diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2021-11-23 09:50:26 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-23 09:50:26 -0500 |
commit | ee612806655d0d0a0a3d2a782a000ea5c6b08f33 (patch) | |
tree | 6a5ef0988a7642d83c0e7d095f89f552cccc8551 | |
parent | 9e07cb17a92dd24df8053193e1e047f211a72a54 (diff) | |
parent | 21629b0501c62a991eef536765b7320bc2d45763 (diff) | |
download | podman-ee612806655d0d0a0a3d2a782a000ea5c6b08f33.tar.gz podman-ee612806655d0d0a0a3d2a782a000ea5c6b08f33.tar.bz2 podman-ee612806655d0d0a0a3d2a782a000ea5c6b08f33.zip |
Merge pull request #12361 from rhatdan/remote
podman-remote does not support signature-policy
-rw-r--r-- | cmd/podman/common/create.go | 13 | ||||
-rw-r--r-- | cmd/podman/containers/runlabel.go | 7 | ||||
-rw-r--r-- | cmd/podman/images/import.go | 6 | ||||
-rw-r--r-- | cmd/podman/images/load.go | 6 | ||||
-rw-r--r-- | cmd/podman/images/pull.go | 6 | ||||
-rw-r--r-- | cmd/podman/images/push.go | 6 | ||||
-rw-r--r-- | cmd/podman/play/kube.go | 9 | ||||
-rw-r--r-- | test/e2e/create_test.go | 8 | ||||
-rw-r--r-- | test/e2e/import_test.go | 6 | ||||
-rw-r--r-- | test/e2e/load_test.go | 10 | ||||
-rw-r--r-- | test/e2e/run_test.go | 8 | ||||
-rw-r--r-- | test/e2e/save_test.go | 18 |
12 files changed, 70 insertions, 33 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index d73fa653f..dad79348d 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -552,11 +552,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, stopSignalFlagName := "stop-signal" createFlags.StringVar( - &cf.SignaturePolicy, - "signature-policy", "", - "`Pathname` of signature policy file (not usually used)", - ) - createFlags.StringVar( &cf.StopSignal, stopSignalFlagName, "", "Signal to stop a container. Default is SIGTERM", @@ -702,10 +697,16 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, "Write the container process ID to the file") _ = cmd.RegisterFlagCompletionFunc(pidFileFlagName, completion.AutocompleteDefault) - _ = createFlags.MarkHidden("signature-policy") if registry.IsRemote() { _ = createFlags.MarkHidden("env-host") _ = createFlags.MarkHidden("http-proxy") + } else { + createFlags.StringVar( + &cf.SignaturePolicy, + "signature-policy", "", + "`Pathname` of signature policy file (not usually used)", + ) + _ = createFlags.MarkHidden("signature-policy") } createFlags.BoolVar( diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go index 85f3785be..e60fcbe72 100644 --- a/cmd/podman/containers/runlabel.go +++ b/cmd/podman/containers/runlabel.go @@ -70,7 +70,6 @@ func init() { flags.BoolVarP(&runlabelOptions.Pull, "pull", "p", true, "Pull the image if it does not exist locally prior to executing the label contents") flags.BoolVarP(&runlabelOptions.Quiet, "quiet", "q", false, "Suppress output information when installing images") flags.BoolVar(&runlabelOptions.Replace, "replace", false, "Replace existing container with a new one from the image") - flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&runlabelOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") // Hide the optional flags. @@ -78,8 +77,10 @@ func init() { _ = flags.MarkHidden("opt2") _ = flags.MarkHidden("opt3") _ = flags.MarkHidden("pull") - _ = flags.MarkHidden("signature-policy") - + if !registry.IsRemote() { + flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") + _ = flags.MarkHidden("signature-policy") + } if err := flags.MarkDeprecated("pull", "podman will pull if not found in local storage"); err != nil { logrus.Error("unable to mark pull flag deprecated") } diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go index d4bc0f610..3b6788f4a 100644 --- a/cmd/podman/images/import.go +++ b/cmd/podman/images/import.go @@ -77,8 +77,10 @@ func importFlags(cmd *cobra.Command) { _ = cmd.RegisterFlagCompletionFunc(messageFlagName, completion.AutocompleteNone) flags.BoolVarP(&importOpts.Quiet, "quiet", "q", false, "Suppress output") - flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file") - _ = flags.MarkHidden("signature-policy") + if !registry.IsRemote() { + flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file") + _ = flags.MarkHidden("signature-policy") + } } func importCon(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/images/load.go b/cmd/podman/images/load.go index c39ae624e..5cd410f5c 100644 --- a/cmd/podman/images/load.go +++ b/cmd/podman/images/load.go @@ -64,8 +64,10 @@ func loadFlags(cmd *cobra.Command) { _ = cmd.RegisterFlagCompletionFunc(inputFlagName, completion.AutocompleteDefault) flags.BoolVarP(&loadOpts.Quiet, "quiet", "q", false, "Suppress the output") - flags.StringVar(&loadOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file") - _ = flags.MarkHidden("signature-policy") + if !registry.IsRemote() { + flags.StringVar(&loadOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file") + _ = flags.MarkHidden("signature-policy") + } } func load(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go index a990d1626..2a5fd86cc 100644 --- a/cmd/podman/images/pull.go +++ b/cmd/podman/images/pull.go @@ -101,7 +101,6 @@ func pullFlags(cmd *cobra.Command) { flags.Bool("disable-content-trust", false, "This is a Docker specific option and is a NOOP") flags.BoolVarP(&pullOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images") - flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&pullOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") authfileFlagName := "authfile" @@ -113,7 +112,10 @@ func pullFlags(cmd *cobra.Command) { flags.StringVar(&pullOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys") _ = cmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault) } - _ = flags.MarkHidden("signature-policy") + if !registry.IsRemote() { + flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") + _ = flags.MarkHidden("signature-policy") + } } // imagePull is implement the command for pulling images. diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go index a13976612..cf787a71f 100644 --- a/cmd/podman/images/push.go +++ b/cmd/podman/images/push.go @@ -101,7 +101,6 @@ func pushFlags(cmd *cobra.Command) { flags.BoolVarP(&pushOptions.Quiet, "quiet", "q", false, "Suppress output information when pushing images") flags.BoolVar(&pushOptions.RemoveSignatures, "remove-signatures", false, "Discard any pre-existing signatures in the image") - flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file") signByFlagName := "sign-by" flags.StringVar(&pushOptions.SignBy, signByFlagName, "", "Add a signature at the destination using the specified key") @@ -117,7 +116,10 @@ func pushFlags(cmd *cobra.Command) { _ = flags.MarkHidden("remove-signatures") _ = flags.MarkHidden("sign-by") } - _ = flags.MarkHidden("signature-policy") + if !registry.IsRemote() { + flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file") + _ = flags.MarkHidden("signature-policy") + } } // imagePush is implement the command for pushing images. diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go index 581b29113..11b5d7d34 100644 --- a/cmd/podman/play/kube.go +++ b/cmd/podman/play/kube.go @@ -108,8 +108,6 @@ func init() { flags.StringVar(&kubeOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys") _ = kubeCmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault) - flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") - seccompProfileRootFlagName := "seccomp-profile-root" flags.StringVar(&kubeOptions.SeccompProfileRoot, seccompProfileRootFlagName, defaultSeccompRoot, "Directory path for seccomp profiles") _ = kubeCmd.RegisterFlagCompletionFunc(seccompProfileRootFlagName, completion.AutocompleteDefault) @@ -121,7 +119,12 @@ func init() { buildFlagName := "build" flags.BoolVar(&kubeOptions.Build, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)") } - _ = flags.MarkHidden("signature-policy") + + if !registry.IsRemote() { + flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") + + _ = flags.MarkHidden("signature-policy") + } } func kube(cmd *cobra.Command, args []string) error { diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index f237d24b9..216432216 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -362,14 +362,18 @@ var _ = Describe("Podman create", func() { }) It("podman create --signature-policy", func() { - SkipIfRemote("SigPolicy not handled by remote") session := podmanTest.Podman([]string{"create", "--pull=always", "--signature-policy", "/no/such/file", ALPINE}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) session = podmanTest.Podman([]string{"create", "--pull=always", "--signature-policy", "/etc/containers/policy.json", ALPINE}) session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) + if IsRemote() { + Expect(session).To(ExitWithError()) + Expect(session.ErrorToString()).To(ContainSubstring("unknown flag")) + } else { + Expect(session).Should(Exit(0)) + } }) It("podman create with unset label", func() { diff --git a/test/e2e/import_test.go b/test/e2e/import_test.go index 5531bed8c..e1c89753e 100644 --- a/test/e2e/import_test.go +++ b/test/e2e/import_test.go @@ -171,6 +171,12 @@ var _ = Describe("Podman import", func() { result := podmanTest.Podman([]string{"import", "--signature-policy", "/etc/containers/policy.json", outfile}) result.WaitWithDefaultTimeout() + if IsRemote() { + Expect(result).To(ExitWithError()) + Expect(result.ErrorToString()).To(ContainSubstring("unknown flag")) + result := podmanTest.Podman([]string{"import", outfile}) + result.WaitWithDefaultTimeout() + } Expect(result).Should(Exit(0)) }) }) diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go index e79c1eb8a..030e9f80b 100644 --- a/test/e2e/load_test.go +++ b/test/e2e/load_test.go @@ -104,7 +104,15 @@ var _ = Describe("Podman load", func() { result := podmanTest.Podman([]string{"load", "--signature-policy", "/etc/containers/policy.json", "-i", outfile}) result.WaitWithDefaultTimeout() - Expect(result).Should(Exit(0)) + if IsRemote() { + Expect(result).To(ExitWithError()) + Expect(result.ErrorToString()).To(ContainSubstring("unknown flag")) + result = podmanTest.Podman([]string{"load", "-i", outfile}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + } else { + Expect(result).Should(Exit(0)) + } }) It("podman load with quiet flag", func() { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index ec64d2166..aa9037e56 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -83,14 +83,18 @@ var _ = Describe("Podman run", func() { }) It("podman run --signature-policy", func() { - SkipIfRemote("SigPolicy not handled by remote") session := podmanTest.Podman([]string{"run", "--pull=always", "--signature-policy", "/no/such/file", ALPINE}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) session = podmanTest.Podman([]string{"run", "--pull=always", "--signature-policy", "/etc/containers/policy.json", ALPINE}) session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) + if IsRemote() { + Expect(session).To(ExitWithError()) + Expect(session.ErrorToString()).To(ContainSubstring("unknown flag")) + } else { + Expect(session).Should(Exit(0)) + } }) It("podman run --rm with --restart", func() { diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index 9f3f750b7..a8fb6c7b3 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -194,14 +194,16 @@ default-docker: session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - - outfile := filepath.Join(podmanTest.TempDir, "temp.tar") - save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"}) - save.WaitWithDefaultTimeout() - Expect(save).To(ExitWithError()) + if !IsRemote() { + session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + outfile := filepath.Join(podmanTest.TempDir, "temp.tar") + save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"}) + save.WaitWithDefaultTimeout() + Expect(save).To(ExitWithError()) + } }) It("podman save image with digest reference", func() { |