10 files changed, 174 insertions, 37 deletions

diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index 80b7505df..87b947549 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -5,6 +5,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"strings"
 	"syscall"
 	"time"
 
@@ -177,9 +178,11 @@ func ListNetworks(w http.ResponseWriter, r *http.Request) {
 		utils.InternalServerError(w, err)
 		return
 	}
+
+	filterNames, nameFilterExists := query.Filters["name"]
 	// TODO remove when filters are implemented
-	if len(query.Filters) > 0 {
-		utils.InternalServerError(w, errors.New("filters for listing networks is not implemented"))
+	if (!nameFilterExists && len(query.Filters) > 0) || len(query.Filters) > 1 {
+		utils.InternalServerError(w, errors.New("only the name filter for listing networks is implemented"))
 		return
 	}
 	netNames, err := network.GetNetworkNamesFromFileSystem(config)
@@ -187,6 +190,21 @@ func ListNetworks(w http.ResponseWriter, r *http.Request) {
 		utils.InternalServerError(w, err)
 		return
 	}
+
+	// filter by name
+	if nameFilterExists {
+		names := []string{}
+		for _, name := range netNames {
+			for _, filter := range filterNames {
+				if strings.Contains(name, filter) {
+					names = append(names, name)
+					break
+				}
+			}
+		}
+		netNames = names
+	}
+
 	reports := make([]*types.NetworkResource, 0, len(netNames))
 	for _, name := range netNames {
 		report, err := getNetworkResourceByName(name, runtime)
diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go
index 475522664..dfece2a4e 100644
--- a/pkg/api/handlers/libpod/networks.go
+++ b/pkg/api/handlers/libpod/networks.go
@@ -42,7 +42,21 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) {
 }
 func ListNetworks(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
-	options := entities.NetworkListOptions{}
+	decoder := r.Context().Value("decoder").(*schema.Decoder)
+	query := struct {
+		Filter string `schema:"filter"`
+	}{
+		// override any golang type defaults
+	}
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
+			errors.Wrapf(err, "Failed to parse parameters for %s", r.URL.String()))
+		return
+	}
+
+	options := entities.NetworkListOptions{
+		Filter: query.Filter,
+	}
 	ic := abi.ContainerEngine{Libpod: runtime}
 	reports, err := ic.NetworkList(r.Context(), options)
 	if err != nil {
diff --git a/pkg/api/server/register_networks.go b/pkg/api/server/register_networks.go
index 7918ad4a2..61916eedf 100644
--- a/pkg/api/server/register_networks.go
+++ b/pkg/api/server/register_networks.go
@@ -61,6 +61,11 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	//  - networks (compat)
 	// summary: List networks
 	// description: Display summary of network configurations
+	// parameters:
+	//  - in: query
+	//    name: filters
+	//    type: string
+	//    description: JSON encoded value of the filters (a map[string][]string) to process on the networks list. Only the name filter is supported.
 	// produces:
 	// - application/json
 	// responses:
@@ -106,7 +111,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	//    required: true
 	//    description: the name of the network
 	//  - in: query
-	//    name: Force
+	//    name: force
 	//    type: boolean
 	//    description: remove containers associated with network
 	// produces:
@@ -152,6 +157,11 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	//  - networks
 	// summary: List networks
 	// description: Display summary of network configurations
+	// parameters:
+	//  - in: query
+	//    name: filter
+	//    type: string
+	//    description: Provide filter values (e.g. 'name=podman')
 	// produces:
 	// - application/json
 	// responses:
diff --git a/pkg/bindings/network/network.go b/pkg/bindings/network/network.go
index fd1111282..d8dc7e352 100644
--- a/pkg/bindings/network/network.go
+++ b/pkg/bindings/network/network.go
@@ -70,7 +70,7 @@ func Remove(ctx context.Context, nameOrID string, force *bool) ([]*entities.Netw
 }
 
 // List returns a summary of all CNI network configurations
-func List(ctx context.Context) ([]*entities.NetworkListReport, error) {
+func List(ctx context.Context, options entities.NetworkListOptions) ([]*entities.NetworkListReport, error) {
 	var (
 		netList []*entities.NetworkListReport
 	)
@@ -78,7 +78,11 @@ func List(ctx context.Context) ([]*entities.NetworkListReport, error) {
 	if err != nil {
 		return nil, err
 	}
-	response, err := conn.DoRequest(nil, http.MethodGet, "/networks/json", nil, nil)
+	params := url.Values{}
+	if options.Filter != "" {
+		params.Set("filter", options.Filter)
+	}
+	response, err := conn.DoRequest(nil, http.MethodGet, "/networks/json", params, nil)
 	if err != nil {
 		return netList, err
 	}
diff --git a/pkg/domain/entities/manifest.go b/pkg/domain/entities/manifest.go
index 853619b19..01180951a 100644
--- a/pkg/domain/entities/manifest.go
+++ b/pkg/domain/entities/manifest.go
@@ -9,14 +9,19 @@ type ManifestCreateOptions struct {
 }
 
 type ManifestAddOptions struct {
-	All        bool     `json:"all" schema:"all"`
-	Annotation []string `json:"annotation" schema:"annotation"`
-	Arch       string   `json:"arch" schema:"arch"`
-	Features   []string `json:"features" schema:"features"`
-	Images     []string `json:"images" schema:"images"`
-	OS         string   `json:"os" schema:"os"`
-	OSVersion  string   `json:"os_version" schema:"os_version"`
-	Variant    string   `json:"variant" schema:"variant"`
+	All           bool               `json:"all" schema:"all"`
+	Annotation    []string           `json:"annotation" schema:"annotation"`
+	Arch          string             `json:"arch" schema:"arch"`
+	Authfile      string             `json:"-" schema:"-"`
+	CertDir       string             `json:"-" schema:"-"`
+	Features      []string           `json:"features" schema:"features"`
+	Images        []string           `json:"images" schema:"images"`
+	OS            string             `json:"os" schema:"os"`
+	OSVersion     string             `json:"os_version" schema:"os_version"`
+	Password      string             `json:"-" schema:"-"`
+	SkipTLSVerify types.OptionalBool `json:"-" schema:"-"`
+	Username      string             `json:"-" schema:"-"`
+	Variant       string             `json:"variant" schema:"variant"`
 }
 
 type ManifestAnnotateOptions struct {
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index 6f3c6b902..55f73bf65 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -102,7 +102,24 @@ func (ir *ImageEngine) ManifestAdd(ctx context.Context, opts entities.ManifestAd
 		}
 		manifestAddOpts.Annotation = annotations
 	}
-	listID, err := listImage.AddManifest(*ir.Libpod.SystemContext(), manifestAddOpts)
+
+	// Set the system context.
+	sys := ir.Libpod.SystemContext()
+	if sys != nil {
+		sys = &types.SystemContext{}
+	}
+	sys.AuthFilePath = opts.Authfile
+	sys.DockerInsecureSkipTLSVerify = opts.SkipTLSVerify
+	sys.DockerCertPath = opts.CertDir
+
+	if opts.Username != "" && opts.Password != "" {
+		sys.DockerAuthConfig = &types.DockerAuthConfig{
+			Username: opts.Username,
+			Password: opts.Password,
+		}
+	}
+
+	listID, err := listImage.AddManifest(*sys, manifestAddOpts)
 	if err != nil {
 		return listID, err
 	}
@@ -191,6 +208,7 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, names []string, opts en
 	}
 	sys.AuthFilePath = opts.Authfile
 	sys.DockerInsecureSkipTLSVerify = opts.SkipTLSVerify
+	sys.DockerCertPath = opts.CertDir
 
 	if opts.Username != "" && opts.Password != "" {
 		sys.DockerAuthConfig = &types.DockerAuthConfig{
diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go
index c06714cbb..807e4b272 100644
--- a/pkg/domain/infra/abi/network.go
+++ b/pkg/domain/infra/abi/network.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -216,6 +217,9 @@ func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreate
 	if err != nil {
 		return "", err
 	}
+	if err := os.MkdirAll(network.GetCNIConfDir(runtimeConfig), 0755); err != nil {
+		return "", err
+	}
 	cniPathName := filepath.Join(network.GetCNIConfDir(runtimeConfig), fmt.Sprintf("%s.conflist", name))
 	err = ioutil.WriteFile(cniPathName, b, 0644)
 	return cniPathName, err
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index cc919561f..062b38a70 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -8,11 +8,13 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/podman/v2/libpod/define"
+	"github.com/containers/podman/v2/libpod/events"
 	"github.com/containers/podman/v2/pkg/api/handlers"
 	"github.com/containers/podman/v2/pkg/bindings"
 	"github.com/containers/podman/v2/pkg/bindings/containers"
@@ -507,33 +509,90 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
 	for _, w := range con.Warnings {
 		fmt.Fprintf(os.Stderr, "%s\n", w)
 	}
+
 	report := entities.ContainerRunReport{Id: con.ID}
-	// Attach
-	if !opts.Detach {
-		err = startAndAttach(ic, con.ID, &opts.DetachKeys, opts.InputStream, opts.OutputStream, opts.ErrorStream)
-		if err == nil {
-			exitCode, err := containers.Wait(ic.ClientCxt, con.ID, nil)
-			if err == nil {
-				report.ExitCode = int(exitCode)
-			}
+
+	if opts.Detach {
+		// Detach and return early
+		err := containers.Start(ic.ClientCxt, con.ID, nil)
+		if err != nil {
+			report.ExitCode = define.ExitCode(err)
 		}
-	} else {
-		err = containers.Start(ic.ClientCxt, con.ID, nil)
+		return &report, err
 	}
-	if err != nil {
+
+	// Attach
+	if err := startAndAttach(ic, con.ID, &opts.DetachKeys, opts.InputStream, opts.OutputStream, opts.ErrorStream); err != nil {
 		report.ExitCode = define.ExitCode(err)
+		if opts.Rm {
+			if rmErr := containers.Remove(ic.ClientCxt, con.ID, bindings.PFalse, bindings.PTrue); rmErr != nil {
+				logrus.Debugf("unable to remove container %s after failing to start and attach to it", con.ID)
+			}
+		}
+		return &report, err
 	}
+
 	if opts.Rm {
-		if err := containers.Remove(ic.ClientCxt, con.ID, bindings.PFalse, bindings.PTrue); err != nil {
-			if errors.Cause(err) == define.ErrNoSuchCtr ||
-				errors.Cause(err) == define.ErrCtrRemoved {
-				logrus.Warnf("Container %s does not exist: %v", con.ID, err)
-			} else {
-				logrus.Errorf("Error removing container %s: %v", con.ID, err)
+		// Defer the removal, so we can return early if needed and
+		// de-spaghetti the code.
+		defer func() {
+			if err := containers.Remove(ic.ClientCxt, con.ID, bindings.PFalse, bindings.PTrue); err != nil {
+				if errors.Cause(err) == define.ErrNoSuchCtr ||
+					errors.Cause(err) == define.ErrCtrRemoved {
+					logrus.Warnf("Container %s does not exist: %v", con.ID, err)
+				} else {
+					logrus.Errorf("Error removing container %s: %v", con.ID, err)
+				}
 			}
+		}()
+	}
+
+	// Wait
+	exitCode, waitErr := containers.Wait(ic.ClientCxt, con.ID, nil)
+	if waitErr == nil {
+		report.ExitCode = int(exitCode)
+		return &report, nil
+	}
+
+	// Determine why the wait failed.  If the container doesn't exist,
+	// consult the events.
+	if !strings.Contains(waitErr.Error(), define.ErrNoSuchCtr.Error()) {
+		return &report, waitErr
+	}
+
+	// Events
+	eventsChannel := make(chan *events.Event)
+	eventOptions := entities.EventsOptions{
+		EventChan: eventsChannel,
+		Filter: []string{
+			"type=container",
+			fmt.Sprintf("container=%s", con.ID),
+			fmt.Sprintf("event=%s", events.Exited),
+		},
+	}
+
+	var lastEvent *events.Event
+	var mutex sync.Mutex
+	mutex.Lock()
+	// Read the events.
+	go func() {
+		for e := range eventsChannel {
+			lastEvent = e
 		}
+		mutex.Unlock()
+	}()
+
+	eventsErr := ic.Events(ctx, eventOptions)
+
+	// Wait for all events to be read
+	mutex.Lock()
+	if eventsErr != nil || lastEvent == nil {
+		logrus.Errorf("Cannot get exit code: %v", err)
+		report.ExitCode = define.ExecErrorCodeNotFound
+		return &report, nil // compat with local client
 	}
 
+	report.ExitCode = lastEvent.ContainerExitCode
 	return &report, err
 }
 
diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go
index 2b197cac0..074425087 100644
--- a/pkg/domain/infra/tunnel/network.go
+++ b/pkg/domain/infra/tunnel/network.go
@@ -8,7 +8,7 @@ import (
 )
 
 func (ic *ContainerEngine) NetworkList(ctx context.Context, options entities.NetworkListOptions) ([]*entities.NetworkListReport, error) {
-	return network.List(ic.ClientCxt)
+	return network.List(ic.ClientCxt, options)
 }
 
 func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []string, options entities.NetworkInspectOptions) ([]entities.NetworkInspectReport, error) {
diff --git a/pkg/network/files.go b/pkg/network/files.go
index 38ce38b97..a2090491f 100644
--- a/pkg/network/files.go
+++ b/pkg/network/files.go
@@ -14,11 +14,16 @@ import (
 	"github.com/pkg/errors"
 )
 
-func GetCNIConfDir(config *config.Config) string {
-	if len(config.Network.NetworkConfigDir) < 1 {
-		return CNIConfigDir
+func GetCNIConfDir(configArg *config.Config) string {
+	if len(configArg.Network.NetworkConfigDir) < 1 {
+		dc, err := config.DefaultConfig()
+		if err != nil {
+			// Fallback to hard-coded dir
+			return CNIConfigDir
+		}
+		return dc.Network.NetworkConfigDir
 	}
-	return config.Network.NetworkConfigDir
+	return configArg.Network.NetworkConfigDir
 }
 
 // LoadCNIConfsFromDir loads all the CNI configurations from a dir