Allow configured address with no configured subnet by robmry · Pull Request #51577 · moby/moby (original) (raw)

- What I did

• fix Can't set static IPs for containers with custom bridge network #51569
• introduced by Don't copy old network IPAM state to network config on daemon restart #51134
• depends on test_connect_with_ipv6_address: enable IPv6 docker/docker-py#3372
• depends on test_create_with_ipv6_address: enable IPv6 docker/docker-py#3373

When a network is configured with no explicit --subnet, daemon.validateEndpointIPAddress tries to prevent a container from being started with a --ip address - with error "user specified IP address is supported only when connecting to networks with user configured subnets".

But the check didn't work in 28.x and older because, until #51134, IPAM config always contained a copy of the network's subnet - whether the user configured it, or it was allocated from the default pools.

So, it was possible to inspect (or guess!) a network's subnet and create a container with a specific address ... restore that behaviour.

- How I did it

• Use IPAM info instead of config to check whether a configured IP address is in one of a container's subnets.
• Remove the check that now prevents setting an IP address when the subnet was unspecified at network creation time.

- How to verify it

docker network create n1
docker network inspect n1
docker run --rm -ti --network n1 --ip <address in n1's subnet> alpine

New integration test that fails without the fix.

- Human readable description for the release notes

Allow creation of a container with a specific IP address when its networks were not configured with a specific subnet