summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* vendor test dependencies instead of installing via networkPaul Holzinger2022-05-03
| | | | | | | | | | | | | We can vendor the test dependencies such as go-md2man, git-validation and goimports. This allows us to always install the same version as specified in go.mod. Also we do not rely on a network connection for this. The advantage with this method is that dependabot will also update the dependencies for us and we do not have to hardcode versions in the Makefile. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* pod: add exit policiesValentin Rothberg2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | Add the notion of an "exit policy" to a pod. This policy controls the behaviour when the last container of pod exits. Initially, there are two policies: - "continue" : the pod continues running. This is the default policy when creating a pod. - "stop" : stop the pod when the last container exits. This is the default behaviour for `play kube`. In order to implement the deferred stop of a pod, add a worker queue to the libpod runtime. The queue will pick up work items and in this case helps resolve dead locks that would otherwise occur if we attempted to stop a pod during container cleanup. Note that the default restart policy of `play kube` is "Always". Hence, in order to really solve #13464, the YAML files must set a custom restart policy; the tests use "OnFailure". Fixes: #13464 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14062 from Luap99/resolv.confOpenShift Merge Robot2022-04-29
|\ | | | | libpod: host netns keep same /etc/resolv.conf
| * libpod: host netns keep same /etc/resolv.confPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * fix incorrect permissions for /etc/resolv.conf in usernsPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | fix broken hooks-dir testPaul Holzinger2022-04-29
| | | | | | | | | | | | | | The test has been broken since it was added 4 years ago. Instead of using hardcoded paths we should use tmp files. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | enable errcheck linterPaul Holzinger2022-04-29
|/ | | | | | | | The errcheck linter makes sure that errors are always check and not ignored by accident. It spotted a lot of unchecked errors, mostly in the tests but also some real problem in the code. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Report properly whether pod shares host networkDaniel J Walsh2022-04-28
| | | | | | Fixes: https://github.com/containers/podman/issues/14028 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #14040 from edsantiago/gomega_havefieldOpenShift Merge Robot2022-04-28
|\ | | | | e2e tests: use HaveField() for better error checking
| * Three manual fixesEd Santiago2022-04-28
| | | | | | | | | | | | | | | | | | | | Two for this error: invalid indirect of pod.Spec.DNSConfig.Options[0] ...and one for a gofmt error (spaces). Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Ginkgo: use HaveField() for better error checkingEd Santiago2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a very late followup to my ginkgo-improving work of 2021. It has been stuck since December because it requires gomega 1.17, which we've just enabled. This commit is simply a copy-paste of a command I saved in my TODO list many months ago: sed -i -e 's/Expect(\([^ ]\+\)\.\([a-zA-Z0-9]\+\))\.To(Equal(/Expect(\1).To(HaveField(\"\2\", /' test/e2e/*_test.go Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #14051 from giuseppe/volume-create-noquota-optionOpenShift Merge Robot2022-04-28
|\ \ | |/ |/| volume: add new option -o o=noquota
| * volume: add new option -o o=noquotaGiuseppe Scrivano2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a new option to completely disable xfs quota usage for a volume. xfs quota set on a volume, even just for tracking disk usage, can cause weird errors if the volume is later re-used by a container with a different quota projid. More specifically, link(2) and rename(2) might fail with EXDEV if the source file has a projid that is different from the parent directory. To prevent such kind of issues, the volume should be created beforehand with `podman volume create -o o=noquota $ID` Closes: https://github.com/containers/podman/issues/14049 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #14034 from rhatdan/historyOpenShift Merge Robot2022-04-27
|\ \ | | | | | | Add CreatedSince & CreatedAt format fields to podman image history
| * | Add CreatedSince & CreatedAt format fields to podman image historyDaniel J Walsh2022-04-27
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14012 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Temporarily skip netavark/aardvark e2e testChris Evich2022-04-27
| |/ |/| | | | | | | | | Ref: https://github.com/containers/podman/issues/13931 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #13698 from Luap99/versionOpenShift Merge Robot2022-04-27
|\ \ | |/ |/| Bump version to v4.1.0-dev
| * Bump version to v4.1.0-devPaul Holzinger2022-04-27
| | | | | | | | | | | | | | | | I think we forgot to bump the version in the main branch. It should be v4.1.0-dev now. Also set the min api version to 4.0.0 as on the podman 4.0 branch. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14023 from rhatdan/kubeOpenShift Merge Robot2022-04-27
|\ \ | | | | | | Truncate annotations when generating kubernetes yaml files
| * | Truncate annotations when generating kubernetes yaml filesDaniel J Walsh2022-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes only allows 63 characters in an annotation. Make sure that we only add 63 or less charaters when generating kube. Warn if containers or pods have longer length and truncate. Discussion: https://github.com/containers/podman/discussions/13901 Fixes: https://github.com/containers/podman/issues/13962 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | play kube respect hostNetworkPaul Holzinger2022-04-27
| |/ |/| | | | | | | | | | | | | | | | | | | We need to use the host network when it is set in the config and --network was not used. This regression was added in 3e9af2029f1f. Fixes #14015 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13997 from Luap99/gocriticOpenShift Merge Robot2022-04-27
|\ \ | |/ |/| enable gocritic linter
| * play kube: do not skip containers by namePaul Holzinger2022-04-26
| | | | | | | | | | | | | | | | We should not exclude contianers by name. If a users has a container with the name "inf" it is currently skipped. This is wrong. The k8s yaml does not contain infra containers so we do not have to skip them. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * enable gocritic linterPaul Holzinger2022-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The linter ensures a common code style. - use switch/case instead of else if - use if instead of switch/case for single case statement - add space between comment and text - detect the use of defer with os.Exit() - use short form var += "..." instead of var = var + "..." - detect problems with append() ``` newSlice := append(orgSlice, val) ``` This could lead to nasty bugs because the orgSlice will be changed in place if it has enough capacity too hold the new elements. Thus we newSlice might not be a copy. Of course most of the changes are just cosmetic and do not cause any logic errors but I think it is a good idea to enforce a common style. This should help maintainability. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14009 from vrothberg/add-benchmarksOpenShift Merge Robot2022-04-26
|\ \ | | | | | | benchmarks: add more image benchmarks
| * | benchmarks: add more image benchmarksValentin Rothberg2022-04-26
| | | | | | | | | | | | | | | | | | | | | | | | Add more benchmarks for the most common and performance-critical image commands. Benchmarks for `podman build` should go into a separate section. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | vendor in containers/(common,buildah,storage,image)Daniel J Walsh2022-04-26
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes as of 2022-04-21: - apply-podman-deltas: minor cleanup - buildah-tests.diff: deal with: . buildah #3894 (the registry one), which affected helpers.bash in a way that resulted in conflicts here; and . buildah #3917 (etchosts), which caused offset-only diffs with no conflicts - Reevaluate the bud skip list, and reenable some tests that seems to be passing now under podman: . bud with specified context ... . two tests that require a local registry (which buildah now runs) . bud with --cgroup-parent Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Robustify nginx testsEd Santiago2022-04-25
|/ | | | | | | | | | | | | | | | | | | | [skip ci] While chasing a flake, I discovered that our alpine_nginx image is broken: it returns 404 on all requests. We never caught this because--surprise!--curl exits 0 even when server returns 4xx/5xx status. Let's be strict: add -f (--fail) option to all invocations of curl. And, although I couldn't identify the root cause of the flake (in "run two containers with the same IP" test), I can at least fix the broken wait-for-nginx loop, bump up the number of retries, and improve diagnostics on failure. And add a strict error-message check. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #13978 from Luap99/unparamOpenShift Merge Robot2022-04-25
|\ | | | | enable unparam linter
| * enable unparam linterPaul Holzinger2022-04-25
| | | | | | | | | | | | | | The unparam linter is useful to detect unused function parameters and return values. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13995 from ashley-cui/revrootfulOpenShift Merge Robot2022-04-25
|\ \ | | | | | | Rootfull -> Rootful
| * | Docs rootfull -> rootfulAshley Cui2022-04-25
| | | | | | | | | | | | | | | | | | | | | | | | Some docs say roofull. Change to rootful. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
| * | Revert "Switch all rootful to rootfull"Ashley Cui2022-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit cc3790f332d989440eb1720e24e3619fc97c74ee. We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #13993 from aonoa/mainOpenShift Merge Robot2022-04-25
|\ \ \ | | | | | | | | Modify the pod name suffix '_pod' to '-pod'
| * | | Modify the pod name suffix '_pod' to '-pod'aonoa2022-04-25
| |/ / | | | | | | | | | Signed-off-by: aonoa <1991849113@qq.com>
* | | Merge pull request #13981 from rhatdan/volumeOpenShift Merge Robot2022-04-25
|\ \ \ | |/ / |/| | Add support for passing --volumepath
| * | Add support for passing --volumepathDaniel J Walsh2022-04-23
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13860 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Allow filtering of "removing", it is a valid statusDaniel J Walsh2022-04-24
|/ / | | | | | | | | | | | | | | | | Do not use a list of statuses outside of libpod to validate container statuses. Removing status was never added to the list. Fixes: https://github.com/containers/podman/issues/13986 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13973 from Luap99/linter-reviveOpenShift Merge Robot2022-04-23
|\ \ | | | | | | replace golint with revive linter
| * | replace golint with revive linterPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | golint, scopelint and interfacer are deprecated. golint is replaced by revive. This linter is better because it will also check for our error style: `error strings should not be capitalized or end with punctuation or a newline` scopelint is replaced by exportloopref (already endabled) interfacer has no replacement but I do not think this linter is important. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Fix hang in test_connectChris Evich2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | Starting the podman service in debug-mode causes aardvark to run in debug mode. This does unexpected things with file-descriptors leading to a test-hang. Thanks to @Luap99 for the fix. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Update test to run network check in both rootless and rootfull modeDaniel J Walsh2022-04-22
| |/ |/| | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13918 from Luap99/hostsOpenShift Merge Robot2022-04-22
|\ \ | | | | | | use etchosts package from c/common
| * | test/system: add containers.conf test for new /etc/hosts optionsPaul Holzinger2022-04-22
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | shared netns and --add-host should conflictPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | Because /etc/hosts is shared for all containers with a shared network namespace you should not be able to add hosts from a joined container. Only the primary netns container can set the hosts. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network dis-/connect: update /etc/hostsPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we connect or disconnect from a network we also have to update /etc/hosts to ensure we only have valid entries in there. This also fixes problems with docker-compose since this makes use of network connect/disconnect. Fixes #12533 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | libpod: fix c.Hostname() to respect the utsNsCtrPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we lookup the hostname for a given container we have to check if the container is joined to another utsns and use this hostname then instead. This fixes a problem where the `hostname` command would use the correct name but /etc/hostname would contain a different name. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | use etchosts package from c/commonPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the new logic from c/common to create the hosts file. This will help to better allign the hosts files between buildah and podman. Also this fixes several bugs: - remove host entries when container is stopped and has a netNsCtr - add entries for containers in a pod - do not duplicate entries in the hosts file - use the correct slirp ip when an userns is used Features: - configure host.containers.internal entry in containers.conf - configure base hosts file in containers.conf Fixes #12003 Fixes #13224 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13881 from rhatdan/usernsOpenShift Merge Robot2022-04-22
|\ \ \ | |_|/ |/| | Add support for --userns=nomap
| * | Add support for --userns=nomapDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From a security point of view, it would be nice to be able to map a rootless usernamespace that does not use your own UID within the container. This would add protection against a hostile process escapping the container and reading content in your homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>