| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Ensure that signal names can be parsed on Windows
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To ensure the Windows and OS X remote clients can properly parse
container stop signal (when given as a name e.g. SIGTERM) and
set it in SpecGen, we need access to a list of Linux signal names
and the numbers they map to that is available on non-Linux OSes.
Fortunately, these are ABI constants that are extremely unlikely
to change, so we can just take the existing constant definitions
from the library and use them.
The signal numbers used here are sourced from AMD64, but should
be the same for every architecture that is not Alpha, SPARC,
MIPS, and PA-RISC. So `podman run --stop-signal SIGTTOU` from a
Windows client to a Podman service on a SPARC host will set an
incorrect stop signal, but I don't think this is a large problem.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
$ cd test/apiv2
$ python -m unittest -v test_rest_v1_0_0.TestApi
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Fix `ps --last=N` to also include non-running containers. Also add an
e2e test to prevent us from regressing in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
specgen: fix segfault
|
| | |
| | |
| | |
| | |
| | |
| | | |
we should not access the devices without checking if the resources are there
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add streaming ability to endpoint
|
| | |
| | |
| | |
| | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix builds on 32 Arches.
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
v2 libpod push: correct docs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The swagger documentation for the libpod push endpoint were not in sync
with the implementation. Correct these docs to reflect the parameters
that are actually supported.
Fixes: #6388
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add --format to pod inspect
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
Fix a race in `podman container stats` by waiting for the client to
consume the data in the channel. This requires a `sync.WaitGroup` (or
semaphore) in the client and to also close the channel the backend.
Fixes: #6405
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
V2 Fix interface nil checks
|
| |
| |
| |
| | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Allow to change the generated systemd unit name prefix
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--container-prefix <string> - default 'container'
Systemd unit name prefix for containers
--pod-prefix <string> - default 'pod'
Systemd unit name prefix for pods
--separator <string> - default '-'
Systemd unit name seperator between name/id and prefix
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
network compatibility endpoints for API
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
add endpoints for networking compatibility with the API.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add MethodNotAllowedHandler() to add in debugging
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* wire up bindings and handler for obtaining logs remotely
* enable debug logging from podman in e2e test using DEBUG and
DEBUG_SERVICE env variables
* Fix error in streaming log frames
* enable remote logs test
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
remote manifest test
|
| | |
| | |
| | |
| | |
| | |
| | | |
Enable remove manifest tests. Skip --purge test because remote does not support it.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As system reset too dangerous for remote use, deleting the functionality
and the test case.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|\ \ \
| | | |
| | | | |
v2 podman-remote build
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add HairpinMode to our CNI configs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This may resolve some issues with routing traffic between
containers using the host's IP.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix podman-remote start tests
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
Also enable some tests for remote by removing -l flag.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Display human build date in podman info
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch fixes the podman --version --format command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Start testing with cross compilation
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add missing man page links for podman-image-search and
podman-image-diff
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Get proper exit code when running or starting a container.
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we finish running a container, we need to call wait in order
to get the exit code from the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix remote handling of podman images calls
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enable three more tests
Fix handling of image filters
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Turn off 'noexec' option by default for named volumes
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We previously enforced this for security reasons, but as Dan has
explained on several occasions, it's not very valuable there
(it's trivially easy to bypass) and it does seriously annoy folks
trying to use named volumes. Flip the default from 'on' to 'off'.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Fix remote integration for healthchecks
|