From 8f9066c468d7312af722c7cf9fc27b7c8ab79fc3 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Sun, 24 Jul 2016 15:34:45 -0700 Subject: [PATCH] Prevent network connect/disconnect on swarm scoped networks Swarm handles service updates quite differently and also it doesnt support worker driver network operations. Hence prevent containers from connecting to swarm scoped networks Signed-off-by: Madhu Venugopal --- api/server/router/network/network_routes.go | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/api/server/router/network/network_routes.go b/api/server/router/network/network_routes.go index ebf2ce2872..0949a50d9c 100644 --- a/api/server/router/network/network_routes.go +++ b/api/server/router/network/network_routes.go @@ -2,6 +2,7 @@ package network import ( "encoding/json" + "fmt" "net/http" "golang.org/x/net/context" @@ -119,6 +120,10 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW return err } + if nw.Info().Dynamic() { + return newNetworkForbiddenError("Operation not supported for swarm scoped networks") + } + return n.backend.ConnectContainerToNetwork(connect.Container, nw.Name(), connect.EndpointConfig) } @@ -141,6 +146,10 @@ func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.Respon return err } + if nw.Info().Dynamic() { + return newNetworkForbiddenError("Operation not supported for swarm scoped networks") + } + return n.backend.DisconnectContainerFromNetwork(disconnect.Container, nw, disconnect.Force) } @@ -283,3 +292,17 @@ func buildEndpointResource(e libnetwork.Endpoint) types.EndpointResource { } return er } + +// networkForbiddenError represents an authorization deny error +type networkForbiddenError struct { + error +} + +// HTTPErrorStatusCode returns the authorization error status code (forbidden) +func (e networkForbiddenError) HTTPErrorStatusCode() int { + return http.StatusForbidden +} + +func newNetworkForbiddenError(msg string) networkForbiddenError { + return networkForbiddenError{error: fmt.Errorf("%s", msg)} +}