summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #11114 from mlegenovic/masteropenshift-ci[bot]2021-08-03
|\ | | | | Compat API: Fix healthcheck status and healthcheck config
| * Compat API: Fix healthcheck status and healthcheck configMilivoje Legenovic2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: - Do not show healthcheck status if not available or if container status is "created" (Docker behaviour) - Show healthcheck configuration if present (Config.Healthcheck) Tests: - Ensure State.Health is not present if container status is "created" - Ensure Config.Healthcheck is present and values correct - Ensure State.Health is present if container started Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | podman info: try qfile before equeryEd Santiago2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman info takes >20s on Gentoo, because equery is s..l..o..w. qfile is much faster and, I suspect, present in most Gentoo installations, so let's try it first. And, because packageVersion() was scarily unmaintainable, refactor it. Define a simple (string) list of packaging tools to query (rpm, dpkg, ...) and iterate until we find one that works. IMPORTANT NOTE: the Debian (and, presumably, Ubuntu) query does not include version number! There is no standard way on Debian to get a package version from a file path, you can only do it via pipes of chained commands, and I have no desire to implement that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #11091 from Luap99/connect-disconnectopenshift-ci[bot]2021-08-03
|\ \ | | | | | | fix rootless port forwarding with network dis-/connect
| * | fix rootless port forwarding with network dis-/connectPaul Holzinger2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rootlessport forwarder requires a child IP to be set. This must be a valid ip in the container network namespace. The problem is that after a network disconnect and connect the eth0 ip changed. Therefore the packages are dropped since the source ip does no longer exists in the netns. One solution is to set the child IP to 127.0.0.1, however this is a security problem. [1] To fix this we have to recreate the ports after network connect and disconnect. To make this work the rootlessport process exposes a socket where podman network connect/disconnect connect to and send to new child IP to rootlessport. The rootlessport process will remove all ports and recreate them with the new correct child IP. Also bump rootlesskit to v0.14.3 to fix a race with RemovePort(). Fixes #10052 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11068 from giuseppe/drop-dir-cgroup-testopenshift-ci[bot]2021-08-03
|\ \ \ | |_|/ |/| | test: move container process to a sub-cgroup
| * | test: move container process to a sub-cgroupGiuseppe Scrivano2021-07-29
| | | | | | | | | | | | | | | | | | | | | move the container to a sub-cgroup before creating a sibling hierarchy. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Fix handling of user specified container labelsDaniel J Walsh2021-08-02
| |/ |/| | | | | | | | | | | | | | | | | | | Currently we override the SELinux labels specified by the user if the container is runing a kata container or systemd container. This PR fixes to use the label specified by the user. Fixes: https://github.com/containers/podman/issues/11100 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11094 from mheon/bump_400_devopenshift-ci[bot]2021-08-02
|\ \ | | | | | | Bump to v4.0.0-dev
| * | Bump to v4.0.0-devMatthew Heon2021-08-02
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #10828 from cdoern/scpopenshift-ci[bot]2021-08-02
|\ \ \ | |/ / |/| | Created image scp feature
| * | Created scp.go image_scp_test.go and podman-image-scp.1.mdcdoern2021-07-30
| | | | | | | | | | | | | | | | | | | | | | | | added functionality for image secure copying from local to remote. Also moved system connection add code around a bit so functions within that file can be used by scp. Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #11054 from saschagrunert/login-logout-path-testsopenshift-ci[bot]2021-08-01
|\ \ \ | | | | | | | | Add `--accept-repositories` integration tests
| * | | Add `--accept-repositories` integration testsSascha Grunert2021-07-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the integration tests for the repository or namespaced registry feature introduced in c/common. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | | Fix auto-update system test for older systemdHironori Shiina2021-07-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the systemd version is older than v245, the systemd uses 'Started' when a oneshot service finishes. In systemd, the change was done at: https://github.com/systemd/systemd/pull/14851 commit-id: eda0cbf07186d16a160bd1d810613586fdbdf587 Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | Merge pull request #11075 from flouthoc/ps-filter-network-by-containeropenshift-ci[bot]2021-07-30
|\ \ \ \ | | | | | | | | | | ps: support the `container...` notation for `ps --filter network=...`
| * | | | ps: support the container notation for ps --filter network=...flouthoc2021-07-30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | | system tests: fix race in stop testEd Santiago2021-07-29
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the unlock/timeout test, on slow systems, 'podman ps' could catch the container before the just-backgrounded 'podman stop' sends the signal. Wait for signal ack from container before we inspect it. Also: If I understand the test correctly, it wasn't actually checking that 'ps' could grab the lock while the container was exiting. Add a check. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #11077 from flouthoc/healthcheck-nitOpenShift Merge Robot2021-07-29
|\ \ \ \ | | | | | | | | | | `ci-fix`: healthcheck tests should use `.Should()` instead of `.To()`.
| * | | | Fix: healthcheck tests use .Should() instead of .To()flouthoc2021-07-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | | Merge pull request #9887 from edsantiago/test_buildah_bud_with_remoteOpenShift Merge Robot2021-07-29
|\ \ \ \ \ | |/ / / / |/| | | | buildah bud tests under podman-remote
| * | | | buildah bud tests under podman-remoteEd Santiago2021-07-28
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New functionality -- mostly in the diffs we apply to buildah's helpers.bash -- to enable running buildah-bud tests under podman-remote. The gist of it is, we start a 'podman system service' before each test, and clean it up on test exit. Design decision: the diff file for helpers.bash is no longer trailing-whitespace-clean: that ended up producing diffs that git wouldn't apply, because in some cases the whitespace is actually important. In order to pass CI, we need to exclude this file from some checks. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #11048 from cdoern/heatlhCheckCompatOpenShift Merge Robot2021-07-29
|\ \ \ \ | |/ / / |/| | | Fixed Healthcheck formatting, string to []string
| * | | Fixed Healthcheck formatting, string to []stringcdoern2021-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compat healthcheck tests are of the format []string but podman's were of the format string. Converted podman's to []string at the specgen level since it has the same effect and removed the incorrect parsing of compat healthchecks. fixes #10617 Signed-off-by: cdoern <cdoern@redhat.com>
| * | | Fixed Healthcheck formatting, string to []stringcdoern2021-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compat healthcheck tests are of the format []string but podman's were of the format string. Converted podman's to []string at the specgen level since it has the same effect and removed the incorrect parsing of compat healthchecks. fixes #10617 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #11067 from vrothberg/fix-10154-2OpenShift Merge Robot2021-07-28
|\ \ \ \ | | | | | | | | | | remote build: fix streaming and error handling
| * | | | remote build: fix streaming and error handlingValentin Rothberg2021-07-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Address a number of issues in the streaming logic in remote build, most importantly an error in using buffered channels on the server side. The pattern below does not guarantee that the channel is entirely read before the context fires. for { select { case <- bufferedChannel: ... case <- ctx.Done(): ... } } Fixes: #10154 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #10910 from ↵OpenShift Merge Robot2021-07-28
|\ \ \ \ | |/ / / |/| | | | | | | | | | | adrianreber/2021-07-12-checkpoint-restore-into-pod Add support for checkpoint/restore into and out of pods
| * | | Added tests for out of and into pod checkpoint and restore supportAdrian Reber2021-07-27
| | | | | | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Prepare CRIU version check to work with multiple versionsAdrian Reber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The upcoming commit to support checkpointing out of Pods requires CRIU 3.16. This changes the CRIU version check to support checking for different versions. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | cp system tests: reduce number of exec'sValentin Rothberg2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce the amount of `podman exec`s in the cp system tests. Exec is expensive and a number of them could easily be combined into the container command. This cuts down the costs of running the tests by around 25 percent on my local machine. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | support container to container copyMehul Arora2021-07-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Implement container to container copy. Previously data could only be copied from/to the host. Fixes: #7370 Co-authored-by: Mehul Arora <aroram18@mcmaster.ca> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11028 from ↵OpenShift Merge Robot2021-07-27
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.14.0 Bump github.com/containers/image/v5 from 5.13.2 to 5.14.0
| * | | Bump github.com/containers/image/v5 from 5.13.2 to 5.14.0dependabot[bot]2021-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.13.2 to 5.14.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.13.2...v5.14.0) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #10861 from jmguzik/until-prune-volume-cmdOpenShift Merge Robot2021-07-27
|\ \ \ \ | | | | | | | | | | Add prune until filter test for podman volume cli
| * | | | Add prune until filter test for podman volume cliJakub Guzik2021-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit follows work started in #10756. Changes made in #11015 enabled cli support for volume prune --filter until. Adding e2e test closes #10579. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | | Merge pull request #10983 from vrothberg/fix-danglingOpenShift Merge Robot2021-07-27
|\ \ \ \ \ | |/ / / / |/| | | | refine dangling checks
| * | | | refine dangling checksValentin Rothberg2021-07-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By proxy by vendoring containers/common. Previously, a "dangling" image was an untagged image; just a described in the Docker docs. The definition of dangling has now been refined to an untagged image without children to be compatible with Docker. Further update a redundant image-prune test. Fixes: #10998 Fixes: #10832 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #11047 from Luap99/fix-11032OpenShift Merge Robot2021-07-26
|\ \ \ \ | | | | | | | | | | dual-stack network: fix duplicated subnet assignment
| * | | | dual-stack network: fix duplicated subnet assignmentPaul Holzinger2021-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure podman network create reads all subnets from existing cni configs and not only the first one. Fixes #11032 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11019 from boaz0/test_corsOpenShift Merge Robot2021-07-26
|\ \ \ \ \ | |/ / / / |/| | | | Add tests to verify CORs is enabled
| * | | | Add tests to verify CORS is enabledBoaz Shuster2021-07-25
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | play kube: support capitalized pull policyValentin Rothberg2021-07-26
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Pull policies in K8s yaml may be capitalized, so lower them before parsing. Fixes: bugzilla.redhat.com/show_bug.cgi?id=1985905 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #10895 from rhatdan/devicesOpenShift Merge Robot2021-07-24
|\ \ \ \ | | | | | | | | | | Support DeviceCgroupRules to actually get added.
| * | | | Support DeviceCgroupRules to actually get added.Daniel J Walsh2021-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10302 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #10996 from cdoern/untilLogOpenShift Merge Robot2021-07-24
|\ \ \ \ \ | | | | | | | | | | | | Implemented --until flag for Libpod's Container Logs
| * | | | | Implemented --until flag for libpod's container logscdoern2021-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compat containers/logs was missing actual usage of until query param. This led me to implement the until param for libpod's container logs as well. Added e2e tests. Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | Merge pull request #11018 from vrothberg/fix-10994OpenShift Merge Robot2021-07-24
|\ \ \ \ \ \ | | | | | | | | | | | | | | import: write stdin to tmp file
| * | | | | | import: write stdin to tmp fileValentin Rothberg2021-07-23
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If importing an archive via stdin write it to a temporary file such that the temporary file can be opened multiple times later on. Otherwise, we may end up with an empty image. Also fix a bug in the URL parsing code; we need to check whether there's actually a scheme. Add system tests for `podman import` exercising the basics. Fixes: #10994 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Networking test: fix silent breakageEd Santiago2021-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wow did I screw up. #10982 introduced (at my suggestion) a new wait_for_port() helper, with the goal of eliminating a race condition. It didn't work. First: wait_for_port() tests by connecting to the port, which is a Bad Idea when you have a one-shot server that exits upon the first connection closing. We should've caught that, but: Second: I wrote wait_for_port() for a non-BATS test framework, and used the conventional file descriptor 3. BATS uses fd3 for internal control. Overriding that made the test silently just disappear, no "not ok" message, no warnings, nothing except vanishing into the ether. Third: this was caught by my log-colorizer script, which loudly yelled "WARNING: expected 234" (tests) at the bottom of the log. Unfortunately, since this wasn't my PR, I didn't actually look at the test logs. Solution: we can't use wait_for_port() in the network port test. Use wait_for_output() instead, triggering on the 'listening' message emitted by netcat in the container. Also: fix wait_for_port() to use fd5 instead of 3. Although no code currently uses wait_for_port() as of this PR, it's a useful helper that we may want to keep. Signed-off-by: Ed Santiago <santiago@redhat.com>