Merge pull request #7363 from mheon/lets_try_this_again

Lets try this again: v2.0.5 backports, round 2

10 files changed, 407 insertions, 11 deletions

diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
index fff3f3b1f..4c032c072 100644
--- a/test/apiv2/35-networks.at
+++ b/test/apiv2/35-networks.at
@@ -3,6 +3,32 @@
 # network-related tests
 #
 
-t GET /networks/non-existing-network 404
+t GET networks/non-existing-network 404 \
+  .cause='network not found'
+
+if root; then
+  t POST libpod/networks/create?name=network1 '' 200 \
+    .Filename~.*/network1\\.conflist
+
+  # --data '{"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}}'
+  t POST libpod/networks/create?name=network2 '"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}' 200 \
+    .Filename~.*/network2\\.conflist
+
+  # test for empty mask
+  t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[]}' 500 \
+    .cause~'.*cannot be empty'
+  # test for invalid mask
+  t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[0,255,255,0]}' 500 \
+    .cause~'.*mask is invalid'
+
+  # clean the network
+  t DELETE libpod/networks/network1 200 \
+    .[0].Name~network1 \
+    .[0].Err=null
+  t DELETE libpod/networks/network2 200 \
+    .[0].Name~network2 \
+    .[0].Err=null
+
+fi
 
 # vim: filetype=sh
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index a69004208..f635f3c6c 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -179,6 +179,47 @@ var _ = Describe("Podman network create", func() {
 		Expect(subnet.Contains(containerIP)).To(BeTrue())
 	})
 
+	It("podman network create with name and IPv6 subnet", func() {
+		SkipIfRemote()
+		var (
+			results []network.NcList
+		)
+		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", "newIPv6network"})
+		nc.WaitWithDefaultTimeout()
+		Expect(nc.ExitCode()).To(BeZero())
+
+		defer podmanTest.removeCNINetwork("newIPv6network")
+
+		// Inspect the network configuration
+		inspect := podmanTest.Podman([]string{"network", "inspect", "newIPv6network"})
+		inspect.WaitWithDefaultTimeout()
+
+		// JSON the network configuration into something usable
+		err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
+		Expect(err).To(BeNil())
+		result := results[0]
+		Expect(result["name"]).To(Equal("newIPv6network"))
+
+		// JSON the bridge info
+		bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge")
+		Expect(err).To(BeNil())
+		Expect(bridgePlugin.IPAM.Routes[0].Dest).To(Equal("::/0"))
+
+		// Once a container executes a new network, the nic will be created. We should clean those up
+		// best we can
+		defer removeNetworkDevice(bridgePlugin.BrName)
+
+		try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newIPv6network", ALPINE, "sh", "-c", "ip addr show eth0 |  grep global | awk ' /inet6 / {print $2}'"})
+		try.WaitWithDefaultTimeout()
+
+		_, subnet, err := net.ParseCIDR("fd00:1:2:3:4::/64")
+		Expect(err).To(BeNil())
+		containerIP, _, err := net.ParseCIDR(try.OutputToString())
+		Expect(err).To(BeNil())
+		// Ensure that the IP the container got is within the subnet the user asked for
+		Expect(subnet.Contains(containerIP)).To(BeTrue())
+	})
+
 	It("podman network create with invalid subnet", func() {
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", "fail"})
 		nc.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 88e289f1f..a33b23fab 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -437,8 +437,8 @@ var _ = Describe("Podman run networking", func() {
 	It("podman run in custom CNI network with --static-ip", func() {
 		SkipIfRootless()
 		netName := "podmantestnetwork"
-		ipAddr := "10.20.30.128"
-		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.20.30.0/24", netName})
+		ipAddr := "10.25.30.128"
+		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
 		create.WaitWithDefaultTimeout()
 		Expect(create.ExitCode()).To(BeZero())
 
@@ -446,5 +446,33 @@ var _ = Describe("Podman run networking", func() {
 		run.WaitWithDefaultTimeout()
 		Expect(run.ExitCode()).To(BeZero())
 		Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
+
+		netrm := podmanTest.Podman([]string{"network", "rm", netName})
+		netrm.WaitWithDefaultTimeout()
+		Expect(netrm.ExitCode()).To(BeZero())
+	})
+
+	It("podman run with new:pod and static-ip", func() {
+		SkipIfRemote()
+		SkipIfRootless()
+		netName := "podmantestnetwork2"
+		ipAddr := "10.25.40.128"
+		podname := "testpod"
+		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.40.0/24", netName})
+		create.WaitWithDefaultTimeout()
+		Expect(create.ExitCode()).To(BeZero())
+
+		run := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "--pod", "new:" + podname, "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"})
+		run.WaitWithDefaultTimeout()
+		Expect(run.ExitCode()).To(BeZero())
+		Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
+
+		podrm := podmanTest.Podman([]string{"pod", "rm", "-f", podname})
+		podrm.WaitWithDefaultTimeout()
+		Expect(podrm.ExitCode()).To(BeZero())
+
+		netrm := podmanTest.Podman([]string{"network", "rm", netName})
+		netrm.WaitWithDefaultTimeout()
+		Expect(netrm.ExitCode()).To(BeZero())
 	})
 })
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 95eecd042..6064be122 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -183,22 +183,46 @@ var _ = Describe("Podman run", func() {
 		Expect(conData[0].Config.Annotations["io.podman.annotations.init"]).To(Equal("FALSE"))
 	})
 
-	It("podman run seccomp test", func() {
-
+	forbidGetCWDSeccompProfile := func() string {
 		in := []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"getcwd","action":"SCMP_ACT_ERRNO"}]}`)
 		jsonFile, err := podmanTest.CreateSeccompJson(in)
 		if err != nil {
 			fmt.Println(err)
 			Skip("Failed to prepare seccomp.json for test.")
 		}
+		return jsonFile
+	}
 
-		session := podmanTest.Podman([]string{"run", "-it", "--security-opt", strings.Join([]string{"seccomp=", jsonFile}, ""), ALPINE, "pwd"})
+	It("podman run seccomp test", func() {
+		session := podmanTest.Podman([]string{"run", "-it", "--security-opt", strings.Join([]string{"seccomp=", forbidGetCWDSeccompProfile()}, ""), ALPINE, "pwd"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError())
 		match, _ := session.GrepString("Operation not permitted")
 		Expect(match).Should(BeTrue())
 	})
 
+	It("podman run seccomp test --privileged", func() {
+		session := podmanTest.Podman([]string{"run", "-it", "--privileged", "--security-opt", strings.Join([]string{"seccomp=", forbidGetCWDSeccompProfile()}, ""), ALPINE, "pwd"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		match, _ := session.GrepString("Operation not permitted")
+		Expect(match).Should(BeTrue())
+	})
+
+	It("podman run seccomp test --privileged no profile should be unconfined", func() {
+		session := podmanTest.Podman([]string{"run", "-it", "--privileged", ALPINE, "grep", "Seccomp", "/proc/self/status"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.OutputToString()).To(ContainSubstring("0"))
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
+	It("podman run seccomp test no profile should be default", func() {
+		session := podmanTest.Podman([]string{"run", "-it", ALPINE, "grep", "Seccomp", "/proc/self/status"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.OutputToString()).To(ContainSubstring("2"))
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman run capabilities test", func() {
 		session := podmanTest.Podman([]string{"run", "--rm", "--cap-add", "all", ALPINE, "cat", "/proc/self/status"})
 		session.WaitWithDefaultTimeout()
@@ -811,6 +835,14 @@ USER mail`
 		Expect(match).To(BeTrue())
 	})
 
+	It("podman run --pod new with hostname", func() {
+		hostname := "abc"
+		session := podmanTest.Podman([]string{"run", "--pod", "new:foobar", "--hostname", hostname, ALPINE, "cat", "/etc/hostname"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring(hostname))
+	})
+
 	It("podman run --rm should work", func() {
 		session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "ls"})
 		session.WaitWithDefaultTimeout()
@@ -1036,4 +1068,13 @@ USER mail`
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(ContainSubstring(limit))
 	})
+
+	It("podman run --entrypoint does not use image command", func() {
+		session := podmanTest.Podman([]string{"run", "--entrypoint", "/bin/echo", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		// We can't guarantee the output is completely empty, some
+		// nonprintables seem to work their way in.
+		Expect(session.OutputToString()).To(Not(ContainSubstring("/bin/sh")))
+	})
 })
diff --git a/test/e2e/run_working_dir.go b/test/e2e/run_working_dir.go
new file mode 100644
index 000000000..64f1dc247
--- /dev/null
+++ b/test/e2e/run_working_dir.go
@@ -0,0 +1,69 @@
+package integration
+
+import (
+	"os"
+	"strings"
+
+	. "github.com/containers/libpod/v2/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman run", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+		podmanTest.SeedImages()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	It("podman run a container without workdir", func() {
+		session := podmanTest.Podman([]string{"run", ALPINE, "pwd"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("/"))
+	})
+
+	It("podman run a container using non existing --workdir", func() {
+		if !strings.Contains(podmanTest.OCIRuntime, "crun") {
+			Skip("Test only works on crun")
+		}
+		session := podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", ALPINE, "pwd"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(127))
+	})
+
+	It("podman run a container on an image with a workdir", func() {
+		SkipIfRemote()
+		dockerfile := `FROM alpine
+RUN  mkdir -p /home/foobar
+WORKDIR  /etc/foobar`
+		podmanTest.BuildImage(dockerfile, "test", "false")
+
+		session := podmanTest.Podman([]string{"run", "test", "pwd"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("/etc/foobar"))
+
+		session = podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", "test", "pwd"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("/home/foobar"))
+	})
+})
diff --git a/test/e2e/system_connection_test.go b/test/e2e/system_connection_test.go
new file mode 100644
index 000000000..4c750ee7f
--- /dev/null
+++ b/test/e2e/system_connection_test.go
@@ -0,0 +1,176 @@
+package integration
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/containers/common/pkg/config"
+	. "github.com/containers/libpod/v2/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gbytes"
+	. "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("podman system connection", func() {
+	ConfPath := struct {
+		Value string
+		IsSet bool
+	}{}
+
+	var (
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		ConfPath.Value, ConfPath.IsSet = os.LookupEnv("CONTAINERS_CONF")
+		conf, err := ioutil.TempFile("", "containersconf")
+		if err != nil {
+			panic(err)
+		}
+		os.Setenv("CONTAINERS_CONF", conf.Name())
+
+		tempdir, err := CreateTempDirInTempDir()
+		if err != nil {
+			panic(err)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		os.Remove(os.Getenv("CONTAINERS_CONF"))
+		if ConfPath.IsSet {
+			os.Setenv("CONTAINERS_CONF", ConfPath.Value)
+		} else {
+			os.Unsetenv("CONTAINERS_CONF")
+		}
+
+		f := CurrentGinkgoTestDescription()
+		timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds())
+		GinkgoWriter.Write([]byte(timedResult))
+	})
+
+	It("add", func() {
+		cmd := []string{"system", "connection", "add",
+			"--default",
+			"--identity", "~/.ssh/id_rsa",
+			"QA",
+			"ssh://root@server.fubar.com:2222/run/podman/podman.sock",
+		}
+		session := podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.Out).Should(Say(""))
+
+		cfg, err := config.ReadCustomConfig()
+		Expect(err).ShouldNot(HaveOccurred())
+		Expect(cfg.Engine.ActiveService).To(Equal("QA"))
+		Expect(cfg.Engine.ServiceDestinations["QA"]).To(Equal(
+			config.Destination{
+				URI:      "ssh://root@server.fubar.com:2222/run/podman/podman.sock",
+				Identity: "~/.ssh/id_rsa",
+			},
+		))
+
+		cmd = []string{"system", "connection", "rename",
+			"QA",
+			"QE",
+		}
+		session = podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		cfg, err = config.ReadCustomConfig()
+		Expect(err).ShouldNot(HaveOccurred())
+		Expect(cfg.Engine.ActiveService).To(Equal("QE"))
+		Expect(cfg.Engine.ServiceDestinations["QE"]).To(Equal(
+			config.Destination{
+				URI:      "ssh://root@server.fubar.com:2222/run/podman/podman.sock",
+				Identity: "~/.ssh/id_rsa",
+			},
+		))
+	})
+
+	It("remove", func() {
+		cmd := []string{"system", "connection", "add",
+			"--default",
+			"--identity", "~/.ssh/id_rsa",
+			"QA",
+			"ssh://root@server.fubar.com:2222/run/podman/podman.sock",
+		}
+		session := podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		for i := 0; i < 2; i++ {
+			cmd = []string{"system", "connection", "remove", "QA"}
+			session = podmanTest.Podman(cmd)
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(0))
+			Expect(session.Out).Should(Say(""))
+
+			cfg, err := config.ReadCustomConfig()
+			Expect(err).ShouldNot(HaveOccurred())
+			Expect(cfg.Engine.ActiveService).To(BeEmpty())
+			Expect(cfg.Engine.ServiceDestinations).To(BeEmpty())
+		}
+	})
+
+	It("default", func() {
+		for _, name := range []string{"devl", "qe"} {
+			cmd := []string{"system", "connection", "add",
+				"--default",
+				"--identity", "~/.ssh/id_rsa",
+				name,
+				"ssh://root@server.fubar.com:2222/run/podman/podman.sock",
+			}
+			session := podmanTest.Podman(cmd)
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(0))
+		}
+
+		cmd := []string{"system", "connection", "default", "devl"}
+		session := podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.Out).Should(Say(""))
+
+		cfg, err := config.ReadCustomConfig()
+		Expect(err).ShouldNot(HaveOccurred())
+		Expect(cfg.Engine.ActiveService).To(Equal("devl"))
+
+		cmd = []string{"system", "connection", "list"}
+		session = podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.Out).Should(Say("Name *Identity *URI"))
+	})
+
+	It("failed default", func() {
+		cmd := []string{"system", "connection", "default", "devl"}
+		session := podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).ShouldNot(Exit(0))
+		Expect(session.Err).Should(Say("destination is not defined"))
+	})
+
+	It("failed rename", func() {
+		cmd := []string{"system", "connection", "rename", "devl", "QE"}
+		session := podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).ShouldNot(Exit(0))
+		Expect(session.Err).Should(Say("destination is not defined"))
+	})
+
+	It("empty list", func() {
+		cmd := []string{"system", "connection", "list"}
+		session := podmanTest.Podman(cmd)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.Out).Should(Say(""))
+		Expect(session.Err).Should(Say(""))
+	})
+})
diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats
index 71595f419..b12836b9e 100644
--- a/test/system/001-basic.bats
+++ b/test/system/001-basic.bats
@@ -24,6 +24,13 @@ function setup() {
     is "${lines[0]}" "Version:[ ]\+[1-9][0-9.]\+" "Version line 1"
     is "$output" ".*Go Version: \+"               "'Go Version' in output"
     is "$output" ".*API Version: \+"		  "API version in output"
+
+    # Test that build date is reasonable, e.g. after 2019-01-01
+    local built=$(expr "$output" : ".*Built: \+\(.*\)" | head -n1)
+    local built_t=$(date --date="$built" +%s)
+    if [ $built_t -lt 1546300800 ]; then
+        die "Preposterous 'Built' time in podman version: '$built'"
+    fi
 }
 
 
diff --git a/test/system/015-help.bats b/test/system/015-help.bats
index 42d3bd3ec..201b23b5e 100644
--- a/test/system/015-help.bats
+++ b/test/system/015-help.bats
@@ -40,7 +40,9 @@ function check_help() {
         [ -n "$usage" ] || die "podman $cmd: no Usage message found"
 
         # e.g. 'podman ps' should not show 'podman container ps' in usage
-        is "$usage" "  $command_string .*" "Usage string matches command"
+        # Trailing space in usage handles 'podman system renumber' which
+        # has no ' [flags]'
+        is "$usage " "  $command_string .*" "Usage string matches command"
 
         # If usage ends in '[command]', recurse into subcommands
         if expr "$usage" : '.*\[command\]$' >/dev/null; then
diff --git a/test/system/110-history.bats b/test/system/110-history.bats
index b83e90fe4..5dc221d61 100644
--- a/test/system/110-history.bats
+++ b/test/system/110-history.bats
@@ -3,8 +3,6 @@
 load helpers
 
 @test "podman history - basic tests" {
-    skip_if_remote "FIXME: pending #7122"
-
     tests="
                                  | .*[0-9a-f]\\\{12\\\} .* CMD .* LABEL
 --format '{{.ID}} {{.Created}}'  | .*[0-9a-f]\\\{12\\\} .* ago
diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index 611799f8d..310ee55de 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -26,10 +26,18 @@ verify_iid_and_name() {
     is "$new_img_name" "$1"   "Name & tag of restored image"
 }
 
+@test "podman save to pipe and load" {
+    # We can't use run_podman because that uses the BATS 'run' function
+    # which redirects stdout and stderr. Here we need to guarantee
+    # that podman's stdout is a pipe, not any other form of redirection
+    $PODMAN save --format oci-archive $IMAGE | cat >$PODMAN_TMPDIR/test.tar
+    [ $status -eq 0 ]
+
+    run_podman load -i $PODMAN_TMPDIR/test.tar
+}
 
-@test "podman load - by image ID" {
-    skip_if_remote "FIXME: pending #7123"
 
+@test "podman load - by image ID" {
     # FIXME: how to build a simple archive instead?
     get_iid_and_name