summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml18
-rw-r--r--cmd/podman/common/completion.go58
-rw-r--r--cmd/podman/common/netflags.go2
-rw-r--r--cmd/podman/containers/logs.go3
-rw-r--r--cmd/podman/containers/run.go11
-rw-r--r--cmd/podman/images/sign.go1
-rw-r--r--cmd/podman/play/kube.go2
-rw-r--r--cmd/podman/system/connection/add.go61
-rw-r--r--cmd/podman/volumes/prune.go16
-rwxr-xr-xcontrib/cirrus/runner.sh4
-rwxr-xr-xcontrib/cirrus/setup_environment.sh1
-rw-r--r--docs/source/markdown/podman-create.1.md4
-rw-r--r--docs/source/markdown/podman-image-sign.1.md4
-rw-r--r--docs/source/markdown/podman-run.1.md4
-rw-r--r--docs/source/markdown/podman-volume-prune.1.md16
-rw-r--r--libpod/container_internal_linux.go5
-rw-r--r--libpod/events/events.go3
-rw-r--r--libpod/events/journal_linux.go16
-rw-r--r--libpod/events/logfile.go12
-rw-r--r--libpod/logs/log.go16
-rw-r--r--libpod/options.go1
-rw-r--r--libpod/runtime_volume.go4
-rw-r--r--pkg/api/handlers/compat/containers_create.go15
-rw-r--r--pkg/api/handlers/compat/events.go3
-rw-r--r--pkg/api/handlers/compat/networks.go6
-rw-r--r--pkg/api/handlers/compat/volumes.go12
-rw-r--r--pkg/api/handlers/libpod/volumes.go20
-rw-r--r--pkg/bindings/connection.go49
-rw-r--r--pkg/bindings/test/volumes_test.go41
-rw-r--r--pkg/bindings/volumes/volumes.go12
-rw-r--r--pkg/domain/entities/container_ps.go2
-rw-r--r--pkg/domain/entities/containers.go6
-rw-r--r--pkg/domain/entities/engine_container.go2
-rw-r--r--pkg/domain/entities/images.go1
-rw-r--r--pkg/domain/entities/volumes.go7
-rw-r--r--pkg/domain/filters/helpers.go20
-rw-r--r--pkg/domain/filters/volumes.go3
-rw-r--r--pkg/domain/infra/abi/containers.go4
-rw-r--r--pkg/domain/infra/abi/images.go71
-rw-r--r--pkg/domain/infra/abi/system.go2
-rw-r--r--pkg/domain/infra/abi/volumes.go12
-rw-r--r--pkg/domain/infra/runtime_tunnel.go24
-rw-r--r--pkg/domain/infra/tunnel/containers.go53
-rw-r--r--pkg/domain/infra/tunnel/volumes.go4
-rw-r--r--pkg/ps/ps.go37
-rw-r--r--pkg/terminal/util.go9
-rw-r--r--pkg/util/utils_linux.go17
-rw-r--r--pkg/util/utils_unsupported.go5
-rw-r--r--test/apiv2/20-containers.at11
-rw-r--r--test/apiv2/30-volumes.at30
-rw-r--r--test/apiv2/35-networks.at8
-rw-r--r--test/compose/README.md47
-rw-r--r--test/compose/env_and_volume/README.md12
-rw-r--r--test/compose/env_and_volume/docker-compose.yml18
-rw-r--r--test/compose/env_and_volume/read/Dockerfile5
-rw-r--r--test/compose/env_and_volume/read/app.py10
-rw-r--r--test/compose/env_and_volume/tests.sh4
-rw-r--r--test/compose/env_and_volume/write/Dockerfile5
-rw-r--r--test/compose/env_and_volume/write/app.py13
-rw-r--r--test/compose/images/README.md5
-rw-r--r--test/compose/images/podman-python/Containerfile3
-rw-r--r--test/compose/mount_and_label/README.md9
-rw-r--r--test/compose/mount_and_label/docker-compose.yml10
-rw-r--r--test/compose/mount_and_label/frontend/Dockerfile5
-rw-r--r--test/compose/mount_and_label/frontend/app.py10
-rw-r--r--test/compose/mount_and_label/setup.sh2
-rw-r--r--test/compose/mount_and_label/teardown.sh1
-rw-r--r--test/compose/mount_and_label/tests.sh4
-rw-r--r--test/compose/port_map_diff_port/README.md9
-rw-r--r--test/compose/port_map_diff_port/docker-compose.yml6
-rw-r--r--test/compose/port_map_diff_port/frontend/Dockerfile5
-rw-r--r--test/compose/port_map_diff_port/frontend/app.py9
-rw-r--r--test/compose/port_map_diff_port/tests.sh3
-rw-r--r--test/compose/setup.sh.example3
-rw-r--r--test/compose/simple_port_map/README.md9
-rw-r--r--test/compose/simple_port_map/docker-compose.yml6
-rw-r--r--test/compose/simple_port_map/frontend/Dockerfile6
-rw-r--r--test/compose/simple_port_map/frontend/app.py10
-rw-r--r--test/compose/simple_port_map/tests.sh3
-rw-r--r--test/compose/teardown.sh.example4
-rwxr-xr-xtest/compose/test-compose345
-rw-r--r--test/e2e/events_test.go43
-rw-r--r--test/e2e/image_sign_test.go16
-rw-r--r--test/e2e/logs_test.go17
-rw-r--r--test/e2e/play_kube_test.go4
-rw-r--r--test/e2e/start_test.go23
-rw-r--r--test/e2e/toolbox_test.go2
-rw-r--r--test/e2e/volume_prune_test.go60
-rw-r--r--test/system/030-run.bats20
-rw-r--r--test/system/035-logs.bats9
-rw-r--r--test/system/helpers.bash34
91 files changed, 1352 insertions, 205 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 0fa51be63..8507aa3d2 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -30,7 +30,7 @@ env:
PRIOR_UBUNTU_NAME: "ubuntu-19"
# Google-cloud VM Images
- IMAGE_SUFFIX: "c5402398833246208"
+ IMAGE_SUFFIX: "c4704091098054656"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
@@ -434,6 +434,21 @@ apiv2_test_task:
podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman'
time_script: '$SCRIPT_BASE/logcollector.sh time'
+compose_test_task:
+ name: "compose test on $DISTRO_NV"
+ alias: compose_test
+ depends_on:
+ - validate
+ gce_instance: *standardvm
+ env:
+ <<: *stdenvars
+ TEST_FLAVOR: compose
+ clone_script: *noop # Comes from cache
+ gopath_cache: *ro_gopath_cache
+ setup_script: *setup
+ main_script: *main
+ always: *logs_artifacts
+
# Execute the podman integration tests on all primary platforms and release
# versions, as root, without involving the podman-remote client.
@@ -619,6 +634,7 @@ success_task:
- docker-py_test
- unit_test
- apiv2_test
+ - compose_test
- local_integration_test
- remote_integration_test
- rootless_integration_test
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index f792b2713..83fe0723c 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -313,6 +313,10 @@ func completeKeyValues(toComplete string, k keyValueCompletion) ([]string, cobra
return suggestions, directive
}
+func getBoolCompletion(_ string) ([]string, cobra.ShellCompDirective) {
+ return []string{"true", "false"}, cobra.ShellCompDirectiveNoFileComp
+}
+
/* Autocomplete Functions for cobra ValidArgsFunction */
// AutocompleteContainers - Autocomplete all container names.
@@ -797,6 +801,39 @@ func AutocompleteVolumeFlag(cmd *cobra.Command, args []string, toComplete string
return volumes, directive
}
+// AutocompleteNetworkFlag - Autocomplete network flag options.
+func AutocompleteNetworkFlag(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ kv := keyValueCompletion{
+ "container:": func(s string) ([]string, cobra.ShellCompDirective) { return getContainers(cmd, s, completeDefault) },
+ "ns:": func(_ string) ([]string, cobra.ShellCompDirective) {
+ return nil, cobra.ShellCompDirectiveDefault
+ },
+ "bridge": nil,
+ "none": nil,
+ "host": nil,
+ "private": nil,
+ "slirp4netns:": func(s string) ([]string, cobra.ShellCompDirective) {
+ skv := keyValueCompletion{
+ "allow_host_loopback=": getBoolCompletion,
+ "cidr=": nil,
+ "enable_ipv6=": getBoolCompletion,
+ "outbound_addr=": nil,
+ "outbound_addr6=": nil,
+ "port_handler=": func(_ string) ([]string, cobra.ShellCompDirective) {
+ return []string{"rootlesskit", "slirp4netns"}, cobra.ShellCompDirectiveNoFileComp
+ },
+ }
+ return completeKeyValues(s, skv)
+ },
+ }
+
+ networks, _ := getNetworks(cmd, toComplete)
+ suggestions, dir := completeKeyValues(toComplete, kv)
+ // add slirp4netns here it does not work correct if we add it to the kv map
+ suggestions = append(suggestions, "slirp4netns")
+ return append(networks, suggestions...), dir
+}
+
// AutocompleteJSONFormat - Autocomplete format flag option.
// -> "json"
func AutocompleteJSONFormat(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
@@ -974,17 +1011,14 @@ func AutocompletePodPsFilters(cmd *cobra.Command, args []string, toComplete stri
// AutocompleteImageFilters - Autocomplete image ls --filter options.
func AutocompleteImageFilters(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
- getBool := func(_ string) ([]string, cobra.ShellCompDirective) {
- return []string{"true", "false"}, cobra.ShellCompDirectiveNoFileComp
- }
getImg := func(s string) ([]string, cobra.ShellCompDirective) { return getImages(cmd, s) }
kv := keyValueCompletion{
"before=": getImg,
"since=": getImg,
"label=": nil,
"reference=": nil,
- "dangling=": getBool,
- "readonly=": getBool,
+ "dangling=": getBoolCompletion,
+ "readonly=": getBoolCompletion,
}
return completeKeyValues(toComplete, kv)
}
@@ -1004,14 +1038,12 @@ func AutocompleteVolumeFilters(cmd *cobra.Command, args []string, toComplete str
return []string{"local"}, cobra.ShellCompDirectiveNoFileComp
}
kv := keyValueCompletion{
- "name=": func(s string) ([]string, cobra.ShellCompDirective) { return getVolumes(cmd, s) },
- "driver=": local,
- "scope=": local,
- "label=": nil,
- "opt=": nil,
- "dangling=": func(_ string) ([]string, cobra.ShellCompDirective) {
- return []string{"true", "false"}, cobra.ShellCompDirectiveNoFileComp
- },
+ "name=": func(s string) ([]string, cobra.ShellCompDirective) { return getVolumes(cmd, s) },
+ "driver=": local,
+ "scope=": local,
+ "label=": nil,
+ "opt=": nil,
+ "dangling=": getBoolCompletion,
}
return completeKeyValues(toComplete, kv)
}
diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index cae52ccaa..9cb4ed550 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -63,7 +63,7 @@ func DefineNetFlags(cmd *cobra.Command) {
networkFlagName, containerConfig.NetNS(),
"Connect a container to a network",
)
- _ = cmd.RegisterFlagCompletionFunc(networkFlagName, AutocompleteNetworks)
+ _ = cmd.RegisterFlagCompletionFunc(networkFlagName, AutocompleteNetworkFlag)
networkAliasFlagName := "network-alias"
netFlags.StringSlice(
diff --git a/cmd/podman/containers/logs.go b/cmd/podman/containers/logs.go
index d4ede370a..9b562afd8 100644
--- a/cmd/podman/containers/logs.go
+++ b/cmd/podman/containers/logs.go
@@ -122,6 +122,7 @@ func logs(_ *cobra.Command, args []string) error {
}
logsOptions.Since = since
}
- logsOptions.Writer = os.Stdout
+ logsOptions.StdoutWriter = os.Stdout
+ logsOptions.StderrWriter = os.Stderr
return registry.ContainerEngine().ContainerLogs(registry.GetContext(), args, logsOptions.ContainerLogsOptions)
}
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index 6ff1b929d..46bfb4143 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -3,7 +3,6 @@ package containers
import (
"fmt"
"os"
- "strconv"
"strings"
"github.com/containers/common/pkg/completion"
@@ -15,7 +14,6 @@ import (
"github.com/containers/podman/v2/pkg/errorhandling"
"github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/specgen"
- "github.com/containers/podman/v2/pkg/util"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -108,15 +106,6 @@ func run(cmd *cobra.Command, args []string) error {
return err
}
- if rootless.IsRootless() && !registry.IsRemote() {
- userspec := strings.SplitN(cliVals.User, ":", 2)[0]
- if uid, err := strconv.ParseInt(userspec, 10, 32); err == nil {
- if err := util.CheckRootlessUIDRange(int(uid)); err != nil {
- return err
- }
- }
- }
-
if af := cliVals.Authfile; len(af) > 0 {
if _, err := os.Stat(af); err != nil {
return err
diff --git a/cmd/podman/images/sign.go b/cmd/podman/images/sign.go
index 342536f7c..859d51d51 100644
--- a/cmd/podman/images/sign.go
+++ b/cmd/podman/images/sign.go
@@ -47,6 +47,7 @@ func init() {
certDirFlagName := "cert-dir"
flags.StringVar(&signOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
_ = signCommand.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
+ flags.BoolVarP(&signOptions.All, "all", "a", false, "Sign all the manifests of the multi-architecture image")
}
func sign(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index 5e227d05a..db7280b1d 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -61,7 +61,7 @@ func init() {
networkFlagName := "network"
flags.StringVar(&kubeOptions.Network, networkFlagName, "", "Connect pod to CNI network(s)")
- _ = kubeCmd.RegisterFlagCompletionFunc(networkFlagName, common.AutocompleteNetworks)
+ _ = kubeCmd.RegisterFlagCompletionFunc(networkFlagName, common.AutocompleteNetworkFlag)
logDriverFlagName := "log-driver"
flags.StringVar(&kubeOptions.LogDriver, logDriverFlagName, "", "Logging driver for the container")
diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go
index 57e747451..da5f652c8 100644
--- a/cmd/podman/system/connection/add.go
+++ b/cmd/podman/system/connection/add.go
@@ -168,19 +168,17 @@ func getUserInfo(uri *url.URL) (*url.Userinfo, error) {
}
func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) {
- var authMethods []ssh.AuthMethod
- passwd, set := uri.User.Password()
- if set {
- authMethods = append(authMethods, ssh.Password(passwd))
- }
+ var signers []ssh.Signer
+ passwd, passwdSet := uri.User.Password()
if cmd.Flags().Changed("identity") {
value := cmd.Flag("identity").Value.String()
- auth, err := terminal.PublicKey(value, []byte(passwd))
+ s, err := terminal.PublicKey(value, []byte(passwd))
if err != nil {
return "", errors.Wrapf(err, "failed to read identity %q", value)
}
- authMethods = append(authMethods, auth)
+ signers = append(signers, s)
+ logrus.Debugf("SSH Ident Key %q %s %s", value, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
}
if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found {
@@ -190,16 +188,51 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) {
if err != nil {
return "", err
}
- a := agent.NewClient(c)
- authMethods = append(authMethods, ssh.PublicKeysCallback(a.Signers))
- }
-
- if len(authMethods) == 0 {
- pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username()))
+ agentSigners, err := agent.NewClient(c).Signers()
if err != nil {
return "", err
}
- authMethods = append(authMethods, ssh.Password(string(pass)))
+
+ signers = append(signers, agentSigners...)
+
+ if logrus.IsLevelEnabled(logrus.DebugLevel) {
+ for _, s := range agentSigners {
+ logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+ }
+ }
+ }
+
+ var authMethods []ssh.AuthMethod
+ if len(signers) > 0 {
+ var dedup = make(map[string]ssh.Signer)
+ // Dedup signers based on fingerprint, ssh-agent keys override CONTAINER_SSHKEY
+ for _, s := range signers {
+ fp := ssh.FingerprintSHA256(s.PublicKey())
+ if _, found := dedup[fp]; found {
+ logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+ }
+ dedup[fp] = s
+ }
+
+ var uniq []ssh.Signer
+ for _, s := range dedup {
+ uniq = append(uniq, s)
+ }
+
+ authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) {
+ return uniq, nil
+ }))
+ }
+
+ if passwdSet {
+ authMethods = append(authMethods, ssh.Password(passwd))
+ }
+
+ if len(authMethods) == 0 {
+ authMethods = append(authMethods, ssh.PasswordCallback(func() (string, error) {
+ pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username()))
+ return string(pass), err
+ }))
}
cfg := &ssh.ClientConfig{
diff --git a/cmd/podman/volumes/prune.go b/cmd/podman/volumes/prune.go
index d1370120b..0f3ba9ef6 100644
--- a/cmd/podman/volumes/prune.go
+++ b/cmd/podman/volumes/prune.go
@@ -8,10 +8,12 @@ import (
"strings"
"github.com/containers/common/pkg/completion"
+ "github.com/containers/podman/v2/cmd/podman/common"
"github.com/containers/podman/v2/cmd/podman/registry"
"github.com/containers/podman/v2/cmd/podman/utils"
"github.com/containers/podman/v2/cmd/podman/validate"
"github.com/containers/podman/v2/pkg/domain/entities"
+ "github.com/containers/podman/v2/pkg/domain/filters"
"github.com/spf13/cobra"
)
@@ -28,6 +30,7 @@ var (
RunE: prune,
ValidArgsFunction: completion.AutocompleteNone,
}
+ filter = []string{}
)
func init() {
@@ -37,10 +40,17 @@ func init() {
Parent: volumeCmd,
})
flags := pruneCommand.Flags()
+
+ filterFlagName := "filter"
+ flags.StringArrayVar(&filter, filterFlagName, []string{}, "Provide filter values (e.g. 'label=<key>=<value>')")
+ _ = pruneCommand.RegisterFlagCompletionFunc(filterFlagName, common.AutocompleteVolumeFilters)
flags.BoolP("force", "f", false, "Do not prompt for confirmation")
}
func prune(cmd *cobra.Command, args []string) error {
+ var (
+ pruneOptions = entities.VolumePruneOptions{}
+ )
// Prompt for confirmation if --force is not set
force, err := cmd.Flags().GetBool("force")
if err != nil {
@@ -58,7 +68,11 @@ func prune(cmd *cobra.Command, args []string) error {
return nil
}
}
- responses, err := registry.ContainerEngine().VolumePrune(context.Background())
+ pruneOptions.Filters, err = filters.ParseFilterArgumentsIntoFilters(filter)
+ if err != nil {
+ return err
+ }
+ responses, err := registry.ContainerEngine().VolumePrune(context.Background(), pruneOptions)
if err != nil {
return err
}
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index fa921f3e4..cc6d155f9 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -73,6 +73,10 @@ function _run_apiv2() {
make localapiv2 |& logformatter
}
+function _run_compose() {
+ ./test/compose/test-compose |& logformatter
+}
+
function _run_int() {
dotest integration
}
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index c32b45a4f..a3c0f9a13 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -195,6 +195,7 @@ case "$TEST_FLAVOR" in
build) make clean ;;
unit) ;;
apiv2) ;& # use next item
+ compose) ;&
int) ;&
sys) ;&
bindings) ;&
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index b5f5591a9..8deaa8540 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -803,10 +803,6 @@ To generate systemd unit files, please see *podman generate systemd*
Automatically remove the container when it exits. The default is *false*.
-Note that the container will not be removed when it could not be created or
-started successfully. This allows the user to inspect the container after
-failure.
-
#### **--rootfs**
If specified, the first argument refers to an exploded container on the file system.
diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md
index 7a924b80b..3e52bde30 100644
--- a/docs/source/markdown/podman-image-sign.1.md
+++ b/docs/source/markdown/podman-image-sign.1.md
@@ -19,6 +19,10 @@ By default, the signature will be written into `/var/lib/containers/sigstore` fo
Print usage statement.
+#### **--all**, **-a**
+
+Sign all the manifests of the multi-architecture image (default false).
+
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 3241cf9f7..cd45e53ef 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -840,10 +840,6 @@ To generate systemd unit files, please see **podman generate systemd**.
Automatically remove the container when it exits. The default is **false**.
-Note that the container will not be removed when it could not be created or
-started successfully. This allows the user to inspect the container after
-failure.
-
#### **--rmi**=*true|false*
After exit of the container, remove the image unless another
diff --git a/docs/source/markdown/podman-volume-prune.1.md b/docs/source/markdown/podman-volume-prune.1.md
index b5f1b7e94..9477cb5d5 100644
--- a/docs/source/markdown/podman-volume-prune.1.md
+++ b/docs/source/markdown/podman-volume-prune.1.md
@@ -8,7 +8,8 @@ podman\-volume\-prune - Remove all unused volumes
## DESCRIPTION
-Removes all unused volumes. You will be prompted to confirm the removal of all the
+Removes unused volumes. By default all unused volumes will be removed, the **--filter** flag can
+be used to filter specific volumes. You will be prompted to confirm the removal of all the
unused volumes. To bypass the confirmation, use the **--force** flag.
@@ -18,6 +19,17 @@ unused volumes. To bypass the confirmation, use the **--force** flag.
Do not prompt for confirmation.
+#### **--filter**
+
+Filter volumes to be pruned. Volumes can be filtered by the following attributes:
+
+- dangling
+- driver
+- label
+- name
+- opt
+- scope
+
#### **--help**
Print usage statement
@@ -29,6 +41,8 @@ Print usage statement
$ podman volume prune
$ podman volume prune --force
+
+$ podman volume prune --filter label=mylabel=mylabelvalue
```
## SEE ALSO
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 1bf044f9d..dc1a64863 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -424,11 +424,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
if c.config.User != "" {
- if rootless.IsRootless() {
- if err := util.CheckRootlessUIDRange(execUser.Uid); err != nil {
- return nil, err
- }
- }
// User and Group must go together
g.SetProcessUID(uint32(execUser.Uid))
g.SetProcessGID(uint32(execUser.Gid))
diff --git a/libpod/events/events.go b/libpod/events/events.go
index 4e7267af3..aa0401b62 100644
--- a/libpod/events/events.go
+++ b/libpod/events/events.go
@@ -216,8 +216,5 @@ func (e EventLogFile) getTail(options ReadOptions) (*tail.Tail, error) {
reopen = false
}
stream := options.Stream
- if len(options.Until) > 0 {
- stream = false
- }
return tail.TailFile(e.options.LogFilePath, tail.Config{ReOpen: reopen, Follow: stream, Location: &seek, Logger: tail.DiscardingLogger, Poll: true})
}
diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
index 9a514e302..71c638017 100644
--- a/libpod/events/journal_linux.go
+++ b/libpod/events/journal_linux.go
@@ -8,6 +8,7 @@ import (
"strconv"
"time"
+ "github.com/containers/podman/v2/pkg/util"
"github.com/coreos/go-systemd/v22/journal"
"github.com/coreos/go-systemd/v22/sdjournal"
"github.com/pkg/errors"
@@ -72,6 +73,13 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
if err != nil {
return errors.Wrapf(err, "failed to generate event options")
}
+ var untilTime time.Time
+ if len(options.Until) > 0 {
+ untilTime, err = util.ParseInputTime(options.Until)
+ if err != nil {
+ return err
+ }
+ }
j, err := sdjournal.NewJournal()
if err != nil {
return err
@@ -122,10 +130,14 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
return errors.Wrap(err, "failed to get journal cursor")
}
if prevCursor == newCursor {
- if len(options.Until) > 0 || !options.Stream {
+ if !options.Stream || (len(options.Until) > 0 && time.Now().After(untilTime)) {
break
}
- _ = j.Wait(sdjournal.IndefiniteWait)
+ t := sdjournal.IndefiniteWait
+ if len(options.Until) > 0 {
+ t = time.Until(untilTime)
+ }
+ _ = j.Wait(t)
continue
}
prevCursor = newCursor
diff --git a/libpod/events/logfile.go b/libpod/events/logfile.go
index 57e38b815..05ae3ce52 100644
--- a/libpod/events/logfile.go
+++ b/libpod/events/logfile.go
@@ -4,7 +4,9 @@ import (
"context"
"fmt"
"os"
+ "time"
+ "github.com/containers/podman/v2/pkg/util"
"github.com/containers/storage"
"github.com/pkg/errors"
)
@@ -51,6 +53,16 @@ func (e EventLogFile) Read(ctx context.Context, options ReadOptions) error {
if err != nil {
return err
}
+ if len(options.Until) > 0 {
+ untilTime, err := util.ParseInputTime(options.Until)
+ if err != nil {
+ return err
+ }
+ go func() {
+ time.Sleep(time.Until(untilTime))
+ t.Stop()
+ }()
+ }
funcDone := make(chan bool)
copy := true
go func() {
diff --git a/libpod/logs/log.go b/libpod/logs/log.go
index a9554088b..d3d83747f 100644
--- a/libpod/logs/log.go
+++ b/libpod/logs/log.go
@@ -210,3 +210,19 @@ func NewLogLine(line string) (*LogLine, error) {
func (l *LogLine) Partial() bool {
return l.ParseLogType == PartialLogType
}
+
+func (l *LogLine) Write(stdout io.Writer, stderr io.Writer, logOpts *LogOptions) {
+ switch l.Device {
+ case "stdout":
+ if stdout != nil {
+ fmt.Fprintln(stdout, l.String(logOpts))
+ }
+ case "stderr":
+ if stderr != nil {
+ fmt.Fprintln(stderr, l.String(logOpts))
+ }
+ default:
+ // Warn the user if the device type does not match. Most likely the file is corrupted.
+ logrus.Warnf("unknown Device type '%s' in log file from Container %s", l.Device, l.CID)
+ }
+}
diff --git a/libpod/options.go b/libpod/options.go
index bd12c0c34..c2db13560 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -502,6 +502,7 @@ func WithEventsLogger(logger string) RuntimeOption {
}
rt.config.Engine.EventsLogger = logger
+ rt.config.Engine.EventsLogFilePath = filepath.Join(rt.config.Engine.TmpDir, "events", "events.log")
return nil
}
diff --git a/libpod/runtime_volume.go b/libpod/runtime_volume.go
index 055a243c0..10c32a119 100644
--- a/libpod/runtime_volume.go
+++ b/libpod/runtime_volume.go
@@ -133,9 +133,9 @@ func (r *Runtime) GetAllVolumes() ([]*Volume, error) {
}
// PruneVolumes removes unused volumes from the system
-func (r *Runtime) PruneVolumes(ctx context.Context) (map[string]error, error) {
+func (r *Runtime) PruneVolumes(ctx context.Context, filterFuncs []VolumeFilter) (map[string]error, error) {
reports := make(map[string]error)
- vols, err := r.GetAllVolumes()
+ vols, err := r.Volumes(filterFuncs...)
if err != nil {
return nil, err
}
diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 409a74de2..6e85872b2 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -66,7 +66,20 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "make cli opts()"))
return
}
- sg := specgen.NewSpecGenerator(newImage.ID(), cliOpts.RootFS)
+
+ imgNameOrID := newImage.ID()
+ // if the img had multi names with the same sha256 ID, should use the InputName, not the ID
+ if len(newImage.Names()) > 1 {
+ imageRef, err := utils.ParseDockerReference(newImage.InputName)
+ if err != nil {
+ utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, err)
+ return
+ }
+ // maybe the InputName has no tag, so use full name to display
+ imgNameOrID = imageRef.DockerReference().String()
+ }
+
+ sg := specgen.NewSpecGenerator(imgNameOrID, cliOpts.RootFS)
if err := common.FillOutSpecGen(sg, cliOpts, args); err != nil {
utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "fill out specgen"))
return
diff --git a/pkg/api/handlers/compat/events.go b/pkg/api/handlers/compat/events.go
index f74491a8f..c75511a4d 100644
--- a/pkg/api/handlers/compat/events.go
+++ b/pkg/api/handlers/compat/events.go
@@ -110,6 +110,7 @@ func GetEvents(w http.ResponseWriter, r *http.Request) {
Until: query.Until,
}
errorChannel <- runtime.Events(r.Context(), readOpts)
+
}()
var flush = func() {}
@@ -130,8 +131,8 @@ func GetEvents(w http.ResponseWriter, r *http.Request) {
if err != nil {
// FIXME StatusOK already sent above cannot send 500 here
utils.InternalServerError(w, err)
- return
}
+ return
case evt := <-eventChannel:
if evt == nil {
continue
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index fe13971b0..f0b922885 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -131,7 +131,7 @@ func getNetworkResourceByNameOrID(nameOrID string, runtime *libpod.Runtime, filt
Name: conf.Name,
ID: network.GetNetworkID(conf.Name),
Created: time.Unix(int64(stat.Ctim.Sec), int64(stat.Ctim.Nsec)), // nolint: unconvert
- Scope: "",
+ Scope: "local",
Driver: network.DefaultNetworkDriver,
EnableIPv6: false,
IPAM: dockerNetwork.IPAM{
@@ -197,7 +197,7 @@ func ListNetworks(w http.ResponseWriter, r *http.Request) {
}
var reports []*types.NetworkResource
- logrus.Errorf("netNames: %q", strings.Join(netNames, ", "))
+ logrus.Debugf("netNames: %q", strings.Join(netNames, ", "))
for _, name := range netNames {
report, err := getNetworkResourceByNameOrID(name, runtime, query.Filters)
if err != nil {
@@ -239,7 +239,7 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) {
Internal: networkCreate.Internal,
Labels: networkCreate.Labels,
}
- if networkCreate.IPAM != nil && networkCreate.IPAM.Config != nil {
+ if networkCreate.IPAM != nil && len(networkCreate.IPAM.Config) > 0 {
if len(networkCreate.IPAM.Config) > 1 {
utils.InternalServerError(w, errors.New("compat network create can only support one IPAM config"))
return
diff --git a/pkg/api/handlers/compat/volumes.go b/pkg/api/handlers/compat/volumes.go
index 71b848932..f76e18ee3 100644
--- a/pkg/api/handlers/compat/volumes.go
+++ b/pkg/api/handlers/compat/volumes.go
@@ -3,6 +3,7 @@ package compat
import (
"encoding/json"
"net/http"
+ "net/url"
"time"
"github.com/containers/podman/v2/libpod"
@@ -254,14 +255,15 @@ func PruneVolumes(w http.ResponseWriter, r *http.Request) {
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String()))
return
}
- // TODO: We have no ability to pass pruning filters to `PruneVolumes()` so
- // we'll explicitly reject the request if we see any
- if len(query.Filters) > 0 {
- utils.InternalServerError(w, errors.New("filters for pruning volumes is not implemented"))
+
+ f := (url.Values)(query.Filters)
+ filterFuncs, err := filters.GenerateVolumeFilters(f)
+ if err != nil {
+ utils.Error(w, "Something when wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse filters for %s", f.Encode()))
return
}
- pruned, err := runtime.PruneVolumes(r.Context())
+ pruned, err := runtime.PruneVolumes(r.Context(), filterFuncs)
if err != nil {
utils.InternalServerError(w, err)
return
diff --git a/pkg/api/handlers/libpod/volumes.go b/pkg/api/handlers/libpod/volumes.go
index b0d40fd8b..b02a6a8ce 100644
--- a/pkg/api/handlers/libpod/volumes.go
+++ b/pkg/api/handlers/libpod/volumes.go
@@ -3,6 +3,7 @@ package libpod
import (
"encoding/json"
"net/http"
+ "net/url"
"github.com/containers/podman/v2/libpod"
"github.com/containers/podman/v2/libpod/define"
@@ -180,8 +181,25 @@ func PruneVolumes(w http.ResponseWriter, r *http.Request) {
func pruneVolumesHelper(r *http.Request) ([]*entities.VolumePruneReport, error) {
var (
runtime = r.Context().Value("runtime").(*libpod.Runtime)
+ decoder = r.Context().Value("decoder").(*schema.Decoder)
)
- pruned, err := runtime.PruneVolumes(r.Context())
+ query := struct {
+ Filters map[string][]string `schema:"filters"`
+ }{
+ // override any golang type defaults
+ }
+
+ if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+ return nil, err
+ }
+
+ f := (url.Values)(query.Filters)
+ filterFuncs, err := filters.GenerateVolumeFilters(f)
+ if err != nil {
+ return nil, err
+ }
+
+ pruned, err := runtime.PruneVolumes(r.Context(), filterFuncs)
if err != nil {
return nil, err
}
diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go
index f2cb3147c..7b26037eb 100644
--- a/pkg/bindings/connection.go
+++ b/pkg/bindings/connection.go
@@ -182,30 +182,65 @@ func pingNewConnection(ctx context.Context) error {
func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (Connection, error) {
// if you modify the authmethods or their conditionals, you will also need to make similar
// changes in the client (currently cmd/podman/system/connection/add getUDS).
- authMethods := []ssh.AuthMethod{}
+
+ var signers []ssh.Signer // order Signers are appended to this list determines which key is presented to server
+
if len(identity) > 0 {
- auth, err := terminal.PublicKey(identity, []byte(passPhrase))
+ s, err := terminal.PublicKey(identity, []byte(passPhrase))
if err != nil {
return Connection{}, errors.Wrapf(err, "failed to parse identity %q", identity)
}
- logrus.Debugf("public key signer enabled for identity %q", identity)
- authMethods = append(authMethods, auth)
+
+ signers = append(signers, s)
+ logrus.Debugf("SSH Ident Key %q %s %s", identity, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
}
if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found {
- logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer enabled", sock)
+ logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer(s) enabled", sock)
c, err := net.Dial("unix", sock)
if err != nil {
return Connection{}, err
}
- a := agent.NewClient(c)
- authMethods = append(authMethods, ssh.PublicKeysCallback(a.Signers))
+
+ agentSigners, err := agent.NewClient(c).Signers()
+ if err != nil {
+ return Connection{}, err
+ }
+ signers = append(signers, agentSigners...)
+
+ if logrus.IsLevelEnabled(logrus.DebugLevel) {
+ for _, s := range agentSigners {
+ logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+ }
+ }
+ }
+
+ var authMethods []ssh.AuthMethod
+ if len(signers) > 0 {
+ var dedup = make(map[string]ssh.Signer)
+ // Dedup signers based on fingerprint, ssh-agent keys override CONTAINER_SSHKEY
+ for _, s := range signers {
+ fp := ssh.FingerprintSHA256(s.PublicKey())
+ if _, found := dedup[fp]; found {
+ logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+ }
+ dedup[fp] = s
+ }
+
+ var uniq []ssh.Signer
+ for _, s := range dedup {
+ uniq = append(uniq, s)
+ }
+ authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) {
+ return uniq, nil
+ }))
}
if pw, found := _url.User.Password(); found {
authMethods = append(authMethods, ssh.Password(pw))
}
+
if len(authMethods) == 0 {
callback := func() (string, error) {
pass, err := terminal.ReadPassword("Login password:")
diff --git a/pkg/bindings/test/volumes_test.go b/pkg/bindings/test/volumes_test.go
index dc90d4d00..861a02441 100644
--- a/pkg/bindings/test/volumes_test.go
+++ b/pkg/bindings/test/volumes_test.go
@@ -144,16 +144,15 @@ var _ = Describe("Podman volumes", func() {
Expect(vols[0].Name).To(Equal("homer"))
})
- // TODO we need to add filtering to tests
It("prune unused volume", func() {
// Pruning when no volumes present should be ok
- _, err := volumes.Prune(connText)
+ _, err := volumes.Prune(connText, nil)
Expect(err).To(BeNil())
// Removing an unused volume should work
_, err = volumes.Create(connText, entities.VolumeCreateOptions{})
Expect(err).To(BeNil())
- vols, err := volumes.Prune(connText)
+ vols, err := volumes.Prune(connText, nil)
Expect(err).To(BeNil())
Expect(len(vols)).To(BeNumerically("==", 1))
@@ -163,11 +162,45 @@ var _ = Describe("Podman volumes", func() {
Expect(err).To(BeNil())
session := bt.runPodman([]string{"run", "-dt", "-v", fmt.Sprintf("%s:/homer", "homer"), "--name", "vtest", alpine.name, "top"})
session.Wait(45)
- vols, err = volumes.Prune(connText)
+ vols, err = volumes.Prune(connText, nil)
Expect(err).To(BeNil())
Expect(len(vols)).To(BeNumerically("==", 1))
_, err = volumes.Inspect(connText, "homer")
Expect(err).To(BeNil())
+
+ // Removing volume with non matching filter shouldn't prune any volumes
+ filters := make(map[string][]string)
+ filters["label"] = []string{"label1=idontmatch"}
+ _, err = volumes.Create(connText, entities.VolumeCreateOptions{Label: map[string]string{
+ "label1": "value1",
+ }})
+ Expect(err).To(BeNil())
+ vols, err = volumes.Prune(connText, filters)
+ Expect(err).To(BeNil())
+ Expect(len(vols)).To(BeNumerically("==", 0))
+ vol2, err := volumes.Create(connText, entities.VolumeCreateOptions{Label: map[string]string{
+ "label1": "value2",
+ }})
+ Expect(err).To(BeNil())
+ _, err = volumes.Create(connText, entities.VolumeCreateOptions{Label: map[string]string{
+ "label1": "value3",
+ }})
+ Expect(err).To(BeNil())
+
+ // Removing volume with matching filter label and value should remove specific entry
+ filters = make(map[string][]string)
+ filters["label"] = []string{"label1=value2"}
+ vols, err = volumes.Prune(connText, filters)
+ Expect(err).To(BeNil())
+ Expect(len(vols)).To(BeNumerically("==", 1))
+ Expect(vols[0].Id).To(Equal(vol2.Name))
+
+ // Removing volumes with matching filter label should remove all matching volumes
+ filters = make(map[string][]string)
+ filters["label"] = []string{"label1"}
+ vols, err = volumes.Prune(connText, filters)
+ Expect(err).To(BeNil())
+ Expect(len(vols)).To(BeNumerically("==", 2))
})
})
diff --git a/pkg/bindings/volumes/volumes.go b/pkg/bindings/volumes/volumes.go
index 00f1e5720..b1be257b8 100644
--- a/pkg/bindings/volumes/volumes.go
+++ b/pkg/bindings/volumes/volumes.go
@@ -75,7 +75,7 @@ func List(ctx context.Context, filters map[string][]string) ([]*entities.VolumeL
}
// Prune removes unused volumes from the local filesystem.
-func Prune(ctx context.Context) ([]*entities.VolumePruneReport, error) {
+func Prune(ctx context.Context, filters map[string][]string) ([]*entities.VolumePruneReport, error) {
var (
pruned []*entities.VolumePruneReport
)
@@ -83,7 +83,15 @@ func Prune(ctx context.Context) ([]*entities.VolumePruneReport, error) {
if err != nil {
return nil, err
}
- response, err := conn.DoRequest(nil, http.MethodPost, "/volumes/prune", nil, nil)
+ params := url.Values{}
+ if len(filters) > 0 {
+ strFilters, err := bindings.FiltersToString(filters)
+ if err != nil {
+ return nil, err
+ }
+ params.Set("filters", strFilters)
+ }
+ response, err := conn.DoRequest(nil, http.MethodPost, "/volumes/prune", params, nil)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/entities/container_ps.go b/pkg/domain/entities/container_ps.go
index b4e8446cb..ff3b087ed 100644
--- a/pkg/domain/entities/container_ps.go
+++ b/pkg/domain/entities/container_ps.go
@@ -12,6 +12,8 @@ import (
// Listcontainer describes a container suitable for listing
type ListContainer struct {
+ // AutoRemove
+ AutoRemove bool
// Container command
Command []string
// Container creation time
diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go
index 39d679eaf..01086a2b3 100644
--- a/pkg/domain/entities/containers.go
+++ b/pkg/domain/entities/containers.go
@@ -227,8 +227,10 @@ type ContainerLogsOptions struct {
Tail int64
// Show timestamps in the logs.
Timestamps bool
- // Write the logs to Writer.
- Writer io.Writer
+ // Write the stdout to this Writer.
+ StdoutWriter io.Writer
+ // Write the stderr to this Writer.
+ StderrWriter io.Writer
}
// ExecOptions describes the cli values to exec into
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index 5ad475133..ac9073402 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -80,6 +80,6 @@ type ContainerEngine interface {
VolumeCreate(ctx context.Context, opts VolumeCreateOptions) (*IDOrNameResponse, error)
VolumeInspect(ctx context.Context, namesOrIds []string, opts InspectOptions) ([]*VolumeInspectReport, []error, error)
VolumeList(ctx context.Context, opts VolumeListOptions) ([]*VolumeListReport, error)
- VolumePrune(ctx context.Context) ([]*VolumePruneReport, error)
+ VolumePrune(ctx context.Context, options VolumePruneOptions) ([]*VolumePruneReport, error)
VolumeRm(ctx context.Context, namesOrIds []string, opts VolumeRmOptions) ([]*VolumeRmReport, error)
}
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index 81f12bff7..1538cbb8b 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -344,6 +344,7 @@ type SignOptions struct {
Directory string
SignBy string
CertDir string
+ All bool
}
// SignReport describes the result of signing
diff --git a/pkg/domain/entities/volumes.go b/pkg/domain/entities/volumes.go
index 1bc1e4301..e6b29e374 100644
--- a/pkg/domain/entities/volumes.go
+++ b/pkg/domain/entities/volumes.go
@@ -1,6 +1,7 @@
package entities
import (
+ "net/url"
"time"
docker_api_types "github.com/docker/docker/api/types"
@@ -109,6 +110,12 @@ type VolumeInspectReport struct {
*VolumeConfigResponse
}
+// VolumePruneOptions describes the options needed
+// to prune a volume from the CLI
+type VolumePruneOptions struct {
+ Filters url.Values `json:"filters" schema:"filters"`
+}
+
type VolumePruneReport struct {
Err error
Id string //nolint
diff --git a/pkg/domain/filters/helpers.go b/pkg/domain/filters/helpers.go
new file mode 100644
index 000000000..6a5fb68b1
--- /dev/null
+++ b/pkg/domain/filters/helpers.go
@@ -0,0 +1,20 @@
+package filters
+
+import (
+ "net/url"
+ "strings"
+
+ "github.com/pkg/errors"
+)
+
+func ParseFilterArgumentsIntoFilters(filters []string) (url.Values, error) {
+ parsedFilters := make(url.Values)
+ for _, f := range filters {
+ t := strings.SplitN(f, "=", 2)
+ if len(t) < 2 {
+ return parsedFilters, errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f)
+ }
+ parsedFilters.Add(t[0], t[1])
+ }
+ return parsedFilters, nil
+}
diff --git a/pkg/domain/filters/volumes.go b/pkg/domain/filters/volumes.go
index 7819d3cdf..69bef4961 100644
--- a/pkg/domain/filters/volumes.go
+++ b/pkg/domain/filters/volumes.go
@@ -1,13 +1,14 @@
package filters
import (
+ "net/url"
"strings"
"github.com/containers/podman/v2/libpod"
"github.com/pkg/errors"
)
-func GenerateVolumeFilters(filters map[string][]string) ([]libpod.VolumeFilter, error) {
+func GenerateVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, error) {
var vf []libpod.VolumeFilter
for filter, v := range filters {
for _, val := range v {
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index ff4277a2e..ec65dbe44 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -925,7 +925,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
}
func (ic *ContainerEngine) ContainerLogs(ctx context.Context, containers []string, options entities.ContainerLogsOptions) error {
- if options.Writer == nil {
+ if options.StdoutWriter == nil && options.StderrWriter == nil {
return errors.New("no io.Writer set for container logs")
}
@@ -963,7 +963,7 @@ func (ic *ContainerEngine) ContainerLogs(ctx context.Context, containers []strin
}()
for line := range logChannel {
- fmt.Fprintln(options.Writer, line.String(logOpts))
+ line.Write(options.StdoutWriter, options.StderrWriter, logOpts)
}
return nil
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 57a2bc4cf..394ba359c 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -28,6 +28,8 @@ import (
"github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/storage"
+ dockerRef "github.com/docker/distribution/reference"
+ "github.com/opencontainers/go-digest"
imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -718,9 +720,9 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
logrus.Errorf("unable to close %s image source %q", srcRef.DockerReference().Name(), err)
}
}()
- getManifest, _, err := rawSource.GetManifest(ctx, nil)
+ topManifestBlob, manifestType, err := rawSource.GetManifest(ctx, nil)
if err != nil {
- return errors.Wrapf(err, "error getting getManifest")
+ return errors.Wrapf(err, "error getting manifest blob")
}
dockerReference := rawSource.Reference().DockerReference()
if dockerReference == nil {
@@ -743,34 +745,34 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
return err
}
}
- manifestDigest, err := manifest.Digest(getManifest)
+ manifestDigest, err := manifest.Digest(topManifestBlob)
if err != nil {
return err
}
- // create signature
- newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
- if err != nil {
- return errors.Wrapf(err, "error creating new signature")
- }
- // create the signstore file
- signatureDir := fmt.Sprintf("%s@%s=%s", sigStoreDir, manifestDigest.Algorithm(), manifestDigest.Hex())
- if err := os.MkdirAll(signatureDir, 0751); err != nil {
- // The directory is allowed to exist
- if !os.IsExist(err) {
- logrus.Error(err)
- return nil
+ if options.All {
+ if !manifest.MIMETypeIsMultiImage(manifestType) {
+ return errors.Errorf("%s is not a multi-architecture image (manifest type %s)", signimage, manifestType)
+ }
+ list, err := manifest.ListFromBlob(topManifestBlob, manifestType)
+ if err != nil {
+ return errors.Wrapf(err, "Error parsing manifest list %q", string(topManifestBlob))
+ }
+ instanceDigests := list.Instances()
+ for _, instanceDigest := range instanceDigests {
+ digest := instanceDigest
+ man, _, err := rawSource.GetManifest(ctx, &digest)
+ if err != nil {
+ return err
+ }
+ if err = putSignature(man, mech, sigStoreDir, instanceDigest, dockerReference, options); err != nil {
+ return errors.Wrapf(err, "error storing signature for %s, %v", dockerReference.String(), instanceDigest)
+ }
}
- }
- sigFilename, err := getSigFilename(signatureDir)
- if err != nil {
- logrus.Errorf("error creating sigstore file: %v", err)
return nil
}
- err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
- if err != nil {
- logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
- return nil
+ if err = putSignature(topManifestBlob, mech, sigStoreDir, manifestDigest, dockerReference, options); err != nil {
+ return errors.Wrapf(err, "error storing signature for %s, %v", dockerReference.String(), manifestDigest)
}
return nil
}()
@@ -806,3 +808,26 @@ func localPathFromURI(url *url.URL) (string, error) {
}
return url.Path, nil
}
+
+// putSignature creates signature and saves it to the signstore file
+func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStoreDir string, instanceDigest digest.Digest, dockerReference dockerRef.Reference, options entities.SignOptions) error {
+ newSig, err := signature.SignDockerManifest(manifestBlob, dockerReference.String(), mech, options.SignBy)
+ if err != nil {
+ return err
+ }
+ signatureDir := fmt.Sprintf("%s@%s=%s", sigStoreDir, instanceDigest.Algorithm(), instanceDigest.Hex())
+ if err := os.MkdirAll(signatureDir, 0751); err != nil {
+ // The directory is allowed to exist
+ if !os.IsExist(err) {
+ return err
+ }
+ }
+ sigFilename, err := getSigFilename(signatureDir)
+ if err != nil {
+ return err
+ }
+ if err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644); err != nil {
+ return err
+ }
+ return nil
+}
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index d6881fdc4..b6da364fc 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -224,7 +224,7 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys
systemPruneReport.ImagePruneReport.Report.Id = append(systemPruneReport.ImagePruneReport.Report.Id, results...)
}
if options.Volume {
- volumePruneReport, err := ic.pruneVolumesHelper(ctx)
+ volumePruneReport, err := ic.pruneVolumesHelper(ctx, nil)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/abi/volumes.go b/pkg/domain/infra/abi/volumes.go
index a7262f61b..515e52754 100644
--- a/pkg/domain/infra/abi/volumes.go
+++ b/pkg/domain/infra/abi/volumes.go
@@ -127,12 +127,16 @@ func (ic *ContainerEngine) VolumeInspect(ctx context.Context, namesOrIds []strin
return reports, errs, nil
}
-func (ic *ContainerEngine) VolumePrune(ctx context.Context) ([]*entities.VolumePruneReport, error) {
- return ic.pruneVolumesHelper(ctx)
+func (ic *ContainerEngine) VolumePrune(ctx context.Context, options entities.VolumePruneOptions) ([]*entities.VolumePruneReport, error) {
+ filterFuncs, err := filters.GenerateVolumeFilters(options.Filters)
+ if err != nil {
+ return nil, err
+ }
+ return ic.pruneVolumesHelper(ctx, filterFuncs)
}
-func (ic *ContainerEngine) pruneVolumesHelper(ctx context.Context) ([]*entities.VolumePruneReport, error) {
- pruned, err := ic.Libpod.PruneVolumes(ctx)
+func (ic *ContainerEngine) pruneVolumesHelper(ctx context.Context, filterFuncs []libpod.VolumeFilter) ([]*entities.VolumePruneReport, error) {
+ pruned, err := ic.Libpod.PruneVolumes(ctx, filterFuncs)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/runtime_tunnel.go b/pkg/domain/infra/runtime_tunnel.go
index 6c85e837e..3fddf577c 100644
--- a/pkg/domain/infra/runtime_tunnel.go
+++ b/pkg/domain/infra/runtime_tunnel.go
@@ -5,18 +5,38 @@ package infra
import (
"context"
"fmt"
+ "sync"
"github.com/containers/podman/v2/pkg/bindings"
"github.com/containers/podman/v2/pkg/domain/entities"
"github.com/containers/podman/v2/pkg/domain/infra/tunnel"
)
+var (
+ connectionMutex = &sync.Mutex{}
+ connection *context.Context
+)
+
+func newConnection(uri string, identity string) (context.Context, error) {
+ connectionMutex.Lock()
+ defer connectionMutex.Unlock()
+
+ if connection == nil {
+ ctx, err := bindings.NewConnectionWithIdentity(context.Background(), uri, identity)
+ if err != nil {
+ return ctx, err
+ }
+ connection = &ctx
+ }
+ return *connection, nil
+}
+
func NewContainerEngine(facts *entities.PodmanConfig) (entities.ContainerEngine, error) {
switch facts.EngineMode {
case entities.ABIMode:
return nil, fmt.Errorf("direct runtime not supported")
case entities.TunnelMode:
- ctx, err := bindings.NewConnectionWithIdentity(context.Background(), facts.URI, facts.Identity)
+ ctx, err := newConnection(facts.URI, facts.Identity)
return &tunnel.ContainerEngine{ClientCxt: ctx}, err
}
return nil, fmt.Errorf("runtime mode '%v' is not supported", facts.EngineMode)
@@ -28,7 +48,7 @@ func NewImageEngine(facts *entities.PodmanConfig) (entities.ImageEngine, error)
case entities.ABIMode:
return nil, fmt.Errorf("direct image runtime not supported")
case entities.TunnelMode:
- ctx, err := bindings.NewConnectionWithIdentity(context.Background(), facts.URI, facts.Identity)
+ ctx, err := newConnection(facts.URI, facts.Identity)
return &tunnel.ImageEngine{ClientCxt: ctx}, err
}
return nil, fmt.Errorf("runtime mode '%v' is not supported", facts.EngineMode)
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index e65fef0a4..ad7688f62 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -360,11 +360,12 @@ func (ic *ContainerEngine) ContainerCreate(ctx context.Context, s *specgen.SpecG
func (ic *ContainerEngine) ContainerLogs(_ context.Context, nameOrIDs []string, options entities.ContainerLogsOptions) error {
since := options.Since.Format(time.RFC3339)
tail := strconv.FormatInt(options.Tail, 10)
- stdout := options.Writer != nil
+ stdout := options.StdoutWriter != nil
+ stderr := options.StderrWriter != nil
opts := containers.LogOptions{
Follow: &options.Follow,
Since: &since,
- Stderr: &stdout,
+ Stderr: &stderr,
Stdout: &stdout,
Tail: &tail,
Timestamps: &options.Timestamps,
@@ -372,10 +373,11 @@ func (ic *ContainerEngine) ContainerLogs(_ context.Context, nameOrIDs []string,
}
var err error
- outCh := make(chan string)
+ stdoutCh := make(chan string)
+ stderrCh := make(chan string)
ctx, cancel := context.WithCancel(context.Background())
go func() {
- err = containers.Logs(ic.ClientCxt, nameOrIDs[0], opts, outCh, outCh)
+ err = containers.Logs(ic.ClientCxt, nameOrIDs[0], opts, stdoutCh, stderrCh)
cancel()
}()
@@ -383,8 +385,14 @@ func (ic *ContainerEngine) ContainerLogs(_ context.Context, nameOrIDs []string,
select {
case <-ctx.Done():
return err
- case line := <-outCh:
- _, _ = io.WriteString(options.Writer, line+"\n")
+ case line := <-stdoutCh:
+ if options.StdoutWriter != nil {
+ _, _ = io.WriteString(options.StdoutWriter, line+"\n")
+ }
+ case line := <-stderrCh:
+ if options.StderrWriter != nil {
+ _, _ = io.WriteString(options.StderrWriter, line+"\n")
+ }
}
}
}
@@ -515,6 +523,29 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
reports = append(reports, &report)
return reports, errors.Wrapf(report.Err, "unable to start container %s", name)
}
+ if ctr.AutoRemove {
+ // Defer the removal, so we can return early if needed and
+ // de-spaghetti the code.
+ defer func() {
+ shouldRestart, err := containers.ShouldRestart(ic.ClientCxt, ctr.ID)
+ if err != nil {
+ logrus.Errorf("Failed to check if %s should restart: %v", ctr.ID, err)
+ return
+ }
+
+ if !shouldRestart {
+ if err := containers.Remove(ic.ClientCxt, ctr.ID, bindings.PFalse, bindings.PTrue); err != nil {
+ if errorhandling.Contains(err, define.ErrNoSuchCtr) ||
+ errorhandling.Contains(err, define.ErrCtrRemoved) {
+ logrus.Warnf("Container %s does not exist: %v", ctr.ID, err)
+ } else {
+ logrus.Errorf("Error removing container %s: %v", ctr.ID, err)
+ }
+ }
+ }
+ }()
+ }
+
exitCode, err := containers.Wait(ic.ClientCxt, name, nil)
if err == define.ErrNoSuchCtr {
// Check events
@@ -535,6 +566,16 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
if !ctrRunning {
err = containers.Start(ic.ClientCxt, name, &options.DetachKeys)
if err != nil {
+ if ctr.AutoRemove {
+ if err := containers.Remove(ic.ClientCxt, ctr.ID, bindings.PFalse, bindings.PTrue); err != nil {
+ if errorhandling.Contains(err, define.ErrNoSuchCtr) ||
+ errorhandling.Contains(err, define.ErrCtrRemoved) {
+ logrus.Warnf("Container %s does not exist: %v", ctr.ID, err)
+ } else {
+ logrus.Errorf("Error removing container %s: %v", ctr.ID, err)
+ }
+ }
+ }
report.Err = errors.Wrapf(err, "unable to start container %q", name)
report.ExitCode = define.ExitCode(err)
reports = append(reports, &report)
diff --git a/pkg/domain/infra/tunnel/volumes.go b/pkg/domain/infra/tunnel/volumes.go
index c0df2bb7b..b431fc8bd 100644
--- a/pkg/domain/infra/tunnel/volumes.go
+++ b/pkg/domain/infra/tunnel/volumes.go
@@ -68,8 +68,8 @@ func (ic *ContainerEngine) VolumeInspect(ctx context.Context, namesOrIds []strin
return reports, errs, nil
}
-func (ic *ContainerEngine) VolumePrune(ctx context.Context) ([]*entities.VolumePruneReport, error) {
- return volumes.Prune(ic.ClientCxt)
+func (ic *ContainerEngine) VolumePrune(ctx context.Context, opts entities.VolumePruneOptions) ([]*entities.VolumePruneReport, error) {
+ return volumes.Prune(ic.ClientCxt, (map[string][]string)(opts.Filters))
}
func (ic *ContainerEngine) VolumeList(ctx context.Context, opts entities.VolumeListOptions) ([]*entities.VolumeListReport, error) {
diff --git a/pkg/ps/ps.go b/pkg/ps/ps.go
index cfdf3ee49..6c26e8708 100644
--- a/pkg/ps/ps.go
+++ b/pkg/ps/ps.go
@@ -179,24 +179,25 @@ func ListContainerBatch(rt *libpod.Runtime, ctr *libpod.Container, opts entities
}
ps := entities.ListContainer{
- Command: conConfig.Command,
- Created: conConfig.CreatedTime,
- Exited: exited,
- ExitCode: exitCode,
- ExitedAt: exitedTime.Unix(),
- ID: conConfig.ID,
- Image: conConfig.RootfsImageName,
- ImageID: conConfig.RootfsImageID,
- IsInfra: conConfig.IsInfra,
- Labels: conConfig.Labels,
- Mounts: ctr.UserVolumes(),
- Names: []string{conConfig.Name},
- Pid: pid,
- Pod: conConfig.Pod,
- Ports: portMappings,
- Size: size,
- StartedAt: startedTime.Unix(),
- State: conState.String(),
+ AutoRemove: ctr.AutoRemove(),
+ Command: conConfig.Command,
+ Created: conConfig.CreatedTime,
+ Exited: exited,
+ ExitCode: exitCode,
+ ExitedAt: exitedTime.Unix(),
+ ID: conConfig.ID,
+ Image: conConfig.RootfsImageName,
+ ImageID: conConfig.RootfsImageID,
+ IsInfra: conConfig.IsInfra,
+ Labels: conConfig.Labels,
+ Mounts: ctr.UserVolumes(),
+ Names: []string{conConfig.Name},
+ Pid: pid,
+ Pod: conConfig.Pod,
+ Ports: portMappings,
+ Size: size,
+ StartedAt: startedTime.Unix(),
+ State: conState.String(),
}
if opts.Pod && len(conConfig.Pod) > 0 {
podName, err := rt.GetName(conConfig.Pod)
diff --git a/pkg/terminal/util.go b/pkg/terminal/util.go
index 169bec2af..231b47974 100644
--- a/pkg/terminal/util.go
+++ b/pkg/terminal/util.go
@@ -61,7 +61,7 @@ func ReadPassword(prompt string) (pw []byte, err error) {
}
}
-func PublicKey(path string, passphrase []byte) (ssh.AuthMethod, error) {
+func PublicKey(path string, passphrase []byte) (ssh.Signer, error) {
key, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
@@ -75,12 +75,9 @@ func PublicKey(path string, passphrase []byte) (ssh.AuthMethod, error) {
if len(passphrase) == 0 {
passphrase = ReadPassphrase()
}
- signer, err = ssh.ParsePrivateKeyWithPassphrase(key, passphrase)
- if err != nil {
- return nil, err
- }
+ return ssh.ParsePrivateKeyWithPassphrase(key, passphrase)
}
- return ssh.PublicKeys(signer), nil
+ return signer, nil
}
func ReadPassphrase() []byte {
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
index e4957f442..288137ca5 100644
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@@ -6,7 +6,6 @@ import (
"path/filepath"
"syscall"
- "github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/psgo"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -53,19 +52,3 @@ func FindDeviceNodes() (map[string]string, error) {
return nodes, nil
}
-
-// CheckRootlessUIDRange checks the uid within the rootless container is in the range from /etc/subuid
-func CheckRootlessUIDRange(uid int) error {
- uids, _, err := rootless.GetConfiguredMappings()
- if err != nil {
- return err
- }
- total := 0
- for _, u := range uids {
- total += u.Size
- }
- if uid > total {
- return errors.Errorf("requested user's UID %d is too large for the rootless user namespace", uid)
- }
- return nil
-}
diff --git a/pkg/util/utils_unsupported.go b/pkg/util/utils_unsupported.go
index f8d5a37c1..62805d7c8 100644
--- a/pkg/util/utils_unsupported.go
+++ b/pkg/util/utils_unsupported.go
@@ -10,8 +10,3 @@ import (
func FindDeviceNodes() (map[string]string, error) {
return nil, errors.Errorf("not supported on non-Linux OSes")
}
-
-// CheckRootlessUIDRange is not implemented anywhere except Linux.
-func CheckRootlessUIDRange(uid int) error {
- return nil
-}
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 5c35edf2b..bc6efc20d 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -5,8 +5,10 @@
# WORKDIR=/data
ENV_WORKDIR_IMG=quay.io/libpod/testimage:20200929
+MultiTagName=localhost/test/testformultitag:tag
podman pull $IMAGE &>/dev/null
+podman tag $IMAGE $MultiTagName
podman pull $ENV_WORKDIR_IMG &>/dev/null
# Unimplemented
#t POST libpod/containers/create '' 201 'sdf'
@@ -216,4 +218,13 @@ t GET containers/$cid/json 200 \
t DELETE containers/$cid 204
+# when the image had multi tags, the container's Image should be correct
+# Fixes https://github.com/containers/podman/issues/8547
+t POST containers/create Image=${MultiTagName} 201 \
+ .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+t GET containers/$cid/json 200 \
+ .Image=${MultiTagName}
+t DELETE containers/$cid 204
+t DELETE images/${MultiTagName}?force=true 200
# vim: filetype=sh
diff --git a/test/apiv2/30-volumes.at b/test/apiv2/30-volumes.at
index aa167a97a..2cfca9d08 100644
--- a/test/apiv2/30-volumes.at
+++ b/test/apiv2/30-volumes.at
@@ -20,6 +20,18 @@ t POST libpod/volumes/create \
.Labels.testlabel=testonly \
.Options.type=tmpfs \
.Options.o=nodev,noexec
+t POST libpod/volumes/create \
+ '"Name":"foo3","Label":{"testlabel":""},"Options":{"type":"tmpfs","o":"nodev,noexec"}}' 201 \
+ .Name=foo3 \
+ .Labels.testlabel="" \
+ .Options.type=tmpfs \
+ .Options.o=nodev,noexec
+t POST libpod/volumes/create \
+ '"Name":"foo4","Label":{"testlabel1":"testonly"},"Options":{"type":"tmpfs","o":"nodev,noexec"}}' 201 \
+ .Name=foo4 \
+ .Labels.testlabel1=testonly \
+ .Options.type=tmpfs \
+ .Options.o=nodev,noexec
# Negative test
# We have created a volume named "foo1"
@@ -39,6 +51,12 @@ t GET libpod/volumes/json?filters=%7B%22name%22%3A%5B%22foo1%22%5D%7D 200 length
t GET libpod/volumes/json?filters=%7B%22name%22%3A%20%5B%22foo1%22%2C%20%22foo2%22%5D%7D 200 length=2 .[0].Name=foo1 .[1].Name=foo2
# -G --data-urlencode 'filters={"name":["notexist"]}'
t GET libpod/volumes/json?filters=%7B%22name%22%3A%5B%22notexists%22%5D%7D 200 length=0
+# -G --data-urlencode 'filters={"label":["testlabel"]}'
+t GET libpod/volumes/json?filters=%7B%22label%22:%5B%22testlabel%22%5D%7D 200 length=2
+# -G --data-urlencode 'filters={"label":["testlabel=testonly"]}'
+t GET libpod/volumes/json?filters=%7B%22label%22:%5B%22testlabel=testonly%22%5D%7D 200 length=1
+# -G --data-urlencode 'filters={"label":["testlabel1=testonly"]}'
+t GET libpod/volumes/json?filters=%7B%22label%22:%5B%22testlabel1=testonly%22%5D%7D 200 length=1
## inspect volume
t GET libpod/volumes/foo1/json 200 \
@@ -60,6 +78,18 @@ t DELETE libpod/volumes/foo1 404 \
.message~.* \
.response=404
+## Prune volumes with label matching 'testlabel1=testonly'
+# -G --data-urlencode 'filters={"label":["testlabel1=testonly"]}'
+t POST libpod/volumes/prune?filters=%7B%22label%22:%5B%22testlabel1=testonly%22%5D%7D "" 200
+# -G --data-urlencode 'filters={"label":["testlabel1=testonly"]}'
+t GET libpod/volumes/json?filters=%7B%22label%22:%5B%22testlabel1=testonly%22%5D%7D 200 length=0
+
+## Prune volumes with label matching 'testlabel'
+# -G --data-urlencode 'filters={"label":["testlabel"]}'
+t POST libpod/volumes/prune?filters=%7B%22label%22:%5B%22testlabel%22%5D%7D "" 200
+# -G --data-urlencode 'filters={"label":["testlabel"]}'
+t GET libpod/volumes/json?filters=%7B%22label%22:%5B%22testlabel%22%5D%7D 200 length=0
+
## Prune volumes
t POST libpod/volumes/prune "" 200
#After prune volumes, there should be no volume existing
diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
index 0ce56ee3c..5327bd076 100644
--- a/test/apiv2/35-networks.at
+++ b/test/apiv2/35-networks.at
@@ -50,7 +50,13 @@ t GET networks?filters=%7B%22dangling%22%3A%5B%221%22%5D%7D 500 \
# network inspect docker
t GET networks/a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1 200 \
.Name=network1 \
-.Id=a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1
+.Id=a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1 \
+.Scope=local
+
+# network create docker
+t POST networks/create '"Name":"net3","IPAM":{"Config":[]}' 201
+# network delete docker
+t DELETE networks/net3 204
# clean the network
t DELETE libpod/networks/network1 200 \
diff --git a/test/compose/README.md b/test/compose/README.md
new file mode 100644
index 000000000..863decf2c
--- /dev/null
+++ b/test/compose/README.md
@@ -0,0 +1,47 @@
+Tests for docker-compose
+========================
+
+This directory contains tests for docker-compose under podman.
+
+Each subdirectory must contain one docker-compose.yml file along with
+all necessary infrastructure for it (e.g. Containerfile, any files
+to be copied into the container, and so on.
+
+The `test-compose` script will, for each test subdirectory:
+
+* set up a fresh podman root under an empty working directory;
+* run a podman server rooted therein;
+* cd to the test subdirectory, and run `docker-compose up -d`;
+* source `tests.sh`;
+* run `docker-compose down`.
+
+As a special case, `setup.sh` and `teardown.sh` in the test directory
+will contain commands to be executed prior to `docker-compose up` and
+after `docker-compose down` respectively.
+
+tests.sh will probably contain commands of the form
+
+ test_port 12345 = 'hello there'
+
+Where 12345 is the port to curl to; '=' checks equality, '~' uses `expr`
+to check substrings; and 'hello there' is a string to look for in
+the curl results.
+
+Usage:
+
+ $ sudo test/compose/test-compose [pattern]
+
+By default, all subdirs will be run. If given a pattern, only those
+subdirectories matching 'pattern' will be run.
+
+If `$COMPOSE_WAIT` is set, `test-compose` will pause before running
+`docker-compose down`. This can be helpful for you to debug failing tests:
+
+ $ env COMPOSE_WAIT=1 sudo --preserve-env=COMPOSE_WAIT test/compose/test-compose
+
+Then, in another window,
+
+ # ls -lt /var/tmp/
+ # X=/var/tmp/test-compose.tmp.XXXXXX <--- most recent results of above
+ # podman --root $X/root --runroot $X/runroot ps -a
+ # podman --root $X/root --runroot $X/runroot logs -l
diff --git a/test/compose/env_and_volume/README.md b/test/compose/env_and_volume/README.md
new file mode 100644
index 000000000..e7d74976b
--- /dev/null
+++ b/test/compose/env_and_volume/README.md
@@ -0,0 +1,12 @@
+environment variable and volume
+===============
+
+This test creates two containers both of which are running flask. The first container has
+an environment variable called PODMAN_MSG. That container pipes the contents of PODMAN_MSG
+to a file on a shared volume between the containers. The second container then reads the
+file are returns the PODMAN_MSG value via flask (http).
+
+Validation
+------------
+* curl http://localhost:5000 and verify message
+* curl http://localhost:5001 and verify message
diff --git a/test/compose/env_and_volume/docker-compose.yml b/test/compose/env_and_volume/docker-compose.yml
new file mode 100644
index 000000000..df906e170
--- /dev/null
+++ b/test/compose/env_and_volume/docker-compose.yml
@@ -0,0 +1,18 @@
+version: '3'
+services:
+ writer:
+ environment:
+ - PODMAN_MSG=podman_rulez
+ build: write
+ ports:
+ - '5000:5000'
+ volumes:
+ - data:/data
+ reader:
+ build: read
+ ports:
+ - '5001:5000'
+ volumes:
+ - data:/data
+volumes:
+ data:
diff --git a/test/compose/env_and_volume/read/Dockerfile b/test/compose/env_and_volume/read/Dockerfile
new file mode 100644
index 000000000..8d5c45401
--- /dev/null
+++ b/test/compose/env_and_volume/read/Dockerfile
@@ -0,0 +1,5 @@
+FROM quay.io/libpod/podman_python
+WORKDIR /app
+COPY . /app
+ENTRYPOINT ["python3"]
+CMD ["app.py"]
diff --git a/test/compose/env_and_volume/read/app.py b/test/compose/env_and_volume/read/app.py
new file mode 100644
index 000000000..71fbbb26a
--- /dev/null
+++ b/test/compose/env_and_volume/read/app.py
@@ -0,0 +1,10 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello():
+ f = open("/data/message", "r")
+ return f.read()
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0')
diff --git a/test/compose/env_and_volume/tests.sh b/test/compose/env_and_volume/tests.sh
new file mode 100644
index 000000000..a4c8bed30
--- /dev/null
+++ b/test/compose/env_and_volume/tests.sh
@@ -0,0 +1,4 @@
+# -*- bash -*-
+
+test_port 5000 = "done"
+test_port 5001 = "podman_rulez"
diff --git a/test/compose/env_and_volume/write/Dockerfile b/test/compose/env_and_volume/write/Dockerfile
new file mode 100644
index 000000000..8d5c45401
--- /dev/null
+++ b/test/compose/env_and_volume/write/Dockerfile
@@ -0,0 +1,5 @@
+FROM quay.io/libpod/podman_python
+WORKDIR /app
+COPY . /app
+ENTRYPOINT ["python3"]
+CMD ["app.py"]
diff --git a/test/compose/env_and_volume/write/app.py b/test/compose/env_and_volume/write/app.py
new file mode 100644
index 000000000..b6ad6fe63
--- /dev/null
+++ b/test/compose/env_and_volume/write/app.py
@@ -0,0 +1,13 @@
+from flask import Flask
+import os
+app = Flask(__name__)
+
+@app.route('/')
+def hello():
+ f = open("/data/message", "w")
+ f.write(os.getenv("PODMAN_MSG"))
+ f.close()
+ return "done"
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0')
diff --git a/test/compose/images/README.md b/test/compose/images/README.md
new file mode 100644
index 000000000..f25fbdc24
--- /dev/null
+++ b/test/compose/images/README.md
@@ -0,0 +1,5 @@
+images
+======
+
+Use these directories for images that are needed for the compose testing. These
+images should be then pushed to `quay.io/libpod` for consumption.
diff --git a/test/compose/images/podman-python/Containerfile b/test/compose/images/podman-python/Containerfile
new file mode 100644
index 000000000..47f90afaa
--- /dev/null
+++ b/test/compose/images/podman-python/Containerfile
@@ -0,0 +1,3 @@
+FROM alpine
+WORKDIR /app
+RUN apk update && apk add py3-pip && pip3 install flask && rm -fr /var/cache/apk/*
diff --git a/test/compose/mount_and_label/README.md b/test/compose/mount_and_label/README.md
new file mode 100644
index 000000000..623b38cac
--- /dev/null
+++ b/test/compose/mount_and_label/README.md
@@ -0,0 +1,9 @@
+mount and label
+===============
+
+This test creates a container with a mount (not volume) and also adds a label to the container.
+
+Validation
+------------
+* curl http://localhost:5000 and verify message
+* inspect the container to make the label exists on it
diff --git a/test/compose/mount_and_label/docker-compose.yml b/test/compose/mount_and_label/docker-compose.yml
new file mode 100644
index 000000000..112d7e134
--- /dev/null
+++ b/test/compose/mount_and_label/docker-compose.yml
@@ -0,0 +1,10 @@
+version: '3'
+services:
+ web:
+ build: frontend
+ ports:
+ - '5000:5000'
+ volumes:
+ - /tmp/data:/data:ro
+ labels:
+ - "io.podman=the_best"
diff --git a/test/compose/mount_and_label/frontend/Dockerfile b/test/compose/mount_and_label/frontend/Dockerfile
new file mode 100644
index 000000000..8d5c45401
--- /dev/null
+++ b/test/compose/mount_and_label/frontend/Dockerfile
@@ -0,0 +1,5 @@
+FROM quay.io/libpod/podman_python
+WORKDIR /app
+COPY . /app
+ENTRYPOINT ["python3"]
+CMD ["app.py"]
diff --git a/test/compose/mount_and_label/frontend/app.py b/test/compose/mount_and_label/frontend/app.py
new file mode 100644
index 000000000..bd2794d94
--- /dev/null
+++ b/test/compose/mount_and_label/frontend/app.py
@@ -0,0 +1,10 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello():
+ f = open("/data/message")
+ return f.read()
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0')
diff --git a/test/compose/mount_and_label/setup.sh b/test/compose/mount_and_label/setup.sh
new file mode 100644
index 000000000..8633d65d5
--- /dev/null
+++ b/test/compose/mount_and_label/setup.sh
@@ -0,0 +1,2 @@
+mkdir -p /tmp/data
+echo "Podman rulez!" > /tmp/data/message
diff --git a/test/compose/mount_and_label/teardown.sh b/test/compose/mount_and_label/teardown.sh
new file mode 100644
index 000000000..57867c28a
--- /dev/null
+++ b/test/compose/mount_and_label/teardown.sh
@@ -0,0 +1 @@
+rm /tmp/data/message
diff --git a/test/compose/mount_and_label/tests.sh b/test/compose/mount_and_label/tests.sh
new file mode 100644
index 000000000..07ff089b5
--- /dev/null
+++ b/test/compose/mount_and_label/tests.sh
@@ -0,0 +1,4 @@
+# -*- bash -*-
+
+test_port 5000 = "Podman rulez!"
+podman container inspect -l --format '{{.Config.Labels}}' | grep "the_best"
diff --git a/test/compose/port_map_diff_port/README.md b/test/compose/port_map_diff_port/README.md
new file mode 100644
index 000000000..13ece72ad
--- /dev/null
+++ b/test/compose/port_map_diff_port/README.md
@@ -0,0 +1,9 @@
+port map on different port
+===============
+
+This test creates a container that runs flask on different ports for the container
+and the host
+
+Validation
+------------
+* curl http://localhost:5001 and verify message
diff --git a/test/compose/port_map_diff_port/docker-compose.yml b/test/compose/port_map_diff_port/docker-compose.yml
new file mode 100644
index 000000000..3003c52f4
--- /dev/null
+++ b/test/compose/port_map_diff_port/docker-compose.yml
@@ -0,0 +1,6 @@
+version: '3'
+services:
+ web:
+ build: frontend
+ ports:
+ - '5001:5000'
diff --git a/test/compose/port_map_diff_port/frontend/Dockerfile b/test/compose/port_map_diff_port/frontend/Dockerfile
new file mode 100644
index 000000000..8d5c45401
--- /dev/null
+++ b/test/compose/port_map_diff_port/frontend/Dockerfile
@@ -0,0 +1,5 @@
+FROM quay.io/libpod/podman_python
+WORKDIR /app
+COPY . /app
+ENTRYPOINT ["python3"]
+CMD ["app.py"]
diff --git a/test/compose/port_map_diff_port/frontend/app.py b/test/compose/port_map_diff_port/frontend/app.py
new file mode 100644
index 000000000..895556a89
--- /dev/null
+++ b/test/compose/port_map_diff_port/frontend/app.py
@@ -0,0 +1,9 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello():
+ return "Podman rulez!"
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0')
diff --git a/test/compose/port_map_diff_port/tests.sh b/test/compose/port_map_diff_port/tests.sh
new file mode 100644
index 000000000..5a468aadc
--- /dev/null
+++ b/test/compose/port_map_diff_port/tests.sh
@@ -0,0 +1,3 @@
+# -*- bash -*-
+
+test_port 5001 = "Podman rulez!"
diff --git a/test/compose/setup.sh.example b/test/compose/setup.sh.example
new file mode 100644
index 000000000..9004b1e76
--- /dev/null
+++ b/test/compose/setup.sh.example
@@ -0,0 +1,3 @@
+# -*- bash -*-
+
+export ENV_PASSTHRU=$(random_string 20)
diff --git a/test/compose/simple_port_map/README.md b/test/compose/simple_port_map/README.md
new file mode 100644
index 000000000..f28d71c3e
--- /dev/null
+++ b/test/compose/simple_port_map/README.md
@@ -0,0 +1,9 @@
+simple port map to host
+===============
+
+This test creates a container that runs flask on and maps to the same
+host port
+
+Validation
+------------
+* curl http://localhost:5000 and verify message
diff --git a/test/compose/simple_port_map/docker-compose.yml b/test/compose/simple_port_map/docker-compose.yml
new file mode 100644
index 000000000..e7eab1047
--- /dev/null
+++ b/test/compose/simple_port_map/docker-compose.yml
@@ -0,0 +1,6 @@
+version: '3'
+services:
+ web:
+ build: frontend
+ ports:
+ - '5000:5000'
diff --git a/test/compose/simple_port_map/frontend/Dockerfile b/test/compose/simple_port_map/frontend/Dockerfile
new file mode 100644
index 000000000..2595828ff
--- /dev/null
+++ b/test/compose/simple_port_map/frontend/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine
+WORKDIR /app
+RUN apk update && apk add py3-pip && pip3 install flask
+COPY . /app
+ENTRYPOINT ["python3"]
+CMD ["app.py"]
diff --git a/test/compose/simple_port_map/frontend/app.py b/test/compose/simple_port_map/frontend/app.py
new file mode 100644
index 000000000..e4f84068c
--- /dev/null
+++ b/test/compose/simple_port_map/frontend/app.py
@@ -0,0 +1,10 @@
+from flask import Flask
+import os
+app = Flask(__name__)
+
+@app.route('/')
+def hello():
+ return "Podman rulez!"
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0')
diff --git a/test/compose/simple_port_map/tests.sh b/test/compose/simple_port_map/tests.sh
new file mode 100644
index 000000000..ccb2b6a3d
--- /dev/null
+++ b/test/compose/simple_port_map/tests.sh
@@ -0,0 +1,3 @@
+# -*- bash -*-
+
+test_port 5000 = "Podman rulez!"
diff --git a/test/compose/teardown.sh.example b/test/compose/teardown.sh.example
new file mode 100644
index 000000000..3f8153fa0
--- /dev/null
+++ b/test/compose/teardown.sh.example
@@ -0,0 +1,4 @@
+# -*- bash -*-
+
+# FIXME: this is completely unnecessary; it's just an example of a teardown
+unset ENV_PASSTHRU
diff --git a/test/compose/test-compose b/test/compose/test-compose
new file mode 100755
index 000000000..9558fbf58
--- /dev/null
+++ b/test/compose/test-compose
@@ -0,0 +1,345 @@
+#!/usr/bin/env bash
+#
+# Usage: test-compose [testname]
+#
+ME=$(basename $0)
+
+###############################################################################
+# BEGIN stuff you can but probably shouldn't customize
+
+# Directory where this script and all subtests live
+TEST_ROOTDIR=$(realpath $(dirname $0))
+
+# Podman executable
+PODMAN_BIN=$(realpath $TEST_ROOTDIR/../../bin)/podman
+
+# Local path to docker socket (we will add the unix:/ prefix when we need it)
+DOCKER_SOCK=/var/run/docker.sock
+
+# END stuff you can but probably shouldn't customize
+###############################################################################
+# BEGIN setup
+
+export TMPDIR=${TMPDIR:-/var/tmp}
+WORKDIR=$(mktemp --tmpdir -d $ME.tmp.XXXXXX)
+
+# Log of all HTTP requests and responses; always make '.log' point to latest
+LOGBASE=${TMPDIR}/$ME.log
+LOG=${LOGBASE}.$(date +'%Y%m%dT%H%M%S')
+ln -sf $LOG $LOGBASE
+
+# Keep track of test count and failures in files, not variables, because
+# variables don't carry back up from subshells.
+testcounter_file=$WORKDIR/.testcounter
+failures_file=$WORKDIR/.failures
+
+echo 0 >$testcounter_file
+echo 0 >$failures_file
+
+# END setup
+###############################################################################
+# BEGIN infrastructure code - the helper functions used in tests themselves
+
+#########
+# die # Exit error with a message to stderr
+#########
+function die() {
+ echo "$ME: $*" >&2
+ exit 1
+}
+
+########
+# is # Simple comparison
+########
+function is() {
+ local actual=$1
+ local expect=$2
+ local testname=$3
+
+ if [[ $actual = $expect ]]; then
+ # On success, include expected value; this helps readers understand
+ _show_ok 1 "$testname=$expect"
+ return
+ fi
+ _show_ok 0 "$testname" "$expect" "$actual"
+}
+
+##########
+# like # Compare, but allowing patterns
+##########
+function like() {
+ local actual=$1
+ local expect=$2
+ local testname=$3
+
+ # "is" (equality) is a subset of "like", but one that expr fails on if
+ # the expected result has shell-special characters like '['. Treat it
+ # as a special case.
+
+ if [[ "$actual" = "$expect" ]]; then
+ _show_ok 1 "$testname=$expect"
+ return
+ fi
+
+ if expr "$actual" : ".*$expect" &>/dev/null; then
+ # On success, include expected value; this helps readers understand
+ _show_ok 1 "$testname ('$actual') ~ $expect"
+ return
+ fi
+ _show_ok 0 "$testname" "~ $expect" "$actual"
+}
+
+##############
+# _show_ok # Helper for is() and like(): displays 'ok' or 'not ok'
+##############
+function _show_ok() {
+ local ok=$1
+ local testname=$2
+
+ # If output is a tty, colorize pass/fail
+ local red=
+ local green=
+ local reset=
+ local bold=
+ if [ -t 1 ]; then
+ red='\e[31m'
+ green='\e[32m'
+ reset='\e[0m'
+ bold='\e[1m'
+ fi
+
+ _bump $testcounter_file
+ count=$(<$testcounter_file)
+
+ # "skip" is a special case of "ok". Assume that our caller has included
+ # the magical '# skip - reason" comment string.
+ if [[ $ok == "skip" ]]; then
+ # colon-plus: replace green with yellow, but only if green is non-null
+ green="${green:+\e[33m}"
+ ok=1
+ fi
+ if [ $ok -eq 1 ]; then
+ echo -e "${green}ok $count $testname${reset}"
+ echo "ok $count $testname" >>$LOG
+ return
+ fi
+
+ # Failed
+ local expect=$3
+ local actual=$4
+ printf "${red}not ok $count $testname${reset}\n"
+ printf "${red}# expected: %s${reset}\n" "$expect"
+ printf "${red}# actual: ${bold}%s${reset}\n" "$actual"
+
+ echo "not ok $count $testname" >>$LOG
+ echo " expected: $expect" >>$LOG
+
+ _bump $failures_file
+}
+
+###########
+# _bump # Increment a counter in a file
+###########
+function _bump() {
+ local file=$1
+
+ count=$(<$file)
+ echo $(( $count + 1 )) >| $file
+}
+
+###############
+# test_port # Run curl against a port, check results against expectation
+###############
+function test_port() {
+ local port="$1" # e.g. 5000
+ local op="$2" # '=' or '~'
+ local expect="$3" # what to expect from curl output
+
+ local actual=$(curl --retry 5 --retry-connrefused -s http://127.0.0.1:$port/)
+ local curl_rc=$?
+ if [ $curl_rc -ne 0 ]; then
+ _show_ok 0 "$testname - curl failed with status $curl_rc"
+### docker-compose down >>$logfile 2>&1
+### exit 1
+ fi
+
+ case "$op" in
+ '=') is "$actual" "$expect" "$testname : port $port" ;;
+ '~') like "$actual" "$expect" "$testname : port $port" ;;
+ *) die "Invalid operator '$op'" ;;
+ esac
+}
+
+
+###################
+# start_service # Run the socket listener
+###################
+service_pid=
+function start_service() {
+ test -x $PODMAN_BIN || die "Not found: $PODMAN_BIN"
+
+ # FIXME: use ${testname} subdir but we can't: 50-char limit in runroot
+ rm -rf $WORKDIR/{root,runroot,cni}
+ mkdir --mode 0755 $WORKDIR/{root,runroot,cni}
+ chcon --reference=/var/lib/containers $WORKDIR/root
+ cp /etc/cni/net.d/*podman*conflist $WORKDIR/cni/
+
+ $PODMAN_BIN \
+ --root $WORKDIR/root \
+ --runroot $WORKDIR/runroot \
+ --cgroup-manager=systemd \
+ --cni-config-dir $WORKDIR/cni \
+ system service \
+ --time 0 unix:/$DOCKER_SOCK \
+ &> $WORKDIR/server.log &
+ service_pid=$!
+
+ # Wait (FIXME: how do we test the socket?)
+ local _timeout=5
+ while [ $_timeout -gt 0 ]; do
+ # FIXME: should we actually try a read or write?
+ test -S $DOCKER_SOCK && return
+ sleep 1
+ _timeout=$(( $_timeout - 1 ))
+ done
+ cat $WORKDIR/server.log
+ die "Timed out waiting for service"
+}
+
+############
+# podman # Needed by some test scripts to invoke the actual podman binary
+############
+function podman() {
+ echo "\$ podman $*" >>$WORKDIR/output.log
+ $PODMAN_BIN \
+ --root $WORKDIR/root \
+ --runroot $WORKDIR/runroot \
+ "$@" >>$WORKDIR/output.log 2>&1
+}
+
+###################
+# random_string # Returns a pseudorandom human-readable string
+###################
+function random_string() {
+ # Numeric argument, if present, is desired length of string
+ local length=${1:-10}
+
+ head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length
+}
+
+# END infrastructure code
+###############################################################################
+# BEGIN sanity checks
+
+for tool in curl docker-compose; do
+ type $tool &>/dev/null || die "$ME: Required tool '$tool' not found"
+done
+
+# END sanity checks
+###############################################################################
+# BEGIN entry handler (subtest invoker)
+
+# Identify the tests to run. If called with args, use those as globs.
+tests_to_run=()
+if [ -n "$*" ]; then
+ shopt -s nullglob
+ for i; do
+ match=(${TEST_ROOTDIR}/*${i}*/docker-compose.yml)
+ if [ ${#match} -eq 0 ]; then
+ die "No match for $TEST_ROOTDIR/*$i*.curl"
+ fi
+ tests_to_run+=("${match[@]}")
+ done
+ shopt -u nullglob
+else
+ tests_to_run=(${TEST_ROOTDIR}/*/docker-compose.yml)
+fi
+
+# Too hard to precompute the number of tests; just spit it out at the end.
+n_tests=0
+for t in ${tests_to_run[@]}; do
+ testdir="$(dirname $t)"
+ testname="$(basename $testdir)"
+
+ if [ -e $test_dir/SKIP ]; then
+ local reason="$(<$test_dir/SKIP)"
+ if [ -n "$reason" ]; then
+ reason=" - $reason"
+ fi
+ _show_ok skip "$testname # skip$reason"
+ continue
+ fi
+
+ start_service
+
+ logfile=$WORKDIR/$testname.log
+ (
+ cd $testdir || die "Cannot cd $testdir"
+
+ # setup file may be used for creating temporary directories/files.
+ # We source it so that envariables defined in it will get back to us.
+ if [ -e setup.sh ]; then
+ . setup.sh
+ fi
+ if [ -e teardown.sh ]; then
+ trap '. teardown.sh' 0
+ fi
+
+ docker-compose up -d &> $logfile
+ docker_compose_rc=$?
+ if [[ $docker_compose_rc -ne 0 ]]; then
+ _show_ok 0 "$testname - up" "[ok]" "status=$docker_compose_rc"
+ sed -e 's/^/# /' <$logfile
+ docker-compose down >>$logfile 2>&1 # No status check here
+ exit 1
+ fi
+ _show_ok 1 "$testname - up"
+
+ # Run tests. This is likely to be a series of 'test_port' checks
+ # but may also include podman commands to inspect labels, state
+ if [ -e tests.sh ]; then
+ . tests.sh
+ fi
+ # FIXME: if any tests fail, try 'podman logs' on container?
+
+ if [ -n "$COMPOSE_WAIT" ]; then
+ echo -n "Pausing due to \$COMPOSE_WAIT. Press ENTER to continue: "
+ read keepgoing
+ fi
+
+ # Done. Clean up.
+ docker-compose down &> $logfile
+ rc=$?
+ if [[ $rc -eq 0 ]]; then
+ _show_ok 1 "$testname - down"
+ else
+ _show_ok 0 "$testname - down" "[ok]" "rc=$rc"
+ # FIXME: show error
+ fi
+ )
+
+ kill $service_pid
+ wait $service_pid
+
+ # FIXME: otherwise we get EBUSY
+ umount $WORKDIR/root/overlay &>/dev/null
+
+ # FIXME: run 'podman ps'?
+# rm -rf $WORKDIR/${testname}
+done
+
+# END entry handler
+###############################################################################
+
+# Clean up
+
+test_count=$(<$testcounter_file)
+failure_count=$(<$failures_file)
+
+#if [ -z "$PODMAN_TESTS_KEEP_WORKDIR" ]; then
+# rm -rf $WORKDIR
+#fi
+
+echo "1..${test_count}"
+
+exit $failure_count
diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go
index b37bd584e..0c7a1bd66 100644
--- a/test/e2e/events_test.go
+++ b/test/e2e/events_test.go
@@ -5,9 +5,11 @@ import (
"fmt"
"os"
"strings"
+ "sync"
"time"
. "github.com/containers/podman/v2/test/utils"
+ "github.com/containers/storage/pkg/stringid"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gexec"
@@ -115,10 +117,7 @@ var _ = Describe("Podman events", func() {
SkipIfNotFedora()
_, ec, _ := podmanTest.RunLsContainer("")
Expect(ec).To(Equal(0))
- test := podmanTest.Podman([]string{"events", "--help"})
- test.WaitWithDefaultTimeout()
- fmt.Println(test.OutputToStringArray())
- result := podmanTest.Podman([]string{"events", "--stream=false", "--since", "1h"})
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--until", "1h"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(BeZero())
})
@@ -154,4 +153,40 @@ var _ = Describe("Podman events", func() {
Expect(eventsMap).To(HaveKey("Status"))
})
+
+ It("podman events --until future", func() {
+ name1 := stringid.GenerateNonCryptoID()
+ name2 := stringid.GenerateNonCryptoID()
+ name3 := stringid.GenerateNonCryptoID()
+ session := podmanTest.Podman([]string{"create", "--name", name1, ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ var wg sync.WaitGroup
+ wg.Add(1)
+ go func() {
+ defer GinkgoRecover()
+ defer wg.Done()
+
+ // wait 2 seconds to be sure events is running
+ time.Sleep(time.Second * 2)
+ session = podmanTest.Podman([]string{"create", "--name", name2, ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ session = podmanTest.Podman([]string{"create", "--name", name3, ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ }()
+
+ // unix timestamp in 10 seconds
+ until := time.Now().Add(time.Second * 10).Unix()
+ result := podmanTest.Podman([]string{"events", "--since", "30s", "--until", fmt.Sprint(until)})
+ result.Wait(11)
+ Expect(result.ExitCode()).To(BeZero())
+ Expect(result.OutputToString()).To(ContainSubstring(name1))
+ Expect(result.OutputToString()).To(ContainSubstring(name2))
+ Expect(result.OutputToString()).To(ContainSubstring(name3))
+
+ wg.Wait()
+ })
})
diff --git a/test/e2e/image_sign_test.go b/test/e2e/image_sign_test.go
index c9041eaba..57739419c 100644
--- a/test/e2e/image_sign_test.go
+++ b/test/e2e/image_sign_test.go
@@ -1,6 +1,7 @@
package integration
import (
+ "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -58,4 +59,19 @@ var _ = Describe("Podman image sign", func() {
_, err = os.Stat(filepath.Join(sigDir, "library"))
Expect(err).To(BeNil())
})
+
+ It("podman sign --all multi-arch image", func() {
+ cmd := exec.Command("gpg", "--import", "sign/secret-key.asc")
+ err := cmd.Run()
+ Expect(err).To(BeNil())
+ sigDir := filepath.Join(podmanTest.TempDir, "test-sign-multi")
+ err = os.MkdirAll(sigDir, os.ModePerm)
+ Expect(err).To(BeNil())
+ session := podmanTest.Podman([]string{"image", "sign", "--all", "--directory", sigDir, "--sign-by", "foo@bar.com", "docker://library/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fInfos, err := ioutil.ReadDir(filepath.Join(sigDir, "library"))
+ Expect(err).To(BeNil())
+ Expect(len(fInfos) > 1).To(BeTrue())
+ })
})
diff --git a/test/e2e/logs_test.go b/test/e2e/logs_test.go
index a749a86ff..aae6d4f02 100644
--- a/test/e2e/logs_test.go
+++ b/test/e2e/logs_test.go
@@ -355,4 +355,21 @@ var _ = Describe("Podman logs", func() {
Expect(outlines[0]).To(Equal("1\r"))
Expect(outlines[1]).To(Equal("2\r"))
})
+
+ It("podman logs test stdout and stderr", func() {
+ cname := "log-test"
+ logc := podmanTest.Podman([]string{"run", "--name", cname, ALPINE, "sh", "-c", "echo stdout; echo stderr >&2"})
+ logc.WaitWithDefaultTimeout()
+ Expect(logc).To(Exit(0))
+
+ wait := podmanTest.Podman([]string{"wait", cname})
+ wait.WaitWithDefaultTimeout()
+ Expect(wait).To(Exit(0))
+
+ results := podmanTest.Podman([]string{"logs", cname})
+ results.WaitWithDefaultTimeout()
+ Expect(results).To(Exit(0))
+ Expect(results.OutputToString()).To(Equal("stdout"))
+ Expect(results.ErrorToString()).To(Equal("stderr"))
+ })
})
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 5ecfdd6b5..3a2387559 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1072,7 +1072,7 @@ var _ = Describe("Podman play kube", func() {
logs := podmanTest.Podman([]string{"logs", getCtrNameInPod(pod)})
logs.WaitWithDefaultTimeout()
Expect(logs.ExitCode()).To(Equal(0))
- Expect(logs.OutputToString()).To(ContainSubstring("Operation not permitted"))
+ Expect(logs.ErrorToString()).To(ContainSubstring("Operation not permitted"))
})
It("podman play kube seccomp pod level", func() {
@@ -1099,7 +1099,7 @@ var _ = Describe("Podman play kube", func() {
logs := podmanTest.Podman([]string{"logs", getCtrNameInPod(pod)})
logs.WaitWithDefaultTimeout()
Expect(logs.ExitCode()).To(Equal(0))
- Expect(logs.OutputToString()).To(ContainSubstring("Operation not permitted"))
+ Expect(logs.ErrorToString()).To(ContainSubstring("Operation not permitted"))
})
It("podman play kube with pull policy of never should be 125", func() {
diff --git a/test/e2e/start_test.go b/test/e2e/start_test.go
index 942e00123..a6f22e007 100644
--- a/test/e2e/start_test.go
+++ b/test/e2e/start_test.go
@@ -49,6 +49,29 @@ var _ = Describe("Podman start", func() {
Expect(session.ExitCode()).To(Equal(0))
})
+ It("podman start --rm removed on failure", func() {
+ session := podmanTest.Podman([]string{"create", "--name=test", "--rm", ALPINE, "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ session = podmanTest.Podman([]string{"start", "test"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(125))
+ session = podmanTest.Podman([]string{"container", "exists", "test"})
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+ })
+
+ It("podman start --rm --attach removed on failure", func() {
+ session := podmanTest.Podman([]string{"create", "--rm", ALPINE, "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ cid := session.OutputToString()
+ session = podmanTest.Podman([]string{"start", "--attach", cid})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(125))
+ session = podmanTest.Podman([]string{"container", "exists", cid})
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+ })
+
It("podman container start single container by id", func() {
session := podmanTest.Podman([]string{"container", "create", ALPINE, "ls"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go
index 7393b13cb..6f04ce48c 100644
--- a/test/e2e/toolbox_test.go
+++ b/test/e2e/toolbox_test.go
@@ -239,7 +239,7 @@ var _ = Describe("Toolbox-specific testing", func() {
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
+ Expect(session.ErrorToString()).To(ContainSubstring(expectedOutput))
})
It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() {
diff --git a/test/e2e/volume_prune_test.go b/test/e2e/volume_prune_test.go
index c8521ebe7..a910c47a7 100644
--- a/test/e2e/volume_prune_test.go
+++ b/test/e2e/volume_prune_test.go
@@ -62,6 +62,66 @@ var _ = Describe("Podman volume prune", func() {
podmanTest.Cleanup()
})
+ It("podman prune volume --filter", func() {
+ session := podmanTest.Podman([]string{"volume", "create", "--label", "label1=value1", "myvol1"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "create", "--label", "sharedlabel1=slv1", "myvol2"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "create", "--label", "sharedlabel1=slv2", "myvol3"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "create", "--label", "sharedlabel1", "myvol4"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"create", "-v", "myvol5:/myvol5", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"create", "-v", "myvol6:/myvol6", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(7))
+
+ session = podmanTest.Podman([]string{"volume", "prune", "--force", "--filter", "label=label1=value1"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(6))
+
+ session = podmanTest.Podman([]string{"volume", "prune", "--force", "--filter", "label=sharedlabel1=slv1"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(5))
+
+ session = podmanTest.Podman([]string{"volume", "prune", "--force", "--filter", "label=sharedlabel1"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"volume", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(3))
+
+ podmanTest.Cleanup()
+ })
+
It("podman system prune --volume", func() {
session := podmanTest.Podman([]string{"volume", "create"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 3ee141f5f..23f924de2 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -415,13 +415,18 @@ json-file | f
fi
if [[ $driver != 'none' ]]; then
- run_podman logs myctr
- is "$output" "$msg" "check that podman logs works as expected"
+ if [[ $driver = 'journald' ]] && journald_unavailable; then
+ # Cannot perform check
+ :
+ else
+ run_podman logs myctr
+ is "$output" "$msg" "podman logs, with driver '$driver'"
+ fi
else
run_podman 125 logs myctr
if ! is_remote; then
is "$output" ".*this container is using the 'none' log driver, cannot read logs.*" \
- "podman logs does not work with none log driver"
+ "podman logs, with driver 'none', should fail with error"
fi
fi
run_podman rm myctr
@@ -437,14 +442,7 @@ json-file | f
skip_if_remote "We cannot read journalctl over remote."
# We can't use journald on RHEL as rootless, either: rhbz#1895105
- if is_rootless; then
- run journalctl -n 1
- if [[ $status -ne 0 ]]; then
- if [[ $output =~ permission ]]; then
- skip "Cannot use rootless journald on this system"
- fi
- fi
- fi
+ skip_if_journald_unavailable
msg=$(random_string 20)
pidfile="${PODMAN_TMPDIR}/$(random_string 20)"
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index a081a7ce1..bac153b8e 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -55,14 +55,7 @@ ${cid[0]} d" "Sequential output from logs"
@test "podman logs over journald" {
# We can't use journald on RHEL as rootless: rhbz#1895105
- if is_rootless; then
- run journalctl -n 1
- if [[ $status -ne 0 ]]; then
- if [[ $output =~ permission ]]; then
- skip "Cannot use rootless journald on this system"
- fi
- fi
- fi
+ skip_if_journald_unavailable
msg=$(random_string 20)
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 6a7c6cc42..f782de080 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -259,6 +259,31 @@ function is_cgroupsv2() {
test "$cgroup_type" = "cgroup2fs"
}
+# rhbz#1895105: rootless journald is unavailable except to users in
+# certain magic groups; which our testuser account does not belong to
+# (intentional: that is the RHEL default, so that's the setup we test).
+function journald_unavailable() {
+ if ! is_rootless; then
+ # root must always have access to journal
+ return 1
+ fi
+
+ run journalctl -n 1
+ if [[ $status -eq 0 ]]; then
+ return 1
+ fi
+
+ if [[ $output =~ permission ]]; then
+ return 0
+ fi
+
+ # This should never happen; if it does, it's likely that a subsequent
+ # test will fail. This output may help track that down.
+ echo "WEIRD: 'journalctl -n 1' failed with a non-permission error:"
+ echo "$output"
+ return 1
+}
+
###########################
# _add_label_if_missing # make sure skip messages include rootless/remote
###########################
@@ -315,6 +340,15 @@ function skip_if_cgroupsv1() {
fi
}
+##################################
+# skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions
+##################################
+function skip_if_journald_unavailable {
+ if journald_unavailable; then
+ skip "Cannot use rootless journald on this system"
+ fi
+}
+
#########
# die # Abort with helpful message
#########