From a8c07f8b162ccb514a3453542418487ff6a04e9d Mon Sep 17 00:00:00 2001 From: Matt Heon Date: Fri, 4 Oct 2024 08:56:25 -0400 Subject: [PATCH] [v4.9-rhel] Exposed ports are only included when not --net=host Undoing some of my own work here from #24090 now that we have the ExposedPorts field implemented in inspect. I considered a revert of that patch, but it's still needed as without it we'd be including exposed ports when --net=container which is not correct. Basically, exposed ports for a container should always go in the new ExposedPorts field we added. They sometimes go in the Ports field in NetworkSettings, but only when the container is not net=host and not net=container. We were always including exposed ports, which was not correct, but is an easy logical fix. Also required is a test change to correct the expected behavior as we were testing for incorrect behavior. Fixes https://issues.redhat.com/browse/RHEL-60382 Signed-off-by: Matt Heon (cherry picked from commit 8061553c0f7974652958ac2c93162399a91819de) Signed-off-by: tomsweeneyredhat --- libpod/container_inspect.go | 6 +++++- test/e2e/run_networking_test.go | 19 ++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 8b359b9f0b..bfd9f30388 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -206,7 +206,11 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver return nil, err } data.NetworkSettings = networkConfig - addInspectPortsExpose(c.config.ExposedPorts, data.NetworkSettings.Ports) + // Ports in NetworkSettings includes exposed ports for network modes that are not host, + // and not container. + if !(c.config.NetNsCtr != "" || c.NetworkMode() == "host") { + addInspectPortsExpose(c.config.ExposedPorts, data.NetworkSettings.Ports) + } inspectConfig := c.generateInspectContainerConfig(ctrSpec) data.Config = inspectConfig diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index c0c1b2ec45..99b1c73178 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -434,19 +434,22 @@ EXPOSE 2004-2005/tcp`, ALPINE) Expect(inspectOut[0].HostConfig.PublishAllPorts).To(BeTrue()) }) - It("podman run --net=host --expose includes port in inspect output", func() { + It("podman run --net=host --expose includes ports in inspect output", func() { containerName := "testctr" - session := podmanTest.Podman([]string{"run", "--name", containerName, "-d", "--expose", "8080/tcp", NGINX_IMAGE, "sleep", "+inf"}) + session := podmanTest.Podman([]string{"run", "--net=host", "--name", containerName, "-d", "--expose", "8080/tcp", NGINX_IMAGE, "sleep", "+inf"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) inspectOut := podmanTest.InspectContainer(containerName) Expect(inspectOut).To(HaveLen(1)) + // Ports is empty. ExposedPorts is not. + Expect(inspectOut[0].NetworkSettings.Ports).To(BeEmpty()) + // 80 from the image, 8080 from the expose - Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(2)) - Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("80/tcp")) - Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("8080/tcp")) + Expect(inspectOut[0].Config.ExposedPorts).To(HaveLen(2)) + Expect(inspectOut[0].Config.ExposedPorts).To(HaveKey("80/tcp")) + Expect(inspectOut[0].Config.ExposedPorts).To(HaveKey("8080/tcp")) }) It("podman run --net=container --expose exposed port from own container", func() { @@ -462,8 +465,10 @@ EXPOSE 2004-2005/tcp`, ALPINE) inspectOut := podmanTest.InspectContainer(ctr2) Expect(inspectOut).To(HaveLen(1)) - Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) - Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("8090/tcp")) + // Ports will not be populated. ExposedPorts will be. + Expect(inspectOut[0].NetworkSettings.Ports).To(BeEmpty()) + Expect(inspectOut[0].Config.ExposedPorts).To(HaveLen(1)) + Expect(inspectOut[0].Config.ExposedPorts).To(HaveKey("8090/tcp")) }) It("podman run -p 127.0.0.1::8980/udp", func() {