moby/client/network_create.go

package client // import "github.com/docker/docker/client"

import (
	"context"
	"encoding/json"

	"github.com/docker/docker/api/types"
	"github.com/docker/docker/api/types/versions"
)

// NetworkCreate creates a new network in the docker host.
func (cli *Client) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) {
	var response types.NetworkCreateResponse

	// Make sure we negotiated (if the client is configured to do so),
	// as code below contains API-version specific handling of options.
	//
	// Normally, version-negotiation (if enabled) would not happen until
	// the API request is made.
	if err := cli.checkVersion(ctx); err != nil {
		return response, err
	}

	networkCreateRequest := types.NetworkCreateRequest{
		NetworkCreate: options,
		Name:          name,
	}
	if versions.LessThan(cli.version, "1.44") {
		networkCreateRequest.CheckDuplicate = true //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44.
	}

	serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)
	defer ensureReaderClosed(serverResp)
	if err != nil {
		return response, err
	}

	err = json.NewDecoder(serverResp.body).Decode(&response)
	return response, err
}
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-02-05 21:05:59 +00:00			`package client // import "github.com/docker/docker/client"`
Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00
			`import (`
Switch from x/net/context -> context Since Go 1.7, context is a standard package. Since Go 1.9, everything that is provided by "x/net/context" is a couple of type aliases to types in "context". Many vendored packages still use x/net/context, so vendor entry remains for now. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> 2018-04-19 22:30:59 +00:00			`"context"`
Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00			`"encoding/json"`

			`"github.com/docker/docker/api/types"`
libnet: Make sure network names are unique Fixes #18864, #20648, #33561, #40901. [This GH comment][1] makes clear network name uniqueness has never been enforced due to the eventually consistent nature of Classic Swarm datastores: > there is no guaranteed way to check for duplicates across a cluster of > docker hosts. And this is further confirmed by other comments made by @mrjana in that same issue, eg. [this one][2]: > we want to adopt a schema which can pave the way in the future for a > completely decentralized cluster of docker hosts (if scalability is > needed). This decentralized model is what Classic Swarm was trying to be. It's been superseded since then by Docker Swarm, which has a centralized control plane. To circumvent this drawback, the `NetworkCreate` endpoint accepts a `CheckDuplicate` flag. However it's not perfectly reliable as it won't catch concurrent requests. Due to this design decision, API clients like Compose have to implement workarounds to make sure names are really unique (eg. docker/compose#9585). And the daemon itself has seen a string of issues due to that decision, including some that aren't fixed to this day (for instance moby/moby#40901): > The problem is, that if you specify a network for a container using > the ID, it will add that network to the container but it will then > change it to reference the network by using the name. To summarize, this "feature" is broken, has no practical use and is a source of pain for Docker users and API consumers. So let's just remove it for _all_ API versions. [1]: https://github.com/moby/moby/issues/18864#issuecomment-167201414 [2]: https://github.com/moby/moby/issues/18864#issuecomment-167202589 Signed-off-by: Albin Kerouanton <albinker@gmail.com> 2023-08-16 18:11:10 +00:00			`"github.com/docker/docker/api/types/versions"`
Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00			`)`

			`// NetworkCreate creates a new network in the docker host.`
			`func (cli *Client) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) {`
client: fix connection-errors being shadowed by API version mismatch errors Commit e6907243af215a90fe36b377d89a49e3a2eded0a applied a fix for situations where the client was configured with API-version negotiation, but did not yet negotiate a version. However, the checkVersion() function that was implemented copied the semantics of cli.NegotiateAPIVersion, which ignored connection failures with the assumption that connection errors would still surface further down. However, when using the result of a failed negotiation for NewVersionError, an API version mismatch error would be produced, masking the actual connection error. This patch changes the signature of checkVersion to return unexpected errors, including failures to connect to the API. Before this patch: docker -H unix:///no/such/socket.sock secret ls "secret list" requires API version 1.25, but the Docker daemon API version is 1.24 With this patch applied: docker -H unix:///no/such/socket.sock secret ls Cannot connect to the Docker daemon at unix:///no/such/socket.sock. Is the docker daemon running? Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2024-02-23 11:20:06 +00:00			`var response types.NetworkCreateResponse`

client: negotiate api version before handling version-specific code We try to perform API-version negotiation as lazy as possible (and only execute when we are about to make an API request). However, some code requires API-version dependent handling (to set options, or remove options based on the version of the API we're using). Currently this code depended on the caller code to perform API negotiation (or to configure the API version) first, which may not happen, and because of that we may be missing options (or set options that are not supported on older API versions). This patch: - splits the code that triggered API-version negotiation to a separate Client.checkVersion() function. - updates NewVersionError to accept a context - updates NewVersionError to perform API-version negotiation (if enabled) - updates various Client functions to manually trigger API-version negotiation Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2023-09-12 12:08:54 +00:00			`// Make sure we negotiated (if the client is configured to do so),`
			`// as code below contains API-version specific handling of options.`
			`//`
			`// Normally, version-negotiation (if enabled) would not happen until`
			`// the API request is made.`
client: fix connection-errors being shadowed by API version mismatch errors Commit e6907243af215a90fe36b377d89a49e3a2eded0a applied a fix for situations where the client was configured with API-version negotiation, but did not yet negotiate a version. However, the checkVersion() function that was implemented copied the semantics of cli.NegotiateAPIVersion, which ignored connection failures with the assumption that connection errors would still surface further down. However, when using the result of a failed negotiation for NewVersionError, an API version mismatch error would be produced, masking the actual connection error. This patch changes the signature of checkVersion to return unexpected errors, including failures to connect to the API. Before this patch: docker -H unix:///no/such/socket.sock secret ls "secret list" requires API version 1.25, but the Docker daemon API version is 1.24 With this patch applied: docker -H unix:///no/such/socket.sock secret ls Cannot connect to the Docker daemon at unix:///no/such/socket.sock. Is the docker daemon running? Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2024-02-23 11:20:06 +00:00			`if err := cli.checkVersion(ctx); err != nil {`
			`return response, err`
			`}`
client: negotiate api version before handling version-specific code We try to perform API-version negotiation as lazy as possible (and only execute when we are about to make an API request). However, some code requires API-version dependent handling (to set options, or remove options based on the version of the API we're using). Currently this code depended on the caller code to perform API negotiation (or to configure the API version) first, which may not happen, and because of that we may be missing options (or set options that are not supported on older API versions). This patch: - splits the code that triggered API-version negotiation to a separate Client.checkVersion() function. - updates NewVersionError to accept a context - updates NewVersionError to perform API-version negotiation (if enabled) - updates various Client functions to manually trigger API-version negotiation Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2023-09-12 12:08:54 +00:00
Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00			`networkCreateRequest := types.NetworkCreateRequest{`
			`NetworkCreate: options,`
			`Name: name,`
			`}`
libnet: Make sure network names are unique Fixes #18864, #20648, #33561, #40901. [This GH comment][1] makes clear network name uniqueness has never been enforced due to the eventually consistent nature of Classic Swarm datastores: > there is no guaranteed way to check for duplicates across a cluster of > docker hosts. And this is further confirmed by other comments made by @mrjana in that same issue, eg. [this one][2]: > we want to adopt a schema which can pave the way in the future for a > completely decentralized cluster of docker hosts (if scalability is > needed). This decentralized model is what Classic Swarm was trying to be. It's been superseded since then by Docker Swarm, which has a centralized control plane. To circumvent this drawback, the `NetworkCreate` endpoint accepts a `CheckDuplicate` flag. However it's not perfectly reliable as it won't catch concurrent requests. Due to this design decision, API clients like Compose have to implement workarounds to make sure names are really unique (eg. docker/compose#9585). And the daemon itself has seen a string of issues due to that decision, including some that aren't fixed to this day (for instance moby/moby#40901): > The problem is, that if you specify a network for a container using > the ID, it will add that network to the container but it will then > change it to reference the network by using the name. To summarize, this "feature" is broken, has no practical use and is a source of pain for Docker users and API consumers. So let's just remove it for _all_ API versions. [1]: https://github.com/moby/moby/issues/18864#issuecomment-167201414 [2]: https://github.com/moby/moby/issues/18864#issuecomment-167202589 Signed-off-by: Albin Kerouanton <albinker@gmail.com> 2023-08-16 18:11:10 +00:00			`if versions.LessThan(cli.version, "1.44") {`
			`networkCreateRequest.CheckDuplicate = true //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44.`
			`}`

Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00			`serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)`
Client: always call ensureReaderClosed Unlike a plain `net/http/client.Do()`, requests made through client/request use the `sendRequest` function, which parses the server response, and may convert non-transport errors into errors (through `cli.checkResponseErr()`). This means that we cannot assume that no reader was opened if an error is returned. This patch changes various locations where `ensureReaderClosed` was only called in the non-error situation, and uses a `defer` to make sure it's always called. `ensureReaderClosed` itself already checks if the response's body was set, so in situations where the error was due to a transport error, calling `ensureReaderClosed` should be a no-op. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-02-11 12:26:12 +00:00			`defer ensureReaderClosed(serverResp)`
Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00			`if err != nil {`
			`return response, err`
			`}`

Client: always call ensureReaderClosed Unlike a plain `net/http/client.Do()`, requests made through client/request use the `sendRequest` function, which parses the server response, and may convert non-transport errors into errors (through `cli.checkResponseErr()`). This means that we cannot assume that no reader was opened if an error is returned. This patch changes various locations where `ensureReaderClosed` was only called in the non-error situation, and uses a `defer` to make sure it's always called. `ensureReaderClosed` itself already checks if the response's body was set, so in situations where the error was due to a transport error, calling `ensureReaderClosed` should be a no-op. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-02-11 12:26:12 +00:00			`err = json.NewDecoder(serverResp.body).Decode(&response)`
Move engine-api client package This moves the engine-api client package to `/docker/docker/client`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 18:46:37 +00:00			`return response, err`
			`}`