From c0b1edd6a4dcad2b89a01975988d186b21b3158e Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 15 Jul 2021 10:29:19 +0200
Subject: Network interface

Implement a new network interface to abstract CNI from libpod. The
interface is implemented for the CNI backend but in the future we can
add more backends.

The code is structured in three new packages:
- `libpod/network/types`: contains the interface definition
  and the necessary types for it.
- `libpod/network/cni` contains the interface implementation for the CNI
  backend.
- `libpod/network/util` a set of utility functions related to
  networking.

The CNI package uses ginkgo style unit tests. To test Setup/Teardown the
test must be run as root. Each test will run in their own namespace to
make the test independent from the host environment.

New features with the CNI backend:
- The default network will be created in memory if it does not exists on
  disk.
- It can set more than one static IP per container network.
- Networks are loaded once from disk and only if this interface is
  used, e.g. for commands such as `podman info` networks are not loaded.
  This reduces unnecessary disk IO.

This commit only adds the interface it is not wired into libpod. This
requires a lot of breaking changes which will be done in a followup
commit.

Once this is integrated into libpod the current network code under
`libpod/network` should be removed. Also the dependency on OCICNI
should be dropped.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 .../network/cni/testfiles/invalid/broken.conflist  | 25 ++++++++++
 .../cni/testfiles/invalid/invalid_gateway.conflist | 51 +++++++++++++++++++
 .../cni/testfiles/invalid/invalidname.conflist     | 49 ++++++++++++++++++
 .../network/cni/testfiles/invalid/noname.conflist  | 48 ++++++++++++++++++
 .../cni/testfiles/invalid/noplugin.conflist        |  5 ++
 .../cni/testfiles/invalid/samename1.conflist       | 49 ++++++++++++++++++
 .../cni/testfiles/invalid/samename2.conflist       | 49 ++++++++++++++++++
 .../network/cni/testfiles/valid/87-podman.conflist | 37 ++++++++++++++
 libpod/network/cni/testfiles/valid/bridge.conflist | 51 +++++++++++++++++++
 .../network/cni/testfiles/valid/dualstack.conflist | 58 ++++++++++++++++++++++
 .../network/cni/testfiles/valid/internal.conflist  | 40 +++++++++++++++
 libpod/network/cni/testfiles/valid/label.conflist  | 54 ++++++++++++++++++++
 .../network/cni/testfiles/valid/macvlan.conflist   | 13 +++++
 .../cni/testfiles/valid/macvlan_mtu.conflist       | 14 ++++++
 libpod/network/cni/testfiles/valid/mtu.conflist    | 49 ++++++++++++++++++
 libpod/network/cni/testfiles/valid/vlan.conflist   | 50 +++++++++++++++++++
 16 files changed, 642 insertions(+)
 create mode 100644 libpod/network/cni/testfiles/invalid/broken.conflist
 create mode 100644 libpod/network/cni/testfiles/invalid/invalid_gateway.conflist
 create mode 100644 libpod/network/cni/testfiles/invalid/invalidname.conflist
 create mode 100644 libpod/network/cni/testfiles/invalid/noname.conflist
 create mode 100644 libpod/network/cni/testfiles/invalid/noplugin.conflist
 create mode 100644 libpod/network/cni/testfiles/invalid/samename1.conflist
 create mode 100644 libpod/network/cni/testfiles/invalid/samename2.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/87-podman.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/bridge.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/dualstack.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/internal.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/label.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/macvlan.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/macvlan_mtu.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/mtu.conflist
 create mode 100644 libpod/network/cni/testfiles/valid/vlan.conflist

(limited to 'libpod/network/cni/testfiles')

diff --git a/libpod/network/cni/testfiles/invalid/broken.conflist b/libpod/network/cni/testfiles/invalid/broken.conflist
new file mode 100644
index 000000000..e5bf48b39
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/broken.conflist
@@ -0,0 +1,25 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "bridge",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman9",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8.1"
+                  }
+               ]
+            ]
diff --git a/libpod/network/cni/testfiles/invalid/invalid_gateway.conflist b/libpod/network/cni/testfiles/invalid/invalid_gateway.conflist
new file mode 100644
index 000000000..f03c1fde4
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/invalid_gateway.conflist
@@ -0,0 +1,51 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "invalidgw",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman8",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8",
+                     "rangeStart": "10.89.8.20",
+                     "rangeEnd": "10.89.8.50"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/invalid/invalidname.conflist b/libpod/network/cni/testfiles/invalid/invalidname.conflist
new file mode 100644
index 000000000..e35be69db
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/invalidname.conflist
@@ -0,0 +1,49 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "bridge@123",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman9",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8.1"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/invalid/noname.conflist b/libpod/network/cni/testfiles/invalid/noname.conflist
new file mode 100644
index 000000000..865abadf8
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/noname.conflist
@@ -0,0 +1,48 @@
+{
+   "cniVersion": "0.4.0",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman9",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8.1"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/invalid/noplugin.conflist b/libpod/network/cni/testfiles/invalid/noplugin.conflist
new file mode 100644
index 000000000..af192adca
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/noplugin.conflist
@@ -0,0 +1,5 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "bridge",
+   "plugins": []
+}
diff --git a/libpod/network/cni/testfiles/invalid/samename1.conflist b/libpod/network/cni/testfiles/invalid/samename1.conflist
new file mode 100644
index 000000000..57b325264
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/samename1.conflist
@@ -0,0 +1,49 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "bridge",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman9",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8.1"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/invalid/samename2.conflist b/libpod/network/cni/testfiles/invalid/samename2.conflist
new file mode 100644
index 000000000..57b325264
--- /dev/null
+++ b/libpod/network/cni/testfiles/invalid/samename2.conflist
@@ -0,0 +1,49 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "bridge",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman9",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8.1"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/87-podman.conflist b/libpod/network/cni/testfiles/valid/87-podman.conflist
new file mode 100644
index 000000000..ef760a61b
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/87-podman.conflist
@@ -0,0 +1,37 @@
+{
+  "cniVersion": "0.4.0",
+  "name": "podman",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "cni-podman0",
+      "isGateway": true,
+      "ipMasq": true,
+      "hairpinMode": true,
+      "ipam": {
+        "type": "host-local",
+        "routes": [{ "dst": "0.0.0.0/0" }],
+        "ranges": [
+          [
+            {
+              "subnet": "10.88.0.0/16",
+              "gateway": "10.88.0.1"
+            }
+          ]
+        ]
+      }
+    },
+    {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      }
+    },
+    {
+      "type": "firewall"
+    },
+    {
+      "type": "tuning"
+    }
+  ]
+}
diff --git a/libpod/network/cni/testfiles/valid/bridge.conflist b/libpod/network/cni/testfiles/valid/bridge.conflist
new file mode 100644
index 000000000..8952b50b7
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/bridge.conflist
@@ -0,0 +1,51 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "bridge",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman9",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.8.0/24",
+                     "gateway": "10.89.8.1",
+                     "rangeStart": "10.89.8.20",
+                     "rangeEnd": "10.89.8.50"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/dualstack.conflist b/libpod/network/cni/testfiles/valid/dualstack.conflist
new file mode 100644
index 000000000..dd08382f0
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/dualstack.conflist
@@ -0,0 +1,58 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "dualstack",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman21",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "::/0"
+               },
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "fd10:88:a::/64",
+                     "gateway": "fd10:88:a::1"
+                  }
+               ],
+               [
+                  {
+                     "subnet": "10.89.19.0/24",
+                     "gateway": "10.89.19.10"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/internal.conflist b/libpod/network/cni/testfiles/valid/internal.conflist
new file mode 100644
index 000000000..1b6f15a96
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/internal.conflist
@@ -0,0 +1,40 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "internal",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman8",
+         "isGateway": false,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.7.0/24"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/label.conflist b/libpod/network/cni/testfiles/valid/label.conflist
new file mode 100644
index 000000000..1501f9bd7
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/label.conflist
@@ -0,0 +1,54 @@
+{
+   "args": {
+      "podman_labels": {
+         "mykey": "value"
+      }
+   },
+   "cniVersion": "0.4.0",
+   "name": "label",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman15",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.13.0/24",
+                     "gateway": "10.89.13.1"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/macvlan.conflist b/libpod/network/cni/testfiles/valid/macvlan.conflist
new file mode 100644
index 000000000..8f3692334
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/macvlan.conflist
@@ -0,0 +1,13 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "macvlan",
+   "plugins": [
+      {
+         "type": "macvlan",
+         "master": "lo",
+         "ipam": {
+            "type": "dhcp"
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/macvlan_mtu.conflist b/libpod/network/cni/testfiles/valid/macvlan_mtu.conflist
new file mode 100644
index 000000000..2fd259117
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/macvlan_mtu.conflist
@@ -0,0 +1,14 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "macvlan_mtu",
+   "plugins": [
+      {
+         "type": "macvlan",
+         "master": "lo",
+         "ipam": {
+            "type": "dhcp"
+         },
+         "mtu": 1300
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/mtu.conflist b/libpod/network/cni/testfiles/valid/mtu.conflist
new file mode 100644
index 000000000..db5f7e194
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/mtu.conflist
@@ -0,0 +1,49 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "mtu",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman13",
+         "isGateway": true,
+         "ipMasq": true,
+         "mtu": 1500,
+         "hairpinMode": true,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.11.0/24"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
diff --git a/libpod/network/cni/testfiles/valid/vlan.conflist b/libpod/network/cni/testfiles/valid/vlan.conflist
new file mode 100644
index 000000000..75e8967f1
--- /dev/null
+++ b/libpod/network/cni/testfiles/valid/vlan.conflist
@@ -0,0 +1,50 @@
+{
+   "cniVersion": "0.4.0",
+   "name": "vlan",
+   "plugins": [
+      {
+         "type": "bridge",
+         "bridge": "cni-podman14",
+         "isGateway": true,
+         "ipMasq": true,
+         "hairpinMode": true,
+         "vlan": 5,
+         "ipam": {
+            "type": "host-local",
+            "routes": [
+               {
+                  "dst": "0.0.0.0/0"
+               }
+            ],
+            "ranges": [
+               [
+                  {
+                     "subnet": "10.89.12.0/24",
+                     "gateway": "10.89.12.1"
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         "type": "portmap",
+         "capabilities": {
+            "portMappings": true
+         }
+      },
+      {
+         "type": "firewall",
+         "backend": ""
+      },
+      {
+         "type": "tuning"
+      },
+      {
+         "type": "dnsname",
+         "domainName": "dns.podman",
+         "capabilities": {
+            "aliases": true
+         }
+      }
+   ]
+}
-- 
cgit v1.2.3-54-g00ecf