82, 84, 0, 28, 46, 70]`,
want: types.HardwareAddr{0x52, 0x54, 0x00, 0x1c, 0x2e, 0x46},
},
{
name: "null value",
json: `null`,
want: nil,
},
{
name: "mac as base64",
json: `"qrvM3e7/"`,
want: types.HardwareAddr{0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
},
{
name: "invalid string",
json: `"52:54:00:1c:2e`,
wantErr: true,
},
{
name: "invalid array",
json: `[82, 84, 0, 28, 46`,
wantErr: true,
},
{
name: "invalid value",
json: `ab`,
wantErr: true,
},
{
name: "invalid object",
json: `{}`,
wantErr: true,
},
}
for _, tt := range tests {
test := tt
t.Run(test.name, func(t *testing.T) {
mac := types.HardwareAddr{}
err := json.Unmarshal([]byte(test.json), &mac)
if (err != nil) != test.wantErr {
t.Errorf("types.HardwareAddress Unmarshal() error = %v, wantErr %v", err, test.wantErr)
return
}
if test.wantErr {
return
}
if !reflect.DeepEqual(mac, test.want) {
t.Errorf("types.HardwareAddress Unmarshal() got = %v, want %v", mac, test.want)
}
})
}
}

73
libpod/network/util/ip_test.go
View file

@ -1,73 +0,0 @@
package util
import (
"net"
"testing"
)
func parseCIDR(n string) *net.IPNet {
_, parsedNet, _ := net.ParseCIDR(n)
return parsedNet
}
func TestFirstIPInSubnet(t *testing.T) {
tests := []struct {
name string
args *net.IPNet
want net.IP
wantErr bool
}{
{"class b", parseCIDR("192.168.0.0/16"), net.ParseIP("192.168.0.1"), false},
{"class c", parseCIDR("192.168.1.0/24"), net.ParseIP("192.168.1.1"), false},
{"cidr /23", parseCIDR("192.168.0.0/23"), net.ParseIP("192.168.0.1"), false},
{"cidr /25", parseCIDR("192.168.1.0/25"), net.ParseIP("192.168.1.1"), false},
{"cidr /26", parseCIDR("172.16.1.128/26"), net.ParseIP("172.16.1.129"), false},
{"class a", parseCIDR("10.0.0.0/8"), net.ParseIP("10.0.0.1"), false},
{"cidr /32", parseCIDR("192.168.255.4/32"), net.ParseIP("192.168.255.4"), false},
{"cidr /31", parseCIDR("192.168.255.4/31"), net.ParseIP("192.168.255.5"), false},
}
for _, tt := range tests {
test := tt
t.Run(test.name, func(t *testing.T) {
got, err := FirstIPInSubnet(test.args)
if (err != nil) != test.wantErr {
t.Errorf("FirstIPInSubnet() error = %v, wantErr %v", err, test.wantErr)
return
}
if !got.Equal(test.want) {
t.Errorf("FirstIPInSubnet() got = %v, want %v", got, test.want)
}
})
}
}
func TestLastIPInSubnet(t *testing.T) {
tests := []struct {
name string
args *net.IPNet
want net.IP
wantErr bool
}{
{"class b", parseCIDR("192.168.0.0/16"), net.ParseIP("192.168.255.255"), false},
{"class c", parseCIDR("192.168.1.0/24"), net.ParseIP("192.168.1.255"), false},
{"cidr /23", parseCIDR("192.168.0.0/23"), net.ParseIP("192.168.1.255"), false},
{"cidr /25", parseCIDR("192.168.1.0/25"), net.ParseIP("192.168.1.127"), false},
{"cidr /26", parseCIDR("172.16.1.128/26"), net.ParseIP("172.16.1.191"), false},
{"class a", parseCIDR("10.0.0.0/8"), net.ParseIP("10.255.255.255"), false},
{"cidr /32", parseCIDR("192.168.255.4/32"), net.ParseIP("192.168.255.4"), false},
{"cidr /31", parseCIDR("192.168.255.4/31"), net.ParseIP("192.168.255.5"), false},
}
for _, tt := range tests {
test := tt
t.Run(test.name, func(t *testing.T) {
got, err := LastIPInSubnet(test.args)
if (err != nil) != test.wantErr {
t.Errorf("LastIPInSubnet() error = %v, wantErr %v", err, test.wantErr)
return
}
if !got.Equal(test.want) {
t.Errorf("LastIPInSubnet() got = %v, want %v", got, test.want)
}
})
}
}

4
libpod/networking_linux.go
View file

@ -19,12 +19,12 @@ import (
"time"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/netns"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/errorhandling"
"github.com/containers/podman/v3/pkg/namespaces"
"github.com/containers/podman/v3/pkg/netns"
"github.com/containers/podman/v3/pkg/resolvconf"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/util"

2
libpod/networking_linux_test.go
View file

@ -8,8 +8,8 @@ import (
"github.com/stretchr/testify/assert"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
)
func Test_ocicniPortsToNetTypesPorts(t *testing.T) {

2
libpod/networking_machine.go
View file

@ -12,7 +12,7 @@ import (
"strconv"
"strings"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/sirupsen/logrus"
)

2
libpod/networking_slirp4netns.go
View file

@ -17,7 +17,7 @@ import (
"time"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/pkg/errorhandling"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/rootlessport"

2
libpod/oci_util.go
View file

@ -8,8 +8,8 @@ import (
"strings"
"time"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)

2
libpod/options.go
View file

@ -8,13 +8,13 @@ import (
"syscall"
"github.com/containers/buildah/pkg/parse"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/common/pkg/secrets"
"github.com/containers/image/v5/manifest"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
nettypes "github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/namespaces"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/specgen"

49
libpod/runtime.go
View file

@ -19,6 +19,8 @@ import (
"github.com/containers/buildah/pkg/parse"
"github.com/containers/common/libimage"
"github.com/containers/common/libnetwork/network"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/cgroups"
"github.com/containers/common/pkg/config"
"github.com/containers/common/pkg/secrets"
@ -28,9 +30,6 @@ import (
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/libpod/lock"
"github.com/containers/podman/v3/libpod/network/cni"
"github.com/containers/podman/v3/libpod/network/netavark"
nettypes "github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/libpod/plugin"
"github.com/containers/podman/v3/libpod/shutdown"
"github.com/containers/podman/v3/pkg/rootless"
@ -490,50 +489,16 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
}
}
var netInterface nettypes.ContainerNetwork
switch runtime.config.Network.NetworkBackend {
case "", "cni":
netInterface, err = cni.NewCNINetworkInterface(cni.InitConfig{
CNIConfigDir: runtime.config.Network.NetworkConfigDir,
CNIPluginDirs: runtime.config.Network.CNIPluginDirs,
DefaultNetwork: runtime.config.Network.DefaultNetwork,
DefaultSubnet: runtime.config.Network.DefaultSubnet,
IsMachine: runtime.config.Engine.MachineEnabled,
LockFile: filepath.Join(runtime.config.Network.NetworkConfigDir, "cni.lock"),
})
if err != nil {
return errors.Wrapf(err, "could not create network interface")
}
if runtime.config.Network.NetworkBackend == "" {
// set backend to cni so that podman info can display it
runtime.config.Network.NetworkBackend = "cni"
}
case "netavark":
netavarkBin, err := runtime.config.FindHelperBinary("netavark", false)
// the store is only setup when we are in the userns so we do the same for the network interface
if !needsUserns {
netBackend, netInterface, err := network.NetworkBackend(runtime.store, runtime.config, runtime.syslog)
if err != nil {
return err
}
netInterface, err = netavark.NewNetworkInterface(netavark.InitConfig{
NetavarkBinary: netavarkBin,
NetworkConfigDir: filepath.Join(runtime.config.Engine.StaticDir, "networks"),
DefaultNetwork: runtime.config.Network.DefaultNetwork,
DefaultSubnet: runtime.config.Network.DefaultSubnet,
IsMachine: runtime.config.Engine.MachineEnabled,
LockFile: filepath.Join(runtime.config.Network.NetworkConfigDir, "netavark.lock"),
Syslog: runtime.syslog,
})
if err != nil {
return errors.Wrapf(err, "could not create network interface")
}
default:
return errors.Errorf("unsupported network backend %q, check network_backend in containers.conf", runtime.config.Network.NetworkBackend)
runtime.config.Network.NetworkBackend = string(netBackend)
runtime.network = netInterface
}
runtime.network = netInterface
// We now need to see if the system has restarted
// We check for the presence of a file in our tmp directory to verify this
// This check must be locked to prevent races

2
libpod/runtime_ctr.go
View file

@ -10,11 +10,11 @@ import (
"time"
"github.com/containers/buildah"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/cgroups"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/libpod/shutdown"
"github.com/containers/podman/v3/pkg/domain/entities/reports"
"github.com/containers/podman/v3/pkg/rootless"

2
libpod/runtime_img.go
View file

@ -96,6 +96,8 @@ func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions,
if options.Runtime == "" {
options.Runtime = r.GetOCIRuntimePath()
}
// share the network interface between podman and buildah
options.NetworkInterface = r.network
id, ref, err := imagebuildah.BuildDockerfiles(ctx, r.store, options, dockerfiles...)
// Write event for build completion
r.newImageBuildCompleteEvent(id)

2
libpod/state.go
View file

@ -1,6 +1,6 @@
package libpod
import "github.com/containers/podman/v3/libpod/network/types"
import "github.com/containers/common/libnetwork/types"
// State is a storage backend for libpod's current state.
// A State is only initialized once per instance of libpod.

2
libpod/state_test.go
View file

@ -8,10 +8,10 @@ import (
"testing"
"time"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/lock"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/storage"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

2
libpod/util.go
View file

@ -13,9 +13,9 @@ import (
"strings"
"time"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/utils"
"github.com/fsnotify/fsnotify"
spec "github.com/opencontainers/runtime-spec/specs-go"

12
pkg/api/handlers/compat/images_build.go
View file

@ -16,7 +16,6 @@ import (
"github.com/containers/buildah"
buildahDefine "github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/buildah/util"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/pkg/api/handlers/utils"
@ -74,6 +73,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
AdditionalCapabilities string `schema:"addcaps"`
Annotations string `schema:"annotations"`
AppArmor string `schema:"apparmor"`
AllPlatforms bool `schema:"allplatforms"`
BuildArgs string `schema:"buildargs"`
CacheFrom string `schema:"cachefrom"`
Compression uint64 `schema:"compression"`
@ -122,6 +122,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Target string `schema:"target"`
Timestamp int64 `schema:"timestamp"`
Ulimits string `schema:"ulimits"`
UnsetEnvs []string `schema:"unsetenv"`
Secrets string `schema:"secrets"`
}{
Dockerfile: "Dockerfile",
@ -491,16 +492,12 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
defer reporter.Close()
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
rtc, err := runtime.GetConfig()
if err != nil {
utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()"))
return
}
buildOptions := buildahDefine.BuildOptions{
AddCapabilities: addCaps,
AdditionalTags: additionalTags,
Annotations: annotations,
Args: buildArgs,
AllPlatforms: query.AllPlatforms,
CommonBuildOpts: &buildah.CommonBuildOptions{
AddHost: addhosts,
ApparmorProfile: apparmor,
@ -522,8 +519,6 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Ulimit: ulimits,
Secrets: secrets,
},
CNIConfigDir: rtc.Network.CNIPluginDirs[0],
CNIPluginPath: util.DefaultCNIPluginPath,
Compression: compression,
ConfigureNetwork: parseNetworkConfigurationPolicy(query.ConfigureNetwork),
ContextDirectory: contextDirectory,
@ -556,6 +551,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Squash: query.Squash,
Target: query.Target,
SystemContext: systemContext,
UnsetEnvs: query.UnsetEnvs,
}
for _, platformSpec := range query.Platform {

4
pkg/api/handlers/compat/networks.go
View file

@ -6,10 +6,10 @@ import (
"net"
"net/http"
nettypes "github.com/containers/common/libnetwork/types"
netutil "github.com/containers/common/libnetwork/util"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
nettypes "github.com/containers/podman/v3/libpod/network/types"
netutil "github.com/containers/podman/v3/libpod/network/util"
"github.com/containers/podman/v3/pkg/api/handlers/utils"
api "github.com/containers/podman/v3/pkg/api/types"
"github.com/containers/podman/v3/pkg/domain/entities"

2
pkg/api/handlers/libpod/networks.go
View file

@ -4,9 +4,9 @@ import (
"encoding/json"
"net/http"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/api/handlers/utils"
api "github.com/containers/podman/v3/pkg/api/types"
"github.com/containers/podman/v3/pkg/domain/entities"

2
pkg/api/handlers/libpod/swagger.go
View file

@ -4,9 +4,9 @@ import (
"net/http"
"os"
"github.com/containers/common/libnetwork/types"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/api/handlers/utils"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/pkg/errors"

14
pkg/api/server/register_images.go
View file

@ -1388,6 +1388,14 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// default: latest
// description: A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default latest value is assumed. You can provide several t parameters.
// - in: query
// name: allplatforms
// type: boolean
// default: false
// description: |
// Instead of building for a set of platforms specified using the platform option, inspect the build's base images,
// and build for all of the platforms that are available. Stages that use *scratch* as a starting point can not be inspected,
// so at least one non-*scratch* stage must be present for detection to work usefully.
// - in: query
// name: extrahosts
// type: string
// default:
@ -1570,6 +1578,12 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// description: |
// Inject http proxy environment variables into container
// (As of version 2.0.0)
// - in: query
// name: unsetenv
// description: Unset environment variables from the final image.
// type: array
// items:
// type: string
// produces:
// - application/json
// responses:

10
pkg/bindings/images/build.go
View file

@ -62,6 +62,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
}
params.Set("annotations", l)
}
if options.AllPlatforms {
params.Add("allplatforms", "1")
}
params.Add("t", options.Output)
for _, tag := range options.AdditionalTags {
params.Add("t", tag)
@ -289,6 +294,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
}
params.Set("ulimits", string(ulimitsJSON))
}
for _, uenv := range options.UnsetEnvs {
params.Add("unsetenv", uenv)
}
var (
headers map[string]string
err error

2
pkg/bindings/network/network.go
View file

@ -5,7 +5,7 @@ import (
"net/http"
"strings"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/pkg/bindings"
"github.com/containers/podman/v3/pkg/domain/entities"
jsoniter "github.com/json-iterator/go"

2
pkg/bindings/test/networks_test.go
View file

@ -6,7 +6,7 @@ import (
"net/http"
"time"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/pkg/bindings"
"github.com/containers/podman/v3/pkg/bindings/containers"
"github.com/containers/podman/v3/pkg/bindings/network"

2
pkg/domain/entities/container_ps.go
View file

@ -5,7 +5,7 @@ import (
"strings"
"time"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/pkg/ps/define"
"github.com/pkg/errors"
)

2
pkg/domain/entities/containers.go
View file

@ -6,9 +6,9 @@ import (
"os"
"time"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v3/libpod/define"
nettypes "github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/storage/pkg/archive"
)

2
pkg/domain/entities/engine_container.go
View file

@ -4,9 +4,9 @@ import (
"context"
"io"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/domain/entities/reports"
"github.com/containers/podman/v3/pkg/specgen"
)

2
pkg/domain/entities/network.go
View file

@ -3,7 +3,7 @@ package entities
import (
"net"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
)
// NetworkListOptions describes options for listing networks in cli

2
pkg/domain/entities/types.go
View file

@ -4,9 +4,9 @@ import (
"net"
buildahDefine "github.com/containers/buildah/define"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/storage/pkg/archive"
)

4
pkg/domain/infra/abi/network.go
View file

@ -3,9 +3,9 @@ package abi
import (
"context"
"github.com/containers/common/libnetwork/types"
netutil "github.com/containers/common/libnetwork/util"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
netutil "github.com/containers/podman/v3/libpod/network/util"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/util"
"github.com/pkg/errors"

2
pkg/domain/infra/abi/play.go
View file

@ -13,11 +13,11 @@ import (
buildahDefine "github.com/containers/buildah/define"
"github.com/containers/common/libimage"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
nettypes "github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/autoupdate"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/specgen"

2
pkg/domain/infra/tunnel/network.go
View file

@ -3,8 +3,8 @@ package tunnel
import (
"context"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/bindings/network"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/errorhandling"

2
pkg/rootlessport/rootlessport_linux.go
View file

@ -12,7 +12,7 @@
package rootlessport
import (
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
)
const (

2
pkg/specgen/generate/kube/kube.go
View file

@ -9,11 +9,11 @@ import (
"time"
"github.com/containers/common/libimage"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/parse"
"github.com/containers/common/pkg/secrets"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
ann "github.com/containers/podman/v3/pkg/annotations"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/specgen"

2
pkg/specgen/generate/namespaces.go
View file

@ -7,10 +7,10 @@ import (
"strings"
"github.com/containers/common/libimage"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"

2
pkg/specgen/generate/ports.go
View file

@ -8,7 +8,7 @@ import (
"strings"
"github.com/containers/common/libimage"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/utils"
"github.com/containers/podman/v3/pkg/specgen"

2
pkg/specgen/generate/ports_bench_test.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
"testing"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
)
func benchmarkParsePortMapping(b *testing.B, ports []types.PortMapping) {

2
pkg/specgen/generate/ports_test.go
View file

@ -3,7 +3,7 @@ package generate
import (
"testing"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/stretchr/testify/assert"
)

2
pkg/specgen/namespaces.go
View file

@ -6,9 +6,9 @@ import (
"os"
"strings"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/cgroups"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/util"
"github.com/containers/storage"

2
pkg/specgen/namespaces_test.go
View file

@ -4,7 +4,7 @@ import (
"net"
"testing"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/stretchr/testify/assert"
)

2
pkg/specgen/podspecgen.go
View file

@ -3,7 +3,7 @@ package specgen
import (
"net"
"github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/common/libnetwork/types"
spec "github.com/opencontainers/runtime-spec/specs-go"
)

2
pkg/specgen/specgen.go
View file

@ -6,8 +6,8 @@ import (
"syscall"
"github.com/containers/common/libimage"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/image/v5/manifest"
nettypes "github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/storage/types"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"

2
pkg/specgenutil/util.go
View file

@ -7,8 +7,8 @@ import (
"strconv"
"strings"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod/network/types"
storageTypes "github.com/containers/storage/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"

2
test/apiv2/20-containers.at
View file

@ -177,7 +177,7 @@ t GET libpod/containers/myctr/json 200 \
.ResolvConfPath=$userdata_path/resolv.conf \
.HostnamePath=$userdata_path/hostname \
.HostsPath=$userdata_path/hosts \
.NetworkSettings.SandboxKey~.*/netns/cni- \
.NetworkSettings.SandboxKey~.*/netns/netns- \
.OCIConfigPath~.*config\.json \
.GraphDriver.Data.MergedDir~.*merged

25
test/buildah-bud/apply-podman-deltas
View file

@ -112,6 +112,7 @@ function skip_if_remote() {
###############################################################################
# BEGIN differences in error messages between buildah and podman
errmsg "non-directory/Dockerfile: not a directory" \
"Error: context must be a directory:" \
"bud with a path to a Dockerfile (-f) containing a non-directory entry"
@ -177,7 +178,9 @@ skip_if_remote "--runtime not meaningful under podman-remote" \
skip_if_remote "secret files not implemented under podman-remote" \
"bud with containerfile secret" \
"bud with containerfile secret accessed on second RUN" \
"bud with containerfile secret options"
"bud with containerfile secret options" \
"bud with containerfile env secret" \
"bud with containerfile env secret priority"
skip_if_remote "volumes don't work with podman-remote" \
"buildah bud --volume" \
@ -188,18 +191,20 @@ skip_if_remote "--stdin option will not be implemented in podman-remote" \
"bud test no --stdin"
###############################################################################
# BEGIN tests which are skipped due to actual podman-remote bugs.
# BEGIN tests which are skipped due to actual podman or podman-remote bugs.
###############################################################################
# BEGIN emergency handling of github git-protocol shutdown
#
# Please remove this as soon as we vendor buildah with #3701
skip_if_remote "Podman #12838: different error messages" \
"bud with .dockerignore #2"
skip "emergency workaround until buildah #3701 gets vendored in" \
"bud-git-context" \
"bud using gitrepo and branch"
# These two tests, new in 2022-01, invoke podman (create, export) in ways
# that don't work with podman-remote due to the use of --registries-conf
skip_if_remote "FIXME FIXME FIXME: find a way to clean up their podman calls" \
"bud with run should not leave mounts behind cleanup test" \
"bud with custom files in /run/ should persist cleanup test"
skip_if_remote "Do envariables work with -remote? Please look into this." \
"build proxy"
# END emergency handling of github git-protocol shutdown
###############################################################################
# Done.

32
test/buildah-bud/buildah-tests.diff
View file

@ -1,15 +1,15 @@
From 5baab334cac9853c1d4bae9466d46dbbe5ff7158 Mon Sep 17 00:00:00 2001
From c18638abfbc1066442cf6ff0b3f012a5c25a918e Mon Sep 17 00:00:00 2001
From: Ed Santiago <santiago@redhat.com>
Date: Tue, 9 Feb 2021 17:28:05 -0700
Subject: [PATCH] tweaks for running buildah tests under podman
Signed-off-by: Ed Santiago <santiago@redhat.com>
---
tests/helpers.bash | 71 +++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 67 insertions(+), 4 deletions(-)
tests/helpers.bash | 72 +++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 68 insertions(+), 4 deletions(-)
diff --git a/tests/helpers.bash b/tests/helpers.bash
index 166316d5..775d7c9b 100644
index bd2794c9..ecf6ed7d 100644
--- a/tests/helpers.bash
+++ b/tests/helpers.bash
@@ -43,6 +43,23 @@ EOF
@ -36,9 +36,9 @@ index 166316d5..775d7c9b 100644
}
function starthttpd() {
@@ -84,6 +101,12 @@ function teardown(){
function teardown_tests() {
@@ -85,6 +102,12 @@ function teardown_tests() {
stophttpd
stop_git_daemon
+ if [[ -n "$PODMAN_SERVER_PID" ]]; then
+ kill $PODMAN_SERVER_PID
@ -49,7 +49,7 @@ index 166316d5..775d7c9b 100644
# Workaround for #1991 - buildah + overlayfs leaks mount points.
# Many tests leave behind /var/tmp/.../root/overlay and sub-mounts;
# let's find those and clean them up, otherwise 'rm -rf' fails.
@@ -156,7 +179,13 @@ function copy() {
@@ -157,7 +180,13 @@ function copy() {
}
function podman() {
@ -64,7 +64,7 @@ index 166316d5..775d7c9b 100644
}
#################
@@ -191,15 +220,40 @@ function run_buildah() {
@@ -192,15 +221,41 @@ function run_buildah() {
--retry) retry=3; shift;; # retry network flakes
esac
@ -86,9 +86,10 @@ index 166316d5..775d7c9b 100644
+ _opts=
+ fi
+
+ # podman always exits 125 where buildah exits 1 or 2
+ # podman always exits 125 where buildah exits 1 or 2 (or, in the
+ # case of git, 128, which is a bug in git, but I won't harp on that).
+ case $expected_rc in
+ 1|2) expected_rc=125 ;;
+ 1|2|128) expected_rc=125 ;;
+ esac
+ fi
+ local cmd_basename=$(basename ${podman_or_buildah})
@ -108,11 +109,10 @@ index 166316d5..775d7c9b 100644
# without "quotes", multiple lines are glommed together into one
if [ -n "$output" ]; then
echo "$output"
@@ -477,3 +531,12 @@ function skip_if_no_docker() {
skip "this test needs actual docker, not podman-docker"
@@ -499,6 +554,15 @@ function skip_if_no_docker() {
fi
}
+
+####################
+# skip_if_remote # (only applicable for podman)
+####################
@ -121,6 +121,10 @@ index 166316d5..775d7c9b 100644
+ skip "${1:-test does not work with podman-remote}"
+ fi
+}
+
function start_git_daemon() {
daemondir=${TESTDIR}/git-daemon
mkdir -p ${daemondir}/repo
--
2.25.1
2.34.1

Some files were not shown because too many files have changed in this diff Show more