Prevent network connect/disconnect on swarm scoped networks

Swarm handles service updates quite differently and also it doesnt support worker driver network operations. Hence prevent containers from connecting to swarm scoped networks Signed-off-by: Madhu Venugopal <madhu@docker.com> (cherry picked from commit 8f9066c468d7312af722c7cf9fc27b7c8ab79fc3) Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-24 15:34:45 -07:00 · 2016-07-24 15:34:45 -07:00 · 71d54a4bd3
parent beffc3e8c0
commit 71d54a4bd3
1 changed files with 23 additions and 0 deletions
--- a/api/server/router/network/network_routes.go
+++ b/api/server/router/network/network_routes.go
@ -2,6 +2,7 @@ package network

 import (
 	"encoding/json"
+	"fmt"
 	"net/http"

 	"golang.org/x/net/context"
@ -119,6 +120,10 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW
 		return err
 	}

+	if nw.Info().Dynamic() {
+		return newNetworkForbiddenError("Operation not supported for swarm scoped networks")
+	}
+
 	return n.backend.ConnectContainerToNetwork(connect.Container, nw.Name(), connect.EndpointConfig)
 }

@ -141,6 +146,10 @@ func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.Respon
 		return err
 	}

+	if nw.Info().Dynamic() {
+		return newNetworkForbiddenError("Operation not supported for swarm scoped networks")
+	}
+
 	return n.backend.DisconnectContainerFromNetwork(disconnect.Container, nw, disconnect.Force)
 }

@ -283,3 +292,17 @@ func buildEndpointResource(e libnetwork.Endpoint) types.EndpointResource {
 	}
 	return er
 }
+
+// networkForbiddenError represents an authorization deny error
+type networkForbiddenError struct {
+	error
+}
+
+// HTTPErrorStatusCode returns the authorization error status code (forbidden)
+func (e networkForbiddenError) HTTPErrorStatusCode() int {
+	return http.StatusForbidden
+}
+
+func newNetworkForbiddenError(msg string) networkForbiddenError {
+	return networkForbiddenError{error: fmt.Errorf("%s", msg)}
+}