error when adding container to pod with network information

because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes.  this has been difficult for users to understand.  we now return an error when a container is being created inside a pod and passes any of the following attributes:

* static IP (v4 and v6)
* static mac
* ports -p (i.e. -p 8080:80)
* exposed ports (i.e. 222-225)
* publish ports from image -P

Signed-off-by: Brent Baude <bbaude@redhat.com>

<MH: Fixed cherry pick conflicts and compile>

Signed-off-by: Matthew Heon <mheon@redhat.com>

3 files changed, 83 insertions, 0 deletions

diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index 5cadce396..e27626fcc 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -160,4 +160,8 @@ var (
 
 	// ErrImageInUse indicates the requested operation failed because the image was in use
 	ErrImageInUse = errors.New("image is being used")
+
+	// ErrNetworkOnPodContainer indicates the user wishes to alter network attributes on a container
+	// in a pod.  This cannot be done as the infra container has all the network information
+	ErrNetworkOnPodContainer = errors.New("network cannot be configured when it is shared with a pod")
 )
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 4dd2ab0b3..c4449ba3a 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -3,6 +3,7 @@ package specgen
 import (
 	"strings"
 
+	"github.com/containers/libpod/v2/libpod/define"
 	"github.com/containers/libpod/v2/pkg/rootless"
 	"github.com/containers/libpod/v2/pkg/util"
 	"github.com/pkg/errors"
@@ -34,6 +35,23 @@ func (s *SpecGenerator) Validate() error {
 		}
 	}
 
+	// Containers being added to a pod cannot have certain network attributes
+	// associated with them because those should be on the infra container.
+	if len(s.Pod) > 0 && s.NetNS.NSMode == FromPod {
+		if s.StaticIP != nil || s.StaticIPv6 != nil {
+			return errors.Wrap(define.ErrNetworkOnPodContainer, "static ip addresses must be defined when the pod is created")
+		}
+		if s.StaticMAC != nil {
+			return errors.Wrap(define.ErrNetworkOnPodContainer, "MAC addresses must be defined when the pod is created")
+		}
+		if len(s.CNINetworks) > 0 {
+			return errors.Wrap(define.ErrNetworkOnPodContainer, "networks must be defined when the pod is created")
+		}
+		if len(s.PortMappings) > 0 || s.PublishExposedPorts {
+			return errors.Wrap(define.ErrNetworkOnPodContainer, "published or exposed ports must be defined when the pod is created")
+		}
+	}
+
 	//
 	// ContainerBasicConfig
 	//
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index 5f96f96b1..9fce1aa67 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -471,4 +471,65 @@ var _ = Describe("Podman create", func() {
 		Expect(len(data)).To(Equal(1))
 		Expect(data[0].Config.StopSignal).To(Equal(uint(15)))
 	})
+
+	It("create container in pod with IP should fail", func() {
+		SkipIfRootless()
+		name := "createwithstaticip"
+		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
+		pod.WaitWithDefaultTimeout()
+		Expect(pod.ExitCode()).To(BeZero())
+
+		session := podmanTest.Podman([]string{"create", "--pod", name, "--ip", "192.168.1.2", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).ToNot(BeZero())
+	})
+
+	It("create container in pod with mac should fail", func() {
+		SkipIfRootless()
+		name := "createwithstaticmac"
+		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
+		pod.WaitWithDefaultTimeout()
+		Expect(pod.ExitCode()).To(BeZero())
+
+		session := podmanTest.Podman([]string{"create", "--pod", name, "--mac-address", "52:54:00:6d:2f:82", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).ToNot(BeZero())
+	})
+
+	It("create container in pod with network should fail", func() {
+		SkipIfRootless()
+		name := "createwithnetwork"
+		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
+		pod.WaitWithDefaultTimeout()
+		Expect(pod.ExitCode()).To(BeZero())
+
+		session := podmanTest.Podman([]string{"create", "--pod", name, "--network", "foobar", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		//Expect(session.ExitCode()).ToNot(BeZero())
+		Expect(session.ExitCode()).To(BeZero())
+	})
+
+	It("create container in pod with ports should fail", func() {
+		SkipIfRootless()
+		name := "createwithports"
+		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
+		pod.WaitWithDefaultTimeout()
+		Expect(pod.ExitCode()).To(BeZero())
+
+		session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "80:80", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).ToNot(BeZero())
+	})
+
+	It("create container in pod ppublish ports should fail", func() {
+		SkipIfRootless()
+		name := "createwithpublishports"
+		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
+		pod.WaitWithDefaultTimeout()
+		Expect(pod.ExitCode()).To(BeZero())
+
+		session := podmanTest.Podman([]string{"create", "--pod", name, "-P", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).ToNot(BeZero())
+	})
 })