summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Add SystemdMode to inspect for containersMatthew Heon2020-07-22
| | | | | | | | | | | | | This allows us to determine if the container auto-detected that systemd was in use, and correctly activated systemd integration. Use this to wire up some integration tests to verify that systemd integration is working properly. Signed-off-by: Matthew Heon <matthew.heon@pm.me> <MH: Fixed Compile after cherry-pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix lintMatthew Heon2020-07-22
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Include infra container information in `pod inspect`Matthew Heon2020-07-22
| | | | | | | | | | We had a field for this in the inspect data, but it was never being populated. Because of this, `podman pod inspect` stopped showing port bindings (and other infra container settings). Add code to populate the infra container inspect data, and add a test to ensure we don't regress again. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix "Error: unrecognized protocol \"TCP\" in port mapping"Akihiro Suda2020-07-22
| | | | | | | | "TCP" in upper characters was not recognized as a valid protocol name. Fix #6948 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Error on rootless mac and ip addressesBrent Baude2020-07-22
| | | | | | | | | | | | When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125. Fixes: #6972 Signed-off-by: Brent Baude <bbaude@redhat.com> <MH: Fixed build after cherry-pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* fix: system df error when an image has no namePaul Holzinger2020-07-22
| | | | | | | | | | | | | When an image has no name/tag system df will error because it tries to parse an empty name. This commit makes sure we only parse non empty names and set the repository and tag to "<none>" otherwise. Closes #7015 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* fix play kube doesn't override dockerfile ENTRYPOINTzhangguanzhang2020-07-22
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* events endpoint: fix panic and race conditionValentin Rothberg2020-07-21
| | | | | | | | | | | | | | | | | | | | | Fix a potential panic in the events endpoint when parsing the filters parameter. Values of the filters map might be empty, so we need to account for that instead of uncondtitionally accessing the first item. Also apply a similar for race conditions as done in commit f4a2d25c0fca: Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Another race was the handler closing event channel, which could lead to two kinds of panics: double close, send to close channel. The backend takes care of that. However, make sure that the backend stops working in case the context has been cancelled. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix a bug where --pids-limit was parsed incorrectlyMatthew Heon2020-07-15
| | | | | | | | | | | | | | The --pids-limit flag was using strconv.ParseInt with bad arguments, resulting in it being unable to parse standard integers (1024, for example, would produce an 'out of range' error). Change the arguments to make sense (base 10, max 32-bit) and add a test to ensure we don't regress again. Fixes #6908 Signed-off-by: Matthew Heon <mheon@redhat.com>
* search: allow wildcardsValentin Rothberg2020-07-15
| | | | | | | | | | | | | | | | | | | Allow wildcards in the search term. Note that not all registries support wildcards and it may only work with v1 registries. Note that searching implies figuring out if the specified search term includes a registry. If there's not registry detected, the search term will be used against all configured "unqualified-serach-registries" in the registries.conf. The parsing logic considers a registry to be the substring before the first slash `/`. With these changes we now not only support wildcards but arbitrary input; ultimately it's up to the registries to decide whether they support given input or not. Fixes: bugzilla.redhat.com/show_bug.cgi?id=1846629 Cherry-pick-of: commit b05888a97dbb Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix systemd pid 1 testBrent Baude2020-07-15
| | | | | | | | | | fedora removed the systemd package from its standard container image causing our systemd pid1 test to fail. Replacing usage of fedora to ubi-init. adding ubi images to the cache for local tests. also, remove installation of test/policy.json to the system wide /etc/containers Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix bug where `podman mount` didn't error as rootlessMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | We require that rootless `podman mount` be run inside a shell spawned by `podman unshare` (which gives us a mount namespace which actually lets other commands use the mounted filesystem). The fix is simple - we need to mark the command as requiring the rootless user namespace not be configured, so we can test for it later as part of the mount code and error if we needed to make one. Disable rootless tests as part of this - they were never expected to work. Fixes #6856 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Allow empty host port in --publish flagMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* test: add tests for --user and volumesValentin Rothberg2020-07-06
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* stop podman service in e2e testsBrent Baude2020-07-06
| | | | | | when running e2e tests, each test knows to stop its service when running remote; however, during setup and teardown remote services were not being killed when we were done with them. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podman ps truncate the commandPaul Holzinger2020-07-06
| | | | | | | | | With a long create command the output from ps is basically unreadable. This is a regression that was introduced with Podman 2.0. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to github.com/containers/libpod/v2. The renaming of the imports was done via gomove [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Friendly amendment for pr 6751Ed Santiago2020-06-25
| | | | | | More robust system test for podman run/create docker-archive Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman run/create: support all transportsValentin Rothberg2020-06-25
| | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Print port mappings in `ps` for ctrs sharing networkMatthew Heon2020-06-25
| | | | | | | | | In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman untag: error if tag doesn't existValentin Rothberg2020-06-24
| | | | | | | | | | | Throw an error if a specified tag does not exist. Also make sure that the user input is normalized as we already do for `podman tag`. To prevent regressions, add a set of end-to-end and systemd tests. Last but not least, update the docs and add bash completions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Reformat inspect network settingsQi Wang2020-06-24
| | | | | | Reformat ports of inspect network settings to compatible with docker inspect. Close #5380 Signed-off-by: Qi Wang <qiwan@redhat.com>
* libpod: specify mappings to the storageGiuseppe Scrivano2020-06-24
| | | | | | | | | | | | specify the mappings in the container configuration to the storage when creating the container so that the correct mappings can be configured. Regression introduced with Podman 2.0. Closes: https://github.com/containers/libpod/issues/6735 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* image load: no args requiredValentin Rothberg2020-06-24
| | | | | | | | | Disable the args requirement of `image load`. Instead of requiring a lower bound, we really need an upper one with at most 1 argument. Extend the system tests to prevent future regressions. Fixes: #6718 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add explicit command to alpine container in test case.jgallucci322020-06-24
| | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* Stop following logs using timersjgallucci322020-06-24
| | | | | | | | | | | | | | This incorporates code from PR #6591 and #6614 but does not use event channels to detect container state and rather uses timers with a defined wait duration before calling t.StopAtEOF() to ensure the last log entry is output before a container exits. The polling interval is set to 250 milliseconds based on polling interval defined in hpcloud/tail here: https://github.com/hpcloud/tail/blob/v1.0.0/watch/polling.go#L117 Co-authored-by: Qi Wang <qiwan@redhat.com> Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* Fix podman build handling of --http-proxy flagDaniel J Walsh2020-06-24
| | | | | | Also fixed a todo for handling of cgroup manager while I was in there. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* correct the absolute path of `rm` executableYuan-Hao Chen2020-06-24
| | | | Signed-off-by: Yuan-Hao Chen <yhchen0906@gmail.com>
* Fixes #6670Jhon Honce2020-06-19
| | | | | | | * Sort images for -q option, removing duplicate id's * Sort images for --format json Signed-off-by: Jhon Honce <jhonce@redhat.com>
* CI: force registry:2.6Valentin Rothberg2020-06-19
| | | | | | | | | | | For using the `registry:2.6` image. 2.7 and beyond dropped the `htpasswd` binary from the rootfs which parts of our CI depends on. While this is not a sustainable solution (assuming `htpasswd` is gone for ever), it unblocks the CI for now. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* unflake rmi testsValentin Rothberg2020-06-18
| | | | | | | Make sure to always get the older images that previously committed one depends on. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6654 from rhatdan/keepidOpenShift Merge Robot2020-06-17
|\ | | | | Don't ignore --user flag in rootless --userns keepid
| * Don't ignore --user flag in rootless --userns keepidDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | Currently podman run --userns keep-id --user root:root fedora id The --user flag is ignored. Removing this makes the code work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Handle dropping capabilties correctly when running as non root userDaniel J Walsh2020-06-17
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6560 from mheon/fix_exec_logdriverOpenShift Merge Robot2020-06-17
|\ \ | |/ |/| Do not share container log driver for exec
| * Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6522 from mheon/unless-stoppedOpenShift Merge Robot2020-06-17
|\ \ | | | | | | Add support for the unless-stopped restart policy
| * | Add support for the unless-stopped restart policyMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We initially believed that implementing this required support for restarting containers after reboot, but this is not the case. The unless-stopped restart policy acts identically to the always restart policy except in cases related to reboot (which we do not support yet), but it does not require that support for us to implement it. Changes themselves are quite simple, we need a new restart policy constant, we need to remove existing checks that block creation of containers when unless-stopped was used, and we need to update the manpages. Fixes #6508 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Revert #6591 to fix issue with failed testsjgallucci322020-06-17
|/ / | | | | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | Merge pull request #6640 from edsantiago/fix_flaky_logs_testOpenShift Merge Robot2020-06-17
|\ \ | | | | | | "streaming output" logs test: fix flake
| * | "streaming output" logs test: fix flakeEd Santiago2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test has been flaking excessively. A quick look shows that the test itself is broken, making a bad assumption. 'podman logs -f' is guaranteed to exit when a container terminates. This does not (and should not) mean that the container has been cleaned up. It is undefined and unsafe to run 'podman run -n same-name-as-terminated-container' immediately after 'podman logs' exits. Solution: instead of 'podman run', do 'podman inspect'. This, too, is unsafe, but we can expect to see one of two possible conditions: 1) command succeeds, in which case we require that container State.Status be "exited"; or 2) command fails, in which case we expect "no such container" in error output For full coverage we should add a small delay-check test to (1) to ensure that the container is cleaned up after a short amount of time. Leaving that as a TODO because it's more than my Go skills can handle, and I want to get this checked in ASAP to get rid of the flake hassle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6583 from mheon/inspect_ctr_before_imgOpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Fix podman inspect on overlapping/missing objects
| * | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Fix --init and --init-pathJoseph Gooch2020-06-16
| |/ |/| | | | | | | | | | | Init properly passed into specgen Allow --init with --systemd=true but not --systemd=always. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* | Merge pull request #6605 from ypu/apiv2-podsOpenShift Merge Robot2020-06-16
|\ \ | |/ |/| APIv2 tests: Add some tests for podman pods
| * APIv2 tests: Add some tests for podman podsYiqiao Pu2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | Add some tests for podman pods subcommand: restart rm start stas stop top unpause Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | Merge pull request #6591 from jgallucci32/patch-1OpenShift Merge Robot2020-06-15
|\ \ | | | | | | Merged request to fix -f to stop following logs
| * | Fix -f logs follow with stopped containerQi Wang2020-06-11
| | | | | | | | | | | | | | | | | | Fix -f logs follow with stopped container. Close #6531 Signed-off-by: Qi Wang <qiwan@redhat.com>