summaryrefslogtreecommitdiff
path: root/pkg/api
Commit message (Collapse)AuthorAge
* Merge pull request #9125 from ashley-cui/secretswiringOpenShift Merge Robot2021-02-09
|\ | | | | Implement Secrets
| * Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | | | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #9246 from rhatdan/buildOpenShift Merge Robot2021-02-08
|\ \ | | | | | | Implement missing arguments for podman build
| * | Implement missing arguments for podman buildDaniel J Walsh2021-02-08
| |/ | | | | | | | | | | | | | | Buildah bud passes a bunch more flags then podman build. We need to implement hook up all of these flags to get full functionality. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / add network prunebaude2021-02-06
|/ | | | | | | | | add the ability to prune unused cni networks. filters are not implemented but included both compat and podman api endpoints. Fixes :#8673 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #9048 from matejvasek/apiv2_waitOpenShift Merge Robot2021-02-05
|\ | | | | Fix Docker APIv2 container wait endpoint
| * Implement Docker wait conditionsMatej Vasek2021-02-03
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * Improve ContainerEngine.ContainerWait()Matej Vasek2021-02-03
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #9182 from mheon/bump_apiOpenShift Merge Robot2021-02-05
|\ \ | |/ |/| Bump remote API version to 3.0.0
| * Bump remote API version to 3.0.0Matthew Heon2021-02-04
| | | | | | | | | | | | Fixes #9175 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #9188 from jwhonce/issues/8865OpenShift Merge Robot2021-02-03
|\ \ | | | | | | Report StatusConflict on Pod opt partial failures
| * | Report StatusConflict on Pod opt partial failuresJhon Honce2021-02-02
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | - When one or more containers in the Pod reports an error on an operation report StatusConflict and report the error(s) - jsoniter type encoding used to marshal error as string using error.Error() - Update test framework to allow setting any flag when creating pods - Fix test_resize() result check Fixes #8865 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Fix invalid wait condition on killDaniel J Walsh2021-02-03
|/ | | | | | | | | | | When using the compatability tests on kill, the kill function goes into an infinite wait loop taking all of the CPU. This change will use the correct wait function and exit properly. Fixes: https://github.com/containers/podman/issues/9206 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9051 from rhatdan/rmOpenShift Merge Robot2021-02-01
|\ | | | | Switch podman stop/kill/wait handlers to use abi
| * Switch podman stop/kill/wait handlers to use abiDaniel J Walsh2021-01-29
| | | | | | | | | | | | | | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: implement remote API for --all and --ignore flags for podman stop implement remote API for --all flags for podman stop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Endpoint that lists containers does not return correct Status valueMilivoje Legenovic2021-01-31
|/ | | | | | | | | Eclipse and Intellij Docker plugin determines the state of the container via the Status field, returned from /containers/json call. Podman always returns empty string, and because of that, both IDEs show the wrong state of the container. Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* Podman-remote push can support --formatDaniel J Walsh2021-01-29
| | | | | | | | Fix man page to document podman push --format fully. Also found that push was not handling the tlsverify so fixed this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9115 from rhatdan/pullOpenShift Merge Robot2021-01-28
|\ | | | | Switch podman image push handlers to use abi
| * Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | podman-remote ps --external --pod --sort do not work.Daniel J Walsh2021-01-27
|/ | | | | | | | | | Fixup the bindings and the handling of the --external --por and --sort flags. The --storage option was renamed --external, make sure we use external up and down the stack. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9029 from mergetb/masterOpenShift Merge Robot2021-01-26
|\ | | | | [CI:DOCS] api: fix import image swagger definition
| * api: fix import image swagger definitionRyan Goodfellow2021-01-21
| | | | | | | | | | | | | | | | | | The podman API implementation only accepts image uploads with the applicatoin/x-tar content type, however the generated swagger documentation currently states this should be a form encoded file with the content type application/x-www-form-urlencoded which does not work. Signed-off-by: Ryan Goodfellow <rgoodfel@isi.edu>
* | Merge pull request #9070 from rhatdan/searchOpenShift Merge Robot2021-01-26
|\ \ | | | | | | Fixup search
| * | Fixup searchDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote search had some FIXMEs in tests that were failing. So I reworked the search handler to use the local abi. This means the podman search and podman-remote search will use the same functions. While doing this, I noticed we were just outputing errors via logrus.Error rather then returning them, which works ok for podman but the messages get lost on podman-remote. Changed the code to actually return the error messages to the caller. This allows us to turn on the remaining podman-remote FIXME tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9084 from rhatdan/overrideOpenShift Merge Robot2021-01-26
|\ \ \ | | | | | | | | Fix --arch and --os flags to work correctly
| * | | Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Ensure shutdown handler access is syncronizedMatthew Heon2021-01-25
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was a potential race where two handlers could be added at the same time. Go Maps are not thread-safe, so that could do unpleasant things. Add a mutex to keep things safe. Also, swap the order or Register and Start for the handlers in Libpod runtime created. As written, there was a small gap between Start and Register where SIGTERM/SIGINT would be completely ignored, instead of stopping Podman. Swapping the two closes this gap. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / / swagger.go: Fix compilation errorReinhard Tartler2021-01-24
|/ / | | | | | | | | | | | | | | | | | | | | Error looks like: # github.com/containers/podman/pkg/api/handlers/swagger src/github.com/containers/podman/pkg/api/handlers/swagger/swagger.go:169:3: undefined: libpod.InspectVolumeData [NO TESTS NEEDED] Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* / podman manifest existsPaul Holzinger2021-01-22
|/ | | | | | Add podman manifest exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9027 from Luap99/podman-volume-existsOpenShift Merge Robot2021-01-21
|\ | | | | Podman volume exists
| * podman volume existsPaul Holzinger2021-01-21
| | | | | | | | | | | | Add podman volume exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9036 from baude/composelogOpenShift Merge Robot2021-01-21
|\ \ | | | | | | Set log driver for compatibility containers
| * | Set log driver for compatability containersbaude2021-01-20
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the compatibility api to create containers, now reflect the use of k8s-file as json-file so that clients, which are unaware of k8s-file, can work. specifically, if the container is using k8s-file as the log driver, we change the log type in container inspection to json-file. These terms are used interchangably in other locations in libpod/podman. this fixes log messages in compose as well. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* / Fix handling of container removeDaniel J Walsh2021-01-20
|/ | | | | | | | | | | | | | | | | | | | I found several problems with container remove podman-remote rm --all Was not handled podman-remote rm --ignore Was not handled Return better errors when attempting to remove an --external container. Currently we return the container does not exists, as opposed to container is an external container that is being used. This patch also consolidates the tunnel code to use the same code for removing the container, as the local API, removing duplication of code and potential problems. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman network existsPaul Holzinger2021-01-19
| | | | | | Add podman network exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Allow podman push to push manifest listsDaniel J Walsh2021-01-15
| | | | | | | | | | | | | | | | | | | | | | When doing a podman images, manifests lists look just like images, so it is logical that users would assume that they can just podman push them to a registry. The problem is we throw out weird errors when this happens and users need to somehow figure out this is a manifest list rather then an image, and frankly the user will not understand the difference. This PR will make podman push just do the right thing, by failing over and attempting to push the manifest if it fails to push the image. Fix up handling of manifest push Protocol should bring back a digest string, which can either be printed or stored in a file. We should not reimplement the manifest push setup code in the tunnel code but take advantage of the api path, to make sure remote and local work the same way. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8955 from mheon/renameOpenShift Merge Robot2021-01-14
|\ | | | | Container Rename
| * Initial implementation of renaming containersMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basic theory: We remove the container, but *only from the DB*. We leave it in c/storage, we leave the lock allocated, we leave it running (if it is). Then we create an identical container with an altered name, and add that back to the database. Theoretically we now have a renamed container. The advantage of this approach is that it doesn't just apply to rename - we can use this to make *any* configuration change to a container that does not alter its container ID. Potential problems are numerous. This process is *THOROUGHLY* non-atomic at present - if you `kill -9` Podman mid-rename things will be in a bad place, for example. Also, we can't rename containers that can't be removed normally - IE, containers with dependencies (pod infra containers, for example). The largest potential improvement will be to move the majority of the work into the DB, with a `RecreateContainer()` method - that will add atomicity, and let us remove the container without worrying about depencies and similar issues. Potential problems: long-running processes that edit the DB and may have an older version of the configuration around. Most notable example is `podman run --rm` - the removal command needed to be manually edited to avoid this one. This begins to get at the heart of me not wanting to do this in the first place... This provides CLI and API implementations for frontend, but no tunnel implementation. It will be added in a future release (just held back for time now - we need this in 3.0 and are running low on time). This is honestly kind of horrifying, but I think it will work. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Initial implementation of volume pluginsMatthew Heon2021-01-14
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements support for mounting and unmounting volumes backed by volume plugins. Support for actually retrieving plugins requires a pull request to land in containers.conf and then that to be vendored, and as such is not yet ready. Given this, this code is only compile tested. However, the code for everything past retrieving the plugin has been written - there is support for creating, removing, mounting, and unmounting volumes, which should allow full functionality once the c/common PR is merged. A major change is the signature of the MountPoint function for volumes, which now, by necessity, returns an error. Named volumes managed by a plugin do not have a mountpoint we control; instead, it is managed entirely by the plugin. As such, we need to cache the path in the DB, and calls to retrieve it now need to access the DB (and may fail as such). Notably absent is support for SELinux relabelling and chowning these volumes. Given that we don't manage the mountpoint for these volumes, I am extremely reluctant to try and modify it - we could easily break the plugin trying to chown or relabel it. Also, we had no less than *5* separate implementations of inspecting a volume floating around in pkg/infra/abi and pkg/api/handlers/libpod. And none of them used volume.Inspect(), the only correct way of inspecting volumes. Remove them all and consolidate to using the correct way. Compat API is likely still doing things the wrong way, but that is an issue for another day. Fixes #4304 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Reduce general binding binary sizebaude2021-01-13
| | | | | | | | when using the bindings to *only* make a connection, the binary was rough 28MB. This PR reduces it down to 11. There is more work to do but it will come in a secondary PR. Signed-off-by: baude <bbaude@redhat.com>
* Remove the ability to use [name:tag] in podman load commandDaniel J Walsh2021-01-12
| | | | | | | | | | Docker does not support this, and it is confusing what to do if the image has more then one tag. We are dropping support for this in podman 3.0 Fixes: https://github.com/containers/podman/issues/7387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix problems reported by staticcheckPaul Holzinger2021-01-12
| | | | | | | | | | | | | | `staticcheck` is a golang code analysis tool. https://staticcheck.io/ This commit fixes a lot of problems found in our code. Common problems are: - unnecessary use of fmt.Sprintf - duplicated imports with different names - unnecessary check that a key exists before a delete call There are still a lot of reported problems in the test files but I have not looked at those. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Use abi PodPs implementation for libpod/pods/json endpointPaul Holzinger2021-01-09
| | | | | | This removes unnecessary code duplication. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8781 from rst0git/cr-volumesOpenShift Merge Robot2021-01-08
|\ | | | | Add support for checkpoint/restore of containers with volumes
| * Include named volumes in container migrationRadostin Stoyanov2021-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When migrating a container with associated volumes, the content of these volumes should be made available on the destination machine. This patch enables container checkpoint/restore with named volumes by including the content of volumes in checkpoint file. On restore, volumes associated with container are created and their content is restored. The --ignore-volumes option is introduced to disable this feature. Example: # podman container checkpoint --export checkpoint.tar.gz <container> The content of all volumes associated with the container are included in `checkpoint.tar.gz` # podman container checkpoint --export checkpoint.tar.gz --ignore-volumes <container> The content of volumes is not included in `checkpoint.tar.gz`. This is useful, for example, when the checkpoint/restore is performed on the same machine. # podman container restore --import checkpoint.tar.gz The associated volumes will be created and their content will be restored. Podman will exit with an error if volumes with the same name already exist on the system or the content of volumes is not included in checkpoint.tar.gz # podman container restore --ignore-volumes --import checkpoint.tar.gz Volumes associated with container must already exist. Podman will not create them or restore their content. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | Restore compatible API for prune endpointsJhon Honce2021-01-07
| | | | | | | | | | | | | | | | | | | | | | * Restore correct API endpoint payloads including reclaimed space numbers * Include tests for API prune endpoints * Clean up function signatures with unused parameters * Update swagger for /networks/prune Fixes #8891 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Switch references of /var/run -> /runDaniel J Walsh2021-01-07
|/ | | | | | | | | | Systemd is now complaining or mentioning /var/run as a legacy directory. It has been many years where /var/run is a symlink to /run on all most distributions, make the change to the default. Partial fix for https://github.com/containers/podman/issues/8369 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8831 from bblenard/issue-8658-system-prune-reclaimed-spaceOpenShift Merge Robot2021-01-05
|\ | | | | Rework pruning to report reclaimed space
| * Rework pruning to report reclaimed spaceBaron Lenardson2020-12-30
| | | | | | | | | | | | | | | | | | | | | | | | This change adds code to report the reclaimed space after a prune. Reclaimed space from volumes, images, and containers is recorded during the prune call in a PruneReport struct. These structs are collected into a slice during a system prune and processed afterwards to calculate the total reclaimed space. Closes #8658 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | libpod API: pull: fix channel raceValentin Rothberg2021-01-04
| | | | | | | | | | | | | | | | | | Fix a race condition in the pull endpoint caused by buffered channels. Using buffered channels can lead to the context's cancel function to be executed prior to the items being read from the channel. Fixes: #8870 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>