summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Correct port range logic for port generationMatthew Heon2020-12-08
| | | | | | | | | | | | | The existing logic (Range > 0) always triggered, because range is guaranteed to be at least 1 (a single port has a range of 1, a two port range (e.g. 80-81) has a range of 2, and so on). As such this could cause ports that had a host port assigned to them by the user to randomly assign one instead. Fixes #8650 Fixes #8651 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #8642 from jwhonce/issues/8444OpenShift Merge Robot2020-12-08
|\ | | | | Restore json format for fields as well as whole structs
| * Restore json format for fields as well as whole structsJhon Honce2020-12-07
| | | | | | | | | | | | | | | | | | * Add template func to inspect template processing * Added test using repro from #8444 Fixes #8444 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8648 from mheon/fix_7883OpenShift Merge Robot2020-12-08
|\ \ | | | | | | Make `podman stats` slirp check more robust
| * | Make `podman stats` slirp check more robustMatthew Heon2020-12-08
| |/ | | | | | | | | | | | | | | | | | | | | Just checking for `rootless.IsRootless()` does not catch all the cases where slirp4netns is in use - we actually allow it to be used as root as well. Fortify the conditional here so we don't fail in the root + slirp case. Fixes #7883 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8630 from umohnani8/sec-optOpenShift Merge Robot2020-12-08
|\ \ | |/ |/| Add systempaths=unconfined option
| * Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | | | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #8639 from Luap99/fix-network-ls-filter-flakeOpenShift Merge Robot2020-12-07
|\ \ | | | | | | Fix network ls --filter invalid value flake
| * | Fix network ls --filter invalid value flakePaul Holzinger2020-12-07
| | | | | | | | | | | | | | | | | | The filter is only validated when at least one network exists. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ \ | |/ / |/| | generate kube on multiple containers
| * | generate kube on multiple containersbaude2020-12-07
| |/ | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8561 from mheon/fix_gatingOpenShift Merge Robot2020-12-07
|\ \ | |/ |/| Do not mount sysfs as rootless in more cases
| * Do not mount sysfs as rootless in more casesMatthew Heon2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8489 from ashley-cui/commonslirpOpenShift Merge Robot2020-12-05
|\ \ | | | | | | Add ability to set system wide options for slirp4netns
| * | Add ability to set system wide options for slirp4netnsAshley Cui2020-12-04
| | | | | | | | | | | | | | | | | | Wire in containers.conf options for slirp Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #8494 from mlegenovic/masterOpenShift Merge Robot2020-12-04
|\ \ \ | | | | | | | | More docker compat API fixes
| * | | More docker compat API fixesMilivoje Legenovic2020-12-04
| |/ / | | | | | | | | | | | | | | | Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | e2e: bump pull timeout to 240 secondsValentin Rothberg2020-12-04
|/ / | | | | | | | | | | | | I am constantly hitting the 90 seconds limit with my very slow connection. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8551 from rhatdan/defaultOpenShift Merge Robot2020-12-03
|\ \ | | | | | | Support --network=default as if it was private
| * | Support --network=default as if it was privateDaniel J Walsh2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker defines an option of "default" which means to use the default network. We should support this with the same code path as --network="". This is important for compatibility with the Docker API. Fixes: https://github.com/containers/podman/issues/8544 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ \ \ | | | | | | | | Add mask and unmask option to --security-opt
| * | | Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Fix `podman images...` missing headers in table templatesJhon Honce2020-12-02
| |/ / |/| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Add support for network idsPaul Holzinger2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network ID is not stored. It is just the sha256 hash from the network name. There is a risk of a potential hash collision. However it's very unlikely and even if we hit this it will complain that more than network with this ID exists. The main benefit is that the compat api can have proper network ID support. Also this adds the support for `podman network ls --format "{{.ID}}"` and `--filter id=<ID>`. It also ensures that we can do network rm <ID> and network inspect <ID>. Since we use a hash this commit is backwards compatible even for already existing networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8457 from afbjorklund/bridge-mtuOpenShift Merge Robot2020-12-02
|\ \ \ | | | | | | | | Add podman network create flag for bridge mtu
| * | | Validate that the bridge option is supportedAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | Thanks Luap99 for the validation suggestion Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | | Add integration test for the bridge optionsAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | Thanks Luap99 for doing the implementation Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | | Merge pull request #8542 from rhatdan/testOpenShift Merge Robot2020-12-01
|\ \ \ \ | |/ / / |/| | | Fix typo in tests
| * | | Fix typo in testsDaniel J Walsh2020-12-01
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ \ | | | | | | | | Add support for --platform
| * | | Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ \ \ \ | |_|/ / |/| | | podman network label support
| * | | podman network label supportPaul Holzinger2020-11-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8515 from baude/netconnectstateOpenShift Merge Robot2020-12-01
|\ \ \ | |_|/ |/| | network connect disconnect on non-running containers
| * | network connect disconnect on non-running containersbaude2020-11-30
| | | | | | | | | | | | | | | | | | | | | a container can connect and disconnet to networks even when not in a running state. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ \ \ | | | | | | | | Remove varlink support from podman
| * | | Remove varlink support from PodmanDaniel J Walsh2020-11-26
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
| |/ |/| | | | | | | | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8493 from Luap99/net-rm-macvlanOpenShift Merge Robot2020-11-28
|\ \ | | | | | | Fix problems with network remove
| * | Fix problems with network removePaul Holzinger2020-11-26
| |/ | | | | | | | | | | | | | | | | First, make sure we are only trying to remove the network interface if we are root. Second, if we cannot get the interface name (e.g macvlan config) then we should not fail. Just remove the config file. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Add support for persistent volume claims in kube filesAlban Bedel2020-11-27
| | | | | | | | | | | | | | | | | | | | | | | | | | In k8s a persistent volume claim (PVC) allow pods to define a volume by referencing the name of a PVC. The PVC basically contains criterias that k8s then use to select which storage source it will use for the volume. Podman only provide one abtracted storage, the named volumes, and create them if they don't exists yet. So this patch simply use a volume with the name of the PVC. Signed-off-by: Alban Bedel <albeu@free.fr>
* | Prepare support in kube play for other volume types than hostPathAlban Bedel2020-11-27
|/ | | | | | | | | | Replace the simple map of names to paths with a map of names to a struct to allow passing more parameters. Also move the code to parse the volumes to its own file to avoid making the playKubePod() function overly complex. Finally rework the kube volumes test to also be ready to support more volume types. Signed-off-by: Alban Bedel <albeu@free.fr>
* Fix custom mac address with a custom cni networkPaul Holzinger2020-11-24
| | | | | | | | | | | The cni plugin `tuning` is required to set a custom mac address. This plugin is configured in the default cni config file which is packaged with podman but was not included the generated config form `podman network create`. Fixes #8385 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8446 from Luap99/podman-container-psOpenShift Merge Robot2020-11-23
|\ | | | | Add podman container ps command
| * Add podman container ps commandPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | This command exists in docker and is also in our documentation. Also remove mentions of `podman ls` or `podman list`. These commands do not exists in podman or docker. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
|\ \ | |/ |/| Allow containers to --restart on-failure with --rm
| * Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
|\ \ | |/ |/| Allow multiple --network flags for podman run/create