summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Remove SkipIfRootless if possible, document other callsDaniel J Walsh2020-09-27
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove some SkipIfRootess flags from testsDaniel J Walsh2020-09-25
| | | | | | | We need to get more tests running in rootless mode. Since cgroupsV2 allows management of cgroups in rootless environments a lot of more tests can be run. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7741 from vrothberg/remote-load-dir-checkOpenShift Merge Robot2020-09-24
|\ | | | | remote load: check if input is directory
| * remote load: check if input is directoryValentin Rothberg2020-09-24
| | | | | | | | | | | | | | | | The remote client does not support loading directories yet. To prevent confusing error messages and to make the behaviour more explicit, check if the input points to a directory and throw an error if needed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7753 from vrothberg/fix-7689OpenShift Merge Robot2020-09-24
|\ \ | |/ |/| remote stats
| * new endpoint: /libpod/containers/statsValentin Rothberg2020-09-24
| | | | | | | | | | | | | | | | | | Add a new endpoint for container stats allowing for batch operations on more than one container. The new endpoint deprecates the single-container endpoint which will eventually be removed with the next major release. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7759 from xordspar0/app-filterOpenShift Merge Robot2020-09-24
|\ \ | | | | | | Allow filtering on pod label values
| * | Allow filtering on pod label valuesJordan Christiansen2020-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, filters of the form `podman pod ps --filter label=app=myapp` were not working. The results would include all pods that contained the app label with any value. Looking at the code, this makes sense. It appears that the second = and everything after it were getting truncated. Even though there was already a passing test that tested `podman pod ps --filter label=io.podman.test.label=value1`, the test failed with the above example with a label `app=myapp`. The new code works in both cases. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | Remove final v2remotefail failuresDaniel J Walsh2020-09-23
|/ / | | | | | | | | | | | | | | | | Most have been fixed, others I replaced with SkipIfRemote Fix ContainerStart on tunnel, it needs to wait for the exit status before returning. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7745 from rhatdan/systemdOpenShift Merge Robot2020-09-23
|\ \ | | | | | | Systemd should be able to run as rootless
| * | Systemd should be able to run as rootlessDaniel J Walsh2020-09-23
| |/ | | | | | | | | | | Turn on most of the systemd tests for rootless. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | e2e tests: SkipIfRemote(): add a reasonEd Santiago2020-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that Dan has added helpful comments to each SkipIfRemote, let's take the next step and include those messages in the Skip() output so someone viewing test results can easily see if a remote test is skipped for a real reason or for a FIXME. This commit is the result of a simple: perl -pi -e 's;(SkipIfRemote)\(\)(\s+//\s+(.*))?;$1("$3");' *.go in the test/e2e directory, with a few minor (manual) changes in wording. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Examine all SkipIfRemote functionsDaniel J Walsh2020-09-22
|/ | | | | | | | Remove ones that are not needed. Document those that should be there. Document those that should be fixed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7717 from rhatdan/attachOpenShift Merge Robot2020-09-22
|\ | | | | Fix up attach tests for podman remote
| * Fix up attach tests for podman remoteDaniel J Walsh2020-09-22
| | | | | | | | | | | | | | | | | | | | | | When we execute podman-remote attach, we were not checking if the container was in the correct state, this is leading to timeouts and we had turned off remote testing. Also added an IfRemote() function so we can turn on more tests when using the "-l" flag for local, but use container name for remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix podman image unmount to only report images unmountedDaniel J Walsh2020-09-21
|/ | | | | | | Currently `podman image unmount` report every image that is mounted when it unmounts them. We should only report unmounted actually mounted images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7697 from rhatdan/ignoreOpenShift Merge Robot2020-09-21
|\ | | | | Fix handling of podman-remote stop --ignore
| * Fix handling of podman-remote stop --ignoreDaniel J Walsh2020-09-19
| | | | | | | | | | | | This patch simplifies the hanlding of rhe --ignore flag, for podman stop, rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7696 from jwhonce/wip/versionOpenShift Merge Robot2020-09-21
|\ \ | | | | | | Refactor version handling in cmd tree
| * | Refactor version handling in cmd treeJhon Honce2020-09-18
| |/ | | | | | | | | | | | | * Move from simple string to semver objects * Change client API Version from '1' to 2.0.0 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Fix incorrect parsing of create/run --volumes-fromPaul Holzinger2020-09-20
| | | | | | | | | | | | | | | | | | Add a bunch of tests to ensure that --volumes-from works as expected. Also align the podman create and run man page. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7694 from mheon/fix_exec_supplemental_groupsOpenShift Merge Robot2020-09-19
|\ \ | |/ |/| Preserve groups in exec sessions in ctrs with --user
| * Preserve groups in exec sessions in ctrs with --userMatthew Heon2020-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman wants to guarantee that exec sessions retain the groups of the container they are started in, unless explicitly overridden by the user. This guarantee was broken for containers where the `--user` flag was specified; this patch resolves that. Somewhere in the Exec rewrite for APIv2, I changed the location where the container's User is passed into the exec session (similar to groups, we also want to preserve user unless overridden). The lower-level Exec APIs already handled setting user and group appropriately if not specified when the exec session was created, but I added duplicate code to handle this higher in the stack - and that code only handled setting user, not supplemental groups, breaking support in that specific case. Two things conspired to make this one hard to track down: first, things were only broken if the container explicitly set a user; otherwise, the container user would still appear to be unset to the lower-level code, which would properly set supplemental groups (this tricked our existing test into passing). Also, the `crun` OCI runtime will add the groups without prompting, which further masked the problem there. I debated making `runc` do the same, but in the end it's better to fix this in Podman - it's better to be explicit about what we want done so we will work with all OCI runtimes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #7679 from baude/remoteiidfileOpenShift Merge Robot2020-09-18
|\ \ | | | | | | enable --iidfile for podman-remote build
| * | enable --iidfile for podman-remote buildbaude2020-09-17
| | | | | | | | | | | | | | | | | | for podman-remote build operations, the iidfile, when used, needs to write the file to the client's local filesystem. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #7671 from zhangguanzhang/play-kube-handle-restartPolicyOpenShift Merge Robot2020-09-18
|\ \ \ | | | | | | | | handle the restartPolicy for play kube and generate kube
| * | | handle the play kube and generate kube for with restartPolicyzhangguanzhang2020-09-18
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | fix the .Path and .Args when use the infra-commandzhangguanzhang2020-09-18
|/ / / | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* / / Fix play_kube_test deployment templateJordan Christiansen2020-09-17
|/ / | | | | | | | | | | | | Annotations were at the wrong indentation, making them a part of the labels map. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #7654 from vrothberg/fix-7651OpenShift Merge Robot2020-09-17
|\ \ | | | | | | image list: return all associated names
| * | image list: return all associated namesValentin Rothberg2020-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always return all associated names / repo tags of an image and fix a bug with malformed repo tags. Previously, Podman returned all names only with `--all` but this flag only instructs to list intermediate images and should not alter associated names. With `--all` Podman queried the repo tags of an image which splits all *tagged* names into repository and tag which is then reassembled to eventually be parsed again in the frontend. Lot's of redundant CPU heat and buggy as the reassembly didn't consider digests which ultimately broke parsing in the frontend. Fixes: #7651 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Add labels to a pod created via play kubeJordan Christiansen2020-09-16
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using `podman play kube` with a YAML file that has pod labels, apply those labels to the pods that podman makes. For example, this Deployment spec has labels on a pod: apiVersion: apps/v1 kind: Deployment metadata: name: myapp labels: app: myapp spec: selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: web image: nginx ports: - containerPort: 80 The pods that podman creates will have the label "app" set to "myapp" so that these pods can be found with `podman pods ps --filter label=app`. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Fix podman pod create --infra-command and --infra-imageDaniel J Walsh2020-09-16
| | | | | | | | | | | | | | | | Currently infr-command and --infra-image commands are ignored from the user. This PR instruments them and adds tests for each combination. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Supports import&run--signature-policyQi Wang2020-09-15
| | | | | | | | | | | | Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7452 from jwhonce/issues/7136OpenShift Merge Robot2020-09-15
|\ \ | | | | | | Refactor API build endpoint to be more compliant
| * | Refactor API build endpoint to be more compliantJhon Honce2020-09-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor/Rename channel.WriteCloser() to encapsulate the channel * Refactor build endpoint to "live" stream buildah output channels over API rather then buffering output * Refactor bindings/tunnel build because endpoint changes * building tar file now in bindings rather then depending on caller * Cleanup initiating extra image engine * Remove setting fields to zero values (less noise in code) * Update tests to support remote builds Fixes #7136 Fixes #7137 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / podman wait accept args > 1Paul Holzinger2020-09-15
|/ | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Fix up errors found by codespellDaniel J Walsh2020-09-11
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7591 from haircommander/play-kube-process-namespaceOpenShift Merge Robot2020-09-11
|\ | | | | play/generate: support shareProcessNamespace
| * play/generate: support shareProcessNamespacePeter Hunt2020-09-10
| | | | | | | | | | | | | | | | | | this is an option that allows a user to specify whether to share PID namespace in the pod for play kube and generate kube associated test added Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #7593 from edsantiago/network_test_cleanupOpenShift Merge Robot2020-09-11
|\ \ | | | | | | run_networking e2e test: add cleanup to some tests
| * | run_networking e2e test: add cleanup to some testsEd Santiago2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: if either of the two "podman network create" tests fail, all subsequent retries will also fail because the created network has not been cleaned up (so "network create" will fail with EEXIST). Solution: run "podman network rm" as deferred cleanup instead of in each test. This is NOT a fix for #7583 - it is just a way to allow ginkgo to retry a failing test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7586 from ashley-cui/rokubeOpenShift Merge Robot2020-09-11
|\ \ \ | |/ / |/| | Add read-only volume mount to play kube
| * | Add read-only mount to play kubeAshley Cui2020-09-10
| | | | | | | | | | | | | | | | | | add support for read-only volume mounts in podman play kube Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #7541 from mheon/modify_groupOpenShift Merge Robot2020-09-10
|\ \ \ | |_|/ |/| | Make an entry in /etc/group when we modify /etc/passwd
| * | Make an entry in /etc/group when we modify /etc/passwdMatthew Heon2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure that the user running in the container ahs a valid entry in /etc/passwd so lookup functions for the current user will not error, Podman previously began adding entries to the passwd file. We did not, however, add entries to the group file, and this created problems - our passwd entries included the group the user is in, but said group might not exist. The solution is to mirror our logic for /etc/passwd modifications to also edit /etc/group in the container. Unfortunately, this is not a catch-all solution. Our logic here is only advanced enough to *add* to the group file - so if the group already exists but we add a user not a part of it, we will not modify that existing entry, and things remain inconsistent. We can look into adding this later if we absolutely need to, but it would involve adding significant complexity to this already massively complicated function. While we're here, address an edge case where Podman could add a user or group whose UID overlapped with an existing user or group. Also, let's make users able to log into users we added. Instead of generating user entries with an 'x' in the password field, indicating they have an entry in /etc/shadow, generate a '*' indicating the user has no password but can be logged into by other means e.g. ssh key, su. Fixes #7503 Fixes #7389 Fixes #7499 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7577 from rhatdan/runlabel1OpenShift Merge Robot2020-09-10
|\ \ \ | | | | | | | | podman container runlabel should pull the image if it does not exist
| * | | podman container runlabel should pull the image if it does not existDaniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since --pull is deprecated, remove it from help and hide if from --help Also set it to true by default. Share image pull code betweern podman image pull and podman container runlabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7578 from giuseppe/join-userns-reuse-mappingsOpenShift Merge Robot2020-09-10
|\ \ \ \ | | | | | | | | | | libpod: read mappings when joining a container userns
| * | | | libpod: read mappings when joining a container usernsGiuseppe Scrivano2020-09-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when joining an existing container user namespace, read the existing mappings so the storage can be created with the correct ownership. Closes: https://github.com/containers/podman/issues/7547 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>