summaryrefslogtreecommitdiff
path: root/pkg/api/handlers
Commit message (Collapse)AuthorAge
* Handlers for `generate systemd` with custom dependenciesesendjer2022-01-19
| | | | | | | | | | | | | | This commit includes: * Handlers for generate systemd unit with manually defined dependencies such as: Wants=, After= and Requires= * The new unit and e2e tests for checking generated systemd units for container and pod with custom dependencies * Documented descriptions for custom dependencies options Signed-off-by: Eugene (Evgenii) Shubin <esendjer@gmail.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12860 from rhatdan/cgroupsOpenShift Merge Robot2022-01-17
|\ | | | | Use CONTAINERS_CONF cgroups flag for remote API.
| * Standardize on capatalized CgroupsDaniel J Walsh2022-01-14
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12572 from rhatdan/imageOpenShift Merge Robot2022-01-15
|\ \ | | | | | | Remove two GetImages functions from API
| * | Remove two GetImages functions from APIDaniel J Walsh2022-01-14
| |/ | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] This is just code cleanup. The remote API has three different GetImages functions, which I believe can be handled by just one function. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Refactor manifest list operationsJhon Honce2022-01-14
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update method/function signatures use the manifest list name and images associated with the operation explicitly, in general func f(ctx context.Context, manifestListName string, ImageNames []string, options *fOptions) * Leverage gorilla/mux Subrouters to support API v3.x and v4.x for manifests * Make manifest API endpoints more RESTful * Add PUT /manifest/{id} to update existing manifests * Add manifests.Annotate to go bindings, uncommented unit test * Add DELETE /manifest/{Id} to remove existing manifest list, use PUT /manifest/{id} to remove images from a list * Deprecated POST /manifest/{id}/add and /manifest/{id}/remove, use PUT /manifest/{id} instead * Corrected swagger godoc and updated to cover API changes * Update podman manifest commands to use registry.Context() * Expose utils.GetVar() to obtain query parameters by name * Unexpose server.registerSwaggerHandlers, not sure why this was ever exposed. * Refactored code to use http.Header instead of map[string]string when operating on HTTP headers. * Add API-Version header support in bindings to allow calling explicate versions of the API. Header is _NOT_ forwarded to the API service. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman build enable --all-platforms and --unsetenvPaul Holzinger2022-01-13
| | | | | | | Make sure we add support for allplatforms and unsetenv to both local and remote podman. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* update buildah to latest and use new network stackPaul Holzinger2022-01-12
| | | | | | Make sure buildah uses the new network stack. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* use libnetwork from c/commonPaul Holzinger2022-01-12
| | | | | | | | The libpod/network packages were moved to c/common so that buildah can use it as well. To prevent duplication use it in podman as well and remove it from here. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add podman rm --dependDaniel J Walsh2022-01-11
| | | | | | | | | | | This option causes Podman to not only remove the specified containers but all of the containers that depend on the specified containers. Fixes: https://github.com/containers/podman/issues/10360 Also ran codespell on the code Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Use the InfraImage defined in containers.confDaniel J Walsh2022-01-10
| | | | | | | | | Remove hard code use of the DefaultInfraImage and rely on getting this from containers.conf. Fixes: https://github.com/containers/podman/issues/12771 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11538 from mtrmac/http-credentialsOpenShift Merge Robot2022-01-06
|\ | | | | Fix HTTP credentials passing
| * Don't return a header name from auth.GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | Almost every caller is using it only to wrap an error in exactly the same way, so move that error context into GetCredentials and simplify the users. (The one other caller, build, was even wrapping the error incorrectly talking about query parameters; so let it use the same text as the others.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ \ | | | | | | Pod Security Option support and Infra Inheritance changes
| * | Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #12735 from rhatdan/mountOpenShift Merge Robot2022-01-04
|\ \ \ | | | | | | | | Fix Container List API call to return mount info
| * | | Fix Container List API call to return mount infoDaniel J Walsh2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are hard coding mounts to return nil in compat API, since we have the data, we should return it. Fixes: https://github.com/containers/podman/issues/12734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12643 from leahneukirchen/events-compatOpenShift Merge Robot2022-01-04
|\ \ \ \ | |/ / / |/| | | legacy events: also set Action="die"
| * | | legacy events: also set exitCodeLeah Neukirchen2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Status = "die", Docker sets the exit code of the container to a field "exitCode". Podman uses "containerExitCode". Copy the value into "exitCode" as well, for compatibility. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
| * | | legacy events: also set Action="die"Leah Neukirchen2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #10168, on the event "died", the Status is set to "die" for compatibility with the Docker API. Docker also sets the field Action to "died", so do the same here. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | | prefix imageId with sha256: in containers listOliver2021-12-29
| |/ / |/| | | | | | | | | | | | | | test for compat API ImageId Signed-off-by: Oliver Thallmair <oliver.thallmair@mailbox.org>
* | | Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12664 from cdoern/noManagePasswdOpenShift Merge Robot2021-12-22
|\ \ \ | | | | | | | | Podman run --passwd
| * | | Podman run --passwdcdoern2021-12-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* / / compat: image normalization: handle sha256 prefixValentin Rothberg2021-12-20
|/ / | | | | | | | | | | | | | | | | | | When normalizing image names on the compat API, make sure to take the `sha256:` prefix into account when matching against the image ID. Otherwise, the name will mistakingly be subject to docker.io normalization. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12534 from Luap99/network-dbOpenShift Merge Robot2021-12-15
|\ \ | | | | | | network db rewrite
| * | play kube add support for multiple networksPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | Allow the same --network options for play kube as for podman run/create. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect swagger doc for network dis/connectPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | The swagger api docs used the extra Body struct as part of the request which is wrong. We just want the plain type. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network connect allow ip, ipv6 and mac addressPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Network connect now supports setting a static ipv4, ipv6 and mac address for the container network. The options are added to the cli and api. Fixes #9883 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Fixes #12063 Add docker compatible output after image build.Ananth Bhaskararaman2021-12-14
|/ / | | | | | | Signed-off-by: Ananth Bhaskararaman <antsub@gmail.com>
* / compat build: adhere to q/quietValentin Rothberg2021-12-13
|/ | | | | Fixes: #12566 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add restart-sec option to systemd generateOndra Machacek2021-12-03
| | | | Signed-off-by: Ondra Machacek <omachace@redhat.com>
* Merge pull request #12483 from vrothberg/fix-12468OpenShift Merge Robot2021-12-02
|\ | | | | compat API: push: report size of manifest
| * compat API: push: report size of manifestDaniel J Walsh2021-12-02
| | | | | | | | | | | | | | | | | | | | | | | | We don't yet have a local registry running in the APIv2 tests. Tested manually. [NO NEW TESTS NEEDED] Fixes: https://github.com/containers/podman/issues/12468 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | compat: images/jsonValentin Rothberg2021-12-02
|/ | | | | | | Do not list manifest lists. Docker doesn't either. Fixes: #12453 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12414 from flouthoc/api-allow-secretsOpenShift Merge Robot2021-11-30
|\ | | | | tunnel: allow `remote` and `API` to accept `--secrets`
| * podman-remote: prevent leaking secret into imageAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | Prevents temp secrets leaking into image by moving it away from context directory to parent builder directory. Builder directory automatically gets cleaned up when we are done with the build. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * podman-remote: copy secret to contextdir is absolute path on hostAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | Podman remote must treat build secrets as part of context directory. If secret path is absolute path on host copy it to tar file and pass it to remote server. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * api: allow build api to accept secretsAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | | | | | | | Following commit makes sure that `build` api can accept external secret and allows currently `NOOP` `podman-remote build -t tag --secret id=mysecret,src=/path/on/remote` to become functional. Just like `docker` following api is a hidden field and only exposed to `podman-remote` but could document it if it needs exposed on `swagger`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | compat API: allow enforcing short-names resolution to Docker HubValentin Rothberg2021-11-30
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Docker-compatible REST API has historically behaved just as the rest of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where `containers-registries.conf` is centrally controlling which registries a short name may resolve to during pull or local image lookups. Please refer to a blog for more details [1]. Docker, however, is only resolving short names to docker.io which has been reported (see #12320) to break certain clients who rely on this behavior. In order to support this scenario, `containers.conf(5)` received a new option to control whether Podman's compat API resolves to docker.io only or behaves as before. Most endpoints allow for directly normalizing parameters that represent an image. If set in containers.conf, Podman will then normalize the references directly to docker.io. The build endpoint is an outlier since images are also referenced in Dockerfiles. The Buildah API, however, supports specifying a custom `types.SystemContext` in which we can set a field that enforces short-name resolution to docker.io in `c/image/pkg/shortnames`. Notice that this a "hybrid" approach of doing the normalization directly in the compat endpoints *and* in `pkg/shortnames` by passing a system context. Doing such a hybrid approach is neccessary since the compat and the libpod endpoints share the same `libimage.Runtime` which makes a global enforcement via the `libimage.Runtime.systemContext` impossible. Having two separate runtimes for the compat and the libpod endpoints seems risky and not generally applicable to all endpoints. [1] https://www.redhat.com/sysadmin/container-image-short-names Fixes: #12320 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12405 from flouthoc/compat-build-errorOpenShift Merge Robot2021-11-29
|\ | | | | compat: Add compatiblity with `Docker/Moby` API for scenarios where build fails.
| * compat: Add compatiblity with Docker/Moby API for scenarios where build failsAditya Rajan2021-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to maintain compatiblity with `moby API` we must the field `errorDetail` which is primary error reporting field with stream. Currently podman is using `error` which is already deprecated by moby. Check: https://github.com/moby/moby/blob/master/pkg/jsonmessage/jsonmessage.go#L147 [NO NEW TESTS NEEDED] We can't test this in podman CI since we dont have a docker client. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | fix: error reporting for archive endpointMatej Vasek2021-11-28
|/ | | | | | Returning 500 when copying to read-only destination. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Merge pull request #12328 from serverwentdown/fix-compat-ipaddressDaniel J Walsh2021-11-23
|\ | | | | compat: Add subnet mask behind IP address to match Docker API
| * compat: Add subnet mask behind IP address to match Docker APIAmbrose Chua2021-11-20
| | | | | | | | Signed-off-by: Ambrose Chua <ambrose@hey.com>
* | generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | compat: add layer caching compatiblity for non podman clientsAditya Rajan2021-11-22
|/ | | | | | | | | | | | | Non-podman clients do not set `layers` while making request. This is supposed to be `true` bydefault but `non-podman-clients i.e Docker` dont know about this field as a result they end up setting this values to `false`. Causing builds to never use cache for layers. Adds compatiblity for `docker SDK`. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* api/handlers: Add checkpoint/restore FileLocksRadostin Stoyanov2021-11-19
| | | | Signed-off-by: Radostin Stoyanov <radostin@redhat.com>