summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Turn headerAuth into MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)Miloslav Trmač2021-12-10
| | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Turn headerConfig into MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Move the auth file creation to GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | This shares the code, and makes getConfigCredentials and getAuthCredentials side-effect free and possibly easier to test. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Consolidate the error handling path in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | We'll share even more code here in the future. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Only look up HTTP header values once in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | ... and have GetCredentials pass the values down to getConfigCredentials and getAuthCredentials. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use Header.Values in GetCredentials.hasMiloslav Trmač2021-12-10
| | | | | | | | | It's possibly a bit more expensive, but semantically safer because it does header normalization. And we'll regain the cost by not looking up the value repeatedly. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Beautify GetCredentials.has a bitMiloslav Trmač2021-12-10
| | | | | | | | Use separate lines, and use the provided .String() API. Should not change behaivor. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | Both have a single caller, so there's no point in looking up the header value twice. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Simplify parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | In the "no input" case, return a constant instead of continuing with the decode/convert path, converting empty data. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Simplify the interface of parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | Don't create a single-element map only for the only caller to laboriously extract an element of that map; just return a single entry. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Don't return a header name from auth.GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | Almost every caller is using it only to wrap an error in exactly the same way, so move that error context into GetCredentials and simplify the users. (The one other caller, build, was even wrapping the error incorrectly talking about query parameters; so let it use the same text as the others.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Fix normalizeAuthFileKey to use the correct semanticsMiloslav Trmač2021-12-10
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Rename normalize and a few variablesMiloslav Trmač2021-12-10
| | | | | | | | ... to refer to auth file keys instead of servers and the like. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add TestHeaderGetCredentialsRoundtripMiloslav Trmač2021-12-10
| | | | | | | | | | ... as an end-to-end unit test of the header creation/parsing code. Leave the docker.io and docker.io/vendor test cases commented out, because they are currently failing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add tests for auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | Just a single function that handles all of Header, headerConfig and headerAuth; we will split that later. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Improve TestAuthConfigsToAuthFileMiloslav Trmač2021-12-10
| | | | | | | | Remove the created temporary file. Use more appropriate assertion calls. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add unit tests for singleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | Also rename it to parseSingleAuthHeader Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add unit tests for multiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | Also rename it to parseMultiAuthHeader. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #12569 from vrothberg/fix-12167OpenShift Merge Robot2021-12-10
|\ | | | | pprof CI flakes: enforce 5 seconds grace period
| * pprof CI flakes: enforce 5 seconds grace periodValentin Rothberg2021-12-10
| | | | | | | | | | | | | | | | | | This gives the service 5 seconds to digest the signal and 5 more seconds to shutdown. Create a new variable to make bumping the timeout easier in case we see re-flake in the future. Fixes: #12167 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12564 from Darkness4/mainOpenShift Merge Robot2021-12-10
|\ \ | |/ |/| rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
| * [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage ↵Marc Nguyen2021-12-10
|/ | | | | | (Fixes: #12563) Signed-off-by: Nguyen Marc <nguyen_marc@live.fr>
* Merge pull request #12555 from rhatdan/podDaniel J Walsh2021-12-09
|\ | | | | --hostname should be set with podman create --pod new:PODNAME
| * --hostname should be set when using --pod new:foobarDaniel J Walsh2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599 When you create pod, it shares the UTS namespace with Containers. Currently the --hostname is not passed to the pod created when you create a container and pod in the same command. Also fix error message on supported --share flags Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12547 from cevich/cached_swaggerOpenShift Merge Robot2021-12-09
|\ \ | |/ |/| [CI:DOCS] Cirrus: Use cached swagger binary
| * Cirrus: Use cached swagger binaryChris Evich2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | An error was observed in another PR while downloading the swagger binary. The error was relating to the upstream egress quota. Obviously our downloading it every time for each CI run isn't helping. Fix this by moving the download into the image-build process, and simply re-use the already present binary here. Ref: https://github.com/containers/automation_images/pull/103 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #12556 from edsantiago/rm_rm_podman_pause_imageOpenShift Merge Robot2021-12-09
|\ \ | | | | | | System tests: remove rm_pause_image()
| * | System tests: remove rm_pause_image()Ed Santiago2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | ...it's not needed: teardown() already does it. Or, it would, if it had been updated to deal with the new pause image naming convention, which I've just done. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12557 from vrothberg/fix-11825OpenShift Merge Robot2021-12-09
|\ \ \ | |/ / |/| | inotify: make sure to remove files
| * | inotify: make sure to remove filesValentin Rothberg2021-12-09
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #11825 suggests that *rootless* Podman can run into situations where too many inotify fds are open. Indeed, rootless Podman has a slightly higher usage of inotify watchers than the root counterpart when using slirp4netns Make sure to not only close all watchers but to also remove the files from being watched. Otherwise, the fds only get closed when the files are removed. [NO NEW TESTS NEEDED] since we don't have a way to test it. Fixes: #11825 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12545 from vrothberg/fix-12477OpenShift Merge Robot2021-12-09
|\ \ | | | | | | generate systemd: support entrypoint JSON strings
| * | generate systemd: support entrypoint JSON stringsValentin Rothberg2021-12-08
| | | | | | | | | | | | | | | | | | | | | Make sure to preserve the quoting of entrypoint JSON strings. Fixes: #12477 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12541 from flouthoc/remote_blank_entrypointOpenShift Merge Robot2021-12-08
|\ \ \ | |_|/ |/| | specgen: honor empty args for entrypoint specified as `--entrypoint ""`
| * | specgen: honor empty args for entrypointAditya Rajan2021-12-08
| |/ | | | | | | | | | | | | | | | | | | | | Users should be able to override containers entrypoint using `--entrypoint ""` following works fine for podman but not for podman remote. Specgen ignores empty argument for entrypoint so make specgen honor empty arguments. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | Merge pull request #12529 from vrothberg/fix-12436OpenShift Merge Robot2021-12-08
|\ \ | | | | | | remove runlabel test for global opts
| * | remove runlabel test for global optsValentin Rothberg2021-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | GLOBAL_OPTS haven't been supported for at least two major versions of Podman. The runlabel code is extremely fragile and I think it should be rewritten before adding new features. Fixes: #12436 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12543 from ↵OpenShift Merge Robot2021-12-08
|\ \ \ | |_|/ |/| | | | | | | | containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.30.0incompatible Bump github.com/uber/jaeger-client-go from 2.29.1+incompatible to 2.30.0+incompatible
| * | Bump github.com/uber/jaeger-client-godependabot[bot]2021-12-08
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.29.1+incompatible to 2.30.0+incompatible. - [Release notes](https://github.com/uber/jaeger-client-go/releases) - [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber/jaeger-client-go/compare/v2.29.1...v2.30.0) --- updated-dependencies: - dependency-name: github.com/uber/jaeger-client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #12538 from giuseppe/fix-12535OpenShift Merge Robot2021-12-08
|\ \ | | | | | | utils: reintroduce moveToCgroup
| * | utils: reintroduce moveToCgroupGiuseppe Scrivano2021-12-08
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit ee62711136339c5daf38e38859227d85b06fc32a introduced the regression. It was mistakenly removed as part of a cleanup, but this code is needed by another code path, where we move conmon for the exec session to the same cgroup used by conmon for the process. Closes: https://github.com/containers/podman/issues/12535 [NO NEW TESTS NEEDED] it fixes a regression in the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #12531 from vrothberg/fix-11636OpenShift Merge Robot2021-12-07
|\ \ | | | | | | vendor c/image/v5@main
| * | vendor c/image/v5@mainValentin Rothberg2021-12-07
| |/ | | | | | | | | | | | | | | Mainly to pull in fixes for #11636 which handles credential helpers correctly. Fixes: #11636 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12524 from Luap99/resolve-symlinkOpenShift Merge Robot2021-12-07
|\ \ | | | | | | rootless netns: resolve all path components for resolv.conf
| * | rootless netns: resolve all path components for resolv.confPaul Holzinger2021-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to follow all symlinks in the /etc/resolv.conf path. Currently we would only check the last file but it is possible that any directory before that is also a link. Unfortunately this code is very hard to maintain and not well tested. I will try to come up with a unit test when I have more time. I think we could utilize some for of chroot for this. For now we are stucked with the default setup in the fedora/ubunutu test VMs. [NO NEW TESTS NEEDED] Fixes #12461 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12532 from lsm5/containers-common-rpm-version-coprOpenShift Merge Robot2021-12-07
|\ \ \ | |_|/ |/| | autocopr: distro conditionals for containers-common
| * | autocopr: distro conditionals for containers-commonLokesh Mandvekar2021-12-07
|/ / | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #12498 from rhatdan/cgroupsOpenShift Merge Robot2021-12-07
|\ \ | | | | | | Update vendor or containers/common moving pkg/cgroups there
| * | Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12528 from flouthoc/dont_modify_mount_permissionsOpenShift Merge Robot2021-12-07
|\ \ \ | |/ / |/| | volume: apply exact permission of target directory without adding extra `0111`