summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #9768 from mheon/fix_9608OpenShift Merge Robot2021-03-25
|\ | | | | Ensure manually-created volumes have correct ownership
| * Ensure manually-created volumes have correct ownershipMatthew Heon2021-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of a fix for an earlier bug (#5698) we added the ability for Podman to chown volumes to correctly match the user running in the container, even in adverse circumstances (where we don't know the right UID/GID until very late in the process). However, we only did this for volumes created automatically by a `podman run` or `podman create`. Volumes made by `podman volume create` do not get this chown, so their permissions may not be correct. I've looked, and I don't think there's a good reason not to do this chwon for all volumes the first time the container is started. I would prefer to do this as part of volume copy-up, but I don't think that's really possible (copy-up happens earlier in the process and we don't have a spec). There is a small chance, as things stand, that a copy-up happens for one container and then a chown for a second, unrelated container, but the odds of this are astronomically small (we'd need a very close race between two starting containers). Fixes #9608 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Check if stdin is a term in --interactive --tty modeDaniel J Walsh2021-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you are attempting to run a container in interactive mode, and want a --tty, then there must be a terminal in use. Docker exits right away when a user specifies to use a --interactive and --TTY but the stdin is not a tty. Currently podman will pull the image and then fail much later. Podman will continue to run but will print an warning message. Discussion in : https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9790 from matejvasek/fix-isolation-serdeOpenShift Merge Robot2021-03-24
|\ \ | | | | | | fix: build endpoint for compat API
| * | fix: build endpoint for compat APIMatej Vasek2021-03-23
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #9749 from jwillikers/generate-kube-persistent-volume-claimOpenShift Merge Robot2021-03-23
|\ \ \ | | | | | | | | Generate Kubernetes PersistentVolumeClaims from named volumes
| * | | Generate Kubernetes PersistentVolumeClaims from named volumesJordan Williams2021-03-19
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #5788 This commit adds support for named volumes in podman-generate-kube. Named volumes are output in the YAML as PersistentVolumeClaims. To avoid naming conflicts, the volume name is suffixed with "-pvc". This commit adds a corresponding suffix for host path mounts. Host path volumes are suffixed with "-host". Signed-off-by: Jordan Williams <jordan@jwillikers.com>
* | | Merge pull request #9537 from TomSweeneyRedHat/dev/tsweeney/tz_checkOpenShift Merge Robot2021-03-23
|\ \ \ | |_|/ |/| | Validate passed in timezone from tz option
| * | Validate passed in timezone from tz optionTomSweeneyRedHat2021-03-21
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Erik Sjolund reported an issue where a badly formated file could be passed into the `--tz` option and then the date in the container would be badly messed up: ``` erik@laptop:~$ echo Hello > file.txt erik@laptop:~$ podman run --tz=../../../home/erik/file.txt --rm -ti docker.io/library/alpine cat /etc/localtime Hello erik@laptop:~$ podman --version podman version 3.0.0-rc1 erik@laptop:~$ ``` This fix checks to make sure the TZ passed in is a valid value and then proceeds with the rest of the processing. This was first reported as a potential security issue, but it was thought not to be. However, I thought closing the hole sooner rather than later would be good. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #9296 from edsantiago/test_buildah_budOpenShift Merge Robot2021-03-23
|\ \ | | | | | | run buildah bud tests using podman
| * | WIP: run buildah bud tests using podmanEd Santiago2021-03-21
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set of scripts to run buildah's bud.bats test using podman build in podman CI. podman build is not 100% compatible with buildah bud. In particular: * podman defaults to --layers=true; buildah to false * podman defaults to --force-rm=true; buildah to false * podman error exit status is 125; buildah is 2 * differences in error messages, command-line arguments Some of the above can be dealt with programmatically, by tweaking the buildah helpers.bash (BATS helpers). Some need to be tweaked by patching bud.bats itself. This PR includes a patch that will, I fear, need to be periodically maintained over time. There will likely be failures when vendoring in a new buildah, possibly because new tests were added for new features that don't exist in podman, possibly (I hope unlikely) if existing tests are changed in ways that make the patch file fail to apply. I've tried to write good instructions and to write the run script in such a way that it will offer helpful hints on failure. My instructions and code will be imperfect; I hope they will be good enough to merit continued use of this test (possibly with improvements to the instructions as we learn more about real-world failures). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #9773 from jmguzik/containers-prune-filters-http-apiOpenShift Merge Robot2021-03-22
|\ \ | | | | | | Fix containers list/prune http api filter behaviour
| * | Fix containers list/prune http api filter behaviourJakub Guzik2021-03-20
| |/ | | | | | | | | | | | | | | | | | | The problem described in #9711 and followed by #9758 affects containers as well. When user provides wrong filter input, error message should occur, not fallback to full list/prune command. This change fixes the issue. Additionally, there are error message fixes for docker http api compat. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9757 from jwhonce/wip/loadOpenShift Merge Robot2021-03-22
|\ \ | | | | | | Cleanup /libpod/images/load handler
| * | Cleanup /libpod/images/load handlerJhon Honce2021-03-19
| |/ | | | | | | | | | | | | | | | | * Remove orphaned code * Add meaningful error from LoadImageFromSingleImageArchive() when heuristic fails to determine payload format * Correct swagger to output correct types and headers Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / System tests: reenable a bunch of skipped testsEd Santiago2021-03-20
|/ | | | | | | | Checking for 'skip.*[0-9]{4,5}', and checking status on said issues, finds several that have been closed. Let's see if they're really fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix volumes and networks list/prune filters in http apiJakub Guzik2021-03-19
| | | | | | | | | | | This is the continuation work started in #9711. It turns out that list/prune commands for volumes in libpod/compat api have very dangerous error handling when broken filter input is supplied. Problem also affects network list/prune in libpod. This commit unifies filter handling across libpod/compat api and adds sanity apiv2 testcases. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Merge pull request #9710 from jmguzik/network-prune-filters-http-apiOpenShift Merge Robot2021-03-18
|\ | | | | Network prune filters for http api (compat and libpod)
| * network prune filters for http compat and libpod apiJakub Guzik2021-03-18
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | test: check for io.stat existence on cgroup v2Giuseppe Scrivano2021-03-17
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | test: fix test for last crun/runcGiuseppe Scrivano2021-03-17
| | | | | | | | | | | | | | | | | | there was a documentation issue for the kernel that reported the range to be different than on cgroup v1. The issue has been fixed in crun/runc. Adapt the test. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | test: simplify cgroup pathGiuseppe Scrivano2021-03-17
| | | | | | | | | | | | with cgroup v2, the cgroupns is enabled by default. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Latest crun/runc should handle blkio-weight testDaniel J Walsh2021-03-17
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9714 from rhatdan/buildOpenShift Merge Robot2021-03-17
|\ \ | | | | | | Switch all builds to pull-never
| * | Switch all builds to pull-neverDaniel J Walsh2021-03-16
| |/ | | | | | | | | | | Fixes: https://github.com/containers/buildah/issues/2779 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9711 from jmguzik/volume-prune-fix-http-compatOpenShift Merge Robot2021-03-16
|\ \ | | | | | | Fix for volumes prune in http compat api when using filters
| * | Fix for volumes prune in http compat apiJakub Guzik2021-03-15
| |/ | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9695 from jmguzik/array-inspect-network-fixOpenShift Merge Robot2021-03-16
|\ \ | | | | | | Fix array instead of one elem network http api
| * | Fix array instead of one elem network http apiJakub Guzik2021-03-12
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #9589 from troyready/add_compat_auth_endpointOpenShift Merge Robot2021-03-16
|\ \ \ | | | | | | | | add /auth for docker compatibility
| * | | fix use with localhost (testing)troyready2021-03-12
| | | | | | | | | | | | | | | | Signed-off-by: troyready <troy@troyready.com>
| * | | add /auth for docker compatibilitytroyready2021-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This endpoint just validates credentials: https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977 Fixes: #9564 Signed-off-by: troyready <troy@troyready.com>
* | | | System test cleanupEd Santiago2021-03-15
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - cp test: clean up stray image - build test: add workaround for #9567 (ultra-slow ubuntu). We're seeing CI flakes (timeouts) due to ubuntu 2004 being absurdly slow. Workaround: double our timeout on one specific test when ubuntu + remote. - build test: clean up new copy-from test (from #9275). The test was copy-pasted from buildah system tests, without really adapting for podman environment (e.g. it was using images that we don't use here, and would cause pulls, which will cause flakes). Rewrite test so it references only $IMAGE, remove some confusing/unnecessary stuff, selectively run parts of it even when rootless or remote, and add a test to confirm that copy-from succeeded. - load test: add error-message test to new load-invalid (#9672). Basically, make sure the command fails for the right reason. - play test (kube): use $IMAGE, not alpine; and add pause-image cleanup to teardown() - apiv2 mounts test: add a maintainability comment in a tricky section of code; and tighten up the mount point test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Fix remote client timezone testPaul Holzinger2021-03-15
|/ / | | | | | | | | | | | | The New York timezone changes between summer and winter time. Make sure the test allows both timezones. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9699 from jwhonce/wip/testsOpenShift Merge Robot2021-03-12
|\ \ | | | | | | Delete all containers and pods between tests
| * | Delete all containers and pods between testsJhon Honce2021-03-11
| | | | | | | | | | | | | | | | | | New tearDown() deletes all pods and containers between tests Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #9697 from edsantiago/fedora_gating_test_hangOpenShift Merge Robot2021-03-12
|\ \ \ | |/ / |/| | sdnotify tests: try real hard to kill socat processes
| * | sdnotify tests: try real hard to kill socat processesEd Santiago2021-03-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman gating tests are hanging in the new Fedora CI setup; long and tedious investigation suggests that 'socat' processes are being left unkilled, which then causes BATS to hang when it (presumably) runs a final 'wait' in its end cleanup. The two principal changes are to exec socat in a subshell with fd3 closed, and to pkill its child processes before killing the process itself. I don't know if both are needed. The pkill definitely is; the exec may just be superstition. Since I've wasted more than a day of PTO time on this, I'm okay with a little superstition. What I do know is that with these two changes, my reproducer fails to reproduce in over one hour of trying (normally it fails within 5 minutes). AND, update: only rawhide (f35) leaves stray socat processes behind. f33 and ubuntu do not, so 'pkill -P' fails. I really have no idea what's going on. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #9686 from edsantiago/apiv2_jsonifyDaniel J Walsh2021-03-11
|\ \ | |/ |/| apiv2 tests: finally fix POST as originally intended
| * apiv2 tests: finally fix POST as originally intendedEd Santiago2021-03-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When I originally wrote this code I had no idea what POST would look like so I did a sloppy job, deferring making it usable. Now that we have some real-world examples in place, I have a better understanding of what params look like and how to make tests more readable/maintainable. (Deferring isn't always bad: one of my early ideas was to separate params using commas; that would've been a disaster because some JSON values, such as arrays, include commas). This commit implements a better way of dealing with POST: * The main concept is still 'key=value' * When value is a JSON object (dictionary, array), it can be quoted. * Multiple params are simply separated by spaces. The 3-digit HTTP code is a prominent, readable separator between POST params and expected results. The parsing code is a little uglier, but test developers need never see that. The important thing is that writing tests is now easier. * POST params can be empty (this removes the need for a useless '') I snuck in one unrelated change: one of the newly-added tests, .NetworkSettings, was failing when run rootless (which is how I test on my setup). I made it conditional. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #9668 from rhatdan/manOpenShift Merge Robot2021-03-10
|\ \ | | | | | | Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
| * | Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variablesDaniel J Walsh2021-03-10
| |/ | | | | | | | | | | | | Also Switch to using CONTAINERS_REGISTRIES_CONF for registries.conf overrides. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9681 from rhatdan/rmOpenShift Merge Robot2021-03-10
|\ \ | |/ |/| Removing a non existing container API should return 404
| * Removing a non existing container API should return 404Daniel J Walsh2021-03-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we were overwrapping error returned from removal of a non existing container. $ podman rm bogus -f Error: failed to evict container: "": failed to find container "bogus" in state: no container with name or ID bogus found: no such container Removal of wraps gets us to. ./bin/podman rm bogus -f Error: no container with name or ID "bogus" found: no such container Finally also added quotes around container name to help make it standout when you get an error, currently it gets lost in the error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9669 from edsantiago/apiv2_registryOpenShift Merge Robot2021-03-10
|\ \ | |/ |/| apiv2 tests: add helpers to start/stop a local registry
| * apiv2 tests: add helpers to start/stop a local registryEd Santiago2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and a rudimentary set of /auth tests for PR#9589 (disabled). This simply adds a new start_registry() helper function that allocates a random unused port, pulls a registry image, creates a local certificate + random username + random password, and fires everything up. Since none of this is (yet) used in CI, this is very low risk. The only infinitessimally-risky change is using a dedicated subdirectory of $WORKDIR (instead of $WORKDIR itself) as the podman root. This fixes a dumb oversight on my part: the workdir has grown to be used for much more than just podman root; this change removes clutter and makes it easier for humans to debug in cases of problems. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #9677 from vrothberg/fix-9672OpenShift Merge Robot2021-03-09
|\ \ | | | | | | podman load: fix error handling
| * | podman load: fix error handlingValentin Rothberg2021-03-09
| |/ | | | | | | | | | | | | | | Make sure to properly return loading errors and to set the exit code accordingly. Fixes: #9672 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman cp: evaluate symlink correctly when copying from containerValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | When copying from a container, make sure to evaluate the symlinks correctly. Add tests copying a symlinked directory from a running and a non-running container to execute both path-resolution paths. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman cp: fix copying to a non-existent dirValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copy is full of perils. Some of them are the nuances when copying directories. Who would have thought that * cp dir foo * cp dir/ foo * cp dir/. foo are all supposed to yield the same result when foo does not exist. `podman cp` now supports all three notations, which required to massage the front-end code in `cmd/podman` a bit. The tests have been extended and partially rewritten to test container->host and host->container copy operations. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>