Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6701: Added ability to disable the container DNS plugin #4032

Merged
merged 1 commit into from
Sep 12, 2024
Merged

T6701: Added ability to disable the container DNS plugin #4032

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions interface-definitions/container.xml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -519,6 +519,12 @@
<multi/>
</properties>
</leafNode>
<leafNode name="no-name-server">
<properties>
<help>Disable Domain Name System (DNS) plugin for this network</help>
<valueless/>
</properties>
</leafNode>
#include <include/interface/vrf.xml.i>
</children>
</tagNode>
Expand Down
16 changes: 16 additions & 0 deletions smoketest/scripts/cli/test_container.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
# Load image for smoketest provided in vyos-build
try:
cmd(f'cat {busybox_image_path} | sudo podman load')
except:

Check failure on line 48 in smoketest/scripts/cli/test_container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (E722) 

smoketest/scripts/cli/test_container.py:48:9: E722 Do not use bare `except`
cls.skipTest(cls, reason='busybox image not available')

# ensure we can also run this test on a live system - so lets clean
Expand Down Expand Up @@ -208,6 +208,22 @@
self.assertEqual(c['NetworkSettings']['Networks'][net_name]['Gateway'] , str(ip_interface(prefix4).ip + 1))
self.assertEqual(c['NetworkSettings']['Networks'][net_name]['IPAddress'] , str(ip_interface(prefix4).ip + ii))

def test_no_name_server(self):
prefix = '192.0.2.0/24'
base_name = 'ipv4'
net_name = 'NET01'

self.cli_set(base_path + ['network', net_name, 'prefix', prefix])
self.cli_set(base_path + ['network', net_name, 'no-name-server'])

name = f'{base_name}-2'
self.cli_set(base_path + ['name', name, 'image', cont_image])
self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix).ip + 2)])
self.cli_commit()

n = cmd_to_json(f'sudo podman network inspect {net_name}')
self.assertEqual(n['dns_enabled'], False)

def test_uid_gid(self):
cont_name = 'uid-test'
gid = '100'
Expand Down
4 changes: 4 additions & 0 deletions src/conf_mode/container.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,10 +98,10 @@

# Delete container network, delete containers
tmp = node_changed(conf, base + ['network'])
if tmp: container.update({'network_remove': tmp})

Check failure on line 101 in src/conf_mode/container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (E701) 

src/conf_mode/container.py:101:11: E701 Multiple statements on one line (colon)

tmp = node_changed(conf, base + ['name'])
if tmp: container.update({'container_remove': tmp})

Check failure on line 104 in src/conf_mode/container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (E701) 

src/conf_mode/container.py:104:11: E701 Multiple statements on one line (colon)

return container

Expand Down Expand Up @@ -157,13 +157,13 @@
try:
network = [x for x in container['network'][network_name]['prefix'] if is_ipv4(x)][0]
cnt_ipv4 += 1
except:

Check failure on line 160 in src/conf_mode/container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (E722) 

src/conf_mode/container.py:160:29: E722 Do not use bare `except`
raise ConfigError(f'Network "{network_name}" does not contain an IPv4 prefix!')
elif is_ipv6(address):
try:
network = [x for x in container['network'][network_name]['prefix'] if is_ipv6(x)][0]
cnt_ipv6 += 1
except:

Check failure on line 166 in src/conf_mode/container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (E722) 

src/conf_mode/container.py:166:29: E722 Do not use bare `except`
raise ConfigError(f'Network "{network_name}" does not contain an IPv6 prefix!')

# Specified container IP address must belong to network prefix
Expand Down Expand Up @@ -223,7 +223,7 @@
if 'port' in container_config:
for tmp in container_config['port']:
if not {'source', 'destination'} <= set(container_config['port'][tmp]):
raise ConfigError(f'Both "source" and "destination" must be specified for a port mapping!')

Check failure on line 226 in src/conf_mode/container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (F541) 

src/conf_mode/container.py:226:43: F541 f-string without any placeholders

# If 'allow-host-networks' or 'network' not set.
if 'allow_host_networks' not in container_config and 'network' not in container_config:
Expand All @@ -236,7 +236,7 @@

# gid cannot be set without uid
if 'gid' in container_config and 'uid' not in container_config:
raise ConfigError(f'Cannot set "gid" without "uid" for container')

Check failure on line 239 in src/conf_mode/container.py

View workflow job for this annotation

GitHub Actions / ruff-lint / ruff-lint

Ruff (F541) 

src/conf_mode/container.py:239:35: F541 f-string without any placeholders

# Add new network
if 'network' in container:
Expand Down Expand Up @@ -421,6 +421,10 @@
'driver': 'host-local'
}
}

if 'no_name_server' in network_config:
tmp['dns_enabled'] = False

for prefix in network_config['prefix']:
net = {'subnet': prefix, 'gateway': inc_ip(prefix, 1)}
tmp['subnets'].append(net)
Expand Down
Loading