From 759c3a2dfe29cb0606d5849c28a74e59e06fede2 Mon Sep 17 00:00:00 2001 From: Dmitry Yakutkin Date: Fri, 11 Nov 2016 12:33:35 +0200 Subject: [PATCH 1/2] Error is now thrown when creating a network when any unknown options are passed in --- driver/network_driver.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/driver/network_driver.go b/driver/network_driver.go index d3de344..80fe684 100644 --- a/driver/network_driver.go +++ b/driver/network_driver.go @@ -68,6 +68,16 @@ func (d NetworkDriver) GetCapabilities() (*network.CapabilitiesResponse, error) func (d NetworkDriver) CreateNetwork(request *network.CreateNetworkRequest) error { logutils.JSONMessage(d.logger, "CreateNetwork JSON=%s", request) + genericOpts, ok := request.Options["com.docker.network.generic"] + if ok { + opts, ok := genericOpts.(map[string]interface{}) + if ok && len(opts) != 0 { + err := errors.New("Arbitrary options are not supported") + d.logger.Println(err) + return err + } + } + for _, ipData := range request.IPv4Data { // Older version of Docker have a bug where they don't provide the correct AddressSpace // so we can't check for calico IPAM using our know address space. @@ -149,8 +159,8 @@ func (d NetworkDriver) CreateEndpoint(request *network.CreateEndpointRequest) (* profile := &api.Profile{ Metadata: api.ProfileMetadata{Name: networkData.Name}, Spec: api.ProfileSpec{ - Tags: []string{networkData.Name}, - EgressRules: []api.Rule{{Action: "allow"}}, + Tags: []string{networkData.Name}, + EgressRules: []api.Rule{{Action: "allow"}}, IngressRules: []api.Rule{{Action: "allow", Source: api.EntityRule{Tag: networkData.Name}}}, }, } From 4216c8b059a9ae090459eb9024f60ff6ae845e7c Mon Sep 17 00:00:00 2001 From: Dmitry Yakutkin Date: Fri, 11 Nov 2016 12:34:43 +0200 Subject: [PATCH 2/2] Error is now thrown when creating a network when any unknown options are passed in --- .../libnetwork/test_error_arbitrary_opts.py | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 tests/st/libnetwork/test_error_arbitrary_opts.py diff --git a/tests/st/libnetwork/test_error_arbitrary_opts.py b/tests/st/libnetwork/test_error_arbitrary_opts.py new file mode 100644 index 0000000..c4ae2dd --- /dev/null +++ b/tests/st/libnetwork/test_error_arbitrary_opts.py @@ -0,0 +1,51 @@ +# Copyright 2015 Tigera, Inc. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import logging + +from subprocess import check_output + +from tests.st.test_base import TestBase +from tests.st.utils.docker_host import DockerHost +from tests.st.utils.utils import get_ip +from tests.st.libnetwork.test_mainline_single_host import \ + ADDITIONAL_DOCKER_OPTIONS + +logger = logging.getLogger(__name__) + + +class TestOptError(TestBase): + def test_error_arbitrary_opts(self): + """ + Test that a NetworkDriver.CreateNetwork fails when there are any '--opt' options passed. + """ + with DockerHost('host', + additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, + post_docker_commands=["docker load -i /code/busybox.tar", + "docker load -i /code/calico-node-libnetwork.tar"], + start_calico=False) as host: + run_plugin_command = 'docker run -d ' \ + '--net=host --privileged ' + \ + '-e CALICO_ETCD_AUTHORITY=%s:2379 ' \ + '-v /run/docker/plugins:/run/docker/plugins ' \ + '-v /var/run/docker.sock:/var/run/docker.sock ' \ + '-v /lib/modules:/lib/modules ' \ + '--name libnetwork-plugin ' \ + 'calico/libnetwork-plugin' % (get_ip(),) + + host.execute(run_plugin_command) + + with self.assertRaises(Exception) as cm: + host.execute("docker network create -d calico --ipam-driver calico-ipam --opt ipip=true shouldfailnet") + + self.assertIn("Arbitrary options are not supported", str(cm.exception))