disable dnsname when --internal

when doing a network creation, the dnsname plugin should be disabled when the --internal bool is set. a warning is displayed if this happens and docs are updated. Signed-off-by: baude <[email protected]>
iwita · Jan 26, 2021 · adc4fb4 · adc4fb4
1 parent 6ddae76
commit adc4fb4
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 3 deletions.
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
@@ -41,7 +41,8 @@ Define a gateway for the subnet. If you want to provide a gateway address, you m
 
 #### **--internal**
 
-Restrict external access of this network
+Restrict external access of this network. Note when using this option, the dnsname plugin will be
+automatically disabled.
 
 #### **--ip-range**
 

diff --git a/libpod/network/create.go b/libpod/network/create.go
@@ -14,6 +14,7 @@ import (
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/util"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // Create the CNI network
@@ -226,8 +227,12 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
 	// if we find the dnsname plugin or are rootless, we add configuration for it
 	// the rootless-cni-infra container has the dnsname plugin always installed
 	if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS {
-		// Note: in the future we might like to allow for dynamic domain names
-		plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
+		if options.Internal {
+			logrus.Warnf("dnsname and --internal networks are incompatible.  dnsname plugin not configured for network %s", name)
+		} else {
+			// Note: in the future we might like to allow for dynamic domain names
+			plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
+		}
 	}
 	ncList["plugins"] = plugins
 	b, err := json.MarshalIndent(ncList, "", "   ")

diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
@@ -375,4 +375,21 @@ var _ = Describe("Podman network create", func() {
 		Expect(nc).To(ExitWithError())
 	})
 
+	It("podman network create with internal should not have dnsname", func() {
+		net := "internal-test" + stringid.GenerateNonCryptoID()
+		nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
+		nc.WaitWithDefaultTimeout()
+		defer podmanTest.removeCNINetwork(net)
+		Expect(nc.ExitCode()).To(BeZero())
+		// Not performing this check on remote tests because it is a logrus error which does
+		// not come back via stderr on the remote client.
+		if !IsRemote() {
+			Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible"))
+		}
+		nc = podmanTest.Podman([]string{"network", "inspect", net})
+		nc.WaitWithDefaultTimeout()
+		Expect(nc.ExitCode()).To(BeZero())
+		Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname"))
+	})
+
 })