summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* podman-remote: prevent leaking secret into imageAditya Rajan2021-11-30
| | | | | | | | Prevents temp secrets leaking into image by moving it away from context directory to parent builder directory. Builder directory automatically gets cleaned up when we are done with the build. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* podman-remote: copy secret to contextdir is absolute path on hostAditya Rajan2021-11-30
| | | | | | | | Podman remote must treat build secrets as part of context directory. If secret path is absolute path on host copy it to tar file and pass it to remote server. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #12433 from matejvasek/fix-mount-parsingOpenShift Merge Robot2021-11-29
|\ | | | | fix: parsing of HostConfig.Mounts for container create
| * fix: parsing of HostConfig.Mounts for container createMatej Vasek2021-11-29
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | e2e tests: enable golintEd Santiago2021-11-29
|/ | | | | | ...and fix problems found therewith. Signed-off-by: Ed Santiago <santiago@redhat.com>
* fix: error reporting for archive endpointMatej Vasek2021-11-28
| | | | | | Returning 500 when copying to read-only destination. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* libpod: improve heuristic to detect cgroupGiuseppe Scrivano2021-11-24
| | | | | | | | | | | improve the heuristic to detect the scope that was created for the container. This is necessary with systemd running as PID 1, since it moves itself to a different sub-cgroup, thus stats would not account for other processes in the same container. Closes: https://github.com/containers/podman/issues/12400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #12398 from edsantiago/remove_betrueOpenShift Merge Robot2021-11-24
|\ | | | | continue e2e test cleanup
| * Find and fix empty Expect()sEd Santiago2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | That previous commit made me wonder if there are any other instances of Expect() with no assertions. grep Expect test/e2e/*_test.go |egrep -v '\.(To|NotTo|Should)' ...finds a couple of handfuls, most of which are OK (continued on the next line) but a few of which are bugs. Fix those. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Remove StringInSlice(), part 2Ed Santiago2021-11-23
| | | | | | | | | | | | | | These were NOPs, and were testing the wrong thing (pod ID, not container ID). Fixed manually. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Remove StringInSlice(), part 1Ed Santiago2021-11-23
| | | | | | | | | | | | via: sed -i -e 's/Expect(StringInSlice(\(.*\), \(.*\))).To(BeTrue())/Expect(\2)\.To(ContainElement(\1))/' test/e2e/*_test.go Signed-off-by: Ed Santiago <santiago@redhat.com>
| * e2e test cleanup, continuedEd Santiago2021-11-23
| | | | | | | | | | | | | | | | Continue eliminating GrepString() and BeTrue(), in tiny incremental steps. Here I take the liberty of refactoring some hard-to-read code by adding a helper. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Unset SocketLabel after system finishes checkpointingDaniel J Walsh2021-11-23
|/ | | | | | | | | | | | This should fix the SELinux issue we are seeing with talking to /run/systemd/private. Fixes: https://github.com/containers/podman/issues/12362 Also unset the XDG_RUNTIME_DIR if set, since we don't know when running as a service if this will cause issue.s Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12371 from jakub-dzon/env-config-mapsOpenShift Merge Robot2021-11-23
|\ | | | | Support env variables based on ConfigMaps sent in payload
| * Support env variables based on ConfigMaps sent in payloadJakub Dzon2021-11-23
| | | | | | | | | | | | Fixes #12363 Signed-off-by: Jakub Dzon <jdzon@redhat.com>
* | Merge pull request #12328 from serverwentdown/fix-compat-ipaddressDaniel J Walsh2021-11-23
|\ \ | | | | | | compat: Add subnet mask behind IP address to match Docker API
| * | compat: Add subnet mask behind IP address to match Docker APIAmbrose Chua2021-11-20
| | | | | | | | | | | | Signed-off-by: Ambrose Chua <ambrose@hey.com>
* | | Merge pull request #12361 from rhatdan/remoteDaniel J Walsh2021-11-23
|\ \ \ | | | | | | | | podman-remote does not support signature-policy
| * | | podman-remote does not support signature-policyDaniel J Walsh2021-11-19
| |/ / | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12357 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12010 from vrothberg/fix-11964OpenShift Merge Robot2021-11-23
|\ \ \ | |_|/ |/| | image lookup: do not match *any* tags
| * | image lookup: do not match *any* tagsValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For reasons buried in the history of Podman, looking up an untagged image would match any tag of matching image. For instance, looking up centos would match a local image centos:foobar. Change that behavior to only match the latest tag. Fix: #11964 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12380 from vrothberg/fix-11618OpenShift Merge Robot2021-11-23
|\ \ \ | |/ / |/| | generate systemd: add --start-timeout flag
| * | generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Oops! Manual edits to broken testsEd Santiago2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 2 of 2: there were (still are?) a bunch of string checks that didn't have a corresponding Expect(). IIUC that means they were NOPs. Try to identify and fix those. The first few were caught by Go linting, "ok is defined but not used". When I realized the problem, I looked for more using: $ ack -A2 LineInOutputStartsWith ...and tediously eyeballing the results, looking for matches in which the next line was not Expect(). If test was wrong (e.g. "server" should've been "nameserver"), fix that. Also: remove the remove-betrue script. We don't need it in the repo, I just wanted to preserve it for posterity. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | e2e tests: clean up antihelpful BeTrue()sEd Santiago2021-11-22
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Many ginkgo tests have been written to use this evil form: GrepString("foo") Expect(that to BeTrue()) ...which yields horrible useless messages on failure: false is not true Identify those (automatically, via script) and convert to: Expect(output to ContainSubstring("foo")) ...which yields: "this output" does not contain substring "foo" There are still many BeTrue()s left. This is just a start. This is commit 1 of 2. It includes the script I used, and all changes to *.go are those computed by the script. Commit 2 will apply some manual fixes. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #12386 from baude/playkuberenameDaniel J Walsh2021-11-22
|\ \ | | | | | | Rename pod on generate of container
| * | Rename pod on generate of containerBrent Baude2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | When generating kube of a container, the podname and container name in the yaml are identical. This offends rules in podman where pods and containers cannot have the same name. We now append _pod to the podname to avoid that collision. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #12349 from edsantiago/clean_fixmesOpenShift Merge Robot2021-11-22
|\ \ \ | |/ / |/| | Semiperiodic cleanup of obsolete Skip()s
| * | Semiperiodic cleanup of obsolete Skip()sEd Santiago2021-11-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Found by my find-obsolete-skips script. Let's see which, if any, of these skipped tests can be reenabled. Some Skips are "this will never work", not "this is expected to work one day". Update the message on those to reflect that. Some were real bugs in the test framework. Fix those. And, joy of joys, some work today. Remove those skips. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #12351 from ↵OpenShift Merge Robot2021-11-22
|\ \ | | | | | | | | | | | | adrianreber/2021-11-18-restore-runtime-verification Restore runtime verification
| * | Add tests for restore runtime verificationAdrian Reber2021-11-19
| |/ | | | | | | | | | | | | | | On container restore ensures that the same container runtime is used as during checkpointing and it also ensures that the user does not select a different runtime. Signed-off-by: Adrian Reber <areber@redhat.com>
* / Add EXPOSE e2e testColin Bendell2021-11-20
|/ | | | Signed-off-by: Colin Bendell <colin@bendell.ca>
* test: Update error string for --file-locks testRadostin Stoyanov2021-11-19
| | | | | | | | Use a substring matching the end of the error message. Closes: #12366 Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* Merge pull request #11957 from edsantiago/batsOpenShift Merge Robot2021-11-18
|\ | | | | System tests: new checkpoint test
| * System tests: new checkpoint testsEd Santiago2021-11-17
| | | | | | | | | | | | | | | | | | Includes a test for the stdout-goes-away bug (crun #756). Skip on Ubuntu due to a many-months-old kernel bug that keeps getting fixed and then un-fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #12295 from flouthoc/filter-label-patternOpenShift Merge Robot2021-11-18
|\ \ | | | | | | filters: add basic pattern matching for label keys i.e `--filter label=<pattern>`
| * | filter: add basic pattern matching for label keysAditya Rajan2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR adds basic pattern matching to filter by labels for `keys`. Adds support for use-cases like `--filter label=some.prefix.com/key/*` where end-users want to match a pattern for keys as compared to exact value. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | Add test for checkpoint/restore with --file-locksRadostin Stoyanov2021-11-18
| | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | | remote checkpoint/restore: more fixesValentin Rothberg2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support `checkpoint --pre-checkpoint` * Support `checkpoint --with-previous` * Disable `restore --import-previous` for the remote client since we had to send two files which in turn would require to tar them up and hence be a breaking change. Podman 4.0 would be the chance and I hope we'll find time before that to remote-restore prettier. Note that I did not run over swagger yet to check whether all parameters are actually documented due to time constraints. Fixes: #12334 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | fix CIValentin Rothberg2021-11-18
| |/ |/| | | | | | | | | | | | | | | | | | | | | Our fedora-minimal image on Quay bases on fedora-minimal:latest which starting with F35 removed a number of binaries that our CI depends on. Fix that by pulling `fedora-minimal:34` from the Fedora registry directly. Once the build bot on Quay has been disabled, we move the image over there to make sure that it will not change over time. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12281 from vrothberg/fix-12007OpenShift Merge Robot2021-11-17
|\ \ | | | | | | fix remote checkpoint/restore
| * | fix remote checkpoint/restoreValentin Rothberg2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Nothing was working before, and it's too much to summarize. To make sure we're not regressing in the future again, enable the remote e2e tests. Fixes: #12007 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | hack/bats: deal with new bin helpersEd Santiago2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some time in the last month, podman started to depend on a bunch of external helper binaries: rootlessport, pause, catatonit. System tests fail without these. Update the hack/bats script to pass $CONTAINERS_HELPER_BINARIES_DIR (set to ./bin); podman will then use locally-built helpers. (This requires https://github.com/containers/common/pull/823 , which as of this PR is not yet vendored into podman. There is no harm in merging this while we wait.) Also: if bats helper is invoked as root, run only once; i.e., skip the "rootless" step. Also (piggybacked): the name of the podman pause image has changed, from pause to podman-pause. Adjust that in our teardown so we don't leave droppings. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12218 from vrothberg/pause-catatonitOpenShift Merge Robot2021-11-16
|\ \ \ | | | | | | | | infra container: replace pause with catatonit
| * | | infra container: replace pause with catatonitValentin Rothberg2021-11-15
| | |/ | |/| | | | | | | | | | | | | | | | | | | Podman has been using catatonit for a number of years already. Thanks to @giuseppe, catatonit is now able to run as a pause process which allows us to replace the pause binary entirely. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12100 from rhatdan/envOpenShift Merge Robot2021-11-16
|\ \ \ | |_|/ |/| | Add option --unsetenv to remove default environment variables
| * | Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12294 from flouthoc/secret-mount-targetOpenShift Merge Robot2021-11-16
|\ \ \ | | | | | | | | secret: honor custom `target=` for secrets with `type=mount` for ctr.
| * | | secret: honor custom target for secrets with runAditya Rajan2021-11-15
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Honor custom `target` if specified while running or creating containers with secret `type=mount`. Example: `podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest bash` Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | Merge pull request #12285 from nalind/journal-follow-not-earlyOpenShift Merge Robot2021-11-15
|\ \ \ | |_|/ |/| | journald logs: keep reading until the journal's end