10 files changed, 402 insertions, 4 deletions
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index eebf4c033..734f72e5f 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -42,8 +42,13 @@ type ContainerEngine interface {
 	ContainerWait(ctx context.Context, namesOrIds []string, options WaitOptions) ([]WaitReport, error)
 	Events(ctx context.Context, opts EventsOptions) error
 	GenerateSystemd(ctx context.Context, nameOrID string, opts GenerateSystemdOptions) (*GenerateSystemdReport, error)
+	SystemPrune(ctx context.Context, options SystemPruneOptions) (*SystemPruneReport, error)
 	HealthCheckRun(ctx context.Context, nameOrId string, options HealthCheckOptions) (*define.HealthCheckResults, error)
 	Info(ctx context.Context) (*define.Info, error)
+	NetworkCreate(ctx context.Context, name string, options NetworkCreateOptions) (*NetworkCreateReport, error)
+	NetworkInspect(ctx context.Context, namesOrIds []string, options NetworkInspectOptions) ([]NetworkInspectReport, error)
+	NetworkList(ctx context.Context, options NetworkListOptions) ([]*NetworkListReport, error)
+	NetworkRm(ctx context.Context, namesOrIds []string, options NetworkRmOptions) ([]*NetworkRmReport, error)
 	PodCreate(ctx context.Context, opts PodCreateOptions) (*PodCreateReport, error)
 	PodExists(ctx context.Context, nameOrId string) (*BoolReport, error)
 	PodInspect(ctx context.Context, options PodInspectOptions) (*PodInspectReport, error)
diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go
new file mode 100644
index 000000000..cffd40899
--- /dev/null
+++ b/pkg/domain/entities/network.go
@@ -0,0 +1,52 @@
+package entities
+
+import (
+	"net"
+
+	"github.com/containernetworking/cni/libcni"
+)
+
+// NetworkListOptions describes options for listing networks in cli
+type NetworkListOptions struct {
+	Format string
+	Quiet  bool
+}
+
+// NetworkListReport describes the results from listing networks
+type NetworkListReport struct {
+	*libcni.NetworkConfigList
+}
+
+// NetworkInspectOptions describes options for inspect networks
+type NetworkInspectOptions struct {
+}
+
+// NetworkInspectReport describes the results from inspect networks
+type NetworkInspectReport map[string]interface{}
+
+// NetworkRmOptions describes options for removing networks
+type NetworkRmOptions struct {
+	Force bool
+}
+
+//NetworkRmReport describes the results of network removal
+type NetworkRmReport struct {
+	Name string
+	Err  error
+}
+
+// NetworkCreateOptions describes options to create a network
+type NetworkCreateOptions struct {
+	DisableDNS bool
+	Driver     string
+	Gateway    net.IP
+	Internal   bool
+	MacVLAN    string
+	Range      net.IPNet
+	Subnet     net.IPNet
+}
+
+// NetworkCreateReport describes a created network for the cli
+type NetworkCreateReport struct {
+	Filename string
+}
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index f4996583a..244fbc5cd 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -193,6 +193,10 @@ func (ic *ContainerEngine) ContainerPrune(ctx context.Context, options entities.
 			filterFuncs = append(filterFuncs, generatedFunc)
 		}
 	}
+	return ic.pruneContainersHelper(ctx, filterFuncs)
+}
+
+func (ic *ContainerEngine) pruneContainersHelper(ctx context.Context, filterFuncs []libpod.ContainerFilter) (*entities.ContainerPruneReport, error) {
 	prunedContainers, pruneErrors, err := ic.Libpod.PruneContainers(filterFuncs)
 	if err != nil {
 		return nil, err
@@ -523,7 +527,8 @@ func (ic *ContainerEngine) ContainerAttach(ctx context.Context, nameOrId string,
 	}
 
 	// If the container is in a pod, also set to recursively start dependencies
-	if err := terminal.StartAttachCtr(ctx, ctr, options.Stdout, options.Stderr, options.Stdin, options.DetachKeys, options.SigProxy, false, ctr.PodID() != ""); err != nil && errors.Cause(err) != define.ErrDetach {
+	err = terminal.StartAttachCtr(ctx, ctr, options.Stdout, options.Stderr, options.Stdin, options.DetachKeys, options.SigProxy, false, ctr.PodID() != "")
+	if err != nil && errors.Cause(err) != define.ErrDetach {
 		return errors.Wrapf(err, "error attaching to container %s", ctr.ID())
 	}
 	return nil
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index be788b2bf..0af06fb89 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -36,7 +36,11 @@ func (ir *ImageEngine) Exists(_ context.Context, nameOrId string) (*entities.Boo
 }
 
 func (ir *ImageEngine) Prune(ctx context.Context, opts entities.ImagePruneOptions) (*entities.ImagePruneReport, error) {
-	results, err := ir.Libpod.ImageRuntime().PruneImages(ctx, opts.All, opts.Filter)
+	return ir.pruneImagesHelper(ctx, opts.All, opts.Filter)
+}
+
+func (ir *ImageEngine) pruneImagesHelper(ctx context.Context, all bool, filters []string) (*entities.ImagePruneReport, error) {
+	results, err := ir.Libpod.ImageRuntime().PruneImages(ctx, all, filters)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go
new file mode 100644
index 000000000..5c39b5374
--- /dev/null
+++ b/pkg/domain/infra/abi/network.go
@@ -0,0 +1,258 @@
+package abi
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+
+	cniversion "github.com/containernetworking/cni/pkg/version"
+	"github.com/containers/libpod/libpod"
+	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/network"
+	"github.com/containers/libpod/pkg/util"
+	"github.com/pkg/errors"
+)
+
+func getCNIConfDir(r *libpod.Runtime) (string, error) {
+	config, err := r.GetConfig()
+	if err != nil {
+		return "", err
+	}
+	configPath := config.Network.NetworkConfigDir
+
+	if len(config.Network.NetworkConfigDir) < 1 {
+		configPath = network.CNIConfigDir
+	}
+	return configPath, nil
+}
+
+func (ic *ContainerEngine) NetworkList(ctx context.Context, options entities.NetworkListOptions) ([]*entities.NetworkListReport, error) {
+	var reports []*entities.NetworkListReport
+	cniConfigPath, err := getCNIConfDir(ic.Libpod)
+	if err != nil {
+		return nil, err
+	}
+	networks, err := network.LoadCNIConfsFromDir(cniConfigPath)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, n := range networks {
+		reports = append(reports, &entities.NetworkListReport{NetworkConfigList: n})
+	}
+	return reports, nil
+}
+
+func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []string, options entities.NetworkInspectOptions) ([]entities.NetworkInspectReport, error) {
+	var (
+		rawCNINetworks []entities.NetworkInspectReport
+	)
+	for _, name := range namesOrIds {
+		rawList, err := network.InspectNetwork(name)
+		if err != nil {
+			return nil, err
+		}
+		rawCNINetworks = append(rawCNINetworks, rawList)
+	}
+	return rawCNINetworks, nil
+}
+
+func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) {
+	var reports []*entities.NetworkRmReport
+	for _, name := range namesOrIds {
+		report := entities.NetworkRmReport{Name: name}
+		containers, err := ic.Libpod.GetAllContainers()
+		if err != nil {
+			return reports, err
+		}
+		// We need to iterate containers looking to see if they belong to the given network
+		for _, c := range containers {
+			if util.StringInSlice(name, c.Config().Networks) {
+				// if user passes force, we nuke containers
+				if !options.Force {
+					// Without the force option, we return an error
+					return reports, errors.Errorf("%q has associated containers with it. Use -f to forcibly delete containers", name)
+				}
+				if err := ic.Libpod.RemoveContainer(ctx, c, true, true); err != nil {
+					return reports, err
+				}
+			}
+		}
+		if err := network.RemoveNetwork(name); err != nil {
+			report.Err = err
+		}
+		reports = append(reports, &report)
+	}
+	return reports, nil
+}
+
+func (ic *ContainerEngine) NetworkCreate(ctx context.Context, name string, options entities.NetworkCreateOptions) (*entities.NetworkCreateReport, error) {
+	var (
+		err      error
+		fileName string
+	)
+	if len(options.MacVLAN) > 0 {
+		fileName, err = createMacVLAN(ic.Libpod, name, options)
+	} else {
+		fileName, err = createBridge(ic.Libpod, name, options)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &entities.NetworkCreateReport{Filename: fileName}, nil
+}
+
+// createBridge creates a CNI network
+func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreateOptions) (string, error) {
+	isGateway := true
+	ipMasq := true
+	subnet := &options.Subnet
+	ipRange := options.Range
+	runtimeConfig, err := r.GetConfig()
+	if err != nil {
+		return "", err
+	}
+	// if range is provided, make sure it is "in" network
+	if subnet.IP != nil {
+		// if network is provided, does it conflict with existing CNI or live networks
+		err = network.ValidateUserNetworkIsAvailable(subnet)
+	} else {
+		// if no network is provided, figure out network
+		subnet, err = network.GetFreeNetwork()
+	}
+	if err != nil {
+		return "", err
+	}
+	gateway := options.Gateway
+	if gateway == nil {
+		// if no gateway is provided, provide it as first ip of network
+		gateway = network.CalcGatewayIP(subnet)
+	}
+	// if network is provided and if gateway is provided, make sure it is "in" network
+	if options.Subnet.IP != nil && options.Gateway != nil {
+		if !subnet.Contains(gateway) {
+			return "", errors.Errorf("gateway %s is not in valid for subnet %s", gateway.String(), subnet.String())
+		}
+	}
+	if options.Internal {
+		isGateway = false
+		ipMasq = false
+	}
+
+	// if a range is given, we need to ensure it is "in" the network range.
+	if options.Range.IP != nil {
+		if options.Subnet.IP == nil {
+			return "", errors.New("you must define a subnet range to define an ip-range")
+		}
+		firstIP, err := network.FirstIPInSubnet(&options.Range)
+		if err != nil {
+			return "", err
+		}
+		lastIP, err := network.LastIPInSubnet(&options.Range)
+		if err != nil {
+			return "", err
+		}
+		if !subnet.Contains(firstIP) || !subnet.Contains(lastIP) {
+			return "", errors.Errorf("the ip range %s does not fall within the subnet range %s", options.Range.String(), subnet.String())
+		}
+	}
+	bridgeDeviceName, err := network.GetFreeDeviceName()
+	if err != nil {
+		return "", err
+	}
+
+	if len(name) > 0 {
+		netNames, err := network.GetNetworkNamesFromFileSystem()
+		if err != nil {
+			return "", err
+		}
+		if util.StringInSlice(name, netNames) {
+			return "", errors.Errorf("the network name %s is already used", name)
+		}
+	} else {
+		// If no name is given, we give the name of the bridge device
+		name = bridgeDeviceName
+	}
+
+	ncList := network.NewNcList(name, cniversion.Current())
+	var plugins []network.CNIPlugins
+	var routes []network.IPAMRoute
+
+	defaultRoute, err := network.NewIPAMDefaultRoute()
+	if err != nil {
+		return "", err
+	}
+	routes = append(routes, defaultRoute)
+	ipamConfig, err := network.NewIPAMHostLocalConf(subnet, routes, ipRange, gateway)
+	if err != nil {
+		return "", err
+	}
+
+	// TODO need to iron out the role of isDefaultGW and IPMasq
+	bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
+	plugins = append(plugins, bridge)
+	plugins = append(plugins, network.NewPortMapPlugin())
+	plugins = append(plugins, network.NewFirewallPlugin())
+	// if we find the dnsname plugin, we add configuration for it
+	if network.HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) && !options.DisableDNS {
+		// Note: in the future we might like to allow for dynamic domain names
+		plugins = append(plugins, network.NewDNSNamePlugin(network.DefaultPodmanDomainName))
+	}
+	ncList["plugins"] = plugins
+	b, err := json.MarshalIndent(ncList, "", "   ")
+	if err != nil {
+		return "", err
+	}
+	cniConfigPath, err := getCNIConfDir(r)
+	if err != nil {
+		return "", err
+	}
+	cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name))
+	err = ioutil.WriteFile(cniPathName, b, 0644)
+	return cniPathName, err
+}
+
+func createMacVLAN(r *libpod.Runtime, name string, options entities.NetworkCreateOptions) (string, error) {
+	var (
+		plugins []network.CNIPlugins
+	)
+	liveNetNames, err := network.GetLiveNetworkNames()
+	if err != nil {
+		return "", err
+	}
+	// Make sure the host-device exists
+	if !util.StringInSlice(options.MacVLAN, liveNetNames) {
+		return "", errors.Errorf("failed to find network interface %q", options.MacVLAN)
+	}
+	if len(name) > 0 {
+		netNames, err := network.GetNetworkNamesFromFileSystem()
+		if err != nil {
+			return "", err
+		}
+		if util.StringInSlice(name, netNames) {
+			return "", errors.Errorf("the network name %s is already used", name)
+		}
+	} else {
+		name, err = network.GetFreeDeviceName()
+		if err != nil {
+			return "", err
+		}
+	}
+	ncList := network.NewNcList(name, cniversion.Current())
+	macvlan := network.NewMacVLANPlugin(options.MacVLAN)
+	plugins = append(plugins, macvlan)
+	ncList["plugins"] = plugins
+	b, err := json.MarshalIndent(ncList, "", "   ")
+	if err != nil {
+		return "", err
+	}
+	cniConfigPath, err := getCNIConfDir(r)
+	if err != nil {
+		return "", err
+	}
+	cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name))
+	err = ioutil.WriteFile(cniPathName, b, 0644)
+	return cniPathName, err
+}
diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go
index b286bcf0d..16c222cbd 100644
--- a/pkg/domain/infra/abi/pods.go
+++ b/pkg/domain/infra/abi/pods.go
@@ -243,6 +243,10 @@ func (ic *ContainerEngine) PodRm(ctx context.Context, namesOrIds []string, optio
 }
 
 func (ic *ContainerEngine) PodPrune(ctx context.Context, options entities.PodPruneOptions) ([]*entities.PodPruneReport, error) {
+	return ic.prunePodHelper(ctx)
+}
+
+func (ic *ContainerEngine) prunePodHelper(ctx context.Context) ([]*entities.PodPruneReport, error) {
 	var (
 		reports []*entities.PodPruneReport
 	)
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index e5c109ee6..ab1b282d8 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -175,3 +175,41 @@ func setUMask() { // nolint:deadcode,unused
 func checkInput() error { // nolint:deadcode,unused
 	return nil
 }
+
+// SystemPrune removes unsed data from the system. Pruning pods, containers, volumes and images.
+func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) {
+	var systemPruneReport = new(entities.SystemPruneReport)
+	podPruneReport, err := ic.prunePodHelper(ctx)
+	if err != nil {
+		return nil, err
+	}
+	systemPruneReport.PodPruneReport = podPruneReport
+
+	containerPruneReport, err := ic.pruneContainersHelper(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+	systemPruneReport.ContainerPruneReport = containerPruneReport
+
+	results, err := ic.Libpod.ImageRuntime().PruneImages(ctx, options.All, nil)
+	if err != nil {
+		return nil, err
+	}
+	report := entities.ImagePruneReport{
+		Report: entities.Report{
+			Id:  results,
+			Err: nil,
+		},
+	}
+
+	systemPruneReport.ImagePruneReport = &report
+
+	if options.Volume {
+		volumePruneReport, err := ic.pruneVolumesHelper(ctx)
+		if err != nil {
+			return nil, err
+		}
+		systemPruneReport.VolumePruneReport = volumePruneReport
+	}
+	return systemPruneReport, nil
+}
diff --git a/pkg/domain/infra/abi/volumes.go b/pkg/domain/infra/abi/volumes.go
index bdae4359d..91b2440df 100644
--- a/pkg/domain/infra/abi/volumes.go
+++ b/pkg/domain/infra/abi/volumes.go
@@ -1,5 +1,3 @@
-// +build ABISupport
-
 package abi
 
 import (
@@ -113,6 +111,10 @@ func (ic *ContainerEngine) VolumeInspect(ctx context.Context, namesOrIds []strin
 }
 
 func (ic *ContainerEngine) VolumePrune(ctx context.Context, opts entities.VolumePruneOptions) ([]*entities.VolumePruneReport, error) {
+	return ic.pruneVolumesHelper(ctx)
+}
+
+func (ic *ContainerEngine) pruneVolumesHelper(ctx context.Context) ([]*entities.VolumePruneReport, error) {
 	var (
 		reports []*entities.VolumePruneReport
 	)
diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go
new file mode 100644
index 000000000..4ff72dcfc
--- /dev/null
+++ b/pkg/domain/infra/tunnel/network.go
@@ -0,0 +1,23 @@
+package tunnel
+
+import (
+	"context"
+	"errors"
+
+	"github.com/containers/libpod/pkg/domain/entities"
+)
+
+func (ic *ContainerEngine) NetworkList(ctx context.Context, options entities.NetworkListOptions) ([]*entities.NetworkListReport, error) {
+	return nil, errors.New("not implemented")
+}
+
+func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []string, options entities.NetworkInspectOptions) ([]entities.NetworkInspectReport, error) {
+	return nil, errors.New("not implemented")
+}
+func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) {
+	return nil, errors.New("not implemented")
+}
+
+func (ic *ContainerEngine) NetworkCreate(ctx context.Context, name string, options entities.NetworkCreateOptions) (*entities.NetworkCreateReport, error) {
+	return nil, errors.New("not implemented")
+}
diff --git a/pkg/domain/infra/tunnel/system.go b/pkg/domain/infra/tunnel/system.go
index 97bf885e7..18cb6c75a 100644
--- a/pkg/domain/infra/tunnel/system.go
+++ b/pkg/domain/infra/tunnel/system.go
@@ -3,6 +3,7 @@ package tunnel
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/bindings/system"
@@ -21,3 +22,9 @@ func (ic *ContainerEngine) VarlinkService(_ context.Context, _ entities.ServiceO
 func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) error {
 	panic(errors.New("rootless engine mode is not supported when tunneling"))
 }
+
+// SystemPrune prunes unused data from the system.
+func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) {
+	fmt.Println("in tunnel")
+	return system.Prune(ic.ClientCxt, &options.All, &options.Volume)
+}