aboutsummaryrefslogtreecommitdiff
path: root/pkg/domain/infra
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/domain/infra')
-rw-r--r--pkg/domain/infra/abi/containers.go66
-rw-r--r--pkg/domain/infra/abi/images.go3
-rw-r--r--pkg/domain/infra/abi/manifest.go3
-rw-r--r--pkg/domain/infra/abi/play.go80
-rw-r--r--pkg/domain/infra/abi/secrets.go2
-rw-r--r--pkg/domain/infra/tunnel/containers.go48
-rw-r--r--pkg/domain/infra/tunnel/images.go2
-rw-r--r--pkg/domain/infra/tunnel/manifest.go10
8 files changed, 178 insertions, 36 deletions
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 04eb85504..783224e9c 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -62,6 +62,11 @@ func getContainersAndInputByContext(all, latest bool, names []string, filters ma
}
case all:
ctrs, err = runtime.GetAllContainers()
+ if err == nil {
+ for _, ctr := range ctrs {
+ rawInput = append(rawInput, ctr.ID())
+ }
+ }
case latest:
ctr, err = runtime.GetLatestContainer()
if err == nil {
@@ -133,37 +138,57 @@ func (ic *ContainerEngine) ContainerWait(ctx context.Context, namesOrIds []strin
}
func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []string, options entities.PauseUnPauseOptions) ([]*entities.PauseUnpauseReport, error) {
- ctrs, err := getContainersByContext(options.All, false, namesOrIds, ic.Libpod)
+ ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, options.Filters, ic.Libpod)
if err != nil {
return nil, err
}
- report := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
+ ctrMap := map[string]string{}
+ if len(rawInputs) == len(ctrs) {
+ for i := range ctrs {
+ ctrMap[ctrs[i].ID()] = rawInputs[i]
+ }
+ }
+ reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
for _, c := range ctrs {
err := c.Pause()
if err != nil && options.All && errors.Is(err, define.ErrCtrStateInvalid) {
logrus.Debugf("Container %s is not running", c.ID())
continue
}
- report = append(report, &entities.PauseUnpauseReport{Id: c.ID(), Err: err})
+ reports = append(reports, &entities.PauseUnpauseReport{
+ Id: c.ID(),
+ Err: err,
+ RawInput: ctrMap[c.ID()],
+ })
}
- return report, nil
+ return reports, nil
}
func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []string, options entities.PauseUnPauseOptions) ([]*entities.PauseUnpauseReport, error) {
- ctrs, err := getContainersByContext(options.All, false, namesOrIds, ic.Libpod)
+ ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, options.Filters, ic.Libpod)
if err != nil {
return nil, err
}
- report := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
+ ctrMap := map[string]string{}
+ if len(rawInputs) == len(ctrs) {
+ for i := range ctrs {
+ ctrMap[ctrs[i].ID()] = rawInputs[i]
+ }
+ }
+ reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
for _, c := range ctrs {
err := c.Unpause()
if err != nil && options.All && errors.Is(err, define.ErrCtrStateInvalid) {
logrus.Debugf("Container %s is not paused", c.ID())
continue
}
- report = append(report, &entities.PauseUnpauseReport{Id: c.ID(), Err: err})
+ reports = append(reports, &entities.PauseUnpauseReport{
+ Id: c.ID(),
+ Err: err,
+ RawInput: ctrMap[c.ID()],
+ })
}
- return report, nil
+ return reports, nil
}
func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []string, options entities.StopOptions) ([]*entities.StopReport, error) {
names := namesOrIds
@@ -235,6 +260,7 @@ func (ic *ContainerEngine) ContainerPrune(ctx context.Context, options entities.
if err != nil {
return nil, err
}
+
filterFuncs = append(filterFuncs, generatedFunc)
}
return ic.Libpod.PruneContainers(filterFuncs)
@@ -1035,6 +1061,15 @@ func (ic *ContainerEngine) Diff(ctx context.Context, namesOrIDs []string, opts e
}
func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.ContainerRunOptions) (*entities.ContainerRunReport, error) {
+ removeContainer := func(ctr *libpod.Container, force bool) error {
+ var timeout *uint
+ if err := ic.Libpod.RemoveContainer(ctx, ctr, force, true, timeout); err != nil {
+ logrus.Debugf("unable to remove container %s after failing to start and attach to it: %v", ctr.ID(), err)
+ return err
+ }
+ return nil
+ }
+
warn, err := generate.CompleteSpec(ctx, ic.Libpod, opts.Spec)
if err != nil {
return nil, err
@@ -1055,6 +1090,8 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
if opts.CIDFile != "" {
if err := util.CreateCidFile(opts.CIDFile, ctr.ID()); err != nil {
+ // If you fail to create CIDFile then remove the container
+ _ = removeContainer(ctr, true)
return nil, err
}
}
@@ -1072,6 +1109,11 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
if err := ctr.Start(ctx, true); err != nil {
// This means the command did not exist
report.ExitCode = define.ExitCode(err)
+ if opts.Rm {
+ if rmErr := removeContainer(ctr, true); rmErr != nil && !errors.Is(rmErr, define.ErrNoSuchCtr) {
+ logrus.Errorf("Container %s failed to be removed", ctr.ID())
+ }
+ }
return &report, err
}
@@ -1088,10 +1130,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
return &report, nil
}
if opts.Rm {
- var timeout *uint
- if deleteError := ic.Libpod.RemoveContainer(ctx, ctr, true, false, timeout); deleteError != nil {
- logrus.Debugf("unable to remove container %s after failing to start and attach to it", ctr.ID())
- }
+ _ = removeContainer(ctr, true)
}
if errors.Is(err, define.ErrWillDeadlock) {
logrus.Debugf("Deadlock error on %q: %v", ctr.ID(), err)
@@ -1103,8 +1142,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
}
report.ExitCode = ic.GetContainerExitCode(ctx, ctr)
if opts.Rm && !ctr.ShouldRestart(ctx) {
- var timeout *uint
- if err := ic.Libpod.RemoveContainer(ctx, ctr, false, true, timeout); err != nil {
+ if err := removeContainer(ctr, false); err != nil {
if errors.Is(err, define.ErrNoSuchCtr) ||
errors.Is(err, define.ErrCtrRemoved) {
logrus.Infof("Container %s was already removed, skipping --rm", ctr.ID())
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 38008c7b9..ff42b0367 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -305,6 +305,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
pushOptions.RemoveSignatures = options.RemoveSignatures
pushOptions.SignBy = options.SignBy
pushOptions.InsecureSkipTLSVerify = options.SkipTLSVerify
+ pushOptions.Writer = options.Writer
compressionFormat := options.CompressionFormat
if compressionFormat == "" {
@@ -322,7 +323,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
pushOptions.CompressionFormat = &algo
}
- if !options.Quiet {
+ if !options.Quiet && pushOptions.Writer == nil {
pushOptions.Writer = os.Stderr
}
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index d20744d76..bdc3d9513 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -331,7 +331,8 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin
}
if opts.Rm {
- if _, rmErrors := ir.Libpod.LibimageRuntime().RemoveImages(ctx, []string{manifestList.ID()}, nil); len(rmErrors) > 0 {
+ rmOpts := &libimage.RemoveImagesOptions{LookupManifest: true}
+ if _, rmErrors := ir.Libpod.LibimageRuntime().RemoveImages(ctx, []string{manifestList.ID()}, rmOpts); len(rmErrors) > 0 {
return "", fmt.Errorf("error removing manifest after push: %w", rmErrors[0])
}
}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 8b47eff53..3f2fd5f92 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -84,15 +84,15 @@ func (ic *ContainerEngine) createServiceContainer(ctx context.Context, name stri
return ctr, nil
}
-// Creates the name for a service container based on the provided content of a
-// K8s yaml file.
-func serviceContainerName(content []byte) string {
+// Creates the name for a k8s entity based on the provided content of a
+// K8s yaml file and a given suffix.
+func k8sName(content []byte, suffix string) string {
// The name of the service container is the first 12
// characters of the yaml file's hash followed by the
// '-service' suffix to guarantee a predictable and
// discoverable name.
hash := digest.FromBytes(content).Encoded()
- return hash[0:12] + "-service"
+ return hash[0:12] + "-" + suffix
}
func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options entities.PlayKubeOptions) (_ *entities.PlayKubeReport, finalErr error) {
@@ -132,7 +132,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
// TODO: create constants for the various "kinds" of yaml files.
var serviceContainer *libpod.Container
if options.ServiceContainer && (kind == "Pod" || kind == "Deployment") {
- ctr, err := ic.createServiceContainer(ctx, serviceContainerName(content), options)
+ ctr, err := ic.createServiceContainer(ctx, k8sName(content, "service"), options)
if err != nil {
return nil, err
}
@@ -213,6 +213,19 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
return nil, fmt.Errorf("unable to read YAML as Kube ConfigMap: %w", err)
}
configMaps = append(configMaps, configMap)
+ case "Secret":
+ var secret v1.Secret
+
+ if err := yaml.Unmarshal(document, &secret); err != nil {
+ return nil, fmt.Errorf("unable to read YAML as kube secret: %w", err)
+ }
+
+ r, err := ic.playKubeSecret(&secret)
+ if err != nil {
+ return nil, err
+ }
+ report.Secrets = append(report.Secrets, entities.PlaySecret{CreateReport: r})
+ validKinds++
default:
logrus.Infof("Kube kind %s not supported", kind)
continue
@@ -380,7 +393,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
configMaps = append(configMaps, cm)
}
- volumes, err := kube.InitializeVolumes(podYAML.Spec.Volumes, configMaps)
+ volumes, err := kube.InitializeVolumes(podYAML.Spec.Volumes, configMaps, secretsManager)
if err != nil {
return nil, err
}
@@ -388,7 +401,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
// Go through the volumes and create a podman volume for all volumes that have been
// defined by a configmap
for _, v := range volumes {
- if v.Type == kube.KubeVolumeTypeConfigMap && !v.Optional {
+ if (v.Type == kube.KubeVolumeTypeConfigMap || v.Type == kube.KubeVolumeTypeSecret) && !v.Optional {
vol, err := ic.Libpod.NewVolume(ctx, libpod.WithVolumeName(v.Source))
if err != nil {
if errors.Is(err, define.ErrVolumeExists) {
@@ -583,6 +596,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
UserNSIsHost: p.Userns.IsHost(),
Volumes: volumes,
}
+
specGen, err := kube.ToSpecGen(ctx, &specgenOpts)
if err != nil {
return nil, err
@@ -968,3 +982,55 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, _ e
return reports, nil
}
+
+// playKubeSecret allows users to create and store a kubernetes secret as a podman secret
+func (ic *ContainerEngine) playKubeSecret(secret *v1.Secret) (*entities.SecretCreateReport, error) {
+ r := &entities.SecretCreateReport{}
+
+ // Create the secret manager before hand
+ secretsManager, err := ic.Libpod.SecretsManager()
+ if err != nil {
+ return nil, err
+ }
+
+ data, err := yaml.Marshal(secret)
+ if err != nil {
+ return nil, err
+ }
+
+ secretsPath := ic.Libpod.GetSecretsStorageDir()
+ opts := make(map[string]string)
+ opts["path"] = filepath.Join(secretsPath, "filedriver")
+ // maybe k8sName(data)...
+ // using this does not allow the user to use the name given to the secret
+ // but keeping secret.Name as the ID can lead to a collision.
+
+ s, err := secretsManager.Lookup(secret.Name)
+ if err == nil {
+ if val, ok := s.Metadata["immutable"]; ok {
+ if val == "true" {
+ return nil, fmt.Errorf("cannot remove colliding secret as it is set to immutable")
+ }
+ }
+ _, err = secretsManager.Delete(s.Name)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ // now we have either removed the old secret w/ the same name or
+ // the name was not taken. Either way, we can now store.
+
+ meta := make(map[string]string)
+ if secret.Immutable != nil && *secret.Immutable {
+ meta["immutable"] = "true"
+ }
+ secretID, err := secretsManager.Store(secret.Name, data, "file", opts, meta)
+ if err != nil {
+ return nil, err
+ }
+
+ r.ID = secretID
+
+ return r, nil
+}
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index 7321ef715..e82fa4fdd 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -42,7 +42,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
}
}
- secretID, err := manager.Store(name, data, options.Driver, options.DriverOpts)
+ secretID, err := manager.Store(name, data, options.Driver, options.DriverOpts, nil)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index fcabff7c4..98c73c51a 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -57,10 +57,14 @@ func (ic *ContainerEngine) ContainerWait(ctx context.Context, namesOrIds []strin
}
func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []string, options entities.PauseUnPauseOptions) ([]*entities.PauseUnpauseReport, error) {
- ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, namesOrIds)
+ ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, options.All, false, namesOrIds, options.Filters)
if err != nil {
return nil, err
}
+ ctrMap := map[string]string{}
+ for i := range ctrs {
+ ctrMap[ctrs[i].ID] = rawInputs[i]
+ }
reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
for _, c := range ctrs {
err := containers.Pause(ic.ClientCtx, c.ID, nil)
@@ -68,24 +72,36 @@ func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []stri
logrus.Debugf("Container %s is not running", c.ID)
continue
}
- reports = append(reports, &entities.PauseUnpauseReport{Id: c.ID, Err: err})
+ reports = append(reports, &entities.PauseUnpauseReport{
+ Id: c.ID,
+ Err: err,
+ RawInput: ctrMap[c.ID],
+ })
}
return reports, nil
}
func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []string, options entities.PauseUnPauseOptions) ([]*entities.PauseUnpauseReport, error) {
- reports := []*entities.PauseUnpauseReport{}
- ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, namesOrIds)
+ ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, options.All, false, namesOrIds, options.Filters)
if err != nil {
return nil, err
}
+ ctrMap := map[string]string{}
+ for i := range ctrs {
+ ctrMap[ctrs[i].ID] = rawInputs[i]
+ }
+ reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
for _, c := range ctrs {
err := containers.Unpause(ic.ClientCtx, c.ID, nil)
if err != nil && options.All && strings.Contains(err.Error(), define.ErrCtrStateInvalid.Error()) {
logrus.Debugf("Container %s is not paused", c.ID)
continue
}
- reports = append(reports, &entities.PauseUnpauseReport{Id: c.ID, Err: err})
+ reports = append(reports, &entities.PauseUnpauseReport{
+ Id: c.ID,
+ Err: err,
+ RawInput: ctrMap[c.ID],
+ })
}
return reports, nil
}
@@ -771,8 +787,17 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
for _, w := range con.Warnings {
fmt.Fprintf(os.Stderr, "%s\n", w)
}
+ removeContainer := func(id string, force bool) error {
+ removeOptions := new(containers.RemoveOptions).WithVolumes(true).WithForce(force)
+ reports, err := containers.Remove(ic.ClientCtx, id, removeOptions)
+ logIfRmError(id, err, reports)
+ return err
+ }
+
if opts.CIDFile != "" {
if err := util.CreateCidFile(opts.CIDFile, con.ID); err != nil {
+ // If you fail to create CIDFile then remove the container
+ _ = removeContainer(con.ID, true)
return nil, err
}
}
@@ -784,6 +809,11 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
err := containers.Start(ic.ClientCtx, con.ID, new(containers.StartOptions).WithRecursive(true))
if err != nil {
report.ExitCode = define.ExitCode(err)
+ if opts.Rm {
+ if rmErr := removeContainer(con.ID, true); rmErr != nil && !errors.Is(rmErr, define.ErrNoSuchCtr) {
+ logrus.Errorf("Container %s failed to be removed", con.ID)
+ }
+ }
}
return &report, err
}
@@ -796,10 +826,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
report.ExitCode = define.ExitCode(err)
if opts.Rm {
- reports, rmErr := containers.Remove(ic.ClientCtx, con.ID, new(containers.RemoveOptions).WithForce(false).WithVolumes(true))
- if rmErr != nil || reports[0].Err != nil {
- logrus.Debugf("unable to remove container %s after failing to start and attach to it", con.ID)
- }
+ _ = removeContainer(con.ID, false)
}
return &report, err
}
@@ -815,8 +842,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
}
if !shouldRestart {
- reports, err := containers.Remove(ic.ClientCtx, con.ID, new(containers.RemoveOptions).WithForce(false).WithVolumes(true))
- logIfRmError(con.ID, err, reports)
+ _ = removeContainer(con.ID, false)
}
}()
}
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index 18f750dcc..9ad408850 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -240,7 +240,7 @@ func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOpti
func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, opts entities.ImagePushOptions) error {
options := new(images.PushOptions)
- options.WithAll(opts.All).WithCompress(opts.Compress).WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile).WithFormat(opts.Format).WithRemoveSignatures(opts.RemoveSignatures)
+ options.WithAll(opts.All).WithCompress(opts.Compress).WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile).WithFormat(opts.Format).WithRemoveSignatures(opts.RemoveSignatures).WithQuiet(opts.Quiet)
if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
if s == types.OptionalBoolTrue {
diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go
index d2554f198..4a3148fac 100644
--- a/pkg/domain/infra/tunnel/manifest.go
+++ b/pkg/domain/infra/tunnel/manifest.go
@@ -110,5 +110,15 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin
}
}
digest, err := manifests.Push(ir.ClientCtx, name, destination, options)
+ if err != nil {
+ return "", fmt.Errorf("error adding to manifest list %s: %w", name, err)
+ }
+
+ if opts.Rm {
+ if _, rmErrors := ir.Remove(ctx, []string{name}, entities.ImageRemoveOptions{LookupManifest: true}); len(rmErrors) > 0 {
+ return "", fmt.Errorf("error removing manifest after push: %w", rmErrors[0])
+ }
+ }
+
return digest, err
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-13 15:03:48 +0000