From 6789c51b83af67231bfa0f6acb87757c0b3e5206 Mon Sep 17 00:00:00 2001
From: Jason Roehm <jroehm@gmail.com>
Date: Tue, 1 Mar 2016 12:41:19 -0500
Subject: [PATCH 1/3] Google driver: add `--google-use-internal-ip-only` flag

This addresses previously-closed issue #2876, which points out that
instances created with the `--google-use-internal-ip` command-line flag
are still assigned an external IP address. The new flag (which implies
the presence of `--google-use-internal-ip` if it isn't specified) will
cause the new instance to have no externally-accessible IP address.

Signed-off-by: Jason Roehm <jroehm@gmail.com>
---
 drivers/google/compute_util.go | 64 +++++++++++++++++++---------------
 drivers/google/google.go       | 33 +++++++++++-------
 2 files changed, 55 insertions(+), 42 deletions(-)

diff --git a/drivers/google/compute_util.go b/drivers/google/compute_util.go
index 6b50f6b7c9..92e2d47270 100644
--- a/drivers/google/compute_util.go
+++ b/drivers/google/compute_util.go
@@ -20,19 +20,20 @@ import (
 
 // ComputeUtil is used to wrap the raw GCE API code and store common parameters.
 type ComputeUtil struct {
-	zone          string
-	instanceName  string
-	userName      string
-	project       string
-	diskTypeURL   string
-	address       string
-	preemptible   bool
-	useInternalIP bool
-	service       *raw.Service
-	zoneURL       string
-	globalURL     string
-	SwarmMaster   bool
-	SwarmHost     string
+	zone              string
+	instanceName      string
+	userName          string
+	project           string
+	diskTypeURL       string
+	address           string
+	preemptible       bool
+	useInternalIP     bool
+	useInternalIPOnly bool
+	service           *raw.Service
+	zoneURL           string
+	globalURL         string
+	SwarmMaster       bool
+	SwarmHost         string
 }
 
 const (
@@ -57,19 +58,20 @@ func newComputeUtil(driver *Driver) (*ComputeUtil, error) {
 	}
 
 	return &ComputeUtil{
-		zone:          driver.Zone,
-		instanceName:  driver.MachineName,
-		userName:      driver.SSHUser,
-		project:       driver.Project,
-		diskTypeURL:   driver.DiskType,
-		address:       driver.Address,
-		preemptible:   driver.Preemptible,
-		useInternalIP: driver.UseInternalIP,
-		service:       service,
-		zoneURL:       apiURL + driver.Project + "/zones/" + driver.Zone,
-		globalURL:     apiURL + driver.Project + "/global",
-		SwarmMaster:   driver.SwarmMaster,
-		SwarmHost:     driver.SwarmHost,
+		zone:              driver.Zone,
+		instanceName:      driver.MachineName,
+		userName:          driver.SSHUser,
+		project:           driver.Project,
+		diskTypeURL:       driver.DiskType,
+		address:           driver.Address,
+		preemptible:       driver.Preemptible,
+		useInternalIP:     driver.UseInternalIP,
+		useInternalIPOnly: driver.UseInternalIPOnly,
+		service:           service,
+		zoneURL:           apiURL + driver.Project + "/zones/" + driver.Zone,
+		globalURL:         apiURL + driver.Project + "/global",
+		SwarmMaster:       driver.SwarmMaster,
+		SwarmHost:         driver.SwarmHost,
 	}, nil
 }
 
@@ -235,9 +237,6 @@ func (c *ComputeUtil) createInstance(d *Driver) error {
 		},
 		NetworkInterfaces: []*raw.NetworkInterface{
 			{
-				AccessConfigs: []*raw.AccessConfig{
-					{Type: "ONE_TO_ONE_NAT"},
-				},
 				Network: c.globalURL + "/networks/default",
 			},
 		},
@@ -255,6 +254,13 @@ func (c *ComputeUtil) createInstance(d *Driver) error {
 		},
 	}
 
+	if !c.useInternalIPOnly {
+		cfg := &raw.AccessConfig{
+			Type: "ONE_TO_ONE_NAT",
+		}
+		instance.NetworkInterfaces[0].AccessConfigs = append(instance.NetworkInterfaces[0].AccessConfigs, cfg)
+	}
+
 	if c.address != "" {
 		staticAddress, err := c.staticAddress()
 		if err != nil {
diff --git a/drivers/google/google.go b/drivers/google/google.go
index 4bf007c20f..4eee269614 100644
--- a/drivers/google/google.go
+++ b/drivers/google/google.go
@@ -15,18 +15,19 @@ import (
 // Driver is a struct compatible with the docker.hosts.drivers.Driver interface.
 type Driver struct {
 	*drivers.BaseDriver
-	Zone          string
-	MachineType   string
-	MachineImage  string
-	DiskType      string
-	Address       string
-	Preemptible   bool
-	UseInternalIP bool
-	Scopes        string
-	DiskSize      int
-	Project       string
-	Tags          string
-	UseExisting   bool
+	Zone              string
+	MachineType       string
+	MachineImage      string
+	DiskType          string
+	Address           string
+	Preemptible       bool
+	UseInternalIP     bool
+	UseInternalIPOnly bool
+	Scopes            string
+	DiskSize          int
+	Project           string
+	Tags              string
+	UseExisting       bool
 }
 
 const (
@@ -111,6 +112,11 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
 			Usage:  "Use internal GCE Instance IP rather than public one",
 			EnvVar: "GOOGLE_USE_INTERNAL_IP",
 		},
+		mcnflag.BoolFlag{
+			Name:   "google-use-internal-ip-only",
+			Usage:  "Configure GCE instance to not have an external IP address",
+			EnvVar: "GOOGLE_USE_INTERNAL_IP_ONLY",
+		},
 		mcnflag.BoolFlag{
 			Name:   "google-use-existing",
 			Usage:  "Don't create a new VM, use an existing one",
@@ -170,7 +176,8 @@ func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
 		d.DiskType = flags.String("google-disk-type")
 		d.Address = flags.String("google-address")
 		d.Preemptible = flags.Bool("google-preemptible")
-		d.UseInternalIP = flags.Bool("google-use-internal-ip")
+		d.UseInternalIP = flags.Bool("google-use-internal-ip") || flags.Bool("google-use-internal-ip-only")
+		d.UseInternalIPOnly = flags.Bool("google-use-internal-ip-only")
 		d.Scopes = flags.String("google-scopes")
 		d.Tags = flags.String("google-tags")
 	}

From b87597f01294503cd451d6a92139c6eebb925b68 Mon Sep 17 00:00:00 2001
From: Jason Roehm <jroehm@gmail.com>
Date: Tue, 1 Mar 2016 15:05:15 -0500
Subject: [PATCH 2/3] update docs for --google-use-internal-ip-only

Signed-off-by: Jason Roehm <jroehm@gmail.com>
---
 docs/drivers/gce.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/drivers/gce.md b/docs/drivers/gce.md
index 60cdb24c81..d1cdddcef9 100644
--- a/docs/drivers/gce.md
+++ b/docs/drivers/gce.md
@@ -50,6 +50,7 @@ To create a machine instance, specify `--driver google`, the project id and the
     -   `--google-preemptible`: Instance preemptibility.
     -   `--google-tags`: Instance tags (comma-separated).
     -   `--google-use-internal-ip`: When this option is used during create it will make docker-machine use internal rather than public NATed IPs. The flag is persistent in the sense that a machine created with it retains the IP. It's useful for managing docker machines from another machine on the same network e.g. while deploying swarm.
+    -   `--google-use-internal-ip-only`: When this option is used during create, the new VM will not be assigned a public IP address. This is useful only when the host running `docker-machine` is located inside the Google Cloud infrastructure; otherwise, `docker-machine` can't reach the VM to provision the Docker daemon.
     -   `--google-use-existing`: Don't create a new VM, use an existing one. This is useful when you'd like to provision Docker on a VM you created yourself, maybe because it uses create options not supported by this driver. 
 
 The GCE driver will use the `ubuntu-1510-wily-v20151114` instance image unless otherwise specified. To obtain a

From e67c78899ddfff2b333ad422c0eac8109a21a371 Mon Sep 17 00:00:00 2001
From: Jason Roehm <jroehm@gmail.com>
Date: Tue, 1 Mar 2016 15:57:14 -0500
Subject: [PATCH 3/3] add documentation note about
 --google-use-internal-ip-only

Signed-off-by: Jason Roehm <jroehm@gmail.com>
---
 docs/drivers/gce.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/drivers/gce.md b/docs/drivers/gce.md
index d1cdddcef9..258e138097 100644
--- a/docs/drivers/gce.md
+++ b/docs/drivers/gce.md
@@ -50,7 +50,7 @@ To create a machine instance, specify `--driver google`, the project id and the
     -   `--google-preemptible`: Instance preemptibility.
     -   `--google-tags`: Instance tags (comma-separated).
     -   `--google-use-internal-ip`: When this option is used during create it will make docker-machine use internal rather than public NATed IPs. The flag is persistent in the sense that a machine created with it retains the IP. It's useful for managing docker machines from another machine on the same network e.g. while deploying swarm.
-    -   `--google-use-internal-ip-only`: When this option is used during create, the new VM will not be assigned a public IP address. This is useful only when the host running `docker-machine` is located inside the Google Cloud infrastructure; otherwise, `docker-machine` can't reach the VM to provision the Docker daemon.
+    -   `--google-use-internal-ip-only`: When this option is used during create, the new VM will not be assigned a public IP address. This is useful only when the host running `docker-machine` is located inside the Google Cloud infrastructure; otherwise, `docker-machine` can't reach the VM to provision the Docker daemon. The presence of this flag implies `--google-use-internal-ip`.
     -   `--google-use-existing`: Don't create a new VM, use an existing one. This is useful when you'd like to provision Docker on a VM you created yourself, maybe because it uses create options not supported by this driver. 
 
 The GCE driver will use the `ubuntu-1510-wily-v20151114` instance image unless otherwise specified. To obtain a