summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #12726 from hikhvar/remove-superflous-pod-renameOpenShift Merge Robot2022-01-07
|\ | | | | Don't rename pod if container has the same name
| * Don't rename pod if container has the same nameChristoph Petrausch2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We enforce the naming scheme "<podname>-<containername>" here [1]. Therefore we must not rename the pod in case of a naming conflict between pod name and container name. Not renaming the pod increases the usability for the user and easies scripting based on the name. Otherwise a user must set some label to reliable find a pod after creation. Or have to implement the renaming logic in the script. [1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140 Fixes #12722 Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
* | Merge pull request #12614 from baude/bz2028408OpenShift Merge Robot2022-01-06
|\ \ | | | | | | fix healthcheck timeouts and ut8 coercion
| * | fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11454 from afbjorklund/virtfs-volumesOpenShift Merge Robot2022-01-06
|\ \ \ | |/ / |/| | Implement virtfs volumes for podman machine
| * | Make it possible to select the volume driverAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the same type of mounts for all the machine volumes. The default could change in the future, depending on OS. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Check the mount type for future compatibilityAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other mount types available, such as NFS or SMB, or one could use reverse sshfs for better compatibility. It could either be a global option, or it could perhaps be overridden for each volume (like the container volumes). Refactor the creation of the options string or array. Allow specifying the volume as read-only, if desired. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Implement virtfs volumes for podman machineAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow using the built-in 9pfs feature of qemu, mounting host directories into vm mountpoints. The volumes are generic, the mounts are specific. Wait for the machine to be "running", otherwise the SSH function might throw an error instead. Increase the default msize from 8 KiB to 128 KiB [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #11538 from mtrmac/http-credentialsOpenShift Merge Robot2022-01-06
|\ \ \ | |_|/ |/| | Fix HTTP credentials passing
| * | Make XRegistryAuthHeader and XRegistryConfigHeader privateMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... now that they have no public users. Also remove the HeaderAuthName type, we don't need the type-safety so much for private constants, and using plain strings results in less visual noise. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove the authfile parameter of MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op, others only provide a nil SystemContext; so, remove that option and simplify (well, somewhat; many callers now have extra &types.SystemContext{AuthFilePath} boilerplate; at least that's consistent with that code carrying a TODO to create a larger-scope SystemContext). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Simplify the header decision in pkg/bindings/images.Build a bitMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | ... now that two of the three cases are the same. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove the authfile parameter of MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op; so, remove that option and simplify. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove no-longer-useful name variablesMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | which used to contain more context, but now are just a pointless copy. Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Consolidate creation of SystemContext with auth.json into a helperMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove pkg/auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is no longer used. Split the existing tests into MakeXRegistryConfigHeader and MakeXRegistryAuthHeader variants. For now we don't modify the implementations at all, to make review simpler; cleanups will follow. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)Miloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Turn headerAuth into MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)Miloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Turn headerConfig into MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Move the auth file creation to GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | This shares the code, and makes getConfigCredentials and getAuthCredentials side-effect free and possibly easier to test. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Consolidate the error handling path in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | We'll share even more code here in the future. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Only look up HTTP header values once in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | ... and have GetCredentials pass the values down to getConfigCredentials and getAuthCredentials. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Use Header.Values in GetCredentials.hasMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | It's possibly a bit more expensive, but semantically safer because it does header normalization. And we'll regain the cost by not looking up the value repeatedly. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Beautify GetCredentials.has a bitMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | Use separate lines, and use the provided .String() API. Should not change behaivor. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Both have a single caller, so there's no point in looking up the header value twice. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Simplify parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | In the "no input" case, return a constant instead of continuing with the decode/convert path, converting empty data. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Simplify the interface of parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't create a single-element map only for the only caller to laboriously extract an element of that map; just return a single entry. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Don't return a header name from auth.GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Almost every caller is using it only to wrap an error in exactly the same way, so move that error context into GetCredentials and simplify the users. (The one other caller, build, was even wrapping the error incorrectly talking about query parameters; so let it use the same text as the others.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Fix normalizeAuthFileKey to use the correct semanticsMiloslav Trmač2021-12-10
| | | | | | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Rename normalize and a few variablesMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | ... to refer to auth file keys instead of servers and the like. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Add TestHeaderGetCredentialsRoundtripMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... as an end-to-end unit test of the header creation/parsing code. Leave the docker.io and docker.io/vendor test cases commented out, because they are currently failing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Add tests for auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | Just a single function that handles all of Header, headerConfig and headerAuth; we will split that later. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Improve TestAuthConfigsToAuthFileMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | Remove the created temporary file. Use more appropriate assertion calls. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Add unit tests for singleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | Also rename it to parseSingleAuthHeader Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Add unit tests for multiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | Also rename it to parseMultiAuthHeader. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | correct typo words in docsDavid Marshall2022-01-05
| | | | | | | | | | | | | | | | | | "for creating a container" appears for networks and volumes Signed-off-by: David Marshall <dmarshall@gmail.com>
* | | Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ \ \ | | | | | | | | Pod Security Option support and Infra Inheritance changes
| * | | Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #12429 from cdoern/scpOpenShift Merge Robot2022-01-05
|\ \ \ \ | | | | | | | | | | podman image scp never enter podman user NS
| * | | | podman image scp never enter podman user NScdoern2021-12-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman image scp should never enter the Podman UserNS unless it needs to. This allows for a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo, the simple sudo podman save/load does not work, machinectl/su is necessary here. This modification allows for both rootful and rootless transfers, and an overall change of scp to be more of a wrapper function for different load and save calls as well as the ssh component Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #12735 from rhatdan/mountOpenShift Merge Robot2022-01-04
|\ \ \ \ | | | | | | | | | | Fix Container List API call to return mount info
| * | | | Fix Container List API call to return mount infoDaniel J Walsh2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are hard coding mounts to return nil in compat API, since we have the data, we should return it. Fixes: https://github.com/containers/podman/issues/12734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12643 from leahneukirchen/events-compatOpenShift Merge Robot2022-01-04
|\ \ \ \ \ | | | | | | | | | | | | legacy events: also set Action="die"
| * | | | | legacy events: also set exitCodeLeah Neukirchen2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Status = "die", Docker sets the exit code of the container to a field "exitCode". Podman uses "containerExitCode". Copy the value into "exitCode" as well, for compatibility. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
| * | | | | legacy events: also set Action="die"Leah Neukirchen2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #10168, on the event "died", the Status is set to "die" for compatibility with the Docker API. Docker also sets the field Action to "died", so do the same here. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | | | | Merge pull request #12709 from flouthoc/ign_add_certsOpenShift Merge Robot2022-01-04
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | ignition: add `certs` from current user into the machine while `init`
| * | | | | ignition: add certs from current user into the machine while initAditya Rajan2021-12-27
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d` are copied into the remote machine at `/etc/containers/certs.d/` As a result on platforms like `macOS` where podman works with a remote machine setup. User's local certs must be transferd to VM without any plumbing needed by user. [NO-NEW-TESTS-NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | | Merge pull request #12732 from strideynet/fix-default-cpu-period-commentOpenShift Merge Robot2022-01-03
|\ \ \ \ \ | | | | | | | | | | | | fix misleading comment regarding default value of cpu period
| * | | | | fix misleading comment regarding default value of cpu period [NO NEW TESTS ↵Noah Stride2022-01-03
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | NEEDED] Signed-off-by: Noah Stride <noah@noahstride.co.uk>