aboutsummaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* fix buildah-bud test diffPaul Holzinger2022-01-12
| | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* upgrade test: check that network backend is cniPaul Holzinger2022-01-12
| | | | | | | Since we test an update from an older version we should check the the network backend is correctly set to CNI. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* use libnetwork from c/commonPaul Holzinger2022-01-12
| | | | | | | | The libpod/network packages were moved to c/common so that buildah can use it as well. To prevent duplication use it in podman as well and remove it from here. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #12813 from rhatdan/secretsOpenShift Merge Robot2022-01-12
|\ | | | | Fix permission on secrets directory
| * Fix permission on secrets directoryDaniel J Walsh2022-01-11
| | | | | | | | | | | | | | | | | | This directory needs to be world searchable so users can access it from different user namespaces. Fixes: https://github.com/containers/podman/issues/12779 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | buildah bud tests: skip failing testsEd Santiago2022-01-11
|/ | | | | | | | | | | | | | | Emergency workaround for github's deprecation of git:// https://github.blog/2021-09-01-improving-git-protocol-security-github/ Two buildah tests rely on 'git://' URLs. These now fail. They have been fixed in the buildah repo[1] but it will take time to vendor that in. ITM, we need to get CI passing. Skip those two failing tests. [1] https://github.com/containers/buildah/pull/3701 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Add podman rm --dependDaniel J Walsh2022-01-11
| | | | | | | | | | | This option causes Podman to not only remove the specified containers but all of the containers that depend on the specified containers. Fixes: https://github.com/containers/podman/issues/10360 Also ran codespell on the code Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12780 from rhatdan/podOpenShift Merge Robot2022-01-11
|\ | | | | Use the InfraImage defined in containers.conf
| * Use the InfraImage defined in containers.confDaniel J Walsh2022-01-10
| | | | | | | | | | | | | | | | | | Remove hard code use of the DefaultInfraImage and rely on getting this from containers.conf. Fixes: https://github.com/containers/podman/issues/12771 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | System tests: fix RHEL8 gating testsEd Santiago2022-01-10
|/ | | | | | | | | | Add a fix for RHEL8 gating tests. This resolves yet another journald/file events/logger mismatch bug. Also, while I'm at it, more log cleanup: a recently-added test was missing final rm/rmi, resulting in big red scary output in test logs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #12757 from umohnani8/cmOpenShift Merge Robot2022-01-10
|\ | | | | Don't add env if optional and not found
| * Don't add env if optional and not foundUrvashi Mohnani2022-01-10
| | | | | | | | | | | | | | | | If the pod yaml has env from secret and condifg map but they are optional and the secret cannot be found, don't add the env key as well as the env value will not be found. Matches behavior with k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | vendor c/commonValentin Rothberg2022-01-10
|/ | | | | | | | Also update the e2e pull test to account for the changes when pulling from the dir transport. Images pulled via the dir transport are not tagged anymore; the path is not a reliable source. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12733 from rhatdan/copyOpenShift Merge Robot2022-01-07
|\ | | | | Set volume NeedsCopyUp to false iff data was copied up
| * Set volume NeedsCopyUp to false iff data was copied upDaniel J Walsh2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | Currently Docker copies up the first volume on a mountpoint with data. Fixes: https://github.com/containers/podman/issues/12714 Also added NeedsCopyUP, NeedsChown and MountCount to the podman volume inspect code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12764 from edsantiago/batsOpenShift Merge Robot2022-01-07
|\ \ | | | | | | Emergency system-test fixes
| * | Emergency system-test fixesEd Santiago2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Emergency fix to image-scp tests. DO NOT CREATE A USER! These tests are run in all sorts of environments. We do not have the right to vandalize a production system. Also remove some misleading unneeded tests; and refactor a little; and add a bunch of FIXMEs which will need to be addressed later. Also, super-low priority, add 'crun: ' to expected error message in a run test (minor followup to #12758). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12726 from hikhvar/remove-superflous-pod-renameOpenShift Merge Robot2022-01-07
|\ \ \ | |/ / |/| | Don't rename pod if container has the same name
| * | Don't rename pod if container has the same nameChristoph Petrausch2022-01-06
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | We enforce the naming scheme "<podname>-<containername>" here [1]. Therefore we must not rename the pod in case of a naming conflict between pod name and container name. Not renaming the pod increases the usability for the user and easies scripting based on the name. Otherwise a user must set some label to reliable find a pod after creation. Or have to implement the renaming logic in the script. [1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140 Fixes #12722 Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
* | Merge pull request #12758 from rhatdan/runtimeOpenShift Merge Robot2022-01-06
|\ \ | | | | | | add OCI Runtime name to errors
| * | add OCI Runtime name to errorsDaniel J Walsh2022-01-06
| |/ | | | | | | | | | | | | | | | | It would be easier to diagnose OCI runtime errors if the error actually had the name of the OCI runtime that produced the error. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
|/ | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #12687 from rhatdan/volumeOpenShift Merge Robot2022-01-06
|\ | | | | Support volume bind mounts for rootless containers
| * Support all volume mounts for rootless containersDaniel J Walsh2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix handling of "bind" and "tmpfs" olumes to actually work. Allow bind, tmpfs local volumes to work in rootless mode. Also removed the string "error" from all error messages that begine with it. All Podman commands are printed with Error:, so this causes an ugly stutter. Fixes: https://github.com/containers/podman/issues/12013 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12750 from rhatdan/errorOpenShift Merge Robot2022-01-05
|\ \ | | | | | | Change Tests to ignore missing containers when removing --all
| * | Change Tests to ignore missing containers when removing --allDaniel J Walsh2022-01-05
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12740 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ \ \ | | | | | | | | Pod Security Option support and Infra Inheritance changes
| * | | Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #12168 from mtrmac/socket-collisionOpenShift Merge Robot2022-01-05
|\ \ \ \ | | | | | | | | | | Avoid RemoteSocket collisions in e2e tests
| * | | | Don't initialize the global RNG with GinkgoRandomSeed() in e2e testsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - It probably doesn't actually make a difference: in experiments, the github.com/containers/storage/pkg/stringid RNG initialization has been happening later - This makes the RNG caller-controlled (which we don't benefit from), but also the same on all nodes of multi-process Ginkgo execution. So, if it works at all, it may make collisions of random ID values more likely, and our tests are not robust against that. So don't go out of our way to make collisions more likely. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Avoid collisions on RemoteSocket pathsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add lock files and re-generate the UUID if we are not a known-unique user of the socket path. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Refactor remote socket path determination in testsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate the code that determines the directory and file prefix from the code that chooses and applies a UUID; we will make the second part more complex in a bit. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | | | Merge pull request #12429 from cdoern/scpOpenShift Merge Robot2022-01-05
|\ \ \ \ \ | |_|_|/ / |/| | | | podman image scp never enter podman user NS
| * | | | podman image scp never enter podman user NScdoern2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman image scp should never enter the Podman UserNS unless it needs to. This allows for a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo, the simple sudo podman save/load does not work, machinectl/su is necessary here. This modification allows for both rootful and rootless transfers, and an overall change of scp to be more of a wrapper function for different load and save calls as well as the ssh component Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | test/e2e/pod_initcontainers: fix a flakeKir Kolyshkin2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 3c3fa6fac4d0f8e8 added a few test cases for the init containers. The "podman ensure always init containers always run" implicitly assumes that restarting a pod will take more than 1 second. When this assumption is not met (because computers are fast!), we get a flake. The fix (without using sleep) is to print nanoseconds in date output. This format option (%N) is not supported by date in Alpine Linux, so switch to Fedora. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | | test/e2e/run: don't use date +%N on AlpineKir Kolyshkin2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit e1443fe05d146def6 added a test case that ran "date +%N" inside a Fedora container (without actually using its output). Commit ccc5bc167fa2c140 changed that test case to use Alpine. Problem is, %N is not supported by date in Alpine (it only prints a newline). To eliminate the ambiguity, replace date with touch. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | | Merge pull request #12735 from rhatdan/mountOpenShift Merge Robot2022-01-04
|\ \ \ \ \ | | | | | | | | | | | | Fix Container List API call to return mount info
| * | | | | Fix Container List API call to return mount infoDaniel J Walsh2022-01-04
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are hard coding mounts to return nil in compat API, since we have the data, we should return it. Fixes: https://github.com/containers/podman/issues/12734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12643 from leahneukirchen/events-compatOpenShift Merge Robot2022-01-04
|\ \ \ \ \ | |/ / / / |/| | | | legacy events: also set Action="die"
| * | | | legacy events: also set exitCodeLeah Neukirchen2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Status = "die", Docker sets the exit code of the container to a field "exitCode". Podman uses "containerExitCode". Copy the value into "exitCode" as well, for compatibility. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | | | Merge pull request #12611 from Luap99/ipv6OpenShift Merge Robot2022-01-03
|\ \ \ \ \ | | | | | | | | | | | | add --ip6 flag to podman create/run
| * | | | | add --ip6 flag to podman create/runPaul Holzinger2022-01-03
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the --ipv6 flag to podman create/run and pod create. We support the --network name:ip6=<ip> syntax now but for docker compat we should also support the --ip6 flag. Note that there is no validation if the ip is actually a v6 or v4 address because the backend does not care either. Fixes #7511 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | test/system: podman run image with filesystem permissionDaniel J Walsh2021-12-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test case is used for covering rhbz#1854566. Replaces: #12220 Signed-off-by: Alex Jia <ajia@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | test/system: podman run with log-opt optionDaniel J Walsh2021-12-31
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test case is used for covering rhbz#1763007. Replaces: #12221 Signed-off-by: Alex Jia <ajia@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | / prefix imageId with sha256: in containers listOliver2021-12-29
| |_|/ |/| | | | | | | | | | | | | | test for compat API ImageId Signed-off-by: Oliver Thallmair <oliver.thallmair@mailbox.org>
* | | Merge pull request #12627 from rhatdan/passwdOpenShift Merge Robot2021-12-23
|\ \ \ | | | | | | | | Allow users to add host user accounts to /etc/passwd
| * | | Allow users to add host user accounts to /etc/passwdDaniel J Walsh2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some containers require certain user account(s) to exist within the container when they are run. This option will allow callers to add a bunch of passwd entries from the host to the container even if the entries are not in the local /etc/passwd file on the host. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | container creation: don't apply reserved annotations from imageValentin Rothberg2021-12-23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not apply reserved annotations from the image to the container. Reserved annotations are applied during container creation to retrieve certain information (e.g., custom seccomp profile or autoremoval) once a container has been created. Context: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12672 from adrianreber/2021-12-21-check-for-memtrackOpenShift Merge Robot2021-12-23
|\ \ \ | | | | | | | | Error out early if system does not support pre-copy checkpointing
| * | | Error out early if system does not support pre-copy checkpointingAdrian Reber2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU's pre-copy migration support relies on the soft dirty page tracking in the Linux kernel: https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt This functionality is not implemented for all architectures and it can also be turned off in the kernel. CRIU can check if the combination of architecture/kernel/CRIU supports the soft dirty page tracking and exports this feature checking functionality in go-criu. This commit adds an early check if the user selects pre-copy checkpointing to error out if the system does not support it. Signed-off-by: Adrian Reber <areber@redhat.com>