From 29b4b36501ac6c206b4b3dfcc6700385b774d7cb Mon Sep 17 00:00:00 2001
From: Dave Bendit <David@ibendit.com>
Date: Tue, 23 Oct 2018 01:49:26 -0500
Subject: [PATCH] Adding "internal" option to "docker_network" module (#35370)

Fixes #27065
---
 ...port_for_docker_network_internal_flag.yaml |  4 ++
 .../modules/cloud/docker/docker_network.py    | 28 +++++++++++--
 .../docker_network/tasks/tests/options.yml    | 42 +++++++++++++++++++
 3 files changed, 71 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/35370-add_support_for_docker_network_internal_flag.yaml
 create mode 100644 test/integration/targets/docker_network/tasks/tests/options.yml

diff --git a/changelogs/fragments/35370-add_support_for_docker_network_internal_flag.yaml b/changelogs/fragments/35370-add_support_for_docker_network_internal_flag.yaml
new file mode 100644
index 00000000000..c55f7c46a31
--- /dev/null
+++ b/changelogs/fragments/35370-add_support_for_docker_network_internal_flag.yaml
@@ -0,0 +1,4 @@
+---
+minor_changes:
+  - "docker_network - ``internal`` is now used to set the ``Internal`` property of the docker network during creation."
+  - "docker_network - Minimum docker-py version increased from ``1.8.0`` to ``1.9.0``."
diff --git a/lib/ansible/modules/cloud/docker/docker_network.py b/lib/ansible/modules/cloud/docker/docker_network.py
index fa2590a71df..f619353cb60 100644
--- a/lib/ansible/modules/cloud/docker/docker_network.py
+++ b/lib/ansible/modules/cloud/docker/docker_network.py
@@ -86,16 +86,25 @@ options:
       - absent
       - present
 
+  internal:
+    version_added: 2.8
+    description:
+      - Restrict external access to the network.
+    type: bool
+    default: null
+    required: false
+
 extends_documentation_fragment:
     - docker
 
 author:
     - "Ben Keith (@keitwb)"
     - "Chris Houseknecht (@chouseknecht)"
+    - "Dave Bendit (@DBendit)"
 
 requirements:
     - "python >= 2.6"
-    - "docker-py >= 1.8.0"
+    - "docker-py >= 1.9.0"
     - "Please note that the L(docker-py,https://pypi.org/project/docker-py/) Python
        module has been superseded by L(docker,https://pypi.org/project/docker/)
        (see L(here,https://github.com/docker/docker-py/issues/1310) for details).
@@ -182,6 +191,7 @@ class TaskParameters(DockerBaseClass):
         self.ipam_options = None
         self.appends = None
         self.force = None
+        self.internal = None
         self.debug = None
 
         for key, value in client.module.params.items():
@@ -266,6 +276,15 @@ class DockerNetworkManager(object):
                         # key has different value
                         different = True
                         differences.append('ipam_options.%s' % key)
+        if self.parameters.internal is not None:
+            if self.parameters.internal:
+                if not net.get('Internal'):
+                    different = True
+                    differences.append('internal')
+            else:
+                if net.get('Internal'):
+                    different = True
+                    differences.append('internal')
         return different, differences
 
     def create_network(self):
@@ -288,7 +307,8 @@ class DockerNetworkManager(object):
                 resp = self.client.create_network(self.parameters.network_name,
                                                   driver=self.parameters.driver,
                                                   options=self.parameters.driver_options,
-                                                  ipam=ipam_config)
+                                                  ipam=ipam_config,
+                                                  internal=self.parameters.internal)
 
                 self.existing_network = self.client.inspect_network(resp['Id'])
             self.results['actions'].append("Created network %s with driver %s" % (self.parameters.network_name, self.parameters.driver))
@@ -375,12 +395,14 @@ def main():
         appends=dict(type='bool', default=False, aliases=['incremental']),
         ipam_driver=dict(type='str', default=None),
         ipam_options=dict(type='dict', default={}),
+        internal=dict(type='bool', default=None),
         debug=dict(type='bool', default=False)
     )
 
     client = AnsibleDockerClient(
         argument_spec=argument_spec,
-        supports_check_mode=True
+        supports_check_mode=True,
+        min_docker_version='1.9.0'
         # "The docker server >= 1.9.0"
     )
 
diff --git a/test/integration/targets/docker_network/tasks/tests/options.yml b/test/integration/targets/docker_network/tasks/tests/options.yml
new file mode 100644
index 00000000000..583179a77b3
--- /dev/null
+++ b/test/integration/targets/docker_network/tasks/tests/options.yml
@@ -0,0 +1,42 @@
+---
+- name: Registering network name
+  set_fact:
+    nname_1: "{{ name_prefix ~ '-network-1' }}"
+    nname_2: "{{ name_prefix ~ '-network-2' }}"
+- name: Registering network name
+  set_fact:
+    dnetworks: "{{ dnetworks }} + [nname_1, nname_2]"
+
+####################################################################
+## internal ########################################################
+####################################################################
+
+- name: internal
+  docker_network:
+    name: "{{ nname_1 }}"
+    internal: yes
+  register: internal_1
+
+- name: internal (idempotency)
+  docker_network:
+    name: "{{ nname_1 }}"
+    internal: yes
+  register: internal_2
+
+- name: internal (change)
+  docker_network:
+    name: "{{ nname_1 }}"
+    internal: no
+  register: internal_3
+
+- name: cleanup
+  docker_network:
+    name: "{{ nname_1 }}"
+    state: absent
+    force: yes
+
+- assert:
+    that:
+    - internal_1 is changed
+    - internal_2 is not changed
+    - internal_3 is changed