aboutsummaryrefslogtreecommitdiff
path: root/pkg/bindings
Commit message (Collapse)AuthorAge
* Ensure pod infra containers have an exit commandMatthew Heon2020-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | Most Libpod containers are made via `pkg/specgen/generate` which includes code to generate an appropriate exit command which will handle unmounting the container's storage, cleaning up the container's network, etc. There is one notable exception: pod infra containers, which are made entirely within Libpod and do not touch pkg/specgen. As such, no cleanup process, network never cleaned up, bad things can happen. There is good news, though - it's not that difficult to add this, and it's done in this PR. Generally speaking, we don't allow passing options directly to the infra container at create time, but we do (optionally) proxy a pre-approved set of options into it when we create it. Add ExitCommand to these options, and set it at time of pod creation using the same code we use to generate exit commands for normal containers. Fixes #7103 Signed-off-by: Matthew Heon <mheon@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Unconditionally retrieve pod names via APIMatthew Heon2020-08-20
| | | | | | | | | | | | | | | | | | The ListContainers API previously had a Pod parameter, which determined if pod name was returned (but, notably, not Pod ID, which was returned unconditionally). This was fairly confusing, so we decided to deprecate/remove the parameter and return it unconditionally. To do this without serious performance implications, we need to avoid expensive JSON decodes of pod configuration in the DB. The way our Bolt tables are structured, retrieving name given ID is actually quite cheap, but we did not expose this via the Libpod API. Add a new GetName API to do this. Fixes #7214 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* correct go-binding key for volumesBrent Baude2020-08-11
| | | | | | | | the go binding for remove container was using 'vols' for a key to remove volumes associated to the container. the correct key should be "v" and is documented as such. Fixes: #7128 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Correctly print STDOUT on non-terminal remote execMatthew Heon2020-07-22
| | | | | | | | | | | | | | I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I thought they were 1 and 0). As such, we were looking at whether we wanted to print STDIN when we looked to print STDOUT. This bool was set when `-i` was set in at the `podman exec` command line, which masked the problem when it was set. Fixes #6890 Fixes #6891 Fixes #6892 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* events endpoint: fix panic and race conditionValentin Rothberg2020-07-21
| | | | | | | | | | | | | | | | | | | | | Fix a potential panic in the events endpoint when parsing the filters parameter. Values of the filters map might be empty, so we need to account for that instead of uncondtitionally accessing the first item. Also apply a similar for race conditions as done in commit f4a2d25c0fca: Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Another race was the handler closing event channel, which could lead to two kinds of panics: double close, send to close channel. The backend takes care of that. However, make sure that the backend stops working in case the context has been cancelled. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to github.com/containers/libpod/v2. The renaming of the imports was done via gomove [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix ssh-agent supportJhon Honce2020-06-24
| | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 podman system connectionJhon Honce2020-06-24
| | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Correct logic for demux'ing channelsJhon Honce2020-06-19
| | | | | | * Move check for requesting output into case statement Signed-off-by: Jhon Honce <jhonce@redhat.com>
* fix misc remote build issuesBrent Baude2020-06-17
| | | | | | | | | address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".". Fixes: #6578 Fixes: #6577 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6603 from sujil02/python-testOpenShift Merge Robot2020-06-15
|\ | | | | Adds more docker py test
| * Adds more docker py testSujil022020-06-15
| | | | | | | | | | | | | | | | Addes more docker py test Optimize test to import images from cache Rename test class and dir for python unittest framework Signed-off-by: Sujil02 <sushah@redhat.com>
* | Merge pull request #6599 from afbjorklund/server-builtOpenShift Merge Robot2020-06-15
|\ \ | | | | | | The string field of Built was missing from server
| * | The string field of Built was missing from serverAnders F Björklund2020-06-13
| |/ | | | | | | | | | | It should match the client version, but was empty Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* / Turn on More lintersDaniel J Walsh2020-06-15
|/ | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix Id->ID where possible for lintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* V2 Add support for ssh authentication methodsJhon Honce2020-06-03
| | | | | | | | | | | | | | | | | * podman --remote ssh://<user>:<password>@<host>:<port><path> * podman --remote ssh://<user>:<password>@<host>:<port><path> \ --identity <path> --passphrase <phrase> * ssh-add <key> podman --remote ssh://<user>@<host><path> * Fix `podman help` to run even if podman missing components * Prompt for passphrase on stdin IFF key is protected and passphrase not given via any other configuration * cobra flags do not support optional value flags therefore refactored --remote to be a boolean and --url will now contain the URI to Podman service Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add streaming ability to endpointBrent Baude2020-05-27
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 Fix interface nil checksJhon Honce2020-05-26
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 enable remote logs and testingJhon Honce2020-05-22
| | | | | | | | | | * wire up bindings and handler for obtaining logs remotely * enable debug logging from podman in e2e test using DEBUG and DEBUG_SERVICE env variables * Fix error in streaming log frames * enable remote logs test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6345 from QiWang19/mani-push-testOpenShift Merge Robot2020-05-22
|\ | | | | remote manifest test
| * remote manifest testQi Wang2020-05-21
| | | | | | | | | | | | Enable remove manifest tests. Skip --purge test because remote does not support it. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Removes remote system reset functionality. skip e2e test for remote.Sujil022020-05-22
| | | | | | | | | | | | | | As system reset too dangerous for remote use, deleting the functionality and the test case. Signed-off-by: Sujil02 <sushah@redhat.com>
* | Merge pull request #6327 from baude/v2buildOpenShift Merge Robot2020-05-22
|\ \ | | | | | | v2 podman-remote build
| * | v2 podman-remote buildBrent Baude2020-05-21
| |/ | | | | | | | | | | this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals. Signed-off-by: Brent Baude <bbaude@redhat.com>
* / podman version --format ... was not workingDaniel J Walsh2020-05-21
|/ | | | | | This patch fixes the podman --version --format command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Start testing with cross compilationDaniel J Walsh2020-05-21
| | | | | | | Add missing man page links for podman-image-search and podman-image-diff Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6284 from baude/v2remotetestfixesOpenShift Merge Robot2020-05-21
|\ | | | | Test fixes for remote integration
| * Test fixes for remote integrationBrent Baude2020-05-20
| | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6300 from baude/v2governattachOpenShift Merge Robot2020-05-20
|\ \ | | | | | | govern remote attach and start
| * | govern remote attach and startBrent Baude2020-05-20
| |/ | | | | | | | | | | fixes a race where container would start before attach could occur resulting in an error. Signed-off-by: Brent Baude <bbaude@redhat.com>
* / V2 API Version SupportJhon Honce2020-05-20
|/ | | | | | | | | | | | | | | | | * Update blang/semver to allow ParseTolerant() support * Provide helper functions for API handlers to obtain client's 'version' path variable focused on API endpoint tree: libpod vs. compat * Introduce new errors: * version not given in path, endpoints may determine if this is a hard error (ErrVersionNotGiven) * given version not supported (ErrVersionNotSupported), only a soft error if the handler is going to hijack the connection * Added unit tests for version parsing * bindings check version on connect: * client <= Server API version connection is continued * client >= Server API version connection fails Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 Implement terminal handling in bindings attachJhon Honce2020-05-18
| | | | | | | | | * Add support for /exec/{id}/resize * Add support for ErrSessionNotFound * Resize container TTY as stdin changes size * Refactor all resize functions into one handler Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2endpoint remove image path correctionBrent Baude2020-05-18
| | | | | | | | | | | | the endpoint for single image removal (on the libpod side) should be as follows: versionedPath/libpod/images/IMAGENAME The DELETE method then signifies the removal of the image. Fixes: #6261 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Make convenience boxed true/false easier to useJhon Honce2020-05-14
| | | | | | | * changed PFalse to &false * changed PTrue to &true Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 Update attach bindings to use Readers/Writers vs chanJhon Honce2020-05-14
| | | | | | | | * Change function call to use readers/writers in place channels * Support stdin for pushing data from client to container * Add bindings test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6211 from baude/v2remoteimagetreeOpenShift Merge Robot2020-05-13
|\ | | | | enable remote image tree
| * enable remote image treeBrent Baude2020-05-13
| | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6203 from jwhonce/wip/attachOpenShift Merge Robot2020-05-13
|\ \ | | | | | | V2 attach bindings and test
| * | WIP V2 attach bindings and testJhon Honce2020-05-13
| |/ | | | | | | | | | | | | | | * Add ErrLostSync to report lost of sync when de-mux'ing stream * Add logus.SetLevel(logrus.DebugLevel) when `go test -v` given * Add context to debugging messages Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / enable podman v2 networking for remote clientBrent Baude2020-05-12
|/ | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* add podman remote system dfBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6101 from sujil02/systemreset-v2OpenShift Merge Robot2020-05-12
|\ | | | | Adds tunnel routes for system reset.
| * Adds tunnel routes for system reset.Sujil022020-05-11
| | | | | | | | | | | | | | | | Adds tunnel routes for system reset. Makes forces flag local as options are not propogated down the stack. Adds relevant test cases and swagger docs. Signed-off-by: Sujil02 <sushah@redhat.com>
* | Merge pull request #6151 from lsm5/tests-apiv2-inspect-removeOpenShift Merge Robot2020-05-10
|\ \ | |/ |/| bindings tests for container remove and inspect
| * bindings tests for container remove and inspectLokesh Mandvekar2020-05-08
| | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>