aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Remove the authfile parameter of MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op, others only provide a nil SystemContext; so, remove that option and simplify (well, somewhat; many callers now have extra &types.SystemContext{AuthFilePath} boilerplate; at least that's consistent with that code carrying a TODO to create a larger-scope SystemContext). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Simplify the header decision in pkg/bindings/images.Build a bitMiloslav Trmač2021-12-10
| | | | | | | | ... now that two of the three cases are the same. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove the authfile parameter of MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op; so, remove that option and simplify. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove no-longer-useful name variablesMiloslav Trmač2021-12-10
| | | | | | | | | which used to contain more context, but now are just a pointless copy. Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Consolidate creation of SystemContext with auth.json into a helperMiloslav Trmač2021-12-10
| | | | | | Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove pkg/auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | It is no longer used. Split the existing tests into MakeXRegistryConfigHeader and MakeXRegistryAuthHeader variants. For now we don't modify the implementations at all, to make review simpler; cleanups will follow. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)Miloslav Trmač2021-12-10
| | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Turn headerAuth into MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)Miloslav Trmač2021-12-10
| | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Turn headerConfig into MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Move the auth file creation to GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | This shares the code, and makes getConfigCredentials and getAuthCredentials side-effect free and possibly easier to test. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Consolidate the error handling path in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | We'll share even more code here in the future. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Only look up HTTP header values once in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | ... and have GetCredentials pass the values down to getConfigCredentials and getAuthCredentials. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use Header.Values in GetCredentials.hasMiloslav Trmač2021-12-10
| | | | | | | | | It's possibly a bit more expensive, but semantically safer because it does header normalization. And we'll regain the cost by not looking up the value repeatedly. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Beautify GetCredentials.has a bitMiloslav Trmač2021-12-10
| | | | | | | | Use separate lines, and use the provided .String() API. Should not change behaivor. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | Both have a single caller, so there's no point in looking up the header value twice. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Simplify parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | In the "no input" case, return a constant instead of continuing with the decode/convert path, converting empty data. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Simplify the interface of parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | Don't create a single-element map only for the only caller to laboriously extract an element of that map; just return a single entry. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Don't return a header name from auth.GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | Almost every caller is using it only to wrap an error in exactly the same way, so move that error context into GetCredentials and simplify the users. (The one other caller, build, was even wrapping the error incorrectly talking about query parameters; so let it use the same text as the others.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Fix normalizeAuthFileKey to use the correct semanticsMiloslav Trmač2021-12-10
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Rename normalize and a few variablesMiloslav Trmač2021-12-10
| | | | | | | | ... to refer to auth file keys instead of servers and the like. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add TestHeaderGetCredentialsRoundtripMiloslav Trmač2021-12-10
| | | | | | | | | | ... as an end-to-end unit test of the header creation/parsing code. Leave the docker.io and docker.io/vendor test cases commented out, because they are currently failing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add tests for auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | Just a single function that handles all of Header, headerConfig and headerAuth; we will split that later. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Improve TestAuthConfigsToAuthFileMiloslav Trmač2021-12-10
| | | | | | | | Remove the created temporary file. Use more appropriate assertion calls. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add unit tests for singleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | Also rename it to parseSingleAuthHeader Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add unit tests for multiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | Also rename it to parseMultiAuthHeader. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage ↵Marc Nguyen2021-12-10
| | | | | | (Fixes: #12563) Signed-off-by: Nguyen Marc <nguyen_marc@live.fr>
* --hostname should be set when using --pod new:foobarDaniel J Walsh2021-12-09
| | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599 When you create pod, it shares the UTS namespace with Containers. Currently the --hostname is not passed to the pod created when you create a container and pod in the same command. Also fix error message on supported --share flags Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12545 from vrothberg/fix-12477OpenShift Merge Robot2021-12-09
|\ | | | | generate systemd: support entrypoint JSON strings
| * generate systemd: support entrypoint JSON stringsValentin Rothberg2021-12-08
| | | | | | | | | | | | | | Make sure to preserve the quoting of entrypoint JSON strings. Fixes: #12477 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12541 from flouthoc/remote_blank_entrypointOpenShift Merge Robot2021-12-08
|\ \ | | | | | | specgen: honor empty args for entrypoint specified as `--entrypoint ""`
| * | specgen: honor empty args for entrypointAditya Rajan2021-12-08
| |/ | | | | | | | | | | | | | | | | | | | | Users should be able to override containers entrypoint using `--entrypoint ""` following works fine for podman but not for podman remote. Specgen ignores empty argument for entrypoint so make specgen honor empty arguments. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* / remove runlabel test for global optsValentin Rothberg2021-12-08
|/ | | | | | | | | GLOBAL_OPTS haven't been supported for at least two major versions of Podman. The runlabel code is extremely fragile and I think it should be rewritten before adding new features. Fixes: #12436 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12466 from ↵OpenShift Merge Robot2021-12-03
|\ | | | | | | | | dispensable/respect_pod_yaml_spec_hostname_when_play Hostname in `spec.hostname` should be passed to infra ctr init opt
| * Hostname in `spec.hostname` should be passed to infra ctr init optwangqiang2021-12-01
| | | | | | | | | | | | Fixes https://github.com/containers/podman/issues/12393 Signed-off-by: Qiang Wang <sunsetmask@gmail.com>
* | Merge pull request #12440 from umohnani8/cmOpenShift Merge Robot2021-12-03
|\ \ | | | | | | Add support for configmap volumes to play kube
| * | Add support for configmap volumes to play kubeUrvashi Mohnani2021-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the k8s yaml has volumes from a configmap, play kube will now create a volume based on the data from the configmap and volume source and set it to the right path in the container accordingly. Add tests for this and update some test for ENV from configmap. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #12484 from machacekondra/restartSecOpenShift Merge Robot2021-12-03
|\ \ \ | | | | | | | | Add restart-sec option to systemd generate command
| * | | Add restart-sec option to systemd generateOndra Machacek2021-12-03
| | | | | | | | | | | | | | | | Signed-off-by: Ondra Machacek <omachace@redhat.com>
* | | | Merge pull request #12486 from giuseppe/use-configured-compression-formatOpenShift Merge Robot2021-12-03
|\ \ \ \ | |/ / / |/| | | cmd, push: use the configured compression format
| * | | cmd, push: use the configured compression formatGiuseppe Scrivano2021-12-02
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] I am just changing the default value Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12483 from vrothberg/fix-12468OpenShift Merge Robot2021-12-02
|\ \ \ \ | | | | | | | | | | compat API: push: report size of manifest
| * | | | compat API: push: report size of manifestDaniel J Walsh2021-12-02
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We don't yet have a local registry running in the APIv2 tests. Tested manually. [NO NEW TESTS NEEDED] Fixes: https://github.com/containers/podman/issues/12468 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12365 from mtrmac/randomOpenShift Merge Robot2021-12-02
|\ \ \ \ | | | | | | | | | | Don't use a global RNG, and avoid conflicts, when generating NodePorts
| * | | | Allow containerPortsToServicePorts to failMiloslav Trmač2021-11-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an error return to it and affected callers. Should not affect behavior, the function can't currently fail. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | | Merge pull request #12480 from vrothberg/fix-12453OpenShift Merge Robot2021-12-02
|\ \ \ \ | | | | | | | | | | compat: images/json
| * | | | compat: images/jsonValentin Rothberg2021-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not list manifest lists. Docker doesn't either. Fixes: #12453 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12469 from Luap99/ns-teardown-flakeOpenShift Merge Robot2021-12-02
|\ \ \ \ \ | |/ / / / |/| | | | Fix possible rootless netns cleanup race
| * | | | Fix possible rootless netns cleanup racePaul Holzinger2021-12-01
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rootlessNetNS.Cleanup() has an issue with how it detects if cleanup is needed, reading the container state is not good ebough because containers are first stopped and than cleanup will be called. So at one time two containers could wait for cleanup but the second one will fail because the first one triggered already the cleanup thus making rootless netns unavailable for the second container resulting in an teardown error. Instead of checking the container state we need to check the netns state. Secondly, podman unshare --rootless-netns should not do the cleanup. This causes more issues than it is worth fixing. Users also might want to use this to setup the namespace in a special way. If unshare also cleans this up right away we cannot do this. [NO NEW TESTS NEEDED] Fixes #12459 Signed-off-by: Paul Holzinger <pholzing@redhat.com>