aboutsummaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Add --no-healthcheck command to create/runBrent Baude2020-02-22
| | | | | | | | Now support --no-healthcheck option to disable defined healthchecks in a container image. --health-cmd=none remains supported as well. Fixes: #5299 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5286 from edsantiago/flake_fix_same_ipOpenShift Merge Robot2020-02-21
|\ | | | | Flake fix: race condition in same-IP test
| * Flake fix: race condition in same-IP testEd Santiago2020-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "create two containers with the same IP" test failed: https://api.cirrus-ci.com/v1/task/5992323062431744/logs/integration_test.log#t--Podman-create-two-containers-with-the-same-IP ... (basically, expected error exit code, got 0) Analysis: the sequence is 'start test1, start test2'. Perhaps it's possible that 'podman start' exits before the test1 container has an IP address assigned? There are no checks in the test, so it's impossible to know what happened. Solution: add a wait-loop invoking 'podman inspect', waiting for a nonempty IP address on test 1; then assert that it's what we expect it to be. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5222 from mheon/fix_5219OpenShift Merge Robot2020-02-20
|\ \ | | | | | | Use cleaned destination path for indexing image volumes
| * | Use cleaned destination path for indexing image volumesMatthew Heon2020-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We use filepath.Clean() to remove trailing slashes to ensure that when we supercede image mounts with mounts from --volume and --mount, paths are consistent when we compare. Unfortunately, while we used the cleaned path for the destination in the mount, it was accidentally not used to index the maps that we use to identify what to supercede, so our comparisons might be thrown off by trailing slashes and similar. Fixes #5219 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | search test on fedora registry: retry 5 timesEd Santiago2020-02-20
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | ...to try to compensate for flaky host. registry.fedoraproject.org is just not reliable. It's flaking with 503 errors, causing massive amounts of wasted CI time and developer effort. There is exactly one instance of that registry in these tests. We can't replace it with quay.io, because "search quay.io/" (trailing slash) fails with some sort of authentication error. So let's just try a sleep/retry cycle instead. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Login test: use --password-stdinEd Santiago2020-02-20
| | | | | | | | | | | | | | | | | | | | | | | | Great timing: this new test collided against #5268, which added a warning about using command-line --password. CI is now going to fail all over. Fix: rework test to use --password-stdin. Am doing so only in the places where output string is checked; other instances can keep using '--password xxx' because it's simpler. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | podman images: add --filter=since=XXEd Santiago2020-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looks like a bit of a misunderstanding from early on. Docker implements --filter=since=IMAGE. Podman implements 'after' instead of 'since'. Add an equivalent case statement to handle both, keeping 'after' because we have no way of knowing if it is used in the field. Update documentation ... and fix what looks like a complete misinterpretation of what the code actually does: the man page claimed that these were time fields, but I don't see any possible incantation in which a time value works or could work. Updated docs to reflect IMAGE usage. Also changed nonworking '==' to single '='. Added tests. [UPDATE: skip with broken podman-remote] Fixes: #5040 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5241 from mheon/pod_network_opts_addOpenShift Merge Robot2020-02-20
|\ \ | | | | | | Add network opts to pods
| * | Add network options to podman pod createMatthew Heon2020-02-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables most of the network-related functionality from `podman run` in `podman pod create`. Custom CNI networks can be specified, host networking is supported, DNS options can be configured. Also enables host networking in `podman play kube`. Fixes #2808 Fixes #3837 Fixes #4432 Fixes #4718 Fixes #4770 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | New login and push testsEd Santiago2020-02-19
| | | | | | | | | | | | | | | | | | | | Test podman login/logout, login with wrong credentials, auth file contents, auth file path override, push/pull, and, if skopeo is installed, credentials sharing Fixes: #4283 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | fix mandatory parameter in login/logoutQi Wang2020-02-18
| | | | | | | | | | | | | | fix #5146 Insted of using a registry as mandatory parameter, this path allows podman to use the first registry from registries.conf. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | podman-ps: support image IDsValentin Rothberg2020-02-17
|/ | | | | | | Support printing image IDs via `--format "{{.ImageID}}"`. Fixes: #5160 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Rework label parsingMatthew Heon2020-02-14
| | | | | | | | | | | | | | | We attempted to share all logic for parsing labels and environment variables, which on the surface makes lots of sense (both are formatted key=value so parsing logic should be identical) but has begun to fall apart now that we have added additional logic to environment variable handling. Environment variables that are unset, for example, are looked up against environment variables set for the process. We don't want this for labels, so we have to split parsing logic. Fixes #3854 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* add pkg/signalValentin Rothberg2020-02-14
| | | | | | | | | Add pkg/signal to deal with parts of signal processing and translating signals from string to numeric representations. The code has been copied from docker/docker (and attributed with the copyright) but been reduced to only what libpod needs (on Linux). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5189 from mheon/only_set_all_on_statusOpenShift Merge Robot2020-02-13
|\ | | | | Only set --all when a status filter is given to ps
| * Only set --all when a status filter is given to psMatthew Heon2020-02-12
| | | | | | | | | | | | | | | | The changes in #5075 turn out to be too aggressive; we should only be setting --all if a status= filter is given. Otherwise only running containers are filtered. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix up play kube to use image dataDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | | | | | | | | podman play kube was ignoring the imageData.Config Volumes WorkingDir Labels StopSignal Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5115 from QiWang19/images-formatOpenShift Merge Robot2020-02-13
|\ \ | | | | | | images --format compatible with docker
| * | images --format compatible with dockerQi Wang2020-02-10
| | | | | | | | | | | | | | | | | | | | | This patch lets valid values of --format be compatible with docker. Replace CreatedTime with CreatedAt, Created with CreatedSince. Keep CreatedTime and Created are valid as hidden options. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #5191 from baude/fedoraminimaliskillingmeOpenShift Merge Robot2020-02-13
|\ \ \ | | | | | | | | use quay.io/libpod/fedora-minimal for reliability
| * | | use quay.io/libpod/fedora-minimal for reliabilityBrent Baude2020-02-12
| | |/ | |/| | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5152 from QiWang19/device-cgroup-ruleOpenShift Merge Robot2020-02-13
|\ \ \ | |/ / |/| | support device-cgroup-rule
| * | support device-cgroup-ruleQi Wang2020-02-12
| | | | | | | | | | | | | | | | | | | | | fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #5168 from mheon/do_not_overwrite_volumesOpenShift Merge Robot2020-02-12
|\ \ \ | | | | | | | | Do not copy up when volume is not empty
| * | | Do not copy up when volume is not emptyMatthew Heon2020-02-12
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Docker performs a copy up, it first verifies that the volume being copied into is empty; thus, for volumes that have been modified elsewhere (e.g. manually copying into then), the copy up will not be performed at all. Duplicate this behavior in Podman by checking if the volume is empty before copying. Furthermore, move setting copyup to false further up. This will prevent a potential race where copy up could happen more than once if Podman was killed after some files had been copied but before the DB was updated. This resolves CVE-2020-1726. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | API v2 tests: catch up to moving targetEd Santiago2020-02-11
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots has changed since I first checked this in: * Switch to new podman system service invocation * /containers API has changed drastically * /pods API has some fixes; check for them (e.g. container-exists is now 409 Conflict, not 500) * One test ('?invalidparam=x') still doesn't work; comment it out so we can get everything passing. Also, some work on the test framework itself: * Cleaner port-open testing (the bash /dev/tcp check). * Add a 'podman' function to invoke local podman and log its output. The above two allow us to: * Get rid of stderr special-casing Furthermore: * t() no longer needs leading '.'; this allows jq features such as 'length' and perhaps other filters * special-case handling of 204 and 304: rfc2616 demands that they return no message body; assert that it is so. * new root & rootless helper functions (check server) * remove the "unlikely to work" message for rootless; it seems to be working fine * fix pod tests for rootless * BUT: add a bolder FIXME because the ID field seems wrong Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Remove incorrect validation of --change for commitMatthew Heon2020-02-10
|/ | | | | | | | | | The validation logic was failing on properly-formatted changes. There's already validation in Commit itself, so no need to duplicate. Fixes #5148 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add Containerfile location e2e testSascha Grunert2020-02-05
| | | | | | | As a follow up of the location fix in #5080 we now add an e2e test for that use case. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Force --all when --filter is passed to podman psMatthew Heon2020-02-04
| | | | | | | | | | When we filter, it should be out of all containers, not just running ones, by default - this is necessary to ensure Docker compatability. Fixes #5050 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #4973 from rhatdan/sortOpenShift Merge Robot2020-01-28
|\ | | | | Throw error on invalid sort value
| * Throw error on invalid sort valueDaniel J Walsh2020-01-28
| | | | | | | | | | | | | | We define the valid sort values, so we should throw an error on invalid sort values. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | rootless login/logout tests failBrent Baude2020-01-28
|/ | | | | | On F31 CI tests, we have uncovered several failing tests as rootless that need to be fixed. For the interim, we are going to disable those tests. Issue #5006 has been created to track and complete this. Signed-off-by: Brent Baude <bbaude@redhat.com>
* honor pull policy in play kubeBrent Baude2020-01-28
| | | | | | | | When a container specification has a pull policy, we should honor it when recreating the pods/containers from yaml. furthermore, ini kube, if a tag is :latest, then the always pull policy is automatically instituted. Fixes: #4880 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #4986 from baude/showhconimageOpenShift Merge Robot2020-01-27
|\ | | | | inspect image healthchecks
| * inspect image healthchecksBrent Baude2020-01-27
| | | | | | | | | | | | | | when a docker image has a defined healthcheck, it should be displayed with inspect. this is only valid for docker images as oci images are not aware of healthchecks. Fixes: #4799 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #4894 from edsantiago/test_apiv2OpenShift Merge Robot2020-01-27
|\ \ | |/ |/| Tests for API v2
| * Tests for API v2Ed Santiago2020-01-17
| | | | | | | | | | | | | | | | Initial framework for testing the version 2 (HTTP) API. Includes a collection of tests for some of the existing endpoints. Not all tests are currently passing. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | seccomp policy: expect profile in config labelValentin Rothberg2020-01-23
|/ | | | | | | | Move the seccomp profile from a manifest annotation to a config label. This way, we can support it for Docker images as well and provide an easy way to add that data via Dockerfiles. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4887 from vrothberg/fix-4886OpenShift Merge Robot2020-01-16
|\ | | | | e2e/run_signal_test.go: make it more robust
| * e2e/run_signal_test.go: make it more robustValentin Rothberg2020-01-16
| | | | | | | | | | | | | | | | | | | | Make the signal test more robust by just checking that the container's exit code is non-zero. There are two possible exit codes (i.e., 130 and 137) depending on how the container is being killed, which is likely responsible for CI flakes. Fixes: #4886 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | systemdgen: add --ignore flag to generic servicesValentin Rothberg2020-01-16
|/ | | | | | | | | | | | | | | | | The --ignore flag lets Podman ignore errors when a specified container does not exist (anymore). That's a nice addition to generic services generated via the --new flag. Those services create new containers and can hence allows user to manually remove a container; may it only be by accident. The important part of using the --ignore flag is that Podman will exit 0 which plays nicer with most restart policies; a non-zero exit may yield systemd to restart the entire service which is arguably wrong if the user manually deletes the container. If desired, users can still alter the generated files. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4807 from ssbarnea/fix/pre-commitOpenShift Merge Robot2020-01-15
|\ | | | | Enable pre-commit linting
| * Enable pre-commit tool lintingSorin Sbarnea2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should help use keep the codebase more consistent, and avoid sevel whitespace related issues, or bad file permissions. pre-commit allows us to easily introduce other linters in follow-ups, like bashate. Note: pre-commit tool does *not* install any git-hooks. Making commits will will call the tool unless you deliverately tell it to install the hooks. Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | Merge pull request #4824 from edsantiago/batsOpenShift Merge Robot2020-01-15
|\ \ | | | | | | more BATS tests
| * | more BATS testsEd Santiago2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run: --name (includes 'podman container exists' tests) - run: --pull (always, never, missing) - build: new test for ADD URL (#4420) - exec: new test for issue #4785 (pipe getting lost) - diff: new test - selinux (mostly copied from docker-autotest) Plus a bug fix: the wait_for_output() helper would continue checking, eventually timing out, even if the container had already exited (probably because of an error). Fix: as part of the loop, run 'podman inspect' and bail out if container is not running. Include exit code and logs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #4806 from vrothberg/seccompOpenShift Merge Robot2020-01-15
|\ \ \ | |_|/ |/| | policy for seccomp-profile selection
| * | policy for seccomp-profile selectionValentin Rothberg2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a policy for selecting a seccomp profile. In addition to the default behaviour (default profile unless --security-opt seccomp is set) add a second policy doing a lookup in the image annotation. If the image has the "io.containers.seccomp.profile" set its value will be interpreted as a seccomp profile. The policy can be selected via the new --seccomp-policy CLI flag. Once the containers.conf support is merged into libpod, we can add an option there as well. Note that this feature is marked as experimental and may change in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4817 from rhatdan/codespellOpenShift Merge Robot2020-01-13
|\ \ \ | |_|/ |/| | Add codespell to validate spelling mistakes in code.
| * | Add codespell to validate spelling mistakes in code.Daniel J Walsh2020-01-11
| | | | | | | | | | | | | | | | | | Fix all errors found by codespell Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>