libnetwork/netavark: add isolate option 'strict'

The strict isolate refuses to communicate with non-isolate and isolate. Signed-off-by: Saigusa Yasushi <[email protected]>
containers · Jun 16, 2023 · accde5a · accde5a
1 parent 4b1b6ad
commit accde5a
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 4 deletions.
diff --git a/libnetwork/internal/util/parse.go b/libnetwork/internal/util/parse.go
@@ -34,3 +34,20 @@ func ParseVlan(vlan string) (int, error) {
 	}
 	return v, nil
 }
+
+// ParseIsolate parses the isolate option
+func ParseIsolate(isolate string) (string, error) {
+	if isolate == "" {
+		return "false", nil // default
+	}
+	// isolate option accepts "strict" and Rust boolean values "true" or "false"
+	opt_isolate_bool, err := strconv.ParseBool(isolate)
+	if err != nil {
+		if isolate == "strict" {
+			return isolate, nil
+		}
+		return "", fmt.Errorf("failed to parse isolate option: %w", err)
+	}
+	// Rust boolean only support "true" or "false" while go can parse 1 and 0 as well so we need to change it
+	return strconv.FormatBool(opt_isolate_bool), nil
+}
diff --git a/libnetwork/netavark/config.go b/libnetwork/netavark/config.go
@@ -187,12 +187,11 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 				}
 
 			case types.IsolateOption:
-				val, err := strconv.ParseBool(value)
+				val, err := internalutil.ParseIsolate(value)
 				if err != nil {
 					return nil, err
 				}
-				// rust only support "true" or "false" while go can parse 1 and 0 as well so we need to change it
-				newNetwork.Options[types.IsolateOption] = strconv.FormatBool(val)
+				newNetwork.Options[types.IsolateOption] = val
 			case types.MetricOption:
 				_, err := strconv.ParseUint(value, 10, 32)
 				if err != nil {

diff --git a/libnetwork/netavark/config_test.go b/libnetwork/netavark/config_test.go
@@ -1389,7 +1389,7 @@ var _ = Describe("Config", func() {
 			Expect(err.Error()).To(Equal("unknown ipvlan mode \"abc\""))
 		})
 
-		It("create network with isolate option", func() {
+		It("create network with isolate option 'true'", func() {
 			for _, val := range []string{"true", "1"} {
 				network := types.Network{
 					Options: map[string]string{
@@ -1407,6 +1407,22 @@ var _ = Describe("Config", func() {
 			}
 		})
 
+		It("create network with isolate option 'strict'", func() {
+			network := types.Network{
+				Options: map[string]string{
+					types.IsolateOption: "strict",
+				},
+			}
+			network1, err := libpodNet.NetworkCreate(network, nil)
+			Expect(err).To(BeNil())
+			Expect(network1.Driver).To(Equal("bridge"))
+			Expect(network1.Options).ToNot(BeNil())
+			path := filepath.Join(networkConfDir, network1.Name+".json")
+			Expect(path).To(BeARegularFile())
+			grepInFile(path, `"isolate": "strict"`)
+			Expect(network1.Options).To(HaveKeyWithValue("isolate", "strict"))
+		})
+
 		It("create network with invalid isolate option", func() {
 			network := types.Network{
 				Options: map[string]string{