summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #8670 from rhatdan/capsOpenShift Merge Robot2020-12-09
|\ | | | | Properly handle --cap-add all when running with a --user flag
| * Properly handle --cap-add all when running with a --user flagDaniel J Walsh2020-12-09
| | | | | | | | | | | | | | | | | | | | Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8669 from giuseppe/unmask-also-cover-ro-pathsOpenShift Merge Robot2020-12-09
|\ \ | | | | | | security: honor systempaths=unconfined for ro paths
| * | security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| |/ | | | | | | | | | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8653 from rhatdan/buildahOpenShift Merge Robot2020-12-09
|\ \ | | | | | | Honor the --layers flag
| * | Honor the --layers flagDaniel J Walsh2020-12-09
| |/ | | | | | | | | | | | | | | | | Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS environment variable being set is observed. Fixes: https://github.com/containers/podman/issues/8643 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8635 from Luap99/shell-completion-testOpenShift Merge Robot2020-12-09
|\ \ | |/ |/| Add system test for shell completion
| * Add system test for shell completionPaul Holzinger2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There exists a unit test to ensure that shell completion functions are defined. However there was no check about the quality of the provided shell completions. Lets change that. The idea is to create a general test that makes sure we are suggesting containers,pods,images... for the correct commands. This works by reading the command use line and checking for each arg if we provide the correct suggestions for this arg. It includes the following tests: - flag suggestions if [options] is set - container, pod, image, network, volume, registry completion - path completion for the appropriate arg KEYWORDS (`PATH`,`CONTEXT`,etc.) - no completion if there are no args - completion for more than one arg if it ends with `...]` The test does not cover completion values for flags and not every arg KEYWORD is supported. This is still a huge improvement and covers most use cases. This test spotted several inconsistencies between the completion and the command use line. All of them have been adjusted to make the test pass. The biggest advantage is that the completions always match the latest command changes. So if someone changes the arguments for a command this ensures that the completions must be adjusted. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Correct port range logic for port generationMatthew Heon2020-12-08
|/ | | | | | | | | | | | | The existing logic (Range > 0) always triggered, because range is guaranteed to be at least 1 (a single port has a range of 1, a two port range (e.g. 80-81) has a range of 2, and so on). As such this could cause ports that had a host port assigned to them by the user to randomly assign one instead. Fixes #8650 Fixes #8651 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #8642 from jwhonce/issues/8444OpenShift Merge Robot2020-12-08
|\ | | | | Restore json format for fields as well as whole structs
| * Restore json format for fields as well as whole structsJhon Honce2020-12-07
| | | | | | | | | | | | | | | | | | * Add template func to inspect template processing * Added test using repro from #8444 Fixes #8444 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8648 from mheon/fix_7883OpenShift Merge Robot2020-12-08
|\ \ | | | | | | Make `podman stats` slirp check more robust
| * | Make `podman stats` slirp check more robustMatthew Heon2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just checking for `rootless.IsRootless()` does not catch all the cases where slirp4netns is in use - we actually allow it to be used as root as well. Fortify the conditional here so we don't fail in the root + slirp case. Fixes #7883 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #8630 from umohnani8/sec-optOpenShift Merge Robot2020-12-08
|\ \ \ | |/ / |/| | Add systempaths=unconfined option
| * | Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ \ \ | |_|/ |/| | Implement pod-network-reload
| * | Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8639 from Luap99/fix-network-ls-filter-flakeOpenShift Merge Robot2020-12-07
|\ \ \ | | | | | | | | Fix network ls --filter invalid value flake
| * | | Fix network ls --filter invalid value flakePaul Holzinger2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | The filter is only validated when at least one network exists. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ \ \ | |/ / / |/| | | generate kube on multiple containers
| * | | generate kube on multiple containersbaude2020-12-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8561 from mheon/fix_gatingOpenShift Merge Robot2020-12-07
|\ \ \ | | | | | | | | Do not mount sysfs as rootless in more cases
| * | | Do not mount sysfs as rootless in more casesMatthew Heon2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #8625 from Edward5hen/container-prune-testOpenShift Merge Robot2020-12-07
|\ \ \ \ | |_|/ / |/| | | Add APIv2 test for containers-prune
| * | | Add APIv2 test for containers-pruneEdward Shen2020-12-07
| | | | | | | | | | | | | | | | Signed-off-by: Edward Shen <weshen@redhat.com>
* | | | Merge pull request #8624 from mlegenovic/masterOpenShift Merge Robot2020-12-07
|\ \ \ \ | | | | | | | | | | Docker compat API - containers create ignores the name
| * | | | Docker compat API - containers create ignores the nameMilivoje Legenovic2020-12-07
| |/ / / | | | | | | | | | | | | | | | | | | | | /containers/create compat endpoint does not set the name correctly (#7857) Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | add comment to #8558 regression testValentin Rothberg2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | As suggested by @edsantiago, add a comment to the regression test of #8558 to better document the context. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | container create: do not clear image nameValentin Rothberg2020-12-07
|/ / / | | | | | | | | | | | | | | | | | | | | | When creating a container, do not clear the input-image name before looking up image names. Also add a regression test. Fixes: #8558 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Jira RUN-1106 System handlers updatesJhon Honce2020-12-05
| | | | | | | | | | | | | | | | | | | | | | | | * Update tests to reflect system endpoints * First implementation of compat /system/df, only fields that are populated by libpod are set Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #8489 from ashley-cui/commonslirpOpenShift Merge Robot2020-12-05
|\ \ \ | | | | | | | | Add ability to set system wide options for slirp4netns
| * | | Add ability to set system wide options for slirp4netnsAshley Cui2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | Wire in containers.conf options for slirp Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Jira RUN-1106 Volumes handlers updatesJhon Honce2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | * Add tests to verify required fields in responses Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #8601 from jwhonce/jira/RUN-1106-networksOpenShift Merge Robot2020-12-04
|\ \ \ \ | | | | | | | | | | Jira RUN-1106 Network handlers updates
| * | | | Jira RUN-1106 Network handlers updatesJhon Honce2020-12-04
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add network API tests * Update network create endpoint to return ID not Name Audit: - GET /networks ListNetworks - GET /networks/{id} InspectNetwork - DELETE /networks/{id} RemoveNetwork - POST /networks/create CreateNetwork - POST /networks/prune 405 not implemented Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #8494 from mlegenovic/masterOpenShift Merge Robot2020-12-04
|\ \ \ \ | | | | | | | | | | More docker compat API fixes
| * | | | More docker compat API fixesMilivoje Legenovic2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | | Merge pull request #8570 from vrothberg/run-950OpenShift Merge Robot2020-12-04
|\ \ \ \ \ | |_|/ / / |/| | | | rewrite container copy
| * | | | rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | e2e: bump pull timeout to 240 secondsValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I am constantly hitting the 90 seconds limit with my very slow connection. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #8476 from rhatdan/containerenvOpenShift Merge Robot2020-12-04
|\ \ \ \ \ | |_|/ / / |/| | | | Add containerenv information to /run/.containerenv
| * | | | Add containerenv information to /run/.containerenvDaniel J Walsh2020-12-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have been asked to leak some information into the container to indicate: * The name and id of the container * The version of podman used to launch the container * The image name and ID the container is based on. * Whether the container engine is running in rootless mode. Fixes: https://github.com/containers/podman/issues/6192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8569 from zhangguanzhang/fix-nitOpenShift Merge Robot2020-12-04
|\ \ \ \ | | | | | | | | | | Fix some nit in code and comment
| * | | | Fix some nitzhangguanzhang2020-12-04
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #8589 from yan12125/container-logs-unix-timestampsOpenShift Merge Robot2020-12-04
|\ \ \ \ \ | | | | | | | | | | | | Support Unix timestamps for `podman logs --since`
| * | | | | Support Unix timestamps for `podman logs --since`Chih-Hsuan Yen2020-12-04
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | To match what podman-logs(1) describes --since Signed-off-by: Chih-Hsuan Yen <yan12125@gmail.com>
* / | | | Jira RUN-1106 Image handlers updatesJhon Honce2020-12-03
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Audit and add tests for required fields. * Added issue for /images/load implementation Audit: - GET /images/json GetImages - POST /build BuildImage - POST /build/prune 404 not found - POST /images/create CreateImageFromImage/CreateImageFromSrc - GET /images/{name}/json GetImage - GET /images/{name}/history HistoryImage - POST /images/{name}/push PushImage - POST /images/{name}/tag TagImage - DELETE /images/{name} RemoveImage - POST /images/prune PruneImages - POST /commit CommitContainer - GET /images/{name}/get ExportImage - GET /images/get ExportImages - POST /images/load LoadImages See https://github.com/containers/podman/issues/8586 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #8551 from rhatdan/defaultOpenShift Merge Robot2020-12-03
|\ \ \ \ | |/ / / |/| | | Support --network=default as if it was private
| * | | Support --network=default as if it was privateDaniel J Walsh2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker defines an option of "default" which means to use the default network. We should support this with the same code path as --network="". This is important for compatibility with the Docker API. Fixes: https://github.com/containers/podman/issues/8544 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8564 from edsantiago/batsOpenShift Merge Robot2020-12-03
|\ \ \ \ | | | | | | | | | | BATS: add new load test