summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6419 from mheon/signal_parse_windowsOpenShift Merge Robot2020-05-29
|\ | | | | Ensure that signal names can be parsed on Windows
| * Ensure that signal names can be parsed on WindowsMatthew Heon2020-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure the Windows and OS X remote clients can properly parse container stop signal (when given as a name e.g. SIGTERM) and set it in SpecGen, we need access to a list of Linux signal names and the numbers they map to that is available on non-Linux OSes. Fortunately, these are ABI constants that are extremely unlikely to change, so we can just take the existing constant definitions from the library and use them. The signal numbers used here are sourced from AMD64, but should be the same for every architecture that is not Alpha, SPARC, MIPS, and PA-RISC. So `podman run --stop-signal SIGTTOU` from a Windows client to a Podman service on a SPARC host will set an incorrect stop signal, but I don't think this is a large problem. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | V2 verify JSON output is consistent and doesn't driftJhon Honce2020-05-28
| | | | | | | | | | | | | | $ cd test/apiv2 $ python -m unittest -v test_rest_v1_0_0.TestApi Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | fix `ps --last=N`Valentin Rothberg2020-05-28
| | | | | | | | | | | | | | Fix `ps --last=N` to also include non-running containers. Also add an e2e test to prevent us from regressing in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6410 from haircommander/fix-segfaultOpenShift Merge Robot2020-05-27
|\ \ | | | | | | specgen: fix segfault
| * | specgen: fix segfaultPeter Hunt2020-05-27
| | | | | | | | | | | | | | | | | | we should not access the devices without checking if the resources are there Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #6407 from baude/v2eventsstreamOpenShift Merge Robot2020-05-27
|\ \ \ | |/ / |/| | Add streaming ability to endpoint
| * | Add streaming ability to endpointBrent Baude2020-05-27
| | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6398 from rhatdan/32bitOpenShift Merge Robot2020-05-27
|\ \ \ | | | | | | | | Fix builds on 32 Arches.
| * | | Fix builds on 32 bit archesDaniel J Walsh2020-05-27
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6403 from vrothberg/push-swaggerOpenShift Merge Robot2020-05-27
|\ \ \ \ | |_|/ / |/| | | v2 libpod push: correct docs
| * | | v2 libpod push: correct docsValentin Rothberg2020-05-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The swagger documentation for the libpod push endpoint were not in sync with the implementation. Correct these docs to reflect the parameters that are actually supported. Fixes: #6388 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6372 from boaz0/gh_6283OpenShift Merge Robot2020-05-27
|\ \ \ \ | |_|/ / |/| | | Add --format to pod inspect
| * | | Add --format to pod inspectBoaz Shuster2020-05-27
| |/ / | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | / container stats: fix --no-stream raceValentin Rothberg2020-05-27
| |/ |/| | | | | | | | | | | | | | | Fix a race in `podman container stats` by waiting for the client to consume the data in the channel. This requires a `sync.WaitGroup` (or semaphore) in the client and to also close the channel the backend. Fixes: #6405 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6363 from jwhonce/wip/attachOpenShift Merge Robot2020-05-26
|\ \ | |/ |/| V2 Fix interface nil checks
| * V2 Fix interface nil checksJhon Honce2020-05-26
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6321 from Luap99/podman-generate-systemd-unit-prefixOpenShift Merge Robot2020-05-25
|\ \ | | | | | | Allow to change the generated systemd unit name prefix
| * | Added new flags to 'podman generate systemd' to change the unit name prefixLuap992020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --container-prefix <string> - default 'container' Systemd unit name prefix for containers --pod-prefix <string> - default 'pod' Systemd unit name prefix for pods --separator <string> - default '-' Systemd unit name seperator between name/id and prefix Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #6238 from baude/v2compatnetOpenShift Merge Robot2020-05-25
|\ \ \ | | | | | | | | network compatibility endpoints for API
| * | | network compatibility endpoints for APIBrent Baude2020-05-22
| | |/ | |/| | | | | | | | | | | | | add endpoints for networking compatibility with the API. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6355 from jwhonce/wip/MethodNotAllowedHandlerOpenShift Merge Robot2020-05-23
|\ \ \ | | | | | | | | Add MethodNotAllowedHandler() to add in debugging
| * | | Add MethodNotAllowedHandler() to add in debuggingJhon Honce2020-05-22
| |/ / | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / / Follow up PR to fix issues found in #6341Daniel J Walsh2020-05-22
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Attempt to turn on build_without_cgo testsDaniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Attempt to turn on additional build testsDaniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | V2 enable remote logs and testingJhon Honce2020-05-22
| | | | | | | | | | | | | | | | | | | | * wire up bindings and handler for obtaining logs remotely * enable debug logging from podman in e2e test using DEBUG and DEBUG_SERVICE env variables * Fix error in streaming log frames * enable remote logs test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6345 from QiWang19/mani-push-testOpenShift Merge Robot2020-05-22
|\ \ | | | | | | remote manifest test
| * | remote manifest testQi Wang2020-05-21
| | | | | | | | | | | | | | | | | | Enable remove manifest tests. Skip --purge test because remote does not support it. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Removes remote system reset functionality. skip e2e test for remote.Sujil022020-05-22
| | | | | | | | | | | | | | | | | | | | | As system reset too dangerous for remote use, deleting the functionality and the test case. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | Merge pull request #6327 from baude/v2buildOpenShift Merge Robot2020-05-22
|\ \ \ | | | | | | | | v2 podman-remote build
| * | | v2 podman-remote buildBrent Baude2020-05-21
| |/ / | | | | | | | | | | | | | | | this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6179 from mheon/add_hairpinOpenShift Merge Robot2020-05-22
|\ \ \ | | | | | | | | Add HairpinMode to our CNI configs
| * | | Add HairpinMode to our CNI configsMatthew Heon2020-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This may resolve some issues with routing traffic between containers using the host's IP. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #6330 from rhatdan/startOpenShift Merge Robot2020-05-22
|\ \ \ \ | | | | | | | | | | Fix podman-remote start tests
| * | | | Fix podman-remote start testsDaniel J Walsh2020-05-21
| | |/ / | |/| | | | | | | | | | | | | | | | | | Also enable some tests for remote by removing -l flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6275 from rhatdan/VERSIONOpenShift Merge Robot2020-05-22
|\ \ \ \ | | | | | | | | | | Display human build date in podman info
| * | | | podman version --format ... was not workingDaniel J Walsh2020-05-21
| |/ / / | | | | | | | | | | | | | | | | | | | | This patch fixes the podman --version --format command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / / Fix podman-remote stop --all to handle not running containersDaniel J Walsh2020-05-21
|/ / / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6320 from rhatdan/skipOpenShift Merge Robot2020-05-21
|\ \ \ | | | | | | | | Start testing with cross compilation
| * | | Start testing with cross compilationDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add missing man page links for podman-image-search and podman-image-diff Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6319 from rhatdan/exitOpenShift Merge Robot2020-05-21
|\ \ \ \ | | | | | | | | | | Get proper exit code when running or starting a container.
| * | | | Get proper exit code when running or starting a container.Daniel J Walsh2020-05-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | When we finish running a container, we need to call wait in order to get the exit code from the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6312 from rhatdan/imageOpenShift Merge Robot2020-05-21
|\ \ \ \ | | | | | | | | | | Fix remote handling of podman images calls
| * | | | Handle filters correctly for podman pruneDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Fix remote handling of podman images callsDaniel J Walsh2020-05-21
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | Enable three more tests Fix handling of image filters Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6280 from mheon/switch_off_noexecOpenShift Merge Robot2020-05-21
|\ \ \ \ | | | | | | | | | | Turn off 'noexec' option by default for named volumes
| * | | | Turn off 'noexec' option by default for named volumesMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #6304 from baude/v2remotehctestsOpenShift Merge Robot2020-05-21
|\ \ \ \ \ | |_|_|/ / |/| | | | Fix remote integration for healthchecks