summaryrefslogtreecommitdiff
path: root/pkg/api
Commit message (Collapse)AuthorAge
* Ensure signal validation happens first in pod killMatthew Heon2020-06-09
| | | | | | | | | | | | | This fixes an error in the system tests, which expect that when you try and kill a nonexistent pod with an incorrect signal, you receive an error about the signal, not the pod. At the same time, fix a missing return statement in the bindings, which could also have caused us grief. Fixes #6540 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* /images/.../json: fix port parsingValentin Rothberg2020-06-04
| | | | | | | | | | Fix a bug when parsing the `ExposedPorts` of the image that lead to panics when the field was set. The OCI image spec allows three valid formats: `tcp/port`, `udp/port` and `port` Fixes: #6490 Reported-by: @jgallucci32 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support for format {{.Label}}Brent Baude2020-06-01
| | | | | | | | the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented. Fixes #6448 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix leak of empty tarballBrent Baude2020-06-01
| | | | | | | | In cases of trying to export an image, if the image was not found, we leaked an empty tarball or directory depending on the format. Fixes: #6409 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6356 from baude/v2copyendpointsOpenShift Merge Robot2020-05-30
|\ | | | | v2 copy endpoints
| * v2 copy endpointsBrent Baude2020-05-26
| | | | | | | | | | | | add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | V2 verify JSON output is consistent and doesn't driftJhon Honce2020-05-28
| | | | | | | | | | | | | | $ cd test/apiv2 $ python -m unittest -v test_rest_v1_0_0.TestApi Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6407 from baude/v2eventsstreamOpenShift Merge Robot2020-05-27
|\ \ | | | | | | Add streaming ability to endpoint
| * | Add streaming ability to endpointBrent Baude2020-05-27
| |/ | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6398 from rhatdan/32bitOpenShift Merge Robot2020-05-27
|\ \ | | | | | | Fix builds on 32 Arches.
| * | Fix builds on 32 bit archesDaniel J Walsh2020-05-27
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / v2 libpod push: correct docsValentin Rothberg2020-05-27
|/ | | | | | | | | The swagger documentation for the libpod push endpoint were not in sync with the implementation. Correct these docs to reflect the parameters that are actually supported. Fixes: #6388 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6238 from baude/v2compatnetOpenShift Merge Robot2020-05-25
|\ | | | | network compatibility endpoints for API
| * network compatibility endpoints for APIBrent Baude2020-05-22
| | | | | | | | | | | | add endpoints for networking compatibility with the API. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Add MethodNotAllowedHandler() to add in debuggingJhon Honce2020-05-22
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 enable remote logs and testingJhon Honce2020-05-22
| | | | | | | | | | * wire up bindings and handler for obtaining logs remotely * enable debug logging from podman in e2e test using DEBUG and DEBUG_SERVICE env variables * Fix error in streaming log frames * enable remote logs test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6345 from QiWang19/mani-push-testOpenShift Merge Robot2020-05-22
|\ | | | | remote manifest test
| * remote manifest testQi Wang2020-05-21
| | | | | | | | | | | | Enable remove manifest tests. Skip --purge test because remote does not support it. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Removes remote system reset functionality. skip e2e test for remote.Sujil022020-05-22
| | | | | | | | | | | | | | As system reset too dangerous for remote use, deleting the functionality and the test case. Signed-off-by: Sujil02 <sushah@redhat.com>
* | v2 podman-remote buildBrent Baude2020-05-21
|/ | | | | | this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6312 from rhatdan/imageOpenShift Merge Robot2020-05-21
|\ | | | | Fix remote handling of podman images calls
| * Fix remote handling of podman images callsDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | Enable three more tests Fix handling of image filters Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6304 from baude/v2remotehctestsOpenShift Merge Robot2020-05-21
|\ \ | |/ |/| Fix remote integration for healthchecks
| * Fix remote integration for healthchecksBrent Baude2020-05-20
| | | | | | | | | | | | the one remaining test that is still skipped do to missing exec function Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6305 from baude/v2podcreatetestOpenShift Merge Robot2020-05-20
|\ \ | | | | | | enable pod_create remote integration tests
| * | enable pod_create remote integration testsBrent Baude2020-05-20
| |/ | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6297 from mheon/minor_fix_attachOpenShift Merge Robot2020-05-20
|\ \ | | | | | | Print container state when erroring that it is improper
| * | Print container state when erroring that it is improperMatthew Heon2020-05-20
| |/ | | | | | | | | | | | | This is a nice little convenience - lets people know why we won't let them attach to a container. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / V2 API Version SupportJhon Honce2020-05-20
|/ | | | | | | | | | | | | | | | | * Update blang/semver to allow ParseTolerant() support * Provide helper functions for API handlers to obtain client's 'version' path variable focused on API endpoint tree: libpod vs. compat * Introduce new errors: * version not given in path, endpoints may determine if this is a hard error (ErrVersionNotGiven) * given version not supported (ErrVersionNotSupported), only a soft error if the handler is going to hijack the connection * Added unit tests for version parsing * bindings check version on connect: * client <= Server API version connection is continued * client >= Server API version connection fails Signed-off-by: Jhon Honce <jhonce@redhat.com>
* [CI:DOCS] Image tree endpoint should return 404Brent Baude2020-05-20
| | | | | | | | when trying to get an image tree for a missing image, it should return a 404. doc fix only. Fixes: #6289 Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 Implement terminal handling in bindings attachJhon Honce2020-05-18
| | | | | | | | | * Add support for /exec/{id}/resize * Add support for ErrSessionNotFound * Resize container TTY as stdin changes size * Refactor all resize functions into one handler Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2endpoint remove image path correctionBrent Baude2020-05-18
| | | | | | | | | | | | the endpoint for single image removal (on the libpod side) should be as follows: versionedPath/libpod/images/IMAGENAME The DELETE method then signifies the removal of the image. Fixes: #6261 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5831 from mheon/exec_http_attachOpenShift Merge Robot2020-05-15
|\ | | | | APIv2 ExecStart (Attached Only)
| * Drop APIv2 resize endpointMatthew Heon2020-05-15
| | | | | | | | | | | | | | Jhon is working on an alternative version that will combine container and exec session resize, so we'll wait for that. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix lintMatthew Heon2020-05-14
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Update API documentation for InspectMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | Most importantly, note the pruning behavior of compat Inspect. Less importantly, note that the Tty parameter to Start is only ignored, as opposed to being not supported. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Parameters for ExecStart are body, not queryMatthew Heon2020-05-14
| | | | | | | | | | | | | | Oops. Misread the docs when I initially implemented this. Nice and easy fix, at least. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Prune stale exec sessions on inspectMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The usual flow for exec is going to be: - Create exec session - Start and attach to exec session - Exec session exits, attach session terminates - Client does an exec inspect to pick up exit code The safest point to remove the exec session, without doing any database changes to track stale sessions, is to remove during the last part of this - the single inspect after the exec session exits. This is definitely different from Docker (which would retain the exec session for up to 10 minutes after it exits, where we will immediately discard) but should be close enough to be not noticeable in regular usage. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add APIv2 handler for resizing exec sessionsMatthew Heon2020-05-14
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Wire in endpoint for ExecStartMatthew Heon2020-05-14
| | | | | | | | | | | | | | This is still very early not not well tested, and missing resize capability, but it does provide the first bits of exec. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | v2 podman remote attach, start, and runBrent Baude2020-05-15
|/ | | | | | for the remote client, add the ability to attach to a container, start a container, and run a container. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6211 from baude/v2remoteimagetreeOpenShift Merge Robot2020-05-13
|\ | | | | enable remote image tree
| * enable remote image treeBrent Baude2020-05-13
| | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6203 from jwhonce/wip/attachOpenShift Merge Robot2020-05-13
|\ \ | | | | | | V2 attach bindings and test
| * | WIP V2 attach bindings and testJhon Honce2020-05-13
| |/ | | | | | | | | | | | | | | * Add ErrLostSync to report lost of sync when de-mux'ing stream * Add logus.SetLevel(logrus.DebugLevel) when `go test -v` given * Add context to debugging messages Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / enable podman v2 networking for remote clientBrent Baude2020-05-12
|/ | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* add podman remote system dfBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>