From ceb5943ac3c96fc19cde4cabf2ec8edf6a59718a Mon Sep 17 00:00:00 2001 From: Aditya R Date: Sun, 4 Dec 2022 21:27:49 +0530 Subject: [PATCH] network: add support for podman network update and --network-dns-server * Add support for `podman network update <>` ```console network update Description: update networks for containers and pods Usage: podman network update [options] [NAME] Examples: podman network update podman1 Options: --add-dns-servers stringArray add network level nameservers --remove-dns-servers stringArray remove network level nameservers ``` * Add support for `--network-dns-server` to `podman network create` Extends podman to support recently added features in `netavark` and `aardvark-dns` * https://github.com/containers/netavark/pull/497 * https://github.com/containers/aardvark-dns/pull/252 * https://github.com/containers/netavark/pull/503 [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R --- cmd/podman/networks/create.go | 19 +++-- cmd/podman/networks/update.go | 58 +++++++++++++++ .../markdown/podman-network-create.1.md | 4 ++ .../markdown/podman-network-update.1.md | 25 +++++++ docs/source/markdown/podman-network.1.md | 1 + go.mod | 4 +- go.sum | 8 +-- pkg/api/handlers/libpod/networks.go | 25 +++++++ pkg/api/handlers/swagger/models.go | 4 ++ pkg/api/server/register_networks.go | 27 +++++++ pkg/bindings/network/network.go | 19 +++++ pkg/domain/entities/engine_container.go | 1 + pkg/domain/entities/network.go | 25 ++++--- pkg/domain/infra/abi/network.go | 11 +++ pkg/domain/infra/tunnel/network.go | 4 ++ test/e2e/run_networking_test.go | 51 ++++++++++++++ .../common/libnetwork/cni/config.go | 4 ++ .../common/libnetwork/netavark/config.go | 70 ++++++++++++++++--- .../common/libnetwork/netavark/run.go | 6 ++ .../common/libnetwork/types/network.go | 10 +++ .../common/pkg/config/containers.conf | 25 ++++--- .../containers/common/pkg/config/default.go | 4 -- vendor/modules.txt | 5 +- 23 files changed, 361 insertions(+), 49 deletions(-) create mode 100644 cmd/podman/networks/update.go create mode 100644 docs/source/markdown/podman-network-update.1.md diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go index 42c342df2c54..665ee7baf909 100644 --- a/cmd/podman/networks/create.go +++ b/cmd/podman/networks/create.go @@ -78,6 +78,10 @@ func networkCreateFlags(cmd *cobra.Command) { _ = cmd.RegisterFlagCompletionFunc(subnetFlagName, completion.AutocompleteNone) flags.BoolVar(&networkCreateOptions.DisableDNS, "disable-dns", false, "disable dns plugin") + + dnsserverFlagName := "network-dns-servers" + flags.StringArrayVar(&networkCreateOptions.NetworkDNSServers, dnsserverFlagName, nil, "network level nameservers") + _ = cmd.RegisterFlagCompletionFunc(dnsserverFlagName, completion.AutocompleteNone) } func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ @@ -105,13 +109,14 @@ func networkCreate(cmd *cobra.Command, args []string) error { } network := types.Network{ - Name: name, - Driver: networkCreateOptions.Driver, - Options: networkCreateOptions.Options, - Labels: networkCreateOptions.Labels, - IPv6Enabled: networkCreateOptions.IPv6, - DNSEnabled: !networkCreateOptions.DisableDNS, - Internal: networkCreateOptions.Internal, + Name: name, + Driver: networkCreateOptions.Driver, + Options: networkCreateOptions.Options, + Labels: networkCreateOptions.Labels, + IPv6Enabled: networkCreateOptions.IPv6, + DNSEnabled: !networkCreateOptions.DisableDNS, + NetworkDNSServers: networkCreateOptions.NetworkDNSServers, + Internal: networkCreateOptions.Internal, } if cmd.Flags().Changed(ipamDriverFlagName) { diff --git a/cmd/podman/networks/update.go b/cmd/podman/networks/update.go new file mode 100644 index 000000000000..28e0e69048b2 --- /dev/null +++ b/cmd/podman/networks/update.go @@ -0,0 +1,58 @@ +package network + +import ( + "github.com/containers/common/pkg/completion" + "github.com/containers/podman/v4/cmd/podman/registry" + "github.com/containers/podman/v4/pkg/domain/entities" + "github.com/spf13/cobra" +) + +var ( + networkUpdateDescription = `Update an existing podman network` + networkUpdateCommand = &cobra.Command{ + Use: "update [options] [NAME]", + Short: "update an existing podman network", + Long: networkUpdateDescription, + RunE: networkUpdate, + Args: cobra.MaximumNArgs(1), + ValidArgsFunction: completion.AutocompleteNone, + Example: `podman network update podman1`, + } +) + +var ( + networkUpdateOptions entities.NetworkUpdateOptions +) + +func networkUpdateFlags(cmd *cobra.Command) { + flags := cmd.Flags() + + addDNSServerFlagName := "add-dns-servers" + flags.StringArrayVar(&networkUpdateOptions.AddDNSServers, addDNSServerFlagName, nil, "add network level nameservers") + removeDNSServerFlagName := "remove-dns-servers" + flags.StringArrayVar(&networkUpdateOptions.RemoveDNSServers, removeDNSServerFlagName, nil, "remove network level nameservers") + _ = cmd.RegisterFlagCompletionFunc(addDNSServerFlagName, completion.AutocompleteNone) + _ = cmd.RegisterFlagCompletionFunc(removeDNSServerFlagName, completion.AutocompleteNone) +} +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: networkUpdateCommand, + Parent: networkCmd, + }) + networkUpdateFlags(networkUpdateCommand) +} + +func networkUpdate(cmd *cobra.Command, args []string) error { + var ( + name string + ) + if len(args) > 0 { + name = args[0] + } + + err := registry.ContainerEngine().NetworkUpdate(registry.Context(), name, networkUpdateOptions) + if err != nil { + return err + } + return nil +} diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 0582f7b36a02..c39c79d852e7 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -68,6 +68,10 @@ Enable IPv6 (Dual Stack) networking. If not subnets are given it will allocate a Set metadata for a network (e.g., --label mykey=value). +#### **--network-dns-servers** + +Set network scoped DNS resolver/nameserver. + #### **--opt**, **-o**=*option* Set driver specific options. diff --git a/docs/source/markdown/podman-network-update.1.md b/docs/source/markdown/podman-network-update.1.md new file mode 100644 index 000000000000..7d2a2803a8ed --- /dev/null +++ b/docs/source/markdown/podman-network-update.1.md @@ -0,0 +1,25 @@ +% podman-network-update 1 + +## NAME +podman\-network-update - Update an existing podman network + +## SYNOPSIS +**podman network update** [*options*] [*name*] + +## DESCRIPTION +Allows end users to update network scoped DNS resolvers for an existing podman network. + +NOTE: Only supported with netavark and aardvark-dns + + +## OPTIONS +#### **--add-dns-servers** + +Accepts array of DNS resolvers and add it to the existing list of resolvers configured for a network. + +#### **--remove-dns-servers** + +Accepts array of DNS resolvers and removes them from the existing list of resolvers configured for a network. + +## SEE ALSO +**[podman(1)](podman.1.md)**, **[podman-network(1)](podman-network.1.md)**, **[podman-network-inspect(1)](podman-network-inspect.1.md)**, **[podman-network-ls(1)](podman-network-ls.1.md)** diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md index 6ab7013e1d13..82080b5366a1 100644 --- a/docs/source/markdown/podman-network.1.md +++ b/docs/source/markdown/podman-network.1.md @@ -32,6 +32,7 @@ so networks have to be created again after a backend change. | prune | [podman-network-prune(1)](podman-network-prune.1.md) | Remove all unused networks | | reload | [podman-network-reload(1)](podman-network-reload.1.md) | Reload network configuration for containers | | rm | [podman-network-rm(1)](podman-network-rm.1.md) | Remove one or more networks | +| update | [podman-network-upate(1)](podman-network-update.1.md) | Update an existing podman network | ## SEE ALSO **[podman(1)](podman.1.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** diff --git a/go.mod b/go.mod index 8863a5cc4004..47f3ec9c9bb4 100644 --- a/go.mod +++ b/go.mod @@ -63,7 +63,7 @@ require ( golang.org/x/net v0.2.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.3.0 - golang.org/x/term v0.2.0 + golang.org/x/term v0.3.0 golang.org/x/text v0.4.0 google.golang.org/protobuf v1.28.1 gopkg.in/inf.v0 v0.9.1 @@ -144,3 +144,5 @@ require ( ) replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc + +replace github.com/containers/common => github.com/containers/common v0.50.2-0.20221207134111-abc80e8869fe diff --git a/go.sum b/go.sum index aa4e9b825c9b..1e1e5c53319f 100644 --- a/go.sum +++ b/go.sum @@ -264,8 +264,8 @@ github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNG github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f h1:Nzbda2tG7/aimoKnDxysqFgS1Q/gSsbcn88lFPj9LwY= github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f/go.mod h1:0HcSoS6BHXWzMKqtxY1L0gupebEX33oPC+X62lPi6+c= -github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 h1:L54LXA/DGRhp1cDN11HLaXcLCYh/ftqDhKYn9S1uetc= -github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9/go.mod h1:M1epBsHlUAeySDuMx+HdbvKBVf0odzLciecS5AQa6FA= +github.com/containers/common v0.50.2-0.20221207134111-abc80e8869fe h1:er1CQTQUGGpRJtRK4YfBlDho6vQqkmqjuDUyHrr1aU8= +github.com/containers/common v0.50.2-0.20221207134111-abc80e8869fe/go.mod h1:3HqwsTTisTe3cGGFP5T60AI/+//PaiViD60szELRyxI= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.23.1-0.20221130170538-333c50e3eac8 h1:GLTTwKYkNGDhG3HagLuPvhieu1JEjDs9RsCDr8oJr9s= @@ -1236,8 +1236,8 @@ golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go index 7169a6d4457c..94d82c8c2585 100644 --- a/pkg/api/handlers/libpod/networks.go +++ b/pkg/api/handlers/libpod/networks.go @@ -44,6 +44,31 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { utils.WriteResponse(w, http.StatusOK, report) } +func UpdateNetwork(w http.ResponseWriter, r *http.Request) { + if v, err := utils.SupportedVersion(r, ">=4.0.0"); err != nil { + utils.BadRequest(w, "version", v.String(), err) + return + } + + runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) + ic := abi.ContainerEngine{Libpod: runtime} + + networkUpdateOptions := entities.NetworkUpdateOptions{} + if err := json.NewDecoder(r.Body).Decode(&networkUpdateOptions); err != nil { + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to decode request JSON payload: %w", err)) + return + } + + name := utils.GetName(r) + + err := ic.NetworkUpdate(r.Context(), name, networkUpdateOptions) + if err != nil { + utils.Error(w, http.StatusInternalServerError, err) + } + + utils.WriteResponse(w, http.StatusNoContent, nil) +} + func ListNetworks(w http.ResponseWriter, r *http.Request) { if v, err := utils.SupportedVersion(r, ">=4.0.0"); err != nil { utils.BadRequest(w, "version", v.String(), err) diff --git a/pkg/api/handlers/swagger/models.go b/pkg/api/handlers/swagger/models.go index a05e57dff555..3462f22cc8a2 100644 --- a/pkg/api/handlers/swagger/models.go +++ b/pkg/api/handlers/swagger/models.go @@ -44,3 +44,7 @@ type networkDisconnectRequest types.NetworkDisconnect // Network connect // swagger:model type networkConnectRequestLibpod entities.NetworkConnectOptions + +// Network update +// swagger:model +type networkUpdateRequestLibpod entities.NetworkUpdateOptions diff --git a/pkg/api/server/register_networks.go b/pkg/api/server/register_networks.go index 86dd4449c745..09082ce8d533 100644 --- a/pkg/api/server/register_networks.go +++ b/pkg/api/server/register_networks.go @@ -234,6 +234,33 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { // 500: // $ref: "#/responses/internalError" r.HandleFunc(VersionedPath("/libpod/networks/{name}"), s.APIHandler(libpod.RemoveNetwork)).Methods(http.MethodDelete) + // swagger:operation POST /libpod/networks/{name}/update libpod NetworkUpdateLibpod + // --- + // tags: + // - networks + // summary: Update exisiting podman network + // description: Update exisiting podman network + // produces: + // - application/json + // parameters: + // - in: path + // name: name + // type: string + // required: true + // description: the name of the network + // - in: body + // name: update + // description: attributes for updating a netavark network + // schema: + // $ref: "#/definitions/networkUpdateRequestLibpod" + // responses: + // 200: + // description: OK + // 400: + // $ref: "#/responses/badParamError" + // 500: + // $ref: "#/responses/internalError" + r.HandleFunc(VersionedPath("/libpod/networks/{name}/update"), s.APIHandler(libpod.UpdateNetwork)).Methods(http.MethodPost) // swagger:operation GET /libpod/networks/{name}/exists libpod NetworkExistsLibpod // --- // tags: diff --git a/pkg/bindings/network/network.go b/pkg/bindings/network/network.go index 83641f67716f..6d92c95edf19 100644 --- a/pkg/bindings/network/network.go +++ b/pkg/bindings/network/network.go @@ -36,6 +36,25 @@ func Create(ctx context.Context, network *types.Network) (types.Network, error) return report, response.Process(&report) } +// Updates an existing netavark network config +func Update(ctx context.Context, netName string, options entities.NetworkUpdateOptions) error { + conn, err := bindings.GetClient(ctx) + if err != nil { + return err + } + networkConfig, err := jsoniter.MarshalToString(options) + if err != nil { + return err + } + reader := strings.NewReader(networkConfig) + response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/networks/%s/update", nil, nil, netName) + if err != nil { + return err + } + defer response.Body.Close() + return response.Process(nil) +} + // Inspect returns low level information about a CNI network configuration func Inspect(ctx context.Context, nameOrID string, _ *InspectOptions) (types.Network, error) { var net types.Network diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index 44c4f2e4b3fc..3b95f0e9a2e4 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -64,6 +64,7 @@ type ContainerEngine interface { //nolint:interfacebloat KubeApply(ctx context.Context, body io.Reader, opts ApplyOptions) error NetworkConnect(ctx context.Context, networkname string, options NetworkConnectOptions) error NetworkCreate(ctx context.Context, network types.Network) (*types.Network, error) + NetworkUpdate(ctx context.Context, networkname string, options NetworkUpdateOptions) error NetworkDisconnect(ctx context.Context, networkname string, options NetworkDisconnectOptions) error NetworkExists(ctx context.Context, networkname string) (*BoolReport, error) NetworkInspect(ctx context.Context, namesOrIds []string, options InspectOptions) ([]types.Network, []error, error) diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go index 9e59953c6776..b485b5e22789 100644 --- a/pkg/domain/entities/network.go +++ b/pkg/domain/entities/network.go @@ -41,19 +41,26 @@ type NetworkRmReport struct { // NetworkCreateOptions describes options to create a network type NetworkCreateOptions struct { - DisableDNS bool - Driver string - Gateways []net.IP - Internal bool - Labels map[string]string - MacVLAN string - Ranges []string - Subnets []string - IPv6 bool + DisableDNS bool + NetworkDNSServers []string + Driver string + Gateways []net.IP + Internal bool + Labels map[string]string + MacVLAN string + Ranges []string + Subnets []string + IPv6 bool // Mapping of driver options and values. Options map[string]string } +// NetworkUpdateOptions describes options to update a network +type NetworkUpdateOptions struct { + AddDNSServers []string `json:"adddnsservers"` + RemoveDNSServers []string `json:"removednsservers"` +} + // NetworkCreateReport describes a created network for the cli type NetworkCreateReport struct { Name string diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index 11aa83fe0dc2..ac3a8ed8433c 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -13,6 +13,17 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" ) +func (ic *ContainerEngine) NetworkUpdate(ctx context.Context, netName string, options entities.NetworkUpdateOptions) error { + var networkUpdateOptions types.NetworkUpdateOptions + networkUpdateOptions.AddDNSServers = options.AddDNSServers + networkUpdateOptions.RemoveDNSServers = options.RemoveDNSServers + err := ic.Libpod.Network().NetworkUpdate(netName, networkUpdateOptions) + if err != nil { + return err + } + return nil +} + func (ic *ContainerEngine) NetworkList(ctx context.Context, options entities.NetworkListOptions) ([]types.Network, error) { // dangling filter is not provided by netutil var wantDangling bool diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go index 6e27b8e56da6..2f41ebd12f69 100644 --- a/pkg/domain/infra/tunnel/network.go +++ b/pkg/domain/infra/tunnel/network.go @@ -12,6 +12,10 @@ import ( "github.com/containers/podman/v4/pkg/errorhandling" ) +func (ic *ContainerEngine) NetworkUpdate(ctx context.Context, netName string, options entities.NetworkUpdateOptions) error { + return network.Update(ic.ClientCtx, netName, options) +} + func (ic *ContainerEngine) NetworkList(ctx context.Context, opts entities.NetworkListOptions) ([]types.Network, error) { options := new(network.ListOptions).WithFilters(opts.Filters) return network.List(ic.ClientCtx, options) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 64e214dbaece..0ddbc4ff02ba 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -1,6 +1,7 @@ package integration import ( + "encoding/json" "fmt" "net" "os" @@ -8,6 +9,7 @@ import ( "syscall" "github.com/containernetworking/plugins/pkg/ns" + "github.com/containers/common/libnetwork/types" . "github.com/containers/podman/v4/test/utils" "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" @@ -41,6 +43,55 @@ var _ = Describe("Podman run networking", func() { }) + It("podman verify network scoped DNS server and also verify updating network dns server", func() { + // Following test is only functional with netavark and aardvark + SkipIfCNI(podmanTest) + SkipIfRemote("not implemented for podman-remote") + net := createNetworkName("IntTest") + session := podmanTest.Podman([]string{"network", "create", net, "--network-dns-servers", "1.1.1.1"}) + session.WaitWithDefaultTimeout() + defer podmanTest.removeNetwork(net) + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"network", "inspect", net}) + session.WaitWithDefaultTimeout() + defer podmanTest.removeNetwork(net) + var results []types.Network + err := json.Unmarshal([]byte(session.OutputToString()), &results) + Expect(err).ToNot(HaveOccurred()) + Expect(results).To(HaveLen(1)) + result := results[0] + Expect(result.Subnets).To(HaveLen(1)) + aardvarkDNSGateway := result.Subnets[0].Gateway.String() + Expect(session.OutputToString()).To(ContainSubstring("1.1.1.1")) + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "-d", "--name", "con1", "--network", net, "busybox", "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"exec", "-i", "con1", "nslookup", "google.com", aardvarkDNSGateway}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring("Non-authoritative answer: Name: google.com Address:")) + + // Update to a bad DNS Server + session = podmanTest.Podman([]string{"network", "update", net, "--add-dns-servers", "7.7.7.7"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + // Remove good DNS server + session = podmanTest.Podman([]string{"network", "update", net, "--remove-dns-servers=1.1.1.1"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"exec", "-i", "con1", "nslookup", "google.com", aardvarkDNSGateway}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(1)) + Expect(session.OutputToString()).To(ContainSubstring(";; connection timed out; no servers could be reached")) + + }) + It("podman run network connection with default bridge", func() { session := podmanTest.RunContainerWithNetworkTest("") session.WaitWithDefaultTimeout() diff --git a/vendor/github.com/containers/common/libnetwork/cni/config.go b/vendor/github.com/containers/common/libnetwork/cni/config.go index 1f256f6c51d9..b7021ec589a6 100644 --- a/vendor/github.com/containers/common/libnetwork/cni/config.go +++ b/vendor/github.com/containers/common/libnetwork/cni/config.go @@ -15,6 +15,10 @@ import ( "github.com/sirupsen/logrus" ) +func (n *cniNetwork) NetworkUpdate(name string, options types.NetworkUpdateOptions) error { + return fmt.Errorf("NetworkUpdate is not supported for backend CNI: %w", types.ErrInvalidArg) +} + // NetworkCreate will take a partial filled Network and fill the // missing fields. It creates the Network and returns the full Network. func (n *cniNetwork) NetworkCreate(net types.Network, options *types.NetworkCreateOptions) (types.Network, error) { diff --git a/vendor/github.com/containers/common/libnetwork/netavark/config.go b/vendor/github.com/containers/common/libnetwork/netavark/config.go index a10632fc13ac..4b1ab7d5a1a5 100644 --- a/vendor/github.com/containers/common/libnetwork/netavark/config.go +++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go @@ -10,6 +10,7 @@ import ( "net" "os" "path/filepath" + "reflect" "strconv" "time" @@ -19,6 +20,65 @@ import ( "github.com/containers/storage/pkg/stringid" ) +func sliceRemoveDuplicates(strList []string) []string { + list := make([]string, 0, len(strList)) + for _, item := range strList { + if !util.StringInSlice(item, list) { + list = append(list, item) + } + } + return list +} + +func (n *netavarkNetwork) commitNetwork(network *types.Network) error { + confPath := filepath.Join(n.networkConfigDir, network.Name+".json") + f, err := os.Create(confPath) + if err != nil { + return err + } + defer f.Close() + enc := json.NewEncoder(f) + enc.SetIndent("", " ") + err = enc.Encode(network) + if err != nil { + return err + } + return nil +} + +func (n *netavarkNetwork) NetworkUpdate(name string, options types.NetworkUpdateOptions) error { + n.lock.Lock() + defer n.lock.Unlock() + err := n.loadNetworks() + if err != nil { + return err + } + network, err := n.getNetwork(name) + if err != nil { + return err + } + networkDNSServersBefore := network.NetworkDNSServers + networkDNSServersAfter := []string{} + for _, server := range networkDNSServersBefore { + if util.StringInSlice(server, options.RemoveDNSServers) { + continue + } + networkDNSServersAfter = append(networkDNSServersAfter, server) + } + networkDNSServersAfter = append(networkDNSServersAfter, options.AddDNSServers...) + networkDNSServersAfter = sliceRemoveDuplicates(networkDNSServersAfter) + network.NetworkDNSServers = networkDNSServersAfter + if reflect.DeepEqual(networkDNSServersBefore, networkDNSServersAfter) { + return nil + } + err = n.commitNetwork(network) + if err != nil { + return err + } + + return n.execUpdate(network.Name, network.NetworkDNSServers) +} + // NetworkCreate will take a partial filled Network and fill the // missing fields. It creates the Network and returns the full Network. func (n *netavarkNetwork) NetworkCreate(net types.Network, options *types.NetworkCreateOptions) (types.Network, error) { @@ -163,15 +223,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo newNetwork.Created = time.Now() if !defaultNet { - confPath := filepath.Join(n.networkConfigDir, newNetwork.Name+".json") - f, err := os.Create(confPath) - if err != nil { - return nil, err - } - defer f.Close() - enc := json.NewEncoder(f) - enc.SetIndent("", " ") - err = enc.Encode(newNetwork) + err = n.commitNetwork(newNetwork) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libnetwork/netavark/run.go b/vendor/github.com/containers/common/libnetwork/netavark/run.go index b364f42d3f20..7732947c1a46 100644 --- a/vendor/github.com/containers/common/libnetwork/netavark/run.go +++ b/vendor/github.com/containers/common/libnetwork/netavark/run.go @@ -7,6 +7,7 @@ import ( "encoding/json" "fmt" "strconv" + "strings" "github.com/containers/common/libnetwork/internal/util" "github.com/containers/common/libnetwork/types" @@ -18,6 +19,11 @@ type netavarkOptions struct { Networks map[string]*types.Network `json:"network_info"` } +func (n *netavarkNetwork) execUpdate(networkName string, networkDNSServers []string) error { + retErr := n.execNetavark([]string{"update", networkName, "--network-dns-servers", strings.Join(networkDNSServers, ",")}, nil, nil) + return retErr +} + // Setup will setup the container network namespace. It returns // a map of StatusBlocks, the key is the network name. func (n *netavarkNetwork) Setup(namespacePath string, options types.SetupOptions) (map[string]types.StatusBlock, error) { diff --git a/vendor/github.com/containers/common/libnetwork/types/network.go b/vendor/github.com/containers/common/libnetwork/types/network.go index eee531ea6419..b8804bf6b3e8 100644 --- a/vendor/github.com/containers/common/libnetwork/types/network.go +++ b/vendor/github.com/containers/common/libnetwork/types/network.go @@ -10,6 +10,8 @@ type ContainerNetwork interface { // NetworkCreate will take a partial filled Network and fill the // missing fields. It creates the Network and returns the full Network. NetworkCreate(Network, *NetworkCreateOptions) (Network, error) + // NetworkUpdate will take network name and ID and updates network DNS Servers. + NetworkUpdate(nameOrID string, options NetworkUpdateOptions) error // NetworkRemove will remove the Network with the given name or ID. NetworkRemove(nameOrID string) error // NetworkList will return all known Networks. Optionally you can @@ -70,6 +72,14 @@ type Network struct { IPAMOptions map[string]string `json:"ipam_options,omitempty"` } +// NetworkOptions for a given container. +type NetworkUpdateOptions struct { + // List of custom DNS server for podman's DNS resolver. + // Priority order will be kept as defined by user in the configuration. + AddDNSServers []string `json:"add_dns_servers,omitempty"` + RemoveDNSServers []string `json:"remove_dns_servers,omitempty"` +} + // IPNet is used as custom net.IPNet type to add Marshal/Unmarshal methods. type IPNet struct { net.IPNet diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 55b9292a9616..83396173589a 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -52,19 +52,18 @@ # List of default capabilities for containers. If it is empty or commented out, # the default capabilities defined in the container engine will be added. # -default_capabilities = [ - "CHOWN", - "DAC_OVERRIDE", - "FOWNER", - "FSETID", - "KILL", - "NET_BIND_SERVICE", - "SETFCAP", - "SETGID", - "SETPCAP", - "SETUID", - "SYS_CHROOT" -] +#default_capabilities = [ +# "CHOWN", +# "DAC_OVERRIDE", +# "FOWNER", +# "FSETID", +# "KILL", +# "NET_BIND_SERVICE", +# "SETFCAP", +# "SETGID", +# "SETPCAP", +# "SETUID", +#] # A list of sysctls to be set in containers by default, # specified as "name=value", diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 0a4bd30789d2..e27f630647ee 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -50,20 +50,16 @@ var ( DefaultHooksDirs = []string{"/usr/share/containers/oci/hooks.d"} // DefaultCapabilities is the default for the default_capabilities option in the containers.conf file. DefaultCapabilities = []string{ - "CAP_AUDIT_WRITE", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", - "CAP_MKNOD", "CAP_NET_BIND_SERVICE", - "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", - "CAP_SYS_CHROOT", } // Search these locations in which CNIPlugins can be installed. diff --git a/vendor/modules.txt b/vendor/modules.txt index 834b6d25d2a6..8b34d7825905 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -118,7 +118,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 +# github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 => github.com/containers/common v0.50.2-0.20221207134111-abc80e8869fe ## explicit; go 1.17 github.com/containers/common/libimage github.com/containers/common/libimage/define @@ -821,7 +821,7 @@ golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc/eventlog -# golang.org/x/term v0.2.0 +# golang.org/x/term v0.3.0 ## explicit; go 1.17 golang.org/x/term # golang.org/x/text v0.4.0 @@ -971,3 +971,4 @@ gopkg.in/yaml.v3 ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc +# github.com/containers/common => github.com/containers/common v0.50.2-0.20221207134111-abc80e8869fe