aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2021-11-23 09:50:26 -0500
committerGitHub <noreply@github.com>2021-11-23 09:50:26 -0500
commitee612806655d0d0a0a3d2a782a000ea5c6b08f33 (patch)
tree6a5ef0988a7642d83c0e7d095f89f552cccc8551
parent9e07cb17a92dd24df8053193e1e047f211a72a54 (diff)
parent21629b0501c62a991eef536765b7320bc2d45763 (diff)
downloadpodman-ee612806655d0d0a0a3d2a782a000ea5c6b08f33.tar.gz
podman-ee612806655d0d0a0a3d2a782a000ea5c6b08f33.tar.bz2
podman-ee612806655d0d0a0a3d2a782a000ea5c6b08f33.zip
Merge pull request #12361 from rhatdan/remote
podman-remote does not support signature-policy
-rw-r--r--cmd/podman/common/create.go13
-rw-r--r--cmd/podman/containers/runlabel.go7
-rw-r--r--cmd/podman/images/import.go6
-rw-r--r--cmd/podman/images/load.go6
-rw-r--r--cmd/podman/images/pull.go6
-rw-r--r--cmd/podman/images/push.go6
-rw-r--r--cmd/podman/play/kube.go9
-rw-r--r--test/e2e/create_test.go8
-rw-r--r--test/e2e/import_test.go6
-rw-r--r--test/e2e/load_test.go10
-rw-r--r--test/e2e/run_test.go8
-rw-r--r--test/e2e/save_test.go18
12 files changed, 70 insertions, 33 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index d73fa653f..dad79348d 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -552,11 +552,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
stopSignalFlagName := "stop-signal"
createFlags.StringVar(
- &cf.SignaturePolicy,
- "signature-policy", "",
- "`Pathname` of signature policy file (not usually used)",
- )
- createFlags.StringVar(
&cf.StopSignal,
stopSignalFlagName, "",
"Signal to stop a container. Default is SIGTERM",
@@ -702,10 +697,16 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
"Write the container process ID to the file")
_ = cmd.RegisterFlagCompletionFunc(pidFileFlagName, completion.AutocompleteDefault)
- _ = createFlags.MarkHidden("signature-policy")
if registry.IsRemote() {
_ = createFlags.MarkHidden("env-host")
_ = createFlags.MarkHidden("http-proxy")
+ } else {
+ createFlags.StringVar(
+ &cf.SignaturePolicy,
+ "signature-policy", "",
+ "`Pathname` of signature policy file (not usually used)",
+ )
+ _ = createFlags.MarkHidden("signature-policy")
}
createFlags.BoolVar(
diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go
index 85f3785be..e60fcbe72 100644
--- a/cmd/podman/containers/runlabel.go
+++ b/cmd/podman/containers/runlabel.go
@@ -70,7 +70,6 @@ func init() {
flags.BoolVarP(&runlabelOptions.Pull, "pull", "p", true, "Pull the image if it does not exist locally prior to executing the label contents")
flags.BoolVarP(&runlabelOptions.Quiet, "quiet", "q", false, "Suppress output information when installing images")
flags.BoolVar(&runlabelOptions.Replace, "replace", false, "Replace existing container with a new one from the image")
- flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.BoolVar(&runlabelOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
// Hide the optional flags.
@@ -78,8 +77,10 @@ func init() {
_ = flags.MarkHidden("opt2")
_ = flags.MarkHidden("opt3")
_ = flags.MarkHidden("pull")
- _ = flags.MarkHidden("signature-policy")
-
+ if !registry.IsRemote() {
+ flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+ _ = flags.MarkHidden("signature-policy")
+ }
if err := flags.MarkDeprecated("pull", "podman will pull if not found in local storage"); err != nil {
logrus.Error("unable to mark pull flag deprecated")
}
diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go
index d4bc0f610..3b6788f4a 100644
--- a/cmd/podman/images/import.go
+++ b/cmd/podman/images/import.go
@@ -77,8 +77,10 @@ func importFlags(cmd *cobra.Command) {
_ = cmd.RegisterFlagCompletionFunc(messageFlagName, completion.AutocompleteNone)
flags.BoolVarP(&importOpts.Quiet, "quiet", "q", false, "Suppress output")
- flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
- _ = flags.MarkHidden("signature-policy")
+ if !registry.IsRemote() {
+ flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
+ _ = flags.MarkHidden("signature-policy")
+ }
}
func importCon(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/images/load.go b/cmd/podman/images/load.go
index c39ae624e..5cd410f5c 100644
--- a/cmd/podman/images/load.go
+++ b/cmd/podman/images/load.go
@@ -64,8 +64,10 @@ func loadFlags(cmd *cobra.Command) {
_ = cmd.RegisterFlagCompletionFunc(inputFlagName, completion.AutocompleteDefault)
flags.BoolVarP(&loadOpts.Quiet, "quiet", "q", false, "Suppress the output")
- flags.StringVar(&loadOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file")
- _ = flags.MarkHidden("signature-policy")
+ if !registry.IsRemote() {
+ flags.StringVar(&loadOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file")
+ _ = flags.MarkHidden("signature-policy")
+ }
}
func load(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go
index a990d1626..2a5fd86cc 100644
--- a/cmd/podman/images/pull.go
+++ b/cmd/podman/images/pull.go
@@ -101,7 +101,6 @@ func pullFlags(cmd *cobra.Command) {
flags.Bool("disable-content-trust", false, "This is a Docker specific option and is a NOOP")
flags.BoolVarP(&pullOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
- flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.BoolVar(&pullOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
authfileFlagName := "authfile"
@@ -113,7 +112,10 @@ func pullFlags(cmd *cobra.Command) {
flags.StringVar(&pullOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
_ = cmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
}
- _ = flags.MarkHidden("signature-policy")
+ if !registry.IsRemote() {
+ flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+ _ = flags.MarkHidden("signature-policy")
+ }
}
// imagePull is implement the command for pulling images.
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index a13976612..cf787a71f 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -101,7 +101,6 @@ func pushFlags(cmd *cobra.Command) {
flags.BoolVarP(&pushOptions.Quiet, "quiet", "q", false, "Suppress output information when pushing images")
flags.BoolVar(&pushOptions.RemoveSignatures, "remove-signatures", false, "Discard any pre-existing signatures in the image")
- flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
signByFlagName := "sign-by"
flags.StringVar(&pushOptions.SignBy, signByFlagName, "", "Add a signature at the destination using the specified key")
@@ -117,7 +116,10 @@ func pushFlags(cmd *cobra.Command) {
_ = flags.MarkHidden("remove-signatures")
_ = flags.MarkHidden("sign-by")
}
- _ = flags.MarkHidden("signature-policy")
+ if !registry.IsRemote() {
+ flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
+ _ = flags.MarkHidden("signature-policy")
+ }
}
// imagePush is implement the command for pushing images.
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index 581b29113..11b5d7d34 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -108,8 +108,6 @@ func init() {
flags.StringVar(&kubeOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
_ = kubeCmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
- flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
-
seccompProfileRootFlagName := "seccomp-profile-root"
flags.StringVar(&kubeOptions.SeccompProfileRoot, seccompProfileRootFlagName, defaultSeccompRoot, "Directory path for seccomp profiles")
_ = kubeCmd.RegisterFlagCompletionFunc(seccompProfileRootFlagName, completion.AutocompleteDefault)
@@ -121,7 +119,12 @@ func init() {
buildFlagName := "build"
flags.BoolVar(&kubeOptions.Build, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)")
}
- _ = flags.MarkHidden("signature-policy")
+
+ if !registry.IsRemote() {
+ flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+
+ _ = flags.MarkHidden("signature-policy")
+ }
}
func kube(cmd *cobra.Command, args []string) error {
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index f237d24b9..216432216 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -362,14 +362,18 @@ var _ = Describe("Podman create", func() {
})
It("podman create --signature-policy", func() {
- SkipIfRemote("SigPolicy not handled by remote")
session := podmanTest.Podman([]string{"create", "--pull=always", "--signature-policy", "/no/such/file", ALPINE})
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
session = podmanTest.Podman([]string{"create", "--pull=always", "--signature-policy", "/etc/containers/policy.json", ALPINE})
session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(0))
+ if IsRemote() {
+ Expect(session).To(ExitWithError())
+ Expect(session.ErrorToString()).To(ContainSubstring("unknown flag"))
+ } else {
+ Expect(session).Should(Exit(0))
+ }
})
It("podman create with unset label", func() {
diff --git a/test/e2e/import_test.go b/test/e2e/import_test.go
index 5531bed8c..e1c89753e 100644
--- a/test/e2e/import_test.go
+++ b/test/e2e/import_test.go
@@ -171,6 +171,12 @@ var _ = Describe("Podman import", func() {
result := podmanTest.Podman([]string{"import", "--signature-policy", "/etc/containers/policy.json", outfile})
result.WaitWithDefaultTimeout()
+ if IsRemote() {
+ Expect(result).To(ExitWithError())
+ Expect(result.ErrorToString()).To(ContainSubstring("unknown flag"))
+ result := podmanTest.Podman([]string{"import", outfile})
+ result.WaitWithDefaultTimeout()
+ }
Expect(result).Should(Exit(0))
})
})
diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go
index e79c1eb8a..030e9f80b 100644
--- a/test/e2e/load_test.go
+++ b/test/e2e/load_test.go
@@ -104,7 +104,15 @@ var _ = Describe("Podman load", func() {
result := podmanTest.Podman([]string{"load", "--signature-policy", "/etc/containers/policy.json", "-i", outfile})
result.WaitWithDefaultTimeout()
- Expect(result).Should(Exit(0))
+ if IsRemote() {
+ Expect(result).To(ExitWithError())
+ Expect(result.ErrorToString()).To(ContainSubstring("unknown flag"))
+ result = podmanTest.Podman([]string{"load", "-i", outfile})
+ result.WaitWithDefaultTimeout()
+ Expect(result).Should(Exit(0))
+ } else {
+ Expect(result).Should(Exit(0))
+ }
})
It("podman load with quiet flag", func() {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index ec64d2166..aa9037e56 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -83,14 +83,18 @@ var _ = Describe("Podman run", func() {
})
It("podman run --signature-policy", func() {
- SkipIfRemote("SigPolicy not handled by remote")
session := podmanTest.Podman([]string{"run", "--pull=always", "--signature-policy", "/no/such/file", ALPINE})
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
session = podmanTest.Podman([]string{"run", "--pull=always", "--signature-policy", "/etc/containers/policy.json", ALPINE})
session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(0))
+ if IsRemote() {
+ Expect(session).To(ExitWithError())
+ Expect(session.ErrorToString()).To(ContainSubstring("unknown flag"))
+ } else {
+ Expect(session).Should(Exit(0))
+ }
})
It("podman run --rm with --restart", func() {
diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go
index 9f3f750b7..a8fb6c7b3 100644
--- a/test/e2e/save_test.go
+++ b/test/e2e/save_test.go
@@ -194,14 +194,16 @@ default-docker:
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"})
- session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(0))
-
- outfile := filepath.Join(podmanTest.TempDir, "temp.tar")
- save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"})
- save.WaitWithDefaultTimeout()
- Expect(save).To(ExitWithError())
+ if !IsRemote() {
+ session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ outfile := filepath.Join(podmanTest.TempDir, "temp.tar")
+ save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"})
+ save.WaitWithDefaultTimeout()
+ Expect(save).To(ExitWithError())
+ }
})
It("podman save image with digest reference", func() {