Module container_net

Expand description

Shared container-to-host networking resolution for service runtimes that spawn sibling containers (Lambda, ECS, RDS, ElastiCache).

Captures the issue #1539 fix shape in one place so the four runtimes that shell out to docker/podman can’t drift apart again:

podman ships host.containers.internal as a built-in container DNS entry on every platform and must NOT receive --add-host host.docker.internal:host-gateway — rootless podman’s gvproxy leaves the magic alias empty and the create fails with “host containers internal IP address is empty”.
bare docker on Linux has no host-gateway magic; the bridge gateway IP has to be resolved from the daemon and injected explicitly.
Docker Desktop on Mac/Windows resolves the host-gateway magic value to the host’s IP.
when fakecloud itself runs in a container (FAKECLOUD_IN_CONTAINER=1, baked into the published image), the sibling containers it spawns publish their ports on the host’s daemon — reachable from inside fakecloud’s container as host.docker.internal:<port>, not 127.0.0.1:<port>.

Structs§

HostNetworking: Resolved container-to-host networking for a given CLI. Built once at runtime construction and reused for every container spawn.

cli_available: True when the CLI responds to <cli> info with success — the same liveness probe every runtime used before this module existed.
detect_bridge_gateway: Detect the Docker bridge gateway IP on Linux. Returns None if detection fails (caller falls back to the conventional 172.17.0.1).
detect_container_cli: Auto-detect an available container CLI. Honors FAKECLOUD_CONTAINER_CLI as an explicit override (returns None if the override doesn’t work), otherwise prefers docker then podman. Returns None when neither is usable.
is_podman_binary: True when cli is podman or a podman-compatible binary. Matches on the filename component so absolute paths (/opt/homebrew/bin/podman) and wrappers (podman-remote) both register as podman. Docker Desktop’s compatibility CLI is named docker, so this check is safe.
resolve_host_alias: Compute the (host_alias, add_host_arg) pair for a CLI. Pure except for the bridge-gateway daemon probe on Linux docker, so the macOS / podman branches are unit-testable without a daemon.
resolve_sibling_host: Decide what address fakecloud uses to reach the sibling containers it just spawned. Pure helper so the env-var parsing can be tested without touching the process’s real environment.