podman image scp never enter podman user NS

Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.

This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component

Signed-off-by: cdoern <cdoern@redhat.com>

4 files changed, 45 insertions, 38 deletions

diff --git a/test/e2e/image_scp_test.go b/test/e2e/image_scp_test.go
index 6651a04b5..767b355d9 100644
--- a/test/e2e/image_scp_test.go
+++ b/test/e2e/image_scp_test.go
@@ -29,7 +29,6 @@ var _ = Describe("podman image scp", func() {
 			panic(err)
 		}
 		os.Setenv("CONTAINERS_CONF", conf.Name())
-
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@@ -52,38 +51,6 @@ var _ = Describe("podman image scp", func() {
 
 	})
 
-	It("podman image scp quiet flag", func() {
-		if IsRemote() {
-			Skip("this test is only for non-remote")
-		}
-		scp := podmanTest.Podman([]string{"image", "scp", "-q", ALPINE})
-		scp.WaitWithDefaultTimeout()
-		Expect(scp).To(Exit(0))
-	})
-
-	It("podman image scp root to rootless transfer", func() {
-		SkipIfNotRootless("this is a rootless only test, transferring from root to rootless using PodmanAsUser")
-		if IsRemote() {
-			Skip("this test is only for non-remote")
-		}
-		env := os.Environ()
-		img := podmanTest.PodmanAsUser([]string{"image", "pull", ALPINE}, 0, 0, "", env) // pull image to root
-		img.WaitWithDefaultTimeout()
-		Expect(img).To(Exit(0))
-		scp := podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE, "1000:1000@localhost::"}, 0, 0, "", env) //transfer from root to rootless (us)
-		scp.WaitWithDefaultTimeout()
-		Expect(scp).To(Exit(0))
-
-		list := podmanTest.Podman([]string{"image", "list"}) // our image should now contain alpine loaded in from root
-		list.WaitWithDefaultTimeout()
-		Expect(list).To(Exit(0))
-		Expect(list.OutputToStringArray()).To(ContainElement(HavePrefix("quay.io/libpod/alpine")))
-
-		scp = podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE}, 0, 0, "", env) //transfer from root to rootless (us)
-		scp.WaitWithDefaultTimeout()
-		Expect(scp).To(Exit(0))
-	})
-
 	It("podman image scp bogus image", func() {
 		if IsRemote() {
 			Skip("this test is only for non-remote")
@@ -119,11 +86,8 @@ var _ = Describe("podman image scp", func() {
 		scp.Wait(45)
 		// exit with error because we cannot make an actual ssh connection
 		// This tests that the input we are given is validated and prepared correctly
-		// Error: failed to connect: dial tcp: address foo: missing port in address
+		// The error given should either be a missing image (due to testing suite complications) or a i/o timeout on ssh
 		Expect(scp).To(ExitWithError())
-		Expect(scp.ErrorToString()).To(ContainSubstring(
-			"Error: failed to connect: dial tcp 66.151.147.142:2222: i/o timeout",
-		))
 
 	})
 
diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index a5508b2f4..541095764 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -78,6 +78,35 @@ verify_iid_and_name() {
     run_podman rmi $fqin
 }
 
+@test "podman image scp transfer" {
+    skip_if_root_ubuntu "cannot create a new user successfully on ubuntu"
+    get_iid_and_name
+    if ! is_remote; then
+        if is_rootless; then
+            whoami=$(id -un)
+            run_podman image scp $whoami@localhost::$iid root@localhost::
+            if [ "$status" -ne 0 ]; then
+                die "Command failed: podman image scp transfer"
+            fi
+            whoami=$(id -un)
+            run_podman image scp -q $whoami@localhost::$iid root@localhost::
+            if [ "$status" -ne 0 ]; then
+                die "Command failed: podman image scp quiet transfer failed"
+            fi
+        fi
+        if ! is_rootless; then
+             id -u 1000 &>/dev/null || useradd -u 1000 -g 1000 testingUsr
+             if [ "$status" -ne 0 ]; then
+                die "Command failed: useradd 1000"
+             fi
+             run_podman image scp root@localhost::$iid 1000:1000@localhost::
+             if [ "$status" -ne 0 ]; then
+                 die "Command failed: podman image scp transfer"
+             fi
+        fi
+    fi
+}
+
 
 @test "podman load - by image ID" {
     # FIXME: how to build a simple archive instead?
diff --git a/test/system/520-checkpoint.bats b/test/system/520-checkpoint.bats
index 723a20cc4..046dfd126 100644
--- a/test/system/520-checkpoint.bats
+++ b/test/system/520-checkpoint.bats
@@ -11,7 +11,7 @@ function setup() {
     # TL;DR they keep fixing it then breaking it again. There's a test we
     # could run to see if it's fixed, but it's way too complicated. Since
     # integration tests also skip checkpoint tests on Ubuntu, do the same here.
-    if grep -qiw ubuntu /etc/os-release; then
+    if is_ubuntu; then
         skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, ..."
     fi
 
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 97b6db05c..2f36c2239 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -318,6 +318,10 @@ function wait_for_port() {
 # BEGIN miscellaneous tools
 
 # Shortcuts for common needs:
+function is_ubuntu() {
+    grep -qiw ubuntu /etc/os-release
+}
+
 function is_rootless() {
     [ "$(id -u)" -ne 0 ]
 }
@@ -449,6 +453,16 @@ function skip_if_journald_unavailable {
     fi
 }
 
+function skip_if_root_ubuntu {
+    if is_ubuntu; then
+        if ! is_remote; then
+            if ! is_rootless; then
+                 skip "Cannot run this test on rootful ubuntu, usually due to user errors"
+            fi
+        fi
+    fi
+}
+
 #########
 #  die  #  Abort with helpful message
 #########