Add new networks format to spegecen

Add the new networks format to specgen. For api users cni_networks is
still supported to make migration easier however the static ip and mac
fields are removed.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

7 files changed, 61 insertions, 112 deletions

diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index caea51ea8..cae231f0e 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -29,25 +29,10 @@ func exclusiveOptions(opt1, opt2 string) error {
 // Validate verifies that the given SpecGenerator is valid and satisfies required
 // input for creating a container.
 func (s *SpecGenerator) Validate() error {
-	if rootless.IsRootless() && len(s.CNINetworks) == 0 {
-		if s.StaticIP != nil || s.StaticIPv6 != nil {
-			return ErrNoStaticIPRootless
-		}
-		if s.StaticMAC != nil {
-			return ErrNoStaticMACRootless
-		}
-	}
-
 	// Containers being added to a pod cannot have certain network attributes
 	// associated with them because those should be on the infra container.
 	if len(s.Pod) > 0 && s.NetNS.NSMode == FromPod {
-		if s.StaticIP != nil || s.StaticIPv6 != nil {
-			return errors.Wrap(define.ErrNetworkOnPodContainer, "static ip addresses must be defined when the pod is created")
-		}
-		if s.StaticMAC != nil {
-			return errors.Wrap(define.ErrNetworkOnPodContainer, "MAC addresses must be defined when the pod is created")
-		}
-		if len(s.CNINetworks) > 0 {
+		if len(s.Networks) > 0 {
 			return errors.Wrap(define.ErrNetworkOnPodContainer, "networks must be defined when the pod is created")
 		}
 		if len(s.PortMappings) > 0 || s.PublishExposedPorts {
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index ebdd2abd0..782156663 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -259,32 +259,28 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
 		if err != nil {
 			return nil, err
 		}
-		if len(s.CNINetworks) == 0 {
-			rtConfig, err := rt.GetConfigNoCopy()
-			if err != nil {
-				return nil, err
-			}
-			s.CNINetworks = append(s.CNINetworks, rtConfig.Network.DefaultNetwork)
-		}
-		networks := make(map[string]types.PerNetworkOptions, len(s.CNINetworks))
-		for i, netName := range s.CNINetworks {
-			opts := types.PerNetworkOptions{}
-			opts.Aliases = s.Aliases[netName]
-			if i == 0 {
-				if s.StaticIP != nil {
-					opts.StaticIPs = append(opts.StaticIPs, *s.StaticIP)
+		// if no network was specified use add the default
+		if len(s.Networks) == 0 {
+			// backwards config still allow the old cni networks list and convert to new format
+			if len(s.CNINetworks) > 0 {
+				logrus.Warn(`specgen "cni_networks" option is deprecated use the "networks" map instead`)
+				networks := make(map[string]types.PerNetworkOptions, len(s.CNINetworks))
+				for _, net := range s.CNINetworks {
+					networks[net] = types.PerNetworkOptions{}
 				}
-				if s.StaticIPv6 != nil {
-					opts.StaticIPs = append(opts.StaticIPs, *s.StaticIPv6)
+				s.Networks = networks
+			} else {
+				// no networks given but bridge is set so use default network
+				rtConfig, err := rt.GetConfigNoCopy()
+				if err != nil {
+					return nil, err
 				}
-				if s.StaticMAC != nil {
-					opts.StaticMAC = *s.StaticMAC
+				s.Networks = map[string]types.PerNetworkOptions{
+					rtConfig.Network.DefaultNetwork: {},
 				}
 			}
-			networks[netName] = opts
 		}
-
-		toReturn = append(toReturn, libpod.WithNetNS(portMappings, expose, postConfigureNetNS, "bridge", networks))
+		toReturn = append(toReturn, libpod.WithNetNS(portMappings, expose, postConfigureNetNS, "bridge", s.Networks))
 	}
 
 	if s.UseImageHosts {
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 72dd249e7..0a797c571 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -218,9 +218,7 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
 	case specgen.Host:
 		logrus.Debugf("Pod will use host networking")
 		if len(p.InfraContainerSpec.PortMappings) > 0 ||
-			p.InfraContainerSpec.StaticIP != nil ||
-			p.InfraContainerSpec.StaticMAC != nil ||
-			len(p.InfraContainerSpec.CNINetworks) > 0 ||
+			len(p.InfraContainerSpec.Networks) > 0 ||
 			p.InfraContainerSpec.NetNS.NSMode == specgen.NoNetwork {
 			return nil, errors.Wrapf(define.ErrInvalidArg, "cannot set host network if network-related configuration is specified")
 		}
@@ -234,9 +232,7 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
 	case specgen.NoNetwork:
 		logrus.Debugf("Pod will not use networking")
 		if len(p.InfraContainerSpec.PortMappings) > 0 ||
-			p.InfraContainerSpec.StaticIP != nil ||
-			p.InfraContainerSpec.StaticMAC != nil ||
-			len(p.InfraContainerSpec.CNINetworks) > 0 ||
+			len(p.InfraContainerSpec.Networks) > 0 ||
 			p.InfraContainerSpec.NetNS.NSMode == "host" {
 			return nil, errors.Wrapf(define.ErrInvalidArg, "cannot disable pod network if network-related configuration is specified")
 		}
@@ -264,15 +260,13 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
 	if len(p.DNSSearch) > 0 {
 		p.InfraContainerSpec.DNSSearch = p.DNSSearch
 	}
-	if p.StaticIP != nil {
-		p.InfraContainerSpec.StaticIP = p.StaticIP
-	}
-	if p.StaticMAC != nil {
-		p.InfraContainerSpec.StaticMAC = p.StaticMAC
-	}
 	if p.NoManageResolvConf {
 		p.InfraContainerSpec.UseImageResolvConf = true
 	}
+	if len(p.Networks) > 0 {
+		p.InfraContainerSpec.Networks = p.Networks
+	}
+	// deprecated cni networks for api users
 	if len(p.CNINetworks) > 0 {
 		p.InfraContainerSpec.CNINetworks = p.CNINetworks
 	}
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index bb5385ef1..121e1ecf7 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/cgroups"
+	"github.com/containers/podman/v3/libpod/network/types"
 	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/containers/storage"
@@ -271,9 +272,9 @@ func ParseUserNamespace(ns string) (Namespace, error) {
 // ParseNetworkNamespace parses a network namespace specification in string
 // form.
 // Returns a namespace and (optionally) a list of CNI networks to join.
-func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, []string, error) {
+func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, map[string]types.PerNetworkOptions, error) {
 	toReturn := Namespace{}
-	var cniNetworks []string
+	networks := make(map[string]types.PerNetworkOptions)
 	// Net defaults to Slirp on rootless
 	switch {
 	case ns == string(Slirp), strings.HasPrefix(ns, string(Slirp)+":"):
@@ -313,18 +314,22 @@ func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, []str
 	default:
 		// Assume we have been given a list of CNI networks.
 		// Which only works in bridge mode, so set that.
-		cniNetworks = strings.Split(ns, ",")
+		networkList := strings.Split(ns, ",")
+		for _, net := range networkList {
+			networks[net] = types.PerNetworkOptions{}
+		}
+
 		toReturn.NSMode = Bridge
 	}
 
-	return toReturn, cniNetworks, nil
+	return toReturn, networks, nil
 }
 
-func ParseNetworkString(network string) (Namespace, []string, map[string][]string, error) {
+func ParseNetworkString(network string) (Namespace, map[string]types.PerNetworkOptions, map[string][]string, error) {
 	var networkOptions map[string][]string
 	parts := strings.SplitN(network, ":", 2)
 
-	ns, cniNets, err := ParseNetworkNamespace(network, containerConfig.Containers.RootlessNetworking == "cni")
+	ns, nets, err := ParseNetworkNamespace(network, containerConfig.Containers.RootlessNetworking == "cni")
 	if err != nil {
 		return Namespace{}, nil, nil, err
 	}
@@ -332,9 +337,9 @@ func ParseNetworkString(network string) (Namespace, []string, map[string][]strin
 	if len(parts) > 1 {
 		networkOptions = make(map[string][]string)
 		networkOptions[parts[0]] = strings.Split(parts[1], ",")
-		cniNets = nil
+		nets = nil
 	}
-	return ns, cniNets, networkOptions, nil
+	return ns, nets, networkOptions, nil
 }
 
 func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *generate.Generator) (string, error) {
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index bca7b6dbe..32c1159c6 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -1,7 +1,6 @@
 package specgen
 
 import (
-	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/pkg/errors"
 )
@@ -19,15 +18,6 @@ func exclusivePodOptions(opt1, opt2 string) error {
 
 // Validate verifies the input is valid
 func (p *PodSpecGenerator) Validate() error {
-	if rootless.IsRootless() && len(p.CNINetworks) == 0 {
-		if p.StaticIP != nil {
-			return ErrNoStaticIPRootless
-		}
-		if p.StaticMAC != nil {
-			return ErrNoStaticMACRootless
-		}
-	}
-
 	// PodBasicConfig
 	if p.NoInfra {
 		if len(p.InfraCommand) > 0 {
@@ -52,12 +42,6 @@ func (p *PodSpecGenerator) Validate() error {
 		if p.NetNS.NSMode != Default && p.NetNS.NSMode != "" {
 			return errors.New("NoInfra and network modes cannot be used together")
 		}
-		if p.StaticIP != nil {
-			return exclusivePodOptions("NoInfra", "StaticIP")
-		}
-		if p.StaticMAC != nil {
-			return exclusivePodOptions("NoInfra", "StaticMAC")
-		}
 		if len(p.DNSOption) > 0 {
 			return exclusivePodOptions("NoInfra", "DNSOption")
 		}
@@ -78,8 +62,8 @@ func (p *PodSpecGenerator) Validate() error {
 		if len(p.PortMappings) > 0 {
 			return errors.New("PortMappings can only be used with Bridge or slirp4netns networking")
 		}
-		if len(p.CNINetworks) > 0 {
-			return errors.New("CNINetworks can only be used with Bridge mode networking")
+		if len(p.Networks) > 0 {
+			return errors.New("Networks can only be used with Bridge mode networking")
 		}
 	}
 	if p.NoManageResolvConf {
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 948fb990c..e59d11c0a 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -86,33 +86,26 @@ type PodNetworkConfig struct {
 	// Defaults to Bridge as root and Slirp as rootless.
 	// Mandatory.
 	NetNS Namespace `json:"netns,omitempty"`
-	// StaticIP sets a static IP for the infra container. As the infra
-	// container's network is used for the entire pod by default, this will
-	// thus be a static IP for the whole pod.
-	// Only available if NetNS is set to Bridge (the default for root).
-	// As such, conflicts with NoInfra=true by proxy.
-	// Optional.
-	StaticIP *net.IP `json:"static_ip,omitempty"`
-	// StaticMAC sets a static MAC for the infra container. As the infra
-	// container's network is used for the entire pod by default, this will
-	// thus be a static MAC for the entire pod.
-	// Only available if NetNS is set to Bridge (the default for root).
-	// As such, conflicts with NoInfra=true by proxy.
-	// Optional.
-	// swagger:strfmt string
-	StaticMAC *types.HardwareAddr `json:"static_mac,omitempty"`
 	// PortMappings is a set of ports to map into the infra container.
 	// As, by default, containers share their network with the infra
 	// container, this will forward the ports to the entire pod.
 	// Only available if NetNS is set to Bridge or Slirp.
 	// Optional.
 	PortMappings []types.PortMapping `json:"portmappings,omitempty"`
-	// CNINetworks is a list of CNI networks that the infra container will
-	// join. As, by default, containers share their network with the infra
-	// container, these networks will effectively be joined by the
-	// entire pod.
-	// Only available when NetNS is set to Bridge, the default for root.
-	// Optional.
+	// Map of networks names ot ids the container should join to.
+	// You can request additional settings for each network, you can
+	// set network aliases, static ips, static mac address  and the
+	// network interface name for this container on the specifc network.
+	// If the map is empty and the bridge network mode is set the container
+	// will be joined to the default network.
+	Networks map[string]types.PerNetworkOptions
+	// CNINetworks is a list of CNI networks to join the container to.
+	// If this list is empty, the default CNI network will be joined
+	// instead. If at least one entry is present, we will not join the
+	// default network (unless it is part of this list).
+	// Only available if NetNS is set to bridge.
+	// Optional.
+	// Deprecated: as of podman 4.0 use "Networks" instead.
 	CNINetworks []string `json:"cni_networks,omitempty"`
 	// NoManageResolvConf indicates that /etc/resolv.conf should not be
 	// managed by the pod. Instead, each container will create and manage a
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 0e257ad4c..e650c1966 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -394,26 +394,10 @@ type ContainerCgroupConfig struct {
 // ContainerNetworkConfig contains information on a container's network
 // configuration.
 type ContainerNetworkConfig struct {
-	// Aliases are a list of network-scoped aliases for container
-	// Optional
-	Aliases map[string][]string `json:"aliases"`
 	// NetNS is the configuration to use for the container's network
 	// namespace.
 	// Mandatory.
 	NetNS Namespace `json:"netns,omitempty"`
-	// StaticIP is the a IPv4 address of the container.
-	// Only available if NetNS is set to Bridge.
-	// Optional.
-	StaticIP *net.IP `json:"static_ip,omitempty"`
-	// StaticIPv6 is a static IPv6 address to set in the container.
-	// Only available if NetNS is set to Bridge.
-	// Optional.
-	StaticIPv6 *net.IP `json:"static_ipv6,omitempty"`
-	// StaticMAC is a static MAC address to set in the container.
-	// Only available if NetNS is set to bridge.
-	// Optional.
-	// swagger:strfmt string
-	StaticMAC *nettypes.HardwareAddr `json:"static_mac,omitempty"`
 	// PortBindings is a set of ports to map into the container.
 	// Only available if NetNS is set to bridge or slirp.
 	// Optional.
@@ -434,12 +418,20 @@ type ContainerNetworkConfig struct {
 	// PublishExposedPorts is set.
 	// Optional.
 	Expose map[uint16]string `json:"expose,omitempty"`
+	// Map of networks names ot ids the container should join to.
+	// You can request additional settings for each network, you can
+	// set network aliases, static ips, static mac address  and the
+	// network interface name for this container on the specifc network.
+	// If the map is empty and the bridge network mode is set the container
+	// will be joined to the default network.
+	Networks map[string]nettypes.PerNetworkOptions
 	// CNINetworks is a list of CNI networks to join the container to.
 	// If this list is empty, the default CNI network will be joined
 	// instead. If at least one entry is present, we will not join the
 	// default network (unless it is part of this list).
 	// Only available if NetNS is set to bridge.
 	// Optional.
+	// Deprecated: as of podman 4.0 use "Networks" instead.
 	CNINetworks []string `json:"cni_networks,omitempty"`
 	// UseImageResolvConf indicates that resolv.conf should not be managed
 	// by Podman, but instead sourced from the image.