3 files changed, 86 insertions, 60 deletions

diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 7d6471fd4..8f0cd1be6 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -184,52 +184,56 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
 	// network names
 	switch {
 	case len(cc.NetworkingConfig.EndpointsConfig) > 0:
-		var aliases []string
-
 		endpointsConfig := cc.NetworkingConfig.EndpointsConfig
-		cniNetworks := make([]string, 0, len(endpointsConfig))
+		networks := make(map[string]types.PerNetworkOptions, len(endpointsConfig))
 		for netName, endpoint := range endpointsConfig {
-			cniNetworks = append(cniNetworks, netName)
-
-			if endpoint == nil {
-				continue
-			}
-			if len(endpoint.Aliases) > 0 {
-				aliases = append(aliases, endpoint.Aliases...)
-			}
-		}
+			netOpts := types.PerNetworkOptions{}
+			if endpoint != nil {
+				netOpts.Aliases = endpoint.Aliases
 
-		// static IP and MAC
-		if len(endpointsConfig) == 1 {
-			for _, ep := range endpointsConfig {
-				if ep == nil {
-					continue
-				}
 				// if IP address is provided
-				if len(ep.IPAddress) > 0 {
-					staticIP := net.ParseIP(ep.IPAddress)
-					netInfo.StaticIP = &staticIP
+				if len(endpoint.IPAddress) > 0 {
+					staticIP := net.ParseIP(endpoint.IPAddress)
+					if staticIP == nil {
+						return nil, nil, errors.Errorf("failed to parse the ip address %q", endpoint.IPAddress)
+					}
+					netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP)
 				}
-				// if IPAMConfig.IPv4Address is provided
-				if ep.IPAMConfig != nil && ep.IPAMConfig.IPv4Address != "" {
-					staticIP := net.ParseIP(ep.IPAMConfig.IPv4Address)
-					netInfo.StaticIP = &staticIP
+
+				if endpoint.IPAMConfig != nil {
+					// if IPAMConfig.IPv4Address is provided
+					if len(endpoint.IPAMConfig.IPv4Address) > 0 {
+						staticIP := net.ParseIP(endpoint.IPAMConfig.IPv4Address)
+						if staticIP == nil {
+							return nil, nil, errors.Errorf("failed to parse the ipv4 address %q", endpoint.IPAMConfig.IPv4Address)
+						}
+						netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP)
+					}
+					// if IPAMConfig.IPv6Address is provided
+					if len(endpoint.IPAMConfig.IPv6Address) > 0 {
+						staticIP := net.ParseIP(endpoint.IPAMConfig.IPv6Address)
+						if staticIP == nil {
+							return nil, nil, errors.Errorf("failed to parse the ipv6 address %q", endpoint.IPAMConfig.IPv6Address)
+						}
+						netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP)
+					}
 				}
 				// If MAC address is provided
-				if len(ep.MacAddress) > 0 {
-					staticMac, err := net.ParseMAC(ep.MacAddress)
+				if len(endpoint.MacAddress) > 0 {
+					staticMac, err := net.ParseMAC(endpoint.MacAddress)
 					if err != nil {
-						return nil, nil, err
+						return nil, nil, errors.Errorf("failed to parse the mac address %q", endpoint.MacAddress)
 					}
-					netInfo.StaticMAC = &staticMac
+					netOpts.StaticMAC = types.HardwareAddr(staticMac)
 				}
-				break
 			}
+
+			networks[netName] = netOpts
 		}
-		netInfo.Aliases = aliases
-		netInfo.CNINetworks = cniNetworks
+
+		netInfo.Networks = networks
 	case len(cc.HostConfig.NetworkMode) > 0:
-		netInfo.CNINetworks = networks
+		netInfo.Networks = networks
 	}
 
 	parsedTmp := make([]string, 0, len(cc.HostConfig.Tmpfs))
diff --git a/cmd/podman/common/create_test.go b/cmd/podman/common/create_test.go
index 17b47dd16..601078b61 100644
--- a/cmd/podman/common/create_test.go
+++ b/cmd/podman/common/create_test.go
@@ -12,7 +12,7 @@ import (
 
 func TestPodOptions(t *testing.T) {
 	entry := "/test1"
-	exampleOptions := entities.ContainerCreateOptions{CPUS: 5.5, CPUSetCPUs: "0-4", Entrypoint: &entry, Hostname: "foo", Name: "testing123", Volume: []string{"/fakeVol1", "/fakeVol2"}, Net: &entities.NetOptions{CNINetworks: []string{"FakeNetwork"}}, PID: "ns:/proc/self/ns"}
+	exampleOptions := entities.ContainerCreateOptions{CPUS: 5.5, CPUSetCPUs: "0-4", Entrypoint: &entry, Hostname: "foo", Name: "testing123", Volume: []string{"/fakeVol1", "/fakeVol2"}, Net: &entities.NetOptions{DNSSearch: []string{"search"}}, PID: "ns:/proc/self/ns"}
 
 	podOptions := entities.PodCreateOptions{}
 	err := common.ContainerToPodOptions(&exampleOptions, &podOptions)
diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index d11f3c9d2..f79a9fd88 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -6,6 +6,7 @@ import (
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/podman/v3/cmd/podman/parse"
 	"github.com/containers/podman/v3/libpod/define"
+	"github.com/containers/podman/v3/libpod/network/types"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/containers/podman/v3/pkg/specgenutil"
@@ -151,27 +152,40 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet, netnsF
 	}
 	opts.DNSSearch = dnsSearches
 
-	m, err := flags.GetString("mac-address")
+	inputPorts, err := flags.GetStringSlice("publish")
 	if err != nil {
 		return nil, err
 	}
-	if len(m) > 0 {
-		mac, err := net.ParseMAC(m)
+	if len(inputPorts) > 0 {
+		opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts)
 		if err != nil {
 			return nil, err
 		}
-		opts.StaticMAC = &mac
 	}
 
-	inputPorts, err := flags.GetStringSlice("publish")
+	opts.NoHosts, err = flags.GetBool("no-hosts")
 	if err != nil {
 		return nil, err
 	}
-	if len(inputPorts) > 0 {
-		opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts)
+
+	// parse the --network value only when the flag is set or we need to use
+	// the netns config value, e.g. when --pod is not used
+	if netnsFromConfig || flags.Changed("network") {
+		network, err := flags.GetString("network")
 		if err != nil {
 			return nil, err
 		}
+
+		ns, networks, options, err := specgen.ParseNetworkString(network)
+		if err != nil {
+			return nil, err
+		}
+
+		if len(options) > 0 {
+			opts.NetworkOptions = options
+		}
+		opts.Network = ns
+		opts.Networks = networks
 	}
 
 	ip, err := flags.GetString("ip")
@@ -183,35 +197,37 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet, netnsF
 		if staticIP == nil {
 			return nil, errors.Errorf("%s is not an ip address", ip)
 		}
-		if staticIP.To4() == nil {
-			return nil, errors.Wrapf(define.ErrInvalidArg, "%s is not an IPv4 address", ip)
+		if !opts.Network.IsBridge() {
+			return nil, errors.Wrap(define.ErrInvalidArg, "--ip can only be set when the network mode is bridge")
+		}
+		if len(opts.Networks) != 1 {
+			return nil, errors.Wrap(define.ErrInvalidArg, "--ip can only be set for a single network")
+		}
+		for name, netOpts := range opts.Networks {
+			netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP)
+			opts.Networks[name] = netOpts
 		}
-		opts.StaticIP = &staticIP
 	}
 
-	opts.NoHosts, err = flags.GetBool("no-hosts")
+	m, err := flags.GetString("mac-address")
 	if err != nil {
 		return nil, err
 	}
-
-	// parse the --network value only when the flag is set or we need to use
-	// the netns config value, e.g. when --pod is not used
-	if netnsFromConfig || flags.Changed("network") {
-		network, err := flags.GetString("network")
+	if len(m) > 0 {
+		mac, err := net.ParseMAC(m)
 		if err != nil {
 			return nil, err
 		}
-
-		ns, cniNets, options, err := specgen.ParseNetworkString(network)
-		if err != nil {
-			return nil, err
+		if !opts.Network.IsBridge() {
+			return nil, errors.Wrap(define.ErrInvalidArg, "--mac-address can only be set when the network mode is bridge")
 		}
-
-		if len(options) > 0 {
-			opts.NetworkOptions = options
+		if len(opts.Networks) != 1 {
+			return nil, errors.Wrap(define.ErrInvalidArg, "--mac-address can only be set for a single network")
+		}
+		for name, netOpts := range opts.Networks {
+			netOpts.StaticMAC = types.HardwareAddr(mac)
+			opts.Networks[name] = netOpts
 		}
-		opts.Network = ns
-		opts.CNINetworks = cniNets
 	}
 
 	aliases, err := flags.GetStringSlice("network-alias")
@@ -219,7 +235,13 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet, netnsF
 		return nil, err
 	}
 	if len(aliases) > 0 {
-		opts.Aliases = aliases
+		if !opts.Network.IsBridge() {
+			return nil, errors.Wrap(define.ErrInvalidArg, "--network-alias can only be set when the network mode is bridge")
+		}
+		for name, netOpts := range opts.Networks {
+			netOpts.Aliases = aliases
+			opts.Networks[name] = netOpts
+		}
 	}
 
 	return opts, err