aboutsummaryrefslogtreecommitdiff
path: root/pkg/api
Commit message (Collapse)AuthorAge
* podman build enable --all-platforms and --unsetenvPaul Holzinger2022-01-13
| | | | | | | Make sure we add support for allplatforms and unsetenv to both local and remote podman. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* update buildah to latest and use new network stackPaul Holzinger2022-01-12
| | | | | | Make sure buildah uses the new network stack. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* use libnetwork from c/commonPaul Holzinger2022-01-12
| | | | | | | | The libpod/network packages were moved to c/common so that buildah can use it as well. To prevent duplication use it in podman as well and remove it from here. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add podman rm --dependDaniel J Walsh2022-01-11
| | | | | | | | | | | This option causes Podman to not only remove the specified containers but all of the containers that depend on the specified containers. Fixes: https://github.com/containers/podman/issues/10360 Also ran codespell on the code Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Use the InfraImage defined in containers.confDaniel J Walsh2022-01-10
| | | | | | | | | Remove hard code use of the DefaultInfraImage and rely on getting this from containers.conf. Fixes: https://github.com/containers/podman/issues/12771 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11538 from mtrmac/http-credentialsOpenShift Merge Robot2022-01-06
|\ | | | | Fix HTTP credentials passing
| * Don't return a header name from auth.GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | Almost every caller is using it only to wrap an error in exactly the same way, so move that error context into GetCredentials and simplify the users. (The one other caller, build, was even wrapping the error incorrectly talking about query parameters; so let it use the same text as the others.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | correct typo words in docsDavid Marshall2022-01-05
| | | | | | | | | | | | "for creating a container" appears for networks and volumes Signed-off-by: David Marshall <dmarshall@gmail.com>
* | Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ \ | | | | | | Pod Security Option support and Infra Inheritance changes
| * | Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #12735 from rhatdan/mountOpenShift Merge Robot2022-01-04
|\ \ \ | | | | | | | | Fix Container List API call to return mount info
| * | | Fix Container List API call to return mount infoDaniel J Walsh2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are hard coding mounts to return nil in compat API, since we have the data, we should return it. Fixes: https://github.com/containers/podman/issues/12734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12643 from leahneukirchen/events-compatOpenShift Merge Robot2022-01-04
|\ \ \ \ | |/ / / |/| | | legacy events: also set Action="die"
| * | | legacy events: also set exitCodeLeah Neukirchen2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Status = "die", Docker sets the exit code of the container to a field "exitCode". Podman uses "containerExitCode". Copy the value into "exitCode" as well, for compatibility. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
| * | | legacy events: also set Action="die"Leah Neukirchen2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #10168, on the event "died", the Status is set to "die" for compatibility with the Docker API. Docker also sets the field Action to "died", so do the same here. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | | Update swagger documentationDaniel J Walsh2021-12-31
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | prefix imageId with sha256: in containers listOliver2021-12-29
| |/ / |/| | | | | | | | | | | | | | test for compat API ImageId Signed-off-by: Oliver Thallmair <oliver.thallmair@mailbox.org>
* | | Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12664 from cdoern/noManagePasswdOpenShift Merge Robot2021-12-22
|\ \ \ | | | | | | | | Podman run --passwd
| * | | Podman run --passwdcdoern2021-12-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* / / compat: image normalization: handle sha256 prefixValentin Rothberg2021-12-20
|/ / | | | | | | | | | | | | | | | | | | When normalizing image names on the compat API, make sure to take the `sha256:` prefix into account when matching against the image ID. Otherwise, the name will mistakingly be subject to docker.io normalization. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12534 from Luap99/network-dbOpenShift Merge Robot2021-12-15
|\ \ | | | | | | network db rewrite
| * | play kube add support for multiple networksPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | Allow the same --network options for play kube as for podman run/create. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect swagger doc for network dis/connectPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | The swagger api docs used the extra Body struct as part of the request which is wrong. We just want the plain type. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network connect allow ip, ipv6 and mac addressPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Network connect now supports setting a static ipv4, ipv6 and mac address for the container network. The options are added to the cli and api. Fixes #9883 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Fixes #12063 Add docker compatible output after image build.Ananth Bhaskararaman2021-12-14
|/ / | | | | | | Signed-off-by: Ananth Bhaskararaman <antsub@gmail.com>
* / compat build: adhere to q/quietValentin Rothberg2021-12-13
|/ | | | | Fixes: #12566 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add restart-sec option to systemd generateOndra Machacek2021-12-03
| | | | Signed-off-by: Ondra Machacek <omachace@redhat.com>
* Merge pull request #12483 from vrothberg/fix-12468OpenShift Merge Robot2021-12-02
|\ | | | | compat API: push: report size of manifest
| * compat API: push: report size of manifestDaniel J Walsh2021-12-02
| | | | | | | | | | | | | | | | | | | | | | | | We don't yet have a local registry running in the APIv2 tests. Tested manually. [NO NEW TESTS NEEDED] Fixes: https://github.com/containers/podman/issues/12468 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | compat: images/jsonValentin Rothberg2021-12-02
|/ | | | | | | Do not list manifest lists. Docker doesn't either. Fixes: #12453 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12414 from flouthoc/api-allow-secretsOpenShift Merge Robot2021-11-30
|\ | | | | tunnel: allow `remote` and `API` to accept `--secrets`
| * podman-remote: prevent leaking secret into imageAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | Prevents temp secrets leaking into image by moving it away from context directory to parent builder directory. Builder directory automatically gets cleaned up when we are done with the build. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * podman-remote: copy secret to contextdir is absolute path on hostAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | Podman remote must treat build secrets as part of context directory. If secret path is absolute path on host copy it to tar file and pass it to remote server. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * api: allow build api to accept secretsAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | | | | | | | Following commit makes sure that `build` api can accept external secret and allows currently `NOOP` `podman-remote build -t tag --secret id=mysecret,src=/path/on/remote` to become functional. Just like `docker` following api is a hidden field and only exposed to `podman-remote` but could document it if it needs exposed on `swagger`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | compat API: allow enforcing short-names resolution to Docker HubValentin Rothberg2021-11-30
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Docker-compatible REST API has historically behaved just as the rest of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where `containers-registries.conf` is centrally controlling which registries a short name may resolve to during pull or local image lookups. Please refer to a blog for more details [1]. Docker, however, is only resolving short names to docker.io which has been reported (see #12320) to break certain clients who rely on this behavior. In order to support this scenario, `containers.conf(5)` received a new option to control whether Podman's compat API resolves to docker.io only or behaves as before. Most endpoints allow for directly normalizing parameters that represent an image. If set in containers.conf, Podman will then normalize the references directly to docker.io. The build endpoint is an outlier since images are also referenced in Dockerfiles. The Buildah API, however, supports specifying a custom `types.SystemContext` in which we can set a field that enforces short-name resolution to docker.io in `c/image/pkg/shortnames`. Notice that this a "hybrid" approach of doing the normalization directly in the compat endpoints *and* in `pkg/shortnames` by passing a system context. Doing such a hybrid approach is neccessary since the compat and the libpod endpoints share the same `libimage.Runtime` which makes a global enforcement via the `libimage.Runtime.systemContext` impossible. Having two separate runtimes for the compat and the libpod endpoints seems risky and not generally applicable to all endpoints. [1] https://www.redhat.com/sysadmin/container-image-short-names Fixes: #12320 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12405 from flouthoc/compat-build-errorOpenShift Merge Robot2021-11-29
|\ | | | | compat: Add compatiblity with `Docker/Moby` API for scenarios where build fails.
| * compat: Add compatiblity with Docker/Moby API for scenarios where build failsAditya Rajan2021-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to maintain compatiblity with `moby API` we must the field `errorDetail` which is primary error reporting field with stream. Currently podman is using `error` which is already deprecated by moby. Check: https://github.com/moby/moby/blob/master/pkg/jsonmessage/jsonmessage.go#L147 [NO NEW TESTS NEEDED] We can't test this in podman CI since we dont have a docker client. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | fix: error reporting for archive endpointMatej Vasek2021-11-28
|/ | | | | | Returning 500 when copying to read-only destination. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Merge pull request #12328 from serverwentdown/fix-compat-ipaddressDaniel J Walsh2021-11-23
|\ | | | | compat: Add subnet mask behind IP address to match Docker API
| * compat: Add subnet mask behind IP address to match Docker APIAmbrose Chua2021-11-20
| | | | | | | | Signed-off-by: Ambrose Chua <ambrose@hey.com>
* | generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | swagger: add layers to build api docsAditya Rajan2021-11-22
| | | | | | | | | | | | Add missing `layer` entry to swagger docs for `/build`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | compat: add layer caching compatiblity for non podman clientsAditya Rajan2021-11-22
|/ | | | | | | | | | | | | Non-podman clients do not set `layers` while making request. This is supposed to be `true` bydefault but `non-podman-clients i.e Docker` dont know about this field as a result they end up setting this values to `false`. Causing builds to never use cache for layers. Adds compatiblity for `docker SDK`. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* api/handlers: Add checkpoint/restore FileLocksRadostin Stoyanov2021-11-19
| | | | Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* Merge pull request #12318 from mscherer/2nd_tryOpenShift Merge Robot2021-11-19
|\ | | | | Change error message for compatibility with docker
| * Change error message for compatibility with dockerMichael Scherer2021-11-16
| | | | | | | | | | | | Fix #12315 Signed-off-by: Michael Scherer <misc@redhat.com>
* | Do not store the exit command in container configPaul Holzinger2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a problem with creating and storing the exit command when the container was created. It only contains the options the container was created with but NOT the options the container is started with. One example would be a CNI network config. If I start a container once, then change the cni config dir with `--cni-config-dir` ans start it a second time it will start successfully. However the exit command still contains the wrong `--cni-config-dir` because it was not updated. To fix this we do not want to store the exit command at all. Instead we create it every time the conmon process for the container is startet. This guarantees us that the container cleanup process is startet with the correct settings. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | remote checkpoint/restore: more fixesValentin Rothberg2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support `checkpoint --pre-checkpoint` * Support `checkpoint --with-previous` * Disable `restore --import-previous` for the remote client since we had to send two files which in turn would require to tar them up and hence be a breaking change. Podman 4.0 would be the chance and I hope we'll find time before that to remote-restore prettier. Note that I did not run over swagger yet to check whether all parameters are actually documented due to time constraints. Fixes: #12334 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>