summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* capabilities: always set ambient and inheritableGiuseppe Scrivano2020-09-30
| | | | | | | | | | | | change capabilities handling to reflect what docker does. Bounding: set to caplist Inheritable: set to caplist Effective: if uid != 0 then clear; else set to caplist Permitted: if uid != 0 then clear; else set to caplist Ambient: clear Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #7783 from ashley-cui/slirpOpenShift Merge Robot2020-09-29
|\ | | | | Add support for slirp network for pods
| * Add support for slirp network for podsAshley Cui2020-09-25
| | | | | | | | | | | | flag --network=slirp4netns[options] for root and rootless pods Signed-off-by: Ashley Cui <acui@redhat.com>
* | Ignore containers.conf sysctl when namespaces set to hostDaniel J Walsh2020-09-28
| | | | | | | | | | | | | | | | | | | | | | If user sets namespace to host, then default sysctls need to be ignored that are specific to that namespace. --net=host ignore sysctls that begin with net. --ipc=host ignore fs.mqueue --uts=host ignore kernel.domainname and kernel.hostname Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7786 from rhatdan/rootlessOpenShift Merge Robot2020-09-28
|\ \ | | | | | | Remove SkipIfRootless if possible, document other calls
| * | Remove SkipIfRootless if possible, document other callsDaniel J Walsh2020-09-27
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7770 from rhatdan/pullpolicyOpenShift Merge Robot2020-09-28
|\ \ \ | | | | | | | | Properly handle podman run --pull command
| * | | Properly handle podman run --pull commandDaniel J Walsh2020-09-27
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the --pull missing|always|never is ignored This PR implements this for local API. For remote we need to default to pullpolicy specified in the containers.conf file. Also fixed an issue when images were matching other images names based on prefix, causing images to always be pulled. I had named an image myfedora and when ever I pulled fedora, the system thought that it there were two images named fedora since it was checking for the name fedora as well as the prefix fedora. I changed it to check for fedora and the prefix /fedora, to prefent failures like I had. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Fix network remove for the podman remote clientPaul Holzinger2020-09-28
| | | | | | | | | | | | | | | | | | | | | | | | The podman remote client ignored the force option due a typo. If an error occured the remote client would panic with an index out of range error. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Fix podman network rm --force when network is used by a podPaul Holzinger2020-09-28
|/ / | | | | | | | | | | I added a test to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Remove some SkipIfRootess flags from testsDaniel J Walsh2020-09-25
| | | | | | | | | | | | | | We need to get more tests running in rootless mode. Since cgroupsV2 allows management of cgroups in rootless environments a lot of more tests can be run. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7741 from vrothberg/remote-load-dir-checkOpenShift Merge Robot2020-09-24
|\ \ | | | | | | remote load: check if input is directory
| * | remote load: check if input is directoryValentin Rothberg2020-09-24
| | | | | | | | | | | | | | | | | | | | | | | | The remote client does not support loading directories yet. To prevent confusing error messages and to make the behaviour more explicit, check if the input points to a directory and throw an error if needed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7753 from vrothberg/fix-7689OpenShift Merge Robot2020-09-24
|\ \ \ | |/ / |/| | remote stats
| * | new endpoint: /libpod/containers/statsValentin Rothberg2020-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new endpoint for container stats allowing for batch operations on more than one container. The new endpoint deprecates the single-container endpoint which will eventually be removed with the next major release. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7759 from xordspar0/app-filterOpenShift Merge Robot2020-09-24
|\ \ \ | | | | | | | | Allow filtering on pod label values
| * | | Allow filtering on pod label valuesJordan Christiansen2020-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, filters of the form `podman pod ps --filter label=app=myapp` were not working. The results would include all pods that contained the app label with any value. Looking at the code, this makes sense. It appears that the second = and everything after it were getting truncated. Even though there was already a passing test that tested `podman pod ps --filter label=io.podman.test.label=value1`, the test failed with the above example with a label `app=myapp`. The new code works in both cases. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | Remove final v2remotefail failuresDaniel J Walsh2020-09-23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Most have been fixed, others I replaced with SkipIfRemote Fix ContainerStart on tunnel, it needs to wait for the exit status before returning. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7745 from rhatdan/systemdOpenShift Merge Robot2020-09-23
|\ \ \ | | | | | | | | Systemd should be able to run as rootless
| * | | Systemd should be able to run as rootlessDaniel J Walsh2020-09-23
| |/ / | | | | | | | | | | | | | | | Turn on most of the systemd tests for rootless. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | e2e tests: SkipIfRemote(): add a reasonEd Santiago2020-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that Dan has added helpful comments to each SkipIfRemote, let's take the next step and include those messages in the Skip() output so someone viewing test results can easily see if a remote test is skipped for a real reason or for a FIXME. This commit is the result of a simple: perl -pi -e 's;(SkipIfRemote)\(\)(\s+//\s+(.*))?;$1("$3");' *.go in the test/e2e directory, with a few minor (manual) changes in wording. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Examine all SkipIfRemote functionsDaniel J Walsh2020-09-22
|/ / | | | | | | | | | | | | | | Remove ones that are not needed. Document those that should be there. Document those that should be fixed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7717 from rhatdan/attachOpenShift Merge Robot2020-09-22
|\ \ | | | | | | Fix up attach tests for podman remote
| * | Fix up attach tests for podman remoteDaniel J Walsh2020-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we execute podman-remote attach, we were not checking if the container was in the correct state, this is leading to timeouts and we had turned off remote testing. Also added an IfRemote() function so we can turn on more tests when using the "-l" flag for local, but use container name for remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Fix podman image unmount to only report images unmountedDaniel J Walsh2020-09-21
|/ / | | | | | | | | | | | | Currently `podman image unmount` report every image that is mounted when it unmounts them. We should only report unmounted actually mounted images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7697 from rhatdan/ignoreOpenShift Merge Robot2020-09-21
|\ \ | | | | | | Fix handling of podman-remote stop --ignore
| * | Fix handling of podman-remote stop --ignoreDaniel J Walsh2020-09-19
| | | | | | | | | | | | | | | | | | This patch simplifies the hanlding of rhe --ignore flag, for podman stop, rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7696 from jwhonce/wip/versionOpenShift Merge Robot2020-09-21
|\ \ \ | | | | | | | | Refactor version handling in cmd tree
| * | | Refactor version handling in cmd treeJhon Honce2020-09-18
| |/ / | | | | | | | | | | | | | | | | | | * Move from simple string to semver objects * Change client API Version from '1' to 2.0.0 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Fix incorrect parsing of create/run --volumes-fromPaul Holzinger2020-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a bunch of tests to ensure that --volumes-from works as expected. Also align the podman create and run man page. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #7694 from mheon/fix_exec_supplemental_groupsOpenShift Merge Robot2020-09-19
|\ \ \ | |/ / |/| | Preserve groups in exec sessions in ctrs with --user
| * | Preserve groups in exec sessions in ctrs with --userMatthew Heon2020-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman wants to guarantee that exec sessions retain the groups of the container they are started in, unless explicitly overridden by the user. This guarantee was broken for containers where the `--user` flag was specified; this patch resolves that. Somewhere in the Exec rewrite for APIv2, I changed the location where the container's User is passed into the exec session (similar to groups, we also want to preserve user unless overridden). The lower-level Exec APIs already handled setting user and group appropriately if not specified when the exec session was created, but I added duplicate code to handle this higher in the stack - and that code only handled setting user, not supplemental groups, breaking support in that specific case. Two things conspired to make this one hard to track down: first, things were only broken if the container explicitly set a user; otherwise, the container user would still appear to be unset to the lower-level code, which would properly set supplemental groups (this tricked our existing test into passing). Also, the `crun` OCI runtime will add the groups without prompting, which further masked the problem there. I debated making `runc` do the same, but in the end it's better to fix this in Podman - it's better to be explicit about what we want done so we will work with all OCI runtimes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7679 from baude/remoteiidfileOpenShift Merge Robot2020-09-18
|\ \ \ | | | | | | | | enable --iidfile for podman-remote build
| * | | enable --iidfile for podman-remote buildbaude2020-09-17
| | | | | | | | | | | | | | | | | | | | | | | | for podman-remote build operations, the iidfile, when used, needs to write the file to the client's local filesystem. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #7671 from zhangguanzhang/play-kube-handle-restartPolicyOpenShift Merge Robot2020-09-18
|\ \ \ \ | | | | | | | | | | handle the restartPolicy for play kube and generate kube
| * | | | handle the play kube and generate kube for with restartPolicyzhangguanzhang2020-09-18
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | fix the .Path and .Args when use the infra-commandzhangguanzhang2020-09-18
|/ / / / | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* / / / Fix play_kube_test deployment templateJordan Christiansen2020-09-17
|/ / / | | | | | | | | | | | | | | | | | | Annotations were at the wrong indentation, making them a part of the labels map. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | Merge pull request #7654 from vrothberg/fix-7651OpenShift Merge Robot2020-09-17
|\ \ \ | |_|/ |/| | image list: return all associated names
| * | image list: return all associated namesValentin Rothberg2020-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always return all associated names / repo tags of an image and fix a bug with malformed repo tags. Previously, Podman returned all names only with `--all` but this flag only instructs to list intermediate images and should not alter associated names. With `--all` Podman queried the repo tags of an image which splits all *tagged* names into repository and tag which is then reassembled to eventually be parsed again in the frontend. Lot's of redundant CPU heat and buggy as the reassembly didn't consider digests which ultimately broke parsing in the frontend. Fixes: #7651 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Add labels to a pod created via play kubeJordan Christiansen2020-09-16
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using `podman play kube` with a YAML file that has pod labels, apply those labels to the pods that podman makes. For example, this Deployment spec has labels on a pod: apiVersion: apps/v1 kind: Deployment metadata: name: myapp labels: app: myapp spec: selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: web image: nginx ports: - containerPort: 80 The pods that podman creates will have the label "app" set to "myapp" so that these pods can be found with `podman pods ps --filter label=app`. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Fix podman pod create --infra-command and --infra-imageDaniel J Walsh2020-09-16
| | | | | | | | | | | | | | | | Currently infr-command and --infra-image commands are ignored from the user. This PR instruments them and adds tests for each combination. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Supports import&run--signature-policyQi Wang2020-09-15
| | | | | | | | | | | | Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7452 from jwhonce/issues/7136OpenShift Merge Robot2020-09-15
|\ \ | | | | | | Refactor API build endpoint to be more compliant
| * | Refactor API build endpoint to be more compliantJhon Honce2020-09-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor/Rename channel.WriteCloser() to encapsulate the channel * Refactor build endpoint to "live" stream buildah output channels over API rather then buffering output * Refactor bindings/tunnel build because endpoint changes * building tar file now in bindings rather then depending on caller * Cleanup initiating extra image engine * Remove setting fields to zero values (less noise in code) * Update tests to support remote builds Fixes #7136 Fixes #7137 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / podman wait accept args > 1Paul Holzinger2020-09-15
|/ | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Fix up errors found by codespellDaniel J Walsh2020-09-11
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7591 from haircommander/play-kube-process-namespaceOpenShift Merge Robot2020-09-11
|\ | | | | play/generate: support shareProcessNamespace
| * play/generate: support shareProcessNamespacePeter Hunt2020-09-10
| | | | | | | | | | | | | | | | | | this is an option that allows a user to specify whether to share PID namespace in the pod for play kube and generate kube associated test added Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #7593 from edsantiago/network_test_cleanupOpenShift Merge Robot2020-09-11
|\ \ | | | | | | run_networking e2e test: add cleanup to some tests