From 3e9af2029f1f92fbc069f81ba9ca90c090617e9c Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Mon, 13 Dec 2021 15:56:20 +0100
Subject: play kube add support for multiple networks

Allow the same --network options for play kube as for podman run/create.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 pkg/api/handlers/libpod/play.go         |  4 +-
 pkg/api/server/register_play.go         |  6 ++-
 pkg/bindings/play/types.go              |  4 +-
 pkg/bindings/play/types_kube_options.go |  6 +--
 pkg/domain/entities/play.go             |  4 +-
 pkg/domain/infra/abi/play.go            | 69 ++++++++++++++++++++-------------
 pkg/domain/infra/tunnel/play.go         |  2 +-
 7 files changed, 55 insertions(+), 40 deletions(-)

(limited to 'pkg')

diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go
index f943fc240..312aa32de 100644
--- a/pkg/api/handlers/libpod/play.go
+++ b/pkg/api/handlers/libpod/play.go
@@ -23,7 +23,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
 	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
 	query := struct {
-		Network    string   `schema:"network"`
+		Network    []string `schema:"network"`
 		TLSVerify  bool     `schema:"tlsVerify"`
 		LogDriver  string   `schema:"logDriver"`
 		LogOptions []string `schema:"logOptions"`
@@ -103,7 +103,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Authfile:   authfile,
 		Username:   username,
 		Password:   password,
-		Network:    query.Network,
+		Networks:   query.Network,
 		NoHosts:    query.NoHosts,
 		Quiet:      true,
 		LogDriver:  query.LogDriver,
diff --git a/pkg/api/server/register_play.go b/pkg/api/server/register_play.go
index 915d0d02e..5ace01929 100644
--- a/pkg/api/server/register_play.go
+++ b/pkg/api/server/register_play.go
@@ -18,8 +18,10 @@ func (s *APIServer) registerPlayHandlers(r *mux.Router) error {
 	// parameters:
 	//  - in: query
 	//    name: network
-	//    type: string
-	//    description: Connect the pod to this network.
+	//    type: array
+	//    description: USe the network mode or specify an array of networks.
+	//    items:
+	//      type: string
 	//  - in: query
 	//    name: tlsVerify
 	//    type: boolean
diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go
index 011f7f9ca..ca639e46b 100644
--- a/pkg/bindings/play/types.go
+++ b/pkg/bindings/play/types.go
@@ -15,8 +15,8 @@ type KubeOptions struct {
 	Username *string
 	// Password for authenticating against the registry.
 	Password *string
-	// Network - name of the CNI network to connect to.
-	Network *string
+	// Network - name of the networks to connect to.
+	Network *[]string
 	// NoHosts - do not generate /etc/hosts file in pod's containers
 	NoHosts *bool
 	// Quiet - suppress output when pulling images.
diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go
index 344771e0c..593f026a3 100644
--- a/pkg/bindings/play/types_kube_options.go
+++ b/pkg/bindings/play/types_kube_options.go
@@ -79,15 +79,15 @@ func (o *KubeOptions) GetPassword() string {
 }
 
 // WithNetwork set field Network to given value
-func (o *KubeOptions) WithNetwork(value string) *KubeOptions {
+func (o *KubeOptions) WithNetwork(value []string) *KubeOptions {
 	o.Network = &value
 	return o
 }
 
 // GetNetwork returns value of field Network
-func (o *KubeOptions) GetNetwork() string {
+func (o *KubeOptions) GetNetwork() []string {
 	if o.Network == nil {
-		var z string
+		var z []string
 		return z
 	}
 	return *o.Network
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index ad35dfe25..39234caf8 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -26,8 +26,8 @@ type PlayKubeOptions struct {
 	Username string
 	// Password for authenticating against the registry.
 	Password string
-	// Network - name of the CNI network to connect to.
-	Network string
+	// Networks - name of the network to connect to.
+	Networks []string
 	// Quiet - suppress output when pulling images.
 	Quiet bool
 	// SignaturePolicy - path to a signature-policy file.
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 409ba938a..6b3b04a0b 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -17,6 +17,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/libpod/define"
+	nettypes "github.com/containers/podman/v3/libpod/network/types"
 	"github.com/containers/podman/v3/pkg/autoupdate"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/specgen"
@@ -195,39 +196,51 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		return nil, err
 	}
 
-	if options.Network != "" {
-		ns, networks, netOpts, err := specgen.ParseNetworkFlag([]string{options.Network})
-		if err != nil {
-			return nil, err
-		}
+	ns, networks, netOpts, err := specgen.ParseNetworkFlag(options.Networks)
+	if err != nil {
+		return nil, err
+	}
 
-		if (ns.IsBridge() && len(networks) == 0) || ns.IsHost() {
-			return nil, errors.Errorf("invalid value passed to --network: bridge or host networking must be configured in YAML")
-		}
+	if (ns.IsBridge() && len(networks) == 0) || ns.IsHost() {
+		return nil, errors.Errorf("invalid value passed to --network: bridge or host networking must be configured in YAML")
+	}
 
-		podOpt.Net.Network = ns
-		if len(networks) > 0 {
-			podOpt.Net.Networks = networks
+	podOpt.Net.Network = ns
+	podOpt.Net.Networks = networks
+	podOpt.Net.NetworkOptions = netOpts
+
+	// FIXME This is very hard to support properly with a good ux
+	if len(options.StaticIPs) > *ipIndex {
+		if !podOpt.Net.Network.IsBridge() {
+			errors.Wrap(define.ErrInvalidArg, "static ip addresses can only be set when the network mode is bridge")
+		}
+		if len(podOpt.Net.Networks) != 1 {
+			return nil, errors.Wrap(define.ErrInvalidArg, "cannot set static ip addresses for more than network, use netname:ip=<ip> syntax to specify ips for more than network")
 		}
-		if len(netOpts) > 0 {
-			podOpt.Net.NetworkOptions = netOpts
+		for name, netOpts := range podOpt.Net.Networks {
+			netOpts.StaticIPs = append(netOpts.StaticIPs, options.StaticIPs[*ipIndex])
+			podOpt.Net.Networks[name] = netOpts
 		}
+	} else if len(options.StaticIPs) > 0 {
+		// only warn if the user has set at least one ip
+		logrus.Warn("No more static ips left using a random one")
 	}
-
-	// FIXME This is very hard to support properly
-	// if len(options.StaticIPs) > *ipIndex {
-	// 	podOpt.Net.StaticIP = &options.StaticIPs[*ipIndex]
-	// } else if len(options.StaticIPs) > 0 {
-	// 	// only warn if the user has set at least one ip
-	// 	logrus.Warn("No more static ips left using a random one")
-	// }
-	// if len(options.StaticMACs) > *ipIndex {
-	// 	podOpt.Net.StaticMAC = &options.StaticMACs[*ipIndex]
-	// } else if len(options.StaticIPs) > 0 {
-	// 	// only warn if the user has set at least one mac
-	// 	logrus.Warn("No more static macs left using a random one")
-	// }
-	// *ipIndex++
+	if len(options.StaticMACs) > *ipIndex {
+		if !podOpt.Net.Network.IsBridge() {
+			errors.Wrap(define.ErrInvalidArg, "static mac address can only be set when the network mode is bridge")
+		}
+		if len(podOpt.Net.Networks) != 1 {
+			return nil, errors.Wrap(define.ErrInvalidArg, "cannot set static mac address for more than network, use netname:mac=<mac> syntax to specify mac for more than network")
+		}
+		for name, netOpts := range podOpt.Net.Networks {
+			netOpts.StaticMAC = nettypes.HardwareAddr(options.StaticMACs[*ipIndex])
+			podOpt.Net.Networks[name] = netOpts
+		}
+	} else if len(options.StaticIPs) > 0 {
+		// only warn if the user has set at least one mac
+		logrus.Warn("No more static macs left using a random one")
+	}
+	*ipIndex++
 
 	p := specgen.NewPodSpecGenerator()
 	if err != nil {
diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go
index 75952ce2c..103be0cf1 100644
--- a/pkg/domain/infra/tunnel/play.go
+++ b/pkg/domain/infra/tunnel/play.go
@@ -11,7 +11,7 @@ import (
 func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entities.PlayKubeOptions) (*entities.PlayKubeReport, error) {
 	options := new(play.KubeOptions).WithAuthfile(opts.Authfile).WithUsername(opts.Username).WithPassword(opts.Password)
 	options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps)
-	options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Network).WithSeccompProfileRoot(opts.SeccompProfileRoot)
+	options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Networks).WithSeccompProfileRoot(opts.SeccompProfileRoot)
 	options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs)
 	if len(opts.LogOptions) > 0 {
 		options.WithLogOptions(opts.LogOptions)
-- 
cgit v1.2.3-54-g00ecf