Add support for network connect / disconnect to DB

Convert the existing network aliases set/remove code to network
connect and disconnect. We can no longer modify aliases for an
existing network, but we can add and remove entire networks. As
part of this, we need to add a new function to retrieve current
aliases the container is connected to (we had a table for this
as of the first aliases PR, but it was not externally exposed).

At the same time, remove all deconflicting logic for aliases.
Docker does absolutely no checks of this nature, and allows two
containers to have the same aliases, aliases that conflict with
container names, etc - it's just left to DNS to return all the
IP addresses, and presumably we round-robin from there? Most
tests for the existing code had to be removed because of this.

Convert all uses of the old container config.Networks field,
which previously included all networks in the container, to use
the new DB table. This ensures we actually get an up-to-date list
of in-use networks. Also, add network aliases to the output of
`podman inspect`.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>

1 files changed, 15 insertions, 7 deletions

diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go
index 3d4ff6e86..1d6158cc2 100644
--- a/libpod/rootless_cni_linux.go
+++ b/libpod/rootless_cni_linux.go
@@ -40,8 +40,12 @@ const (
 //
 // AllocRootlessCNI does not lock c. c should be already locked.
 func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.Result, error) {
-	if len(c.config.Networks) == 0 {
-		return nil, nil, errors.New("allocRootlessCNI shall not be called when len(c.config.Networks) == 0")
+	networks, err := c.networks()
+	if err != nil {
+		return nil, nil, err
+	}
+	if len(networks) == 0 {
+		return nil, nil, errors.New("rootless CNI networking requires that the container has joined at least one CNI network")
 	}
 	l, err := getRootlessCNIInfraLock(c.runtime)
 	if err != nil {
@@ -54,8 +58,8 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.
 		return nil, nil, err
 	}
 	k8sPodName := getCNIPodName(c) // passed to CNI as K8S_POD_NAME
-	cniResults := make([]*cnitypes.Result, len(c.config.Networks))
-	for i, nw := range c.config.Networks {
+	cniResults := make([]*cnitypes.Result, len(networks))
+	for i, nw := range networks {
 		cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName)
 		if err != nil {
 			return nil, nil, err
@@ -77,8 +81,12 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.
 //
 // DeallocRootlessCNI does not lock c. c should be already locked.
 func DeallocRootlessCNI(ctx context.Context, c *Container) error {
-	if len(c.config.Networks) == 0 {
-		return errors.New("deallocRootlessCNI shall not be called when len(c.config.Networks) == 0")
+	networks, err := c.networks()
+	if err != nil {
+		return err
+	}
+	if len(networks) == 0 {
+		return errors.New("rootless CNI networking requires that the container has joined at least one CNI network")
 	}
 	l, err := getRootlessCNIInfraLock(c.runtime)
 	if err != nil {
@@ -91,7 +99,7 @@ func DeallocRootlessCNI(ctx context.Context, c *Container) error {
 		return nil
 	}
 	var errs *multierror.Error
-	for _, nw := range c.config.Networks {
+	for _, nw := range networks {
 		err := rootlessCNIInfraCallDelloc(infra, c.ID(), nw)
 		if err != nil {
 			errs = multierror.Append(errs, err)