aboutsummaryrefslogtreecommitdiff
path: root/pkg/bindings/connection.go
Commit message (Collapse)AuthorAge
* podman ssh work, using new c/common interfaceCharlie Doern2022-08-09
| | | | | | | | | | | | | | | | | | | implement new ssh interface into podman this completely redesigns the entire functionality of podman image scp, podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh have been moved to common as have native ssh/scp execs and the new usage of the sftp package. this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default. Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production. The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used. podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls. My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Switch to `github.com/blang/semver/v4`Sascha Grunert2022-07-14
| | | | | | | | Switch to the latest version of the now go module compatible release. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Remove lorgus.Infof on bindings start and attachDaniel J Walsh2022-06-21
| | | | | | | | | | | | We are only doing logrus.Info on a couple of bindings. I see no reason to only do this on a couple, seems like debugging information more then useful to the caller. We had a complaint about this so removing. Fixes: https://github.com/containers/podman/issues/13504 [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* golangci-lint: enable nolintlintPaul Holzinger2022-06-14
| | | | | | | | | | The nolintlint linter does not deny the use of `//nolint` Instead it allows us to enforce a common nolint style: - force that a linter name must be specified - do not add a space between `//` and `nolint` - make sure nolint is only used when there is actually a problem Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* replace golint with revive linterPaul Holzinger2022-04-22
| | | | | | | | | | | | golint, scopelint and interfacer are deprecated. golint is replaced by revive. This linter is better because it will also check for our error style: `error strings should not be capitalized or end with punctuation or a newline` scopelint is replaced by exportloopref (already endabled) interfacer has no replacement but I do not think this linter is important. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Refactor manifest list operationsJhon Honce2022-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update method/function signatures use the manifest list name and images associated with the operation explicitly, in general func f(ctx context.Context, manifestListName string, ImageNames []string, options *fOptions) * Leverage gorilla/mux Subrouters to support API v3.x and v4.x for manifests * Make manifest API endpoints more RESTful * Add PUT /manifest/{id} to update existing manifests * Add manifests.Annotate to go bindings, uncommented unit test * Add DELETE /manifest/{Id} to remove existing manifest list, use PUT /manifest/{id} to remove images from a list * Deprecated POST /manifest/{id}/add and /manifest/{id}/remove, use PUT /manifest/{id} instead * Corrected swagger godoc and updated to cover API changes * Update podman manifest commands to use registry.Context() * Expose utils.GetVar() to obtain query parameters by name * Unexpose server.registerSwaggerHandlers, not sure why this was ever exposed. * Refactored code to use http.Header instead of map[string]string when operating on HTTP headers. * Add API-Version header support in bindings to allow calling explicate versions of the API. Header is _NOT_ forwarded to the API service. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* bindings: reuse context for API requestsMoritz "WanzenBug" Wanzenböck2021-11-15
| | | | | | | | | | | | | | | | | | One of the main uses of context.Context is to provide cancellation for go-routines, including API requests. While all user-facing bindings already used a context parameter, it was only used to pass the client information around. This commit changes the internal DoRequest wrapper to take an additional context argument, and pass that to the http request. Previously, the context was derived from context.Background(), which made it impossible to cancel once started. All the convenience wrappers already supported the context parameter, so the only user facing change is that cancelling those context now works as one would expect. Signed-off-by: Moritz "WanzenBug" Wanzenböck <moritz@wanzenbug.xyz>
* Handle HTTP 409 error messages properly for Pod actionsOndra Machacek2021-11-02
| | | | | | | This PR fixes the case when the API return HTTP 409 response. Where the API return the body format different then for other HTTP error codes. Signed-off-by: Ondra Machacek <omachace@redhat.com>
* Fixes #11668Jake Parks2021-10-06
| | | | | | | | | | | | | | | | | | Adding dial-stdio CLI cmd Signed-off-by: Jake Parks <jamesparks10@gmail.com> Made dial-stdio URI configurable Slight refactors Signed-off-by: Jake Parks <jamesparks10@gmail.com> Added simple test for existence of `podman system dial-stdio` command Fix 'system dial-stdio' integration tests Changed link in comment to permalink
* Remind user to check connection or use podman machineAshley Cui2021-09-28
| | | | | | | Remind user to check their remote linux connection or use podman machine. Move the warning from bindings to cmd/podman. Signed-off-by: Ashley Cui <acui@redhat.com>
* Fix file descriptor leaks and add testJhon Honce2021-08-24
| | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Change connection error to be helpful for machine usersAshley Cui2021-08-11
| | | | | | | If a podman-remote connection fails, remind the user to check their linux system and podman machine vm Signed-off-by: Ashley Cui <acui@redhat.com>
* remote build: fix streaming and error handlingValentin Rothberg2021-07-28
| | | | | | | | | | | | | | | | | | | | Address a number of issues in the streaming logic in remote build, most importantly an error in using buffered channels on the server side. The pattern below does not guarantee that the channel is entirely read before the context fires. for { select { case <- bufferedChannel: ... case <- ctx.Done(): ... } } Fixes: #10154 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove semantic version suffices from API callsJhon Honce2021-03-30
| | | | | | | | | | When using the bindings do not include the pre-release or build metadata in the URL for the service. This breaks older services, while not providing that much additional functionality. [NO TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Use version package to track all versionsJhon Honce2021-03-03
| | | | | | | | | | | | * Server, bindings, and CLI all now pull version information from version package. * Current /libpod API version slaved to podman/libpod Version * Bindings validate against libpod API Minimal version * Remove pkg/bindings/bindings.go and updated tests Fixes: #9207 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* bump go module to v3Valentin Rothberg2021-02-22
| | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* correct startup error messageValentin Rothberg2021-02-16
| | | | | | | | | | | | | The error message when failing to create an image engine unconditionally pointed to the Podman socket which is quite confusing when running locally. Move the error message to the point where the first ping to the service fails. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Refine public key usage when remoteJhon Honce2020-12-10
| | | | | | | | | * Move all public key handling into one AuthMethod. Prioritize ssh-agent keys over identity files. * Cache server connection when tunneling, saves one RoundTrip on ssh handshake Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Use PasswordCallback instead of Password for sshAnders F Björklund2020-12-04
| | | | | | | Currently asking for login password, even if not supported by the ssh server. So wait with prompt until actually requested. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Change bindings to stop two API calls for pingJhon Honce2020-12-02
| | | | | | * existing code caused an unnecessary 301 redirect Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add support for host keys for non-22 portsAnders F Björklund2020-10-25
| | | | | | | | When not using the standard SSH port (22), the port is appended to the hostname (in brackets) like so: "host" -> "[host]:1234" Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com> (cherry picked from commit 8794e8db1ce3088d633911454d6d36c4e939e126)
* Lowercase some errorsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | This commit is courtesy of ``` for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Error /\1"error /' $f; done for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f; done ``` etc. Self-reviewed using `git diff --word-diff`, found no issues. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* podman-remote fixes for msi and clientBrent Baude2020-08-12
| | | | | | | | correct small typo that sets the path on windows via the msi xml. in the remote client, prompt for SSH password when no identity or alternate means of authentication are provided. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix ssh-agent supportJhon Honce2020-06-23
| | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 podman system connectionJhon Honce2020-06-23
| | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* V2 Add support for ssh authentication methodsJhon Honce2020-06-03
| | | | | | | | | | | | | | | | | * podman --remote ssh://<user>:<password>@<host>:<port><path> * podman --remote ssh://<user>:<password>@<host>:<port><path> \ --identity <path> --passphrase <phrase> * ssh-add <key> podman --remote ssh://<user>@<host><path> * Fix `podman help` to run even if podman missing components * Prompt for passphrase on stdin IFF key is protected and passphrase not given via any other configuration * cobra flags do not support optional value flags therefore refactored --remote to be a boolean and --url will now contain the URI to Podman service Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* V2 Fix interface nil checksJhon Honce2020-05-26
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 API Version SupportJhon Honce2020-05-20
| | | | | | | | | | | | | | | | | * Update blang/semver to allow ParseTolerant() support * Provide helper functions for API handlers to obtain client's 'version' path variable focused on API endpoint tree: libpod vs. compat * Introduce new errors: * version not given in path, endpoints may determine if this is a hard error (ErrVersionNotGiven) * given version not supported (ErrVersionNotSupported), only a soft error if the handler is going to hijack the connection * Added unit tests for version parsing * bindings check version on connect: * client <= Server API version connection is continued * client >= Server API version connection fails Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 Update attach bindings to use Readers/Writers vs chanJhon Honce2020-05-14
| | | | | | | | * Change function call to use readers/writers in place channels * Support stdin for pushing data from client to container * Add bindings test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman rmi: refactor logicValentin Rothberg2020-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | While this commit was initially meant to fix #5847, it has turned into a bigger refactoring which I did not manage to break into smaller pieces: * Fix #5847 by refactoring the image-removal logic. * Make the api handler for image-removal use the ABI code. This way, both (i.e., ABI and Tunnel) end up using the same code. Achieving this code share required to move some code around to prevent circular dependencies. * Everything in pkg/api (excluding pkg/api/types) must now only be accessed from code using `ABISupport`. * Avoid imports from entities on handlers to prevent circular dependencies. * Move `podman system service` logic into `cmd` to prevent circular dependencies - it depends on pkg/api. * Also remove the build header from infra/abi files. It will otherwise confuse swagger and other tools; errors we cannot fix as go doesn't expose a build-tag env variable. Fixes: #5847 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* V2 Fix support for tcp://[::]<port> connectionsJhon Honce2020-04-17
| | | | | | | | | | | | | * Fix support for socket activation, on remote and service $ systemd-socket-activate -l 8083 --fdname=podman bin/podman system service --log-level=debug --time=30 $ bin/podman-remote --remote=tcp://[::]:8083 image ls Or, use the podman.{socket,service} unit files $ bin/podman-remote --remote=unix:///run/podman/podman.sock image ls Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podmanv2 container exists|waitBrent Baude2020-03-20
| | | | | | enable container exists and wait for podmanv2 Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 podman commandJhon Honce2020-03-18
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* add more image tests for go bindingsBrent Baude2020-02-21
| | | | | | adding more image tests for go bindings. one big change is that the params were converted from map[string]string to url.values to account for the ability to send []string as query params Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add support for ssh:// and unix:// podman clientsJhon Honce2020-02-20
| | | | | | | | | | * Make context keys package safe * Add support for PODMAN_HOST and PODMAN_SSHKEY * Add slight increasing delay when client connections fail * Remove usages of path.Join(), added JoinURL(). '/' is not OS dependent. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix container filtersBrent Baude2020-02-11
| | | | | | container filters were being double encoded (maybe triple) which resulted in the wrong encoding representation of filters being sent by the go-bindings. Also, on the server side, Filter needed to be changed to Filter to decode properly. Finally, due to the changed return type of List Containers, the go bindings return values needed to be changed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* fix longname handling for bindingsBrent Baude2020-01-31
| | | | | | the api needs to account for image input where the image is encoded as a fqd image name. Signed-off-by: Brent Baude <bbaude@redhat.com>
* apiv2 binding test fixesBrent Baude2020-01-29
| | | | | | a recent refactor in the bindings broke the tests. quick fixes to get them working again. Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS]Binding overhaulsBrent Baude2020-01-28
| | | | | | | | | | Add binding for networks and begin documentation for binding methods for godoc. Also, add major functions to their own subpackages so reduce the amount of of method confusion. So instead of: bindings.ListImages(), we now do a [bindings].images.List(). Also, the connection is passed to each binding method via a context to allow for future growth. Lastly, add first set of tests. There are a couple of things to work out for rootless tests yet. Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS]swagger cleanup and left-hand navbaude2020-01-15
add a static tags file so we can dictate the left-hand navigation. in doing so we now override the tag in the swagger:operation. we now have images and images (compat) as a way to differentiate. Signed-off-by: baude <bbaude@redhat.com>