summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Refactor manifest list operationsJhon Honce2022-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update method/function signatures use the manifest list name and images associated with the operation explicitly, in general func f(ctx context.Context, manifestListName string, ImageNames []string, options *fOptions) * Leverage gorilla/mux Subrouters to support API v3.x and v4.x for manifests * Make manifest API endpoints more RESTful * Add PUT /manifest/{id} to update existing manifests * Add manifests.Annotate to go bindings, uncommented unit test * Add DELETE /manifest/{Id} to remove existing manifest list, use PUT /manifest/{id} to remove images from a list * Deprecated POST /manifest/{id}/add and /manifest/{id}/remove, use PUT /manifest/{id} instead * Corrected swagger godoc and updated to cover API changes * Update podman manifest commands to use registry.Context() * Expose utils.GetVar() to obtain query parameters by name * Unexpose server.registerSwaggerHandlers, not sure why this was ever exposed. * Refactored code to use http.Header instead of map[string]string when operating on HTTP headers. * Add API-Version header support in bindings to allow calling explicate versions of the API. Header is _NOT_ forwarded to the API service. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #12825 from elezar/update-cdiOpenShift Merge Robot2022-01-14
|\ | | | | Update use of CDI API
| * Use new CDI APIEvan Lezar2022-01-14
| | | | | | | | | | | | | | This change updates the CDI API to commit 46367ec063fda9da931d050b308ccd768e824364 which addresses some inconistencies in the previous implementation. Signed-off-by: Evan Lezar <elezar@nvidia.com>
* | Merge pull request #12849 from cdoern/podProhibitOpenShift Merge Robot2022-01-14
|\ \ | |/ |/| Prohibit --uid/gid map and --pod for container create/run
| * Prohibit --uid/gid map and --pod for container create/runcdoern2022-01-13
| | | | | | | | | | | | | | | | | | add a check in namespaceOptions() that ensures the user is not setting a new uid/gid map if entering or creating a pod that has an infra container resolves #12669 Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #12826 from vrothberg/force-rm-podOpenShift Merge Robot2022-01-13
|\ \ | | | | | | podman container rm: remove pod
| * | podman container rm: remove podValentin Rothberg2022-01-13
| | | | | | | | | | | | | | | | | | | | | | | | Support removing the entire pod when --depend is used on an infra container. --all now implies --depend to properly support removing all containers and not error out when hitting infra containers. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12642 from Luap99/libnetworkOpenShift Merge Robot2022-01-13
|\ \ \ | |/ / |/| | use libnetwork from c/common
| * | podman build enable --all-platforms and --unsetenvPaul Holzinger2022-01-13
| | | | | | | | | | | | | | | | | | | | | Make sure we add support for allplatforms and unsetenv to both local and remote podman. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | use netns package from c/commonPaul Holzinger2022-01-12
| | | | | | | | | | | | | | | | | | | | | The netns package was moved to c/common so we should use this and remove the package from podman. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | update buildah to latest and use new network stackPaul Holzinger2022-01-12
| | | | | | | | | | | | | | | | | | Make sure buildah uses the new network stack. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | use libnetwork from c/commonPaul Holzinger2022-01-12
| | | | | | | | | | | | | | | | | | | | | | | | The libpod/network packages were moved to c/common so that buildah can use it as well. To prevent duplication use it in podman as well and remove it from here. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12836 from cdoern/podSysCtlOpenShift Merge Robot2022-01-13
|\ \ \ | |_|/ |/| | Podman Pod Create --sysctl support
| * | Podman Pod Create --sysctl supportcdoern2022-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | added support for pod wide sysctls. The sysctls supported are the same as the continer run controls. These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl resolves #12747 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #12644 from leahneukirchen/events-timestampOpenShift Merge Robot2022-01-13
|\ \ \ | | | | | | | | remote events: convert TimeNano properly
| * | | remote events: convert TimeNano properlyLeah Neukirchen2022-01-12
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | e.TimeNano contains nanoseconds since epoch, not just the nanoseconds after e.Time. time.Unix supports nanoseconds > 999999999 and converts them to seconds, so just passing e.TimeNano is enough. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | Merge pull request #12835 from baude/issue12815OpenShift Merge Robot2022-01-13
|\ \ \ | | | | | | | | Wait for podman stop to complete
| * | | Wait for podman stop to completeBrent Baude2022-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if users run podman machine stop && podman machine ls, the status of the machine in the subsequent ls command would running. now we wait for everything to complete for stop so that scripting is more accurate. Fixes: #12815 [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #12151 from rhatdan/nooutOpenShift Merge Robot2022-01-12
|\ \ \ \ | | | | | | | | | | Add --noout option to prevent the output of ids
| * | | | Add --noout option to prevent the output of idsDaniel J Walsh2022-01-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11515 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / | | podman image scp: implement --quietEd Santiago2022-01-12
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relay --quiet to save & load commands, in both Rootless and Rootful transfer functions. Also, a little cleanup: - remove unuseful SOURCE/DEST printfs - refactor duplication in execMachine() - fix Debug("Executing") statements to include the actual command they're executing [NO NEW TESTS NEEDED] : Tests are being slowly implemented in #12797 Signed-off-by: Charlie Doern <cdoern@redhat.com> Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | add additional fields to podman machine ls --jsonDaniel J Walsh2022-01-11
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Add podman rm --dependDaniel J Walsh2022-01-11
|/ / | | | | | | | | | | | | | | | | | | | | This option causes Podman to not only remove the specified containers but all of the containers that depend on the specified containers. Fixes: https://github.com/containers/podman/issues/10360 Also ran codespell on the code Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12748 from flouthoc/ign_add_proxy_varsOpenShift Merge Robot2022-01-11
|\ \ | | | | | | ignition: set `HTTP` proxy variable and `SSL_CERT_FILE` from `host` -> `machine`.
| * | pkg: use PROXY_VARS from c/commonAditya Rajan2022-01-11
| | | | | | | | | | | | Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | ignition: add support from setting SSL_CERT_FILEAditya Rajan2022-01-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Copy the file referred to by SSL_CERT_FILE on the host into the podman machine's OS trust store, overriding the built-in single-file trust store certificate. Also set the `SSL_FILE_CERT` on remote machine [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | ignition: propogate HTTP proxy variables from host to remoteAditya Rajan2022-01-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | Use the InfraImage defined in containers.confDaniel J Walsh2022-01-10
|/ / | | | | | | | | | | | | | | | | Remove hard code use of the DefaultInfraImage and rely on getting this from containers.conf. Fixes: https://github.com/containers/podman/issues/12771 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Don't add env if optional and not foundUrvashi Mohnani2022-01-10
|/ | | | | | | | If the pod yaml has env from secret and condifg map but they are optional and the secret cannot be found, don't add the env key as well as the env value will not be found. Matches behavior with k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Merge pull request #12726 from hikhvar/remove-superflous-pod-renameOpenShift Merge Robot2022-01-07
|\ | | | | Don't rename pod if container has the same name
| * Don't rename pod if container has the same nameChristoph Petrausch2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We enforce the naming scheme "<podname>-<containername>" here [1]. Therefore we must not rename the pod in case of a naming conflict between pod name and container name. Not renaming the pod increases the usability for the user and easies scripting based on the name. Otherwise a user must set some label to reliable find a pod after creation. Or have to implement the renaming logic in the script. [1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140 Fixes #12722 Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
* | Merge pull request #12614 from baude/bz2028408OpenShift Merge Robot2022-01-06
|\ \ | | | | | | fix healthcheck timeouts and ut8 coercion
| * | fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11454 from afbjorklund/virtfs-volumesOpenShift Merge Robot2022-01-06
|\ \ \ | |/ / |/| | Implement virtfs volumes for podman machine
| * | Make it possible to select the volume driverAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the same type of mounts for all the machine volumes. The default could change in the future, depending on OS. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Check the mount type for future compatibilityAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other mount types available, such as NFS or SMB, or one could use reverse sshfs for better compatibility. It could either be a global option, or it could perhaps be overridden for each volume (like the container volumes). Refactor the creation of the options string or array. Allow specifying the volume as read-only, if desired. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Implement virtfs volumes for podman machineAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow using the built-in 9pfs feature of qemu, mounting host directories into vm mountpoints. The volumes are generic, the mounts are specific. Wait for the machine to be "running", otherwise the SSH function might throw an error instead. Increase the default msize from 8 KiB to 128 KiB [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #11538 from mtrmac/http-credentialsOpenShift Merge Robot2022-01-06
|\ \ \ | |_|/ |/| | Fix HTTP credentials passing
| * | Make XRegistryAuthHeader and XRegistryConfigHeader privateMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... now that they have no public users. Also remove the HeaderAuthName type, we don't need the type-safety so much for private constants, and using plain strings results in less visual noise. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove the authfile parameter of MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op, others only provide a nil SystemContext; so, remove that option and simplify (well, somewhat; many callers now have extra &types.SystemContext{AuthFilePath} boilerplate; at least that's consistent with that code carrying a TODO to create a larger-scope SystemContext). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Simplify the header decision in pkg/bindings/images.Build a bitMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | ... now that two of the three cases are the same. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove the authfile parameter of MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op; so, remove that option and simplify. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove no-longer-useful name variablesMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | which used to contain more context, but now are just a pointless copy. Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Consolidate creation of SystemContext with auth.json into a helperMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove pkg/auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is no longer used. Split the existing tests into MakeXRegistryConfigHeader and MakeXRegistryAuthHeader variants. For now we don't modify the implementations at all, to make review simpler; cleanups will follow. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)Miloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Turn headerAuth into MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)Miloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Turn headerConfig into MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Move the auth file creation to GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | This shares the code, and makes getConfigCredentials and getAuthCredentials side-effect free and possibly easier to test. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>