summaryrefslogtreecommitdiff
path: root/pkg/api/server
Commit message (Collapse)AuthorAge
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6356 from baude/v2copyendpointsOpenShift Merge Robot2020-05-30
|\ | | | | v2 copy endpoints
| * v2 copy endpointsBrent Baude2020-05-26
| | | | | | | | | | | | add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6407 from baude/v2eventsstreamOpenShift Merge Robot2020-05-27
|\ \ | | | | | | Add streaming ability to endpoint
| * | Add streaming ability to endpointBrent Baude2020-05-27
| |/ | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* / v2 libpod push: correct docsValentin Rothberg2020-05-27
|/ | | | | | | | | The swagger documentation for the libpod push endpoint were not in sync with the implementation. Correct these docs to reflect the parameters that are actually supported. Fixes: #6388 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6238 from baude/v2compatnetOpenShift Merge Robot2020-05-25
|\ | | | | network compatibility endpoints for API
| * network compatibility endpoints for APIBrent Baude2020-05-22
| | | | | | | | | | | | add endpoints for networking compatibility with the API. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Add MethodNotAllowedHandler() to add in debuggingJhon Honce2020-05-22
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Removes remote system reset functionality. skip e2e test for remote.Sujil022020-05-22
| | | | | | | As system reset too dangerous for remote use, deleting the functionality and the test case. Signed-off-by: Sujil02 <sushah@redhat.com>
* v2 podman-remote buildBrent Baude2020-05-21
| | | | | | this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals. Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS] Image tree endpoint should return 404Brent Baude2020-05-20
| | | | | | | | when trying to get an image tree for a missing image, it should return a 404. doc fix only. Fixes: #6289 Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 Implement terminal handling in bindings attachJhon Honce2020-05-18
| | | | | | | | | * Add support for /exec/{id}/resize * Add support for ErrSessionNotFound * Resize container TTY as stdin changes size * Refactor all resize functions into one handler Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2endpoint remove image path correctionBrent Baude2020-05-18
| | | | | | | | | | | | the endpoint for single image removal (on the libpod side) should be as follows: versionedPath/libpod/images/IMAGENAME The DELETE method then signifies the removal of the image. Fixes: #6261 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Drop APIv2 resize endpointMatthew Heon2020-05-15
| | | | | | | Jhon is working on an alternative version that will combine container and exec session resize, so we'll wait for that. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Update API documentation for InspectMatthew Heon2020-05-14
| | | | | | | | | Most importantly, note the pruning behavior of compat Inspect. Less importantly, note that the Tty parameter to Start is only ignored, as opposed to being not supported. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add APIv2 handler for resizing exec sessionsMatthew Heon2020-05-14
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Wire in endpoint for ExecStartMatthew Heon2020-05-14
| | | | | | | This is still very early not not well tested, and missing resize capability, but it does provide the first bits of exec. Signed-off-by: Matthew Heon <mheon@redhat.com>
* enable podman v2 networking for remote clientBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* add podman remote system dfBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Adds tunnel routes for system reset.Sujil022020-05-11
| | | | | | | | Adds tunnel routes for system reset. Makes forces flag local as options are not propogated down the stack. Adds relevant test cases and swagger docs. Signed-off-by: Sujil02 <sushah@redhat.com>
* V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* add {generate,play} kubeValentin Rothberg2020-05-06
| | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* image removal: refactor part 2Valentin Rothberg2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5907 from sujil02/systemprune-v2OpenShift Merge Robot2020-04-28
|\ | | | | Adding system prune for podman v2
| * Adding system prune for podman v2Sujil022020-04-24
| | | | | | | | | | | | | | Register system prune route, handler to support system prune, Adds testcase to validate the system prune flow. Signed-off-by: Sujil02 <sushah@redhat.com>
* | implement pod statsValentin Rothberg2020-04-27
| | | | | | | | | | | | | | Implement pod stats for the local and remote client. Both code paths end up in infra/abi to allow for code share. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Instrumentation to answer #5765Jhon Honce2020-04-22
| | | | | | | | | | | | * currently wired to localhost:8888 to prevent access from off machine Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | podman rmi: refactor logicValentin Rothberg2020-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While this commit was initially meant to fix #5847, it has turned into a bigger refactoring which I did not manage to break into smaller pieces: * Fix #5847 by refactoring the image-removal logic. * Make the api handler for image-removal use the ABI code. This way, both (i.e., ABI and Tunnel) end up using the same code. Achieving this code share required to move some code around to prevent circular dependencies. * Everything in pkg/api (excluding pkg/api/types) must now only be accessed from code using `ABISupport`. * Avoid imports from entities on handlers to prevent circular dependencies. * Move `podman system service` logic into `cmd` to prevent circular dependencies - it depends on pkg/api. * Also remove the build header from infra/abi files. It will otherwise confuse swagger and other tools; errors we cannot fix as go doesn't expose a build-tag env variable. Fixes: #5847 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5872 from jwhonce/wip/optionsOpenShift Merge Robot2020-04-20
|\ \ | |/ |/| V2 Fix support for tcp://[::]<port> connections
| * V2 Fix support for tcp://[::]<port> connectionsJhon Honce2020-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | * Fix support for socket activation, on remote and service $ systemd-socket-activate -l 8083 --fdname=podman bin/podman system service --log-level=debug --time=30 $ bin/podman-remote --remote=tcp://[::]:8083 image ls Or, use the podman.{socket,service} unit files $ bin/podman-remote --remote=unix:///run/podman/podman.sock image ls Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Add pod prune for api v2.Sujil022020-04-17
|/ | | | | | | | Add the ability to prune pods for api v2, Includes the addition of force flag, for client side prompt. Update test suite to support this use case. Signed-off-by: Sujil02 <sushah@redhat.com>
* podman v2 remove bloat v2Brent Baude2020-04-16
| | | | | | rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
* swagger-check: new CI tool to cross-check swaggerEd Santiago2020-04-14
| | | | | | | | | | | | New script cross-references r.Handle() and r.HandleFunc() calls against the preceding '// swagger:operation' comments, and exits failure (with descriptive error messages) if any comments do not match the code. This script should not be necessary: the swagger comments should be autogenerated from the source code. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #5755 from mheon/fix_attachOpenShift Merge Robot2020-04-14
|\ | | | | Improve APIv2 support for Attach
| * Improve APIv2 support for AttachMatthew Heon2020-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A few major fixes here: - Support for attaching to Configured containers, to match Docker behavior. - Support for stream parameter has been improved (we now properly handle cases where it is not set). - Initial support for logs parameter has been added. - Setting attach streams when the container has a terminal is now supported. - Errors are properly reported once the hijack has begun. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #5709 from vrothberg/v2-searchOpenShift Merge Robot2020-04-14
|\ \ | | | | | | podmanV2: implement search
| * | podmanV2: implement searchValentin Rothberg2020-04-09
| | | | | | | | | | | | | | | | | | | | | | | | Also implement a new libpod endpoint to add more parameters and to prevent us from converting between slices and maps and make use of the filter parsing in the image backend. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | v2podman add container initBrent Baude2020-04-13
| | | | | | | | | | | | | | | | | | add the ability to init a container both local and remote Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Refactor service idle supportJhon Honce2020-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move connection tracking into APIServer using ConnState() * Remove Connection counters from CLI code * Update events handler to support client not closing connection * Improve logging messages Fixes #5599 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | V2 podman system serviceJhon Honce2020-04-07
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added support for system service * Enabled linting on the varlinkapi source, needed to support V2 service command * Added support for PODMAN_SOCKET Skip linting deprecated code Rather than introduce bugs by correcting deprecated code, linting the code is being skipped. Code that is being ported into V2 is being checked. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / V2 podman diff(changes) supportJhon Honce2020-04-07
|/ | | | | | | | | * Ported CLI command * Added API endpoint * Added bindings * Updated swagger (TODO: n endpoints, one handler) Signed-off-by: Jhon Honce <jhonce@redhat.com>
* refactor infoBrent Baude2020-04-06
| | | | | | the current implementation of info, while typed, is very loosely done so. we need stronger types for our apiv2 implmentation and bindings. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5672 from baude/v2saveOpenShift Merge Robot2020-04-03
|\ | | | | podmanv2 save image
| * podmanv2 save imageBrent Baude2020-04-03
| | | | | | | | | | | | add ability to save an image for podman v2 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5638 from baude/v2containercheckOpenShift Merge Robot2020-04-03
|\ \ | |/ |/| podmanv2 checkpoint and restore
| * podmanv2 checkpoint and restoreBrent Baude2020-04-03
| | | | | | | | | | | | add the ability to checkpoint and restore containers on v2podman Signed-off-by: Brent Baude <bbaude@redhat.com>
* | podmanV2: implement pushValentin Rothberg2020-04-02
|/ | | | | | | | | | | | | | | | | * Implement `podman-push` and `podman-image-push` for the podmanV2 client. * Tests for `pkg/bindings` are not possible at the time of writing as we don't have a local registry running. * Implement `/images/{name}/push` compat endpoint. Tests are not implemented for this v2 endpoint. It has been tested manually. General note: The auth config extraction from the http header is not implement for push. Since it's not yet supported for other endpoints either, I deferred it to future work. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>