aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/images/push.go4
-rw-r--r--contrib/rootless-cni-infra/Containerfile4
-rwxr-xr-xcontrib/rootless-cni-infra/rootless-cni-infra20
-rw-r--r--docs/source/markdown/podman-push.1.md6
-rw-r--r--libpod/rootless_cni_linux.go34
-rw-r--r--pkg/api/handlers/compat/images_push.go58
-rw-r--r--pkg/api/handlers/libpod/manifests.go12
-rw-r--r--pkg/api/server/register_images.go12
-rw-r--r--pkg/bindings/images/types.go29
-rw-r--r--pkg/bindings/images/types_push_options.go144
-rw-r--r--pkg/bindings/manifests/manifests.go1
-rw-r--r--pkg/domain/infra/tunnel/images.go5
-rw-r--r--pkg/domain/infra/tunnel/manifest.go6
-rw-r--r--pkg/specgen/container_validate.go2
-rw-r--r--pkg/specgen/pod_validate.go2
-rw-r--r--test/e2e/create_staticip_test.go6
-rw-r--r--test/e2e/create_staticmac_test.go8
-rw-r--r--test/e2e/create_test.go4
-rw-r--r--test/e2e/network_test.go1
-rw-r--r--test/e2e/pod_create_test.go4
-rw-r--r--test/e2e/pod_inspect_test.go2
-rw-r--r--test/e2e/push_test.go20
-rw-r--r--test/e2e/run_networking_test.go6
-rw-r--r--test/e2e/run_staticip_test.go2
-rw-r--r--test/system/150-login.bats1
25 files changed, 149 insertions, 244 deletions
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index d53a9c066..56f618539 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -114,7 +114,11 @@ func pushFlags(cmd *cobra.Command) {
if registry.IsRemote() {
_ = flags.MarkHidden("cert-dir")
_ = flags.MarkHidden("compress")
+ _ = flags.MarkHidden("digestfile")
+ _ = flags.MarkHidden("format")
_ = flags.MarkHidden("quiet")
+ _ = flags.MarkHidden("remove-signatures")
+ _ = flags.MarkHidden("sign-by")
}
_ = flags.MarkHidden("signature-policy")
}
diff --git a/contrib/rootless-cni-infra/Containerfile b/contrib/rootless-cni-infra/Containerfile
index 871e06a6c..4324f39d2 100644
--- a/contrib/rootless-cni-infra/Containerfile
+++ b/contrib/rootless-cni-infra/Containerfile
@@ -2,7 +2,7 @@ ARG GOLANG_VERSION=1.15
ARG ALPINE_VERSION=3.12
ARG CNI_VERSION=v0.8.0
ARG CNI_PLUGINS_VERSION=v0.8.7
-ARG DNSNAME_VERSION=v1.0.0
+ARG DNSNAME_VERSION=v1.1.1
FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-base
RUN apk add --no-cache git
@@ -33,4 +33,4 @@ COPY rootless-cni-infra /usr/local/bin
ENV CNI_PATH=/opt/cni/bin
CMD ["sleep", "infinity"]
-ENV ROOTLESS_CNI_INFRA_VERSION=3
+ENV ROOTLESS_CNI_INFRA_VERSION=5
diff --git a/contrib/rootless-cni-infra/rootless-cni-infra b/contrib/rootless-cni-infra/rootless-cni-infra
index 463254c7f..cceb8d817 100755
--- a/contrib/rootless-cni-infra/rootless-cni-infra
+++ b/contrib/rootless-cni-infra/rootless-cni-infra
@@ -21,16 +21,19 @@ wait_unshare_net() {
done
}
-# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME"
+# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC $CAP_ARGS"
cmd_entrypoint_alloc() {
- if [ "$#" -ne 3 ]; then
- echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME"
+ if [ "$#" -ne 6 ]; then
+ echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC CAP_ARGS"
exit 1
fi
ID="$1"
NET="$2"
K8S_POD_NAME="$3"
+ IP="$4"
+ MAC="$5"
+ CAP_ARGS="$6"
dir="${BASE}/${ID}"
mkdir -p "${dir}/attached" "${dir}/attached-args"
@@ -46,9 +49,18 @@ cmd_entrypoint_alloc() {
nsenter -t "${pid}" -n ip link set lo up
fi
CNI_ARGS="IgnoreUnknown=1;K8S_POD_NAME=${K8S_POD_NAME}"
+ if [ "$IP" ]; then
+ CNI_ARGS="$CNI_ARGS;IP=${IP}"
+ fi
+ if [ "$MAC" ]; then
+ CNI_ARGS="$CNI_ARGS;MAC=${MAC}"
+ fi
+ if [ "$CAP_ARGS" ]; then
+ CAP_ARGS="$CAP_ARGS"
+ fi
nwcount=$(find "${dir}/attached" -type f | wc -l)
CNI_IFNAME="eth${nwcount}"
- export CNI_ARGS CNI_IFNAME
+ export CNI_ARGS CNI_IFNAME CAP_ARGS
cnitool add "${NET}" "/proc/${pid}/ns/net" >"${dir}/attached/${NET}"
echo "${CNI_ARGS}" >"${dir}/attached-args/${NET}"
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md
index f7624ed5f..9e5a57962 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md
@@ -91,7 +91,7 @@ solely for scripting compatibility.
#### **--format**, **-f**=*format*
Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source)
-Note: This flag can only be set when using the **dir** transport
+Note: This flag can only be set when using the **dir** transport. (Not available for remote commands)
#### **--quiet**, **-q**
@@ -99,11 +99,11 @@ When writing the output image, suppress progress output
#### **--remove-signatures**
-Discard any pre-existing signatures in the image
+Discard any pre-existing signatures in the image. (Not available for remote commands)
#### **--sign-by**=*key*
-Add a signature at the destination using the specified key
+Add a signature at the destination using the specified key. (Not available for remote commands)
#### **--tls-verify**=*true|false*
diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go
index 9a980750f..94ae062aa 100644
--- a/libpod/rootless_cni_linux.go
+++ b/libpod/rootless_cni_linux.go
@@ -25,7 +25,7 @@ import (
// Built from ../contrib/rootless-cni-infra.
var rootlessCNIInfraImage = map[string]string{
- "amd64": "quay.io/libpod/rootless-cni-infra@sha256:304742d5d221211df4ec672807a5842ff11e3729c50bc424ea0cea858f69d7b7", // 3-amd64
+ "amd64": "quay.io/libpod/rootless-cni-infra@sha256:adf352454666f7ce9ca3e1098448b5ee18f89c4516471ec99447ec9ece917f36", // 5-amd64
}
const (
@@ -58,9 +58,33 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.
return nil, nil, err
}
k8sPodName := getCNIPodName(c) // passed to CNI as K8S_POD_NAME
+ ip := ""
+ if c.config.StaticIP != nil {
+ ip = c.config.StaticIP.String()
+ }
+ mac := ""
+ if c.config.StaticMAC != nil {
+ mac = c.config.StaticMAC.String()
+ }
+ aliases, err := c.runtime.state.GetAllNetworkAliases(c)
+ if err != nil {
+ return nil, nil, err
+ }
+ capArgs := ""
+ // add network aliases json encoded as capabilityArgs for cni
+ if len(aliases) > 0 {
+ capabilityArgs := make(map[string]interface{})
+ capabilityArgs["aliases"] = aliases
+ b, err := json.Marshal(capabilityArgs)
+ if err != nil {
+ return nil, nil, err
+ }
+ capArgs = string(b)
+ }
+
cniResults := make([]*cnitypes.Result, len(networks))
for i, nw := range networks {
- cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName)
+ cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac, capArgs)
if err != nil {
return nil, nil, err
}
@@ -137,11 +161,11 @@ func getCNIPodName(c *Container) string {
return c.Name()
}
-func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName string) (*cnitypes.Result, error) {
- logrus.Debugf("rootless CNI: alloc %q, %q, %q", id, nw, k8sPodName)
+func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac, capArgs string) (*cnitypes.Result, error) {
+ logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac, capArgs)
var err error
- _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName)
+ _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac, capArgs)
if err != nil {
return nil, err
}
diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go
index 0f3da53e8..4a8fcdff3 100644
--- a/pkg/api/handlers/compat/images_push.go
+++ b/pkg/api/handlers/compat/images_push.go
@@ -3,13 +3,14 @@ package compat
import (
"context"
"net/http"
- "os"
"strings"
"github.com/containers/podman/v2/libpod"
- "github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/api/handlers/utils"
"github.com/containers/podman/v2/pkg/auth"
+ "github.com/containers/podman/v2/pkg/domain/entities"
+ "github.com/containers/podman/v2/pkg/domain/infra/abi"
+ "github.com/containers/storage"
"github.com/gorilla/schema"
"github.com/pkg/errors"
)
@@ -18,11 +19,19 @@ import (
func PushImage(w http.ResponseWriter, r *http.Request) {
decoder := r.Context().Value("decoder").(*schema.Decoder)
runtime := r.Context().Value("runtime").(*libpod.Runtime)
+ // Now use the ABI implementation to prevent us from having duplicate
+ // code.
+ imageEngine := abi.ImageEngine{Libpod: runtime}
query := struct {
- Tag string `schema:"tag"`
+ All bool `schema:"all"`
+ Compress bool `schema:"compress"`
+ Destination string `schema:"destination"`
+ Tag string `schema:"tag"`
+ TLSVerify bool `schema:"tlsVerify"`
}{
// This is where you can override the golang default value for one of fields
+ TLSVerify: true,
}
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
@@ -43,39 +52,30 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
return
}
- newImage, err := runtime.ImageRuntime().NewFromLocal(imageName)
- if err != nil {
- utils.ImageNotFound(w, imageName, errors.Wrapf(err, "failed to find image %s", imageName))
- return
- }
-
- authConf, authfile, key, err := auth.GetCredentials(r)
+ authconf, authfile, key, err := auth.GetCredentials(r)
if err != nil {
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String()))
return
}
defer auth.RemoveAuthfile(authfile)
-
- dockerRegistryOptions := &image.DockerRegistryOptions{DockerRegistryCreds: authConf}
- if sys := runtime.SystemContext(); sys != nil {
- dockerRegistryOptions.DockerCertPath = sys.DockerCertPath
- dockerRegistryOptions.RegistriesConfPath = sys.SystemRegistriesConfPath
+ var username, password string
+ if authconf != nil {
+ username = authconf.Username
+ password = authconf.Password
+ }
+ options := entities.ImagePushOptions{
+ All: query.All,
+ Authfile: authfile,
+ Compress: query.Compress,
+ Username: username,
+ Password: password,
}
+ if err := imageEngine.Push(context.Background(), imageName, query.Destination, options); err != nil {
+ if errors.Cause(err) != storage.ErrImageUnknown {
+ utils.ImageNotFound(w, imageName, errors.Wrapf(err, "failed to find image %s", imageName))
+ return
+ }
- err = newImage.PushImageToHeuristicDestination(
- context.Background(),
- imageName,
- "", // manifest type
- authfile,
- "", // digest file
- "", // signature policy
- os.Stderr,
- false, // force compression
- image.SigningOptions{},
- dockerRegistryOptions,
- nil, // additional tags
- )
- if err != nil {
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "error pushing image %q", imageName))
return
}
diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go
index 35221ecf1..ded51a31f 100644
--- a/pkg/api/handlers/libpod/manifests.go
+++ b/pkg/api/handlers/libpod/manifests.go
@@ -147,7 +147,6 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
query := struct {
All bool `schema:"all"`
Destination string `schema:"destination"`
- Format string `schema:"format"`
TLSVerify bool `schema:"tlsVerify"`
}{
// Add defaults here once needed.
@@ -163,24 +162,21 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
}
source := utils.GetName(r)
- authConf, authfile, key, err := auth.GetCredentials(r)
+ authconf, authfile, key, err := auth.GetCredentials(r)
if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String()))
return
}
defer auth.RemoveAuthfile(authfile)
var username, password string
- if authConf != nil {
- username = authConf.Username
- password = authConf.Password
-
+ if authconf != nil {
+ username = authconf.Username
+ password = authconf.Password
}
-
options := entities.ImagePushOptions{
Authfile: authfile,
Username: username,
Password: password,
- Format: query.Format,
All: query.All,
}
if sys := runtime.SystemContext(); sys != nil {
diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go
index d76f811e9..2ce0829b4 100644
--- a/pkg/api/server/register_images.go
+++ b/pkg/api/server/register_images.go
@@ -235,6 +235,18 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// name: tag
// type: string
// description: The tag to associate with the image on the registry.
+ // - in: query
+ // name: all
+ // type: boolean
+ // description: All indicates whether to push all images related to the image list
+ // - in: query
+ // name: compress
+ // type: boolean
+ // description: use compression on image
+ // - in: query
+ // name: destination
+ // type: string
+ // description: destination name for the image being pushed
// - in: header
// name: X-Registry-Auth
// type: string
diff --git a/pkg/bindings/images/types.go b/pkg/bindings/images/types.go
index 0248f2fa6..75f1a2f81 100644
--- a/pkg/bindings/images/types.go
+++ b/pkg/bindings/images/types.go
@@ -104,37 +104,14 @@ type PushOptions struct {
// Authfile is the path to the authentication file. Ignored for remote
// calls.
Authfile *string
- // CertDir is the path to certificate directories. Ignored for remote
- // calls.
- CertDir *string
- // Compress tarball image layers when pushing to a directory using the 'dir'
- // transport. Default is same compression type as source. Ignored for remote
- // calls.
+ // Compress tarball image layers when pushing to a directory using the 'dir' transport.
Compress *bool
- // Username for authenticating against the registry.
- Username *string
// Password for authenticating against the registry.
Password *string
- // DigestFile, after copying the image, write the digest of the resulting
- // image to the file. Ignored for remote calls.
- DigestFile *string
- // Format is the Manifest type (oci, v2s1, or v2s2) to use when pushing an
- // image using the 'dir' transport. Default is manifest type of source.
- // Ignored for remote calls.
- Format *string
- // Quiet can be specified to suppress pull progress when pulling. Ignored
- // for remote calls.
- Quiet *bool
- // RemoveSignatures, discard any pre-existing signatures in the image.
- // Ignored for remote calls.
- RemoveSignatures *bool
- // SignaturePolicy to use when pulling. Ignored for remote calls.
- SignaturePolicy *string
- // SignBy adds a signature at the destination using the specified key.
- // Ignored for remote calls.
- SignBy *string
// SkipTLSVerify to skip HTTPS and certificate verification.
SkipTLSVerify *bool
+ // Username for authenticating against the registry.
+ Username *string
}
//go:generate go run ../generator/generator.go SearchOptions
diff --git a/pkg/bindings/images/types_push_options.go b/pkg/bindings/images/types_push_options.go
index 0c12ce4ac..7f9bb1064 100644
--- a/pkg/bindings/images/types_push_options.go
+++ b/pkg/bindings/images/types_push_options.go
@@ -119,22 +119,6 @@ func (o *PushOptions) GetAuthfile() string {
return *o.Authfile
}
-// WithCertDir
-func (o *PushOptions) WithCertDir(value string) *PushOptions {
- v := &value
- o.CertDir = v
- return o
-}
-
-// GetCertDir
-func (o *PushOptions) GetCertDir() string {
- var certDir string
- if o.CertDir == nil {
- return certDir
- }
- return *o.CertDir
-}
-
// WithCompress
func (o *PushOptions) WithCompress(value bool) *PushOptions {
v := &value
@@ -151,22 +135,6 @@ func (o *PushOptions) GetCompress() bool {
return *o.Compress
}
-// WithUsername
-func (o *PushOptions) WithUsername(value string) *PushOptions {
- v := &value
- o.Username = v
- return o
-}
-
-// GetUsername
-func (o *PushOptions) GetUsername() string {
- var username string
- if o.Username == nil {
- return username
- }
- return *o.Username
-}
-
// WithPassword
func (o *PushOptions) WithPassword(value string) *PushOptions {
v := &value
@@ -183,102 +151,6 @@ func (o *PushOptions) GetPassword() string {
return *o.Password
}
-// WithDigestFile
-func (o *PushOptions) WithDigestFile(value string) *PushOptions {
- v := &value
- o.DigestFile = v
- return o
-}
-
-// GetDigestFile
-func (o *PushOptions) GetDigestFile() string {
- var digestFile string
- if o.DigestFile == nil {
- return digestFile
- }
- return *o.DigestFile
-}
-
-// WithFormat
-func (o *PushOptions) WithFormat(value string) *PushOptions {
- v := &value
- o.Format = v
- return o
-}
-
-// GetFormat
-func (o *PushOptions) GetFormat() string {
- var format string
- if o.Format == nil {
- return format
- }
- return *o.Format
-}
-
-// WithQuiet
-func (o *PushOptions) WithQuiet(value bool) *PushOptions {
- v := &value
- o.Quiet = v
- return o
-}
-
-// GetQuiet
-func (o *PushOptions) GetQuiet() bool {
- var quiet bool
- if o.Quiet == nil {
- return quiet
- }
- return *o.Quiet
-}
-
-// WithRemoveSignatures
-func (o *PushOptions) WithRemoveSignatures(value bool) *PushOptions {
- v := &value
- o.RemoveSignatures = v
- return o
-}
-
-// GetRemoveSignatures
-func (o *PushOptions) GetRemoveSignatures() bool {
- var removeSignatures bool
- if o.RemoveSignatures == nil {
- return removeSignatures
- }
- return *o.RemoveSignatures
-}
-
-// WithSignaturePolicy
-func (o *PushOptions) WithSignaturePolicy(value string) *PushOptions {
- v := &value
- o.SignaturePolicy = v
- return o
-}
-
-// GetSignaturePolicy
-func (o *PushOptions) GetSignaturePolicy() string {
- var signaturePolicy string
- if o.SignaturePolicy == nil {
- return signaturePolicy
- }
- return *o.SignaturePolicy
-}
-
-// WithSignBy
-func (o *PushOptions) WithSignBy(value string) *PushOptions {
- v := &value
- o.SignBy = v
- return o
-}
-
-// GetSignBy
-func (o *PushOptions) GetSignBy() string {
- var signBy string
- if o.SignBy == nil {
- return signBy
- }
- return *o.SignBy
-}
-
// WithSkipTLSVerify
func (o *PushOptions) WithSkipTLSVerify(value bool) *PushOptions {
v := &value
@@ -294,3 +166,19 @@ func (o *PushOptions) GetSkipTLSVerify() bool {
}
return *o.SkipTLSVerify
}
+
+// WithUsername
+func (o *PushOptions) WithUsername(value string) *PushOptions {
+ v := &value
+ o.Username = v
+ return o
+}
+
+// GetUsername
+func (o *PushOptions) GetUsername() string {
+ var username string
+ if o.Username == nil {
+ return username
+ }
+ return *o.Username
+}
diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go
index fec9832a0..4634dd442 100644
--- a/pkg/bindings/manifests/manifests.go
+++ b/pkg/bindings/manifests/manifests.go
@@ -153,7 +153,6 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt
}
params.Set("image", name)
params.Set("destination", destination)
- params.Set("format", *options.Format)
_, err = conn.DoRequest(nil, http.MethodPost, "/manifests/%s/push", params, nil, name)
if err != nil {
return "", err
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index 0de756756..878e7b999 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -236,10 +236,7 @@ func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOpti
func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, opts entities.ImagePushOptions) error {
options := new(images.PushOptions)
- options.WithUsername(opts.Username).WithSignaturePolicy(opts.SignaturePolicy).WithQuiet(opts.Quiet)
- options.WithPassword(opts.Password).WithCertDir(opts.CertDir).WithAuthfile(opts.Authfile)
- options.WithCompress(opts.Compress).WithDigestFile(opts.DigestFile).WithFormat(opts.Format)
- options.WithRemoveSignatures(opts.RemoveSignatures).WithSignBy(opts.SignBy)
+ options.WithAll(opts.All).WithCompress(opts.Compress).WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile)
if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
if s == types.OptionalBoolTrue {
diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go
index c12ba0045..e261afee2 100644
--- a/pkg/domain/infra/tunnel/manifest.go
+++ b/pkg/domain/infra/tunnel/manifest.go
@@ -86,10 +86,8 @@ func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (stri
// ManifestPush pushes a manifest list or image index to the destination
func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination string, opts entities.ImagePushOptions) (string, error) {
options := new(images.PushOptions)
- options.WithUsername(opts.Username).WithSignaturePolicy(opts.SignaturePolicy).WithQuiet(opts.Quiet)
- options.WithPassword(opts.Password).WithCertDir(opts.CertDir).WithAuthfile(opts.Authfile)
- options.WithCompress(opts.Compress).WithDigestFile(opts.DigestFile).WithFormat(opts.Format)
- options.WithRemoveSignatures(opts.RemoveSignatures).WithSignBy(opts.SignBy)
+ options.WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile)
+ options.WithAll(opts.All)
if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
if s == types.OptionalBoolTrue {
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index a0d36f865..81cb8b78d 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -30,7 +30,7 @@ func exclusiveOptions(opt1, opt2 string) error {
// input for creating a container.
func (s *SpecGenerator) Validate() error {
- if rootless.IsRootless() {
+ if rootless.IsRootless() && len(s.CNINetworks) == 0 {
if s.StaticIP != nil || s.StaticIPv6 != nil {
return ErrNoStaticIPRootless
}
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index 7c81f3f9f..518adb32f 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -20,7 +20,7 @@ func exclusivePodOptions(opt1, opt2 string) error {
// Validate verifies the input is valid
func (p *PodSpecGenerator) Validate() error {
- if rootless.IsRootless() {
+ if rootless.IsRootless() && len(p.CNINetworks) == 0 {
if p.StaticIP != nil {
return ErrNoStaticIPRootless
}
diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go
index 7a2267617..698bbf976 100644
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@@ -49,7 +49,7 @@ var _ = Describe("Podman create with --ip flag", func() {
})
It("Podman create --ip with non-allocatable IP", func() {
- SkipIfRootless("--ip is not supported in rootless mode")
+ SkipIfRootless("--ip not supported without network in rootless mode")
result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -63,7 +63,7 @@ var _ = Describe("Podman create with --ip flag", func() {
ip := GetRandomIPAddress()
result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"})
result.WaitWithDefaultTimeout()
- // Rootless static ip assignment should error
+ // Rootless static ip assignment without network should error
if rootless.IsRootless() {
Expect(result.ExitCode()).To(Equal(125))
} else {
@@ -81,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() {
})
It("Podman create two containers with the same IP", func() {
- SkipIfRootless("--ip not supported in rootless mode")
+ SkipIfRootless("--ip not supported without network in rootless mode")
ip := GetRandomIPAddress()
result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"})
result.WaitWithDefaultTimeout()
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index 1ac431da2..4c8f371a4 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -56,11 +56,7 @@ var _ = Describe("Podman run with --mac-address flag", func() {
result := podmanTest.Podman([]string{"run", "--network", net, "--mac-address", "92:d0:c6:00:29:34", ALPINE, "ip", "addr"})
result.WaitWithDefaultTimeout()
- if rootless.IsRootless() {
- Expect(result.ExitCode()).To(Equal(125))
- } else {
- Expect(result.ExitCode()).To(Equal(0))
- Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34"))
- }
+ Expect(result.ExitCode()).To(Equal(0))
+ Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34"))
})
})
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index 73d92e5a0..67c08ac09 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -553,7 +553,7 @@ var _ = Describe("Podman create", func() {
})
It("create container in pod with IP should fail", func() {
- SkipIfRootless("Setting IP not supported in rootless mode")
+ SkipIfRootless("Setting IP not supported in rootless mode without network")
name := "createwithstaticip"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
@@ -565,7 +565,7 @@ var _ = Describe("Podman create", func() {
})
It("create container in pod with mac should fail", func() {
- SkipIfRootless("Setting MAC Address not supported in rootless mode")
+ SkipIfRootless("Setting MAC Address not supported in rootless mode without network")
name := "createwithstaticmac"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index e2080244b..2f5290c76 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -408,7 +408,6 @@ var _ = Describe("Podman network", func() {
Expect(lines[1]).To(Equal(netName2))
})
It("podman network with multiple aliases", func() {
- Skip("Until DNSName is updated on our CI images")
var worked bool
netName := "aliasTest" + stringid.GenerateNonCryptoID()
session := podmanTest.Podman([]string{"network", "create", netName})
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index be0a2f6f0..9c448a81e 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -233,7 +233,7 @@ var _ = Describe("Podman pod create", func() {
ip := GetRandomIPAddress()
podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name})
podCreate.WaitWithDefaultTimeout()
- // Rootless should error
+ // Rootless should error without network
if rootless.IsRootless() {
Expect(podCreate.ExitCode()).To(Equal(125))
} else {
@@ -246,7 +246,7 @@ var _ = Describe("Podman pod create", func() {
})
It("podman container in pod with IP address shares IP address", func() {
- SkipIfRootless("Rootless does not support --ip")
+ SkipIfRootless("Rootless does not support --ip without network")
podName := "test"
ctrName := "testCtr"
ip := GetRandomIPAddress()
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 25212991d..fd9589afe 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -101,7 +101,7 @@ var _ = Describe("Podman pod inspect", func() {
})
It("podman pod inspect outputs show correct MAC", func() {
- SkipIfRootless("--mac-address is not supported in rootless mode")
+ SkipIfRootless("--mac-address is not supported in rootless mode without network")
podName := "testPod"
macAddr := "42:43:44:00:00:01"
create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "--mac-address", macAddr})
diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go
index 922995060..10120751f 100644
--- a/test/e2e/push_test.go
+++ b/test/e2e/push_test.go
@@ -54,10 +54,16 @@ var _ = Describe("Podman push", func() {
fmt.Sprintf("dir:%s", bbdir)})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
+
+ bbdir = filepath.Join(podmanTest.TempDir, "busybox")
+ session = podmanTest.Podman([]string{"push", "--format", "oci", ALPINE,
+ fmt.Sprintf("dir:%s", bbdir)})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
})
It("podman push to local registry", func() {
- SkipIfRemote("FIXME: This should work")
+ SkipIfRemote("Remote does not support --digestfile or --remove-sginatures")
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
@@ -74,7 +80,7 @@ var _ = Describe("Podman push", func() {
Skip("Cannot start docker registry.")
}
- push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
+ push := podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0))
@@ -88,7 +94,6 @@ var _ = Describe("Podman push", func() {
})
It("podman push to local registry with authorization", func() {
- SkipIfRemote("FIXME: This does not seem to be returning an error")
SkipIfRootless("FIXME: Creating content in certs.d we use directories in homedir")
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
@@ -155,9 +160,12 @@ var _ = Describe("Podman push", func() {
push.WaitWithDefaultTimeout()
Expect(push).To(ExitWithError())
- push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"})
- push.WaitWithDefaultTimeout()
- Expect(push).To(ExitWithError())
+ if !IsRemote() {
+ // remote does not support --cert-dir
+ push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"})
+ push.WaitWithDefaultTimeout()
+ Expect(push).To(ExitWithError())
+ }
push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", ALPINE, "localhost:5000/defaultflags"})
push.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index cbaae7186..ebea2132a 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -621,7 +621,6 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run in custom CNI network with --static-ip", func() {
- SkipIfRootless("Rootless mode does not support --ip")
netName := stringid.GenerateNonCryptoID()
ipAddr := "10.25.30.128"
create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@@ -633,10 +632,6 @@ var _ = Describe("Podman run networking", func() {
run.WaitWithDefaultTimeout()
Expect(run.ExitCode()).To(BeZero())
Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
-
- create = podmanTest.Podman([]string{"network", "rm", netName})
- create.WaitWithDefaultTimeout()
- Expect(create.ExitCode()).To(BeZero())
})
It("podman rootless fails custom CNI network with --uidmap", func() {
@@ -658,7 +653,6 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run with new:pod and static-ip", func() {
- SkipIfRootless("Rootless does not support --ip")
netName := stringid.GenerateNonCryptoID()
ipAddr := "10.25.40.128"
podname := "testpod"
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index 8383b1812..aeb462ae9 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() {
)
BeforeEach(func() {
- SkipIfRootless("rootless does not support --ip")
+ SkipIfRootless("rootless does not support --ip without network")
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/system/150-login.bats b/test/system/150-login.bats
index 5151ab0e1..c3af63348 100644
--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@@ -197,6 +197,7 @@ EOF
destname=ok-$(random_string 10 | tr A-Z a-z)-ok
# Use command-line credentials
run_podman push --tls-verify=false \
+ --format docker \
--creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \
$IMAGE localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname