support network prune

Signed-off-by: Ye Sijun <[email protected]>

README.md

@@ -292,6 +292,7 @@ It does not necessarily mean that the corresponding features are missing in cont
     - [:whale: nerdctl network ls](#whale-nerdctl-network-ls)
     - [:whale: nerdctl network inspect](#whale-nerdctl-network-inspect)
     - [:whale: nerdctl network rm](#whale-nerdctl-network-rm)
+    - [:whale: nerdctl network prune](#whale-nerdctl-network-prune)
   - [Volume management](#volume-management)
     - [:whale: nerdctl volume create](#whale-nerdctl-volume-create)
     - [:whale: nerdctl volume ls](#whale-nerdctl-volume-ls)
@@ -1034,6 +1035,16 @@ Remove one or more networks
 
 Usage: `nerdctl network rm NETWORK [NETWORK...]`
 
+### :whale: nerdctl network prune
+Remove all unused networks
+
+Usage: `nerdctl network prune [OPTIONS]`
+
+Flags:
+- :whale: `-f, --force`: Do not prompt for confirmation
+
+Unimplemented `docker network prune` flags: `--filter`
+
 ## Volume management
 ### :whale: nerdctl volume create
 Create a volume
@@ -1433,7 +1444,6 @@ Image:
 Network management:
 - `docker network connect`
 - `docker network disconnect`
-- `docker network prune`
 
 Registry:
 - `docker search`

cmd/nerdctl/image_prune.go

@@ -42,12 +42,6 @@ func newImagePruneCommand() *cobra.Command {
 }
 
 func imagePruneAction(cmd *cobra.Command, _ []string) error {
-	client, ctx, cancel, err := newClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer cancel()
-
 	all, err := cmd.Flags().GetBool("all")
 	if err != nil {
 		return err
@@ -76,6 +70,13 @@ func imagePruneAction(cmd *cobra.Command, _ []string) error {
 			return nil
 		}
 	}
+
+	client, ctx, cancel, err := newClient(cmd)
+	if err != nil {
+		return err
+	}
+	defer cancel()
+
 	var (
 		imageStore     = client.ImageService()
 		contentStore   = client.ContentStore()
@@ -109,7 +110,7 @@ func imagePruneAction(cmd *cobra.Command, _ []string) error {
 		}
 		fmt.Fprintf(cmd.OutOrStdout(), "Untagged: %s\n", image.Name)
 		for _, digest := range digests {
-			fmt.Fprintf(cmd.OutOrStdout(), "Deleted: %s\n", digest)
+			fmt.Fprintf(cmd.OutOrStdout(), "deleted: %s\n", digest)
 		}
 	}
 	return nil

cmd/nerdctl/network.go

@@ -34,6 +34,7 @@ func newNetworkCommand() *cobra.Command {
 		newNetworkInspectCommand(),
 		newNetworkCreateCommand(),
 		newNetworkRmCommand(),
+		newNetworkPruneCommand(),
 	)
 	return networkCommand
 }

cmd/nerdctl/network_prune.go

@@ -0,0 +1,161 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/nerdctl/pkg/labels"
+	"github.com/containerd/nerdctl/pkg/netutil"
+	"github.com/containerd/nerdctl/pkg/netutil/nettype"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func newNetworkPruneCommand() *cobra.Command {
+	networkPruneCommand := &cobra.Command{
+		Use:           "prune [flags]",
+		Short:         "Remove all unused networks",
+		Args:          cobra.NoArgs,
+		RunE:          networkPruneAction,
+		SilenceUsage:  true,
+		SilenceErrors: true,
+	}
+	networkPruneCommand.Flags().BoolP("force", "f", false, "Do not prompt for confirmation")
+	return networkPruneCommand
+}
+
+func networkPruneAction(cmd *cobra.Command, args []string) error {
+	cniPath, err := cmd.Flags().GetString("cni-path")
+	if err != nil {
+		return err
+	}
+	cniNetconfpath, err := cmd.Flags().GetString("cni-netconfpath")
+	if err != nil {
+		return err
+	}
+	force, err := cmd.Flags().GetBool("force")
+	if err != nil {
+		return err
+	}
+
+	if !force {
+		var confirm string
+		msg := "This will remove all custom networks not used by at least one container."
+		msg += "\nAre you sure you want to continue? [y/N] "
+
+		fmt.Fprintf(cmd.OutOrStdout(), "WARNING! %s", msg)
+		fmt.Fscanf(cmd.InOrStdin(), "%s", &confirm)
+
+		if strings.ToLower(confirm) != "y" {
+			return nil
+		}
+	}
+
+	e, err := netutil.NewCNIEnv(cniPath, cniNetconfpath)
+	if err != nil {
+		return err
+	}
+
+	client, ctx, cancel, err := newClient(cmd)
+	if err != nil {
+		return err
+	}
+	defer cancel()
+
+	containers, err := client.Containers(ctx)
+	if err != nil {
+		return err
+	}
+
+	usedNetworks, err := usedNetworks(ctx, containers)
+	if err != nil {
+		return err
+	}
+
+	var removedNetworks []string // nolint: prealloc
+	for _, net := range e.Networks {
+		if net.Name == "host" || net.Name == "none" {
+			continue
+		}
+		if net.NerdctlID == nil || net.File == "" {
+			continue
+		}
+		if _, ok := usedNetworks[net.Name]; ok {
+			continue
+		}
+		if err := e.RemoveNetwork(net); err != nil {
+			logrus.WithError(err).Errorf("failed to remove network %s", net.Name)
+			continue
+		}
+		removedNetworks = append(removedNetworks, net.Name)
+	}
+
+	if len(removedNetworks) > 0 {
+		fmt.Fprintln(cmd.OutOrStdout(), "Deleted Networks:")
+		for _, name := range removedNetworks {
+			fmt.Fprintln(cmd.OutOrStdout(), name)
+		}
+	}
+	return nil
+}
+
+func usedNetworks(ctx context.Context, containers []containerd.Container) (map[string]struct{}, error) {
+	used := make(map[string]struct{})
+	for _, c := range containers {
+		task, err := c.Task(ctx, nil)
+		if err != nil {
+			return nil, err
+		}
+		status, err := task.Status(ctx)
+		if err != nil {
+			return nil, err
+		}
+		switch status.Status {
+		case containerd.Paused, containerd.Running:
+		default:
+			continue
+		}
+		l, err := c.Labels(ctx)
+		if err != nil {
+			return nil, err
+		}
+		networkJSON, ok := l[labels.Networks]
+		if !ok {
+			continue
+		}
+		var networks []string
+		if err := json.Unmarshal([]byte(networkJSON), &networks); err != nil {
+			return nil, err
+		}
+		netType, err := nettype.Detect(networks)
+		if err != nil {
+			return nil, err
+		}
+		if netType != nettype.CNI {
+			continue
+		}
+		for _, n := range networks {
+			used[n] = struct{}{}
+		}
+	}
+	return used, nil
+}

cmd/nerdctl/network_prune_linux_test.go

@@ -0,0 +1,38 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"testing"
+
+	"github.com/containerd/nerdctl/pkg/testutil"
+)
+
+func TestNetworkPrune(t *testing.T) {
+	base := testutil.NewBase(t)
+	testNetwork := testutil.Identifier(t)
+	base.Cmd("network", "create", testNetwork).AssertOK()
+	defer base.Cmd("network", "prune", "-f").Run()
+
+	tID := testutil.Identifier(t)
+	base.Cmd("run", "-d", "--net", testNetwork, "--name", tID, testutil.NginxAlpineImage).AssertOK()
+	defer base.Cmd("rm", "-f", tID).Run()
+
+	base.Cmd("network", "prune", "-f").AssertNoOut(testNetwork)
+	base.Cmd("stop", tID).AssertOK()
+	base.Cmd("network", "prune", "-f").AssertOutContains(testNetwork)
+}