summaryrefslogtreecommitdiff
path: root/pkg/api/server
Commit message (Collapse)AuthorAge
* podman.service: use sdnotiyValentin Rothberg2020-08-13
| | | | | | | | | | | | | | | | Commit 2b6dd3fb4384 set the killmode of the podman.service to the systemd default which ultimately lead to the problem that systemd will kill *all* processes inside the unit's cgroup and hence kill all containers whenever the service is stopped. Fix it by setting the type to sdnotify and the killmode to process. `podman system service` will send the necessary notify messages when the NOTIFY_SOCKET is set and unset it right after to prevent the backend and container runtimes from jumping in between and send messages as well. Fixes: #7294 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Unconditionally retrieve pod names via APIMatthew Heon2020-08-10
| | | | | | | | | | | | | | | | | | The ListContainers API previously had a Pod parameter, which determined if pod name was returned (but, notably, not Pod ID, which was returned unconditionally). This was fairly confusing, so we decided to deprecate/remove the parameter and return it unconditionally. To do this without serious performance implications, we need to avoid expensive JSON decodes of pod configuration in the DB. The way our Bolt tables are structured, retrieving name given ID is actually quite cheap, but we did not expose this via the Libpod API. Add a new GetName API to do this. Fixes #7214 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7097 from QiWang19/usagedateOpenShift Merge Robot2020-08-03
|\ | | | | [CI:DOCS] apiv2 fix volumes not included field
| * [CI:DOCS] apiv2 fix volumes not inculded fieldQi Wang2020-07-29
| | | | | | | | | | | | Do not use volume from docker since UsageData field is not need. It's nullable in docker API and expensive to add. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7141 from rhafer/image_descr_testOpenShift Merge Robot2020-08-03
|\ \ | | | | | | Add test case for description being present in search result
| * | Make `search --no-trunc` work for podman remoteRalf Haferkamp2020-07-31
| |/ | | | | | | | | | | | | The HTTP API for image search was still lacking support of the NoTrunc parameter. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* / Add versioned _ping endpointJhon Honce2020-07-31
|/ | | | | | Fixes #7008 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove 'experimental' from API docTomSweeneyRedHat2020-07-25
| | | | | | | | | The v2.0 reference [page](http://docs.podman.io/en/latest/Reference.html) lists the API as experimental. Removed that word and reworked the first paragraph a bit based on verbiage that @mheon put together for the API intro blog. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Fix Generate API title/descriptionAshley Cui2020-07-21
| | | | | | generate kube title and descritopn was same as play kube for apiv2 docs Signed-off-by: Ashley Cui <acui@redhat.com>
* Fix: Correct connection counters for hijacked connectionsKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | This patch fixes connection counters for v2 endpoints Idletracker was moved to a new package to prevent package cycle. Hijacking code still remains in wrong place and should be moved later to isolated package Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* Remove hijacked connections from active connections listKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | StateHijacked is a terminal state. If hijacked connection is registered as an active connection, connection will never be unregistered. This causes two issues First issue is that active connection counters are off. Second issue is a resource leak caused by connection object that is stored to a map. After this patch hijacked connections are no longer visible in counters. If a counter for hijacked connections is required, podman must track connections returned by Hijacker.Hijack() It might make sense to develop abstraction layer for hijacking - and move all hijacking related code to a separate package. Hijacking code is prone to resource leaks and it should be thoroughly tested. Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* APIv2:fix: Handle docker volume force as expectedmaybe-sybr2020-07-02
| | | | | | | | | In response to input regarding the semantic difference for the `force` parameter for volume removal between Docker and us, this change ensures that we emulate the Dockr behaviour correctly when this parameter is specified. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* APIv2: Add docker compatible volume endpointsmaybe-sybr2020-07-02
| | | | | | | | | | | | | | | | This change implements docker compatibile endpoint for interacting with volumes. The code is mostly lifted from the `libpod` API handlers but decodes and constructs data using types defined in the docker API package. Some notable support caveats with the current implementation: * we don't return the nullable `Status` or `UsageData` keys when returning volume information for inspect and create endpoints * we don't support filters when pruning * we return a fixed `0` for the `SpaceReclaimed` key when pruning since we have no insight into how much space was freed from runtime Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* Ensure umask is set appropriately for 'system service'Matthew Heon2020-06-26
| | | | | | | | | | | | We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6738 from maybe-sybr/maybe/apiv2/fix-network-compat-urlsOpenShift Merge Robot2020-06-24
|\ | | | | APIv2:fix: Remove `/json` from compat network EPs
| * APIv2:fix: Remove `/json` from compat network EPsmaybe-sybr2020-06-24
| | | | | | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | APIv2:doc: Fix swagger doc to refer to volumesmaybe-sybr2020-06-24
|/ | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* fix misc remote build issuesBrent Baude2020-06-17
| | | | | | | | | address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".". Fixes: #6578 Fixes: #6577 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6638 from jwhonce/issues/6548OpenShift Merge Robot2020-06-17
|\ | | | | [CI:DOCS] Fixes #6548
| * [CI:DOCS] Fixes #6548Jhon Honce2020-06-16
| | | | | | | | | | | | * Update swagger documentation Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | [CI:DOCS] Fix carriage returns in API v2 headerTomSweeneyRedHat2020-06-11
| | | | | | | | | | | | | | | | ReadTheDocs was wrapping lines and removing leading spaces unless there a blank line in between. This adds the blank lines to make the examples more readable on https://docs.podman.io/en/latest/_static/api.html Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | [CI:DOCS] Add quick start directions to APIv2 DockTomSweeneyRedHat2020-06-11
|/ | | | | | | | | | Adds some quick start up directions to the top of the API v2 documentation and a few examples. This strongly leverages comments from @jgallucci32 in #6535. Fixes: #6535 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6356 from baude/v2copyendpointsOpenShift Merge Robot2020-05-30
|\ | | | | v2 copy endpoints
| * v2 copy endpointsBrent Baude2020-05-26
| | | | | | | | | | | | add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6407 from baude/v2eventsstreamOpenShift Merge Robot2020-05-27
|\ \ | | | | | | Add streaming ability to endpoint
| * | Add streaming ability to endpointBrent Baude2020-05-27
| |/ | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* / v2 libpod push: correct docsValentin Rothberg2020-05-27
|/ | | | | | | | | The swagger documentation for the libpod push endpoint were not in sync with the implementation. Correct these docs to reflect the parameters that are actually supported. Fixes: #6388 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6238 from baude/v2compatnetOpenShift Merge Robot2020-05-25
|\ | | | | network compatibility endpoints for API
| * network compatibility endpoints for APIBrent Baude2020-05-22
| | | | | | | | | | | | add endpoints for networking compatibility with the API. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Add MethodNotAllowedHandler() to add in debuggingJhon Honce2020-05-22
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Removes remote system reset functionality. skip e2e test for remote.Sujil022020-05-22
| | | | | | | As system reset too dangerous for remote use, deleting the functionality and the test case. Signed-off-by: Sujil02 <sushah@redhat.com>
* v2 podman-remote buildBrent Baude2020-05-21
| | | | | | this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals. Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS] Image tree endpoint should return 404Brent Baude2020-05-20
| | | | | | | | when trying to get an image tree for a missing image, it should return a 404. doc fix only. Fixes: #6289 Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 Implement terminal handling in bindings attachJhon Honce2020-05-18
| | | | | | | | | * Add support for /exec/{id}/resize * Add support for ErrSessionNotFound * Resize container TTY as stdin changes size * Refactor all resize functions into one handler Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2endpoint remove image path correctionBrent Baude2020-05-18
| | | | | | | | | | | | the endpoint for single image removal (on the libpod side) should be as follows: versionedPath/libpod/images/IMAGENAME The DELETE method then signifies the removal of the image. Fixes: #6261 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Drop APIv2 resize endpointMatthew Heon2020-05-15
| | | | | | | Jhon is working on an alternative version that will combine container and exec session resize, so we'll wait for that. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Update API documentation for InspectMatthew Heon2020-05-14
| | | | | | | | | Most importantly, note the pruning behavior of compat Inspect. Less importantly, note that the Tty parameter to Start is only ignored, as opposed to being not supported. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add APIv2 handler for resizing exec sessionsMatthew Heon2020-05-14
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Wire in endpoint for ExecStartMatthew Heon2020-05-14
| | | | | | | This is still very early not not well tested, and missing resize capability, but it does provide the first bits of exec. Signed-off-by: Matthew Heon <mheon@redhat.com>
* enable podman v2 networking for remote clientBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* add podman remote system dfBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Adds tunnel routes for system reset.Sujil022020-05-11
| | | | | | | | Adds tunnel routes for system reset. Makes forces flag local as options are not propogated down the stack. Adds relevant test cases and swagger docs. Signed-off-by: Sujil02 <sushah@redhat.com>
* V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* add {generate,play} kubeValentin Rothberg2020-05-06
| | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>