summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Add support for creating sigstore signatures, and providing passphrasesMiloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Allow creating sigstore signatures via --sign-by-sigstore-private-key . Like existing --sign-by, it does not work remote (in this case because we would have to copy the private key to the server). - Allow passing a passphrase (which is mandatory for sigstore private keys) via --sign-passphrase-file; if it is not provided, prompt interactively. - Also, use that passphrase for --sign-by as well, allowing non-interactive GPG use. (But --sign-passphrase-file can only be used with _one of_ --sign-by and --sign-by-sigstore-private-key.) Note that unlike the existing code, (podman build) does not yet implement sigstore (I'm not sure why it needs to, it seems not to push images?) because Buildah does not expose the feature yet. Also, (podman image sign) was not extended to support sigstore. The test for this follows existing (podman image sign) tests and doesn't work rootless; that could be improved by exposing a registries.d override option. The test for push is getting large; I didn't want to start yet another registry container, but that would be an alternative. In the future, Ginkgo's Ordered/BeforeAll would allow starting a registry once and using it for two tests. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Update the registry server we test against from 2.6 to 2.8Miloslav Trmač2022-08-02
| | | | | | | | | | | | | ... primarily so that it can support OCI artifacts. 2.8 already seems to exist in the repo. This requires changing WaitContainerReady to also check stderr (ultimately because docker/distribution was updated to a more recent sirupsen/logrus, which logs by default to stderr instead of stdout). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use existing REGISTRY_IMAGE variables in more placesMiloslav Trmač2022-08-02
| | | | | | | | | ... instead of hard-coding a copy of the value. Notably this makes hack/podman_registry actually support the documented -i option. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use httpasswd from the surrouding OS instead of the registry imageMiloslav Trmač2022-08-02
| | | | | | | | | | | htpasswd is no longer included in docker.io/library/distribution after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 , and we want to upgrade to a recent version. At least system tests currently execute htpasswd from the OS, so it seems that it is likely to be available. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* fix e2e sign testsValentin Rothberg2022-08-02
| | | | | | | The key used in the tests has expired. Remove the expiration date to turn CI happy and green. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Skip one failing test on UbuntuMatthew Heon2022-07-27
| | | | | | | | Probably a result of the Ubuntu images being bumped on Main but not in this branch. Not worth chasing down exactly what's going wrong, so let's just disable it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* pod create --share none should not create infraCharlie Doern2022-07-26
| | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* Semiperiodoc cleanup of obsolete FIXMEsEd Santiago2022-07-26
| | | | | | | | | | | | | | | | Some refer to issues that are closed. Remove them. Some are runc bugs that will never be fixed. Say so, and remove the FIXME. One (bps/iops) should probably be fixed. File an issue for it, and update comment to include the issue# so my find-obsolete-skips script can track it. And one (rootless mount with a "kernel bug?" comment) is still not fixed. Leave the skip, but add a comment documenting the symptom. Signed-off-by: Ed Santiago <santiago@redhat.com>
* benchmarks: fix create testValentin Rothberg2022-07-26
| | | | | | And a new one for `run --detach`. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* integration test: fix network backend option with remotePaul Holzinger2022-07-26
| | | | | | | | | | | | | I honestly do not understand all this extra option parsing here but there is really no reason to exclude the option for remote, all the other global options are also set there. This fixes a problem with mixed cni/netavark use because the option was unset. Fixes #15017 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* API: libpod/create use correct default umaskPaul Holzinger2022-07-26
| | | | | | | | | Make sure containers created via API have the correct umask from containers.conf set. Fixes #15036 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* compose test: remove cni config copyPaul Holzinger2022-07-26
| | | | | | | The network backend always has default config in memory so there is no need to copy it. Also netavark cannot use it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* compat api: allow default bridge name for networksPaul Holzinger2022-07-26
| | | | | | | | | | Docker uses "bridge" as default network name so some tools expect this to work with network list or inspect. To fix this we change "bridge" to the podman default ("podman") name. Fixes #14983 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* remote push: show copy progressValentin Rothberg2022-07-26
| | | | | | | | | | | | | | | `podman-remote push` has shown absolutely no progress at all. Fix that by doing essentially the same as the remote-pull code does. The get-free-out-of-jail-card for backwards compatibility is to let the `quiet` parameter default to true. Since the --quioet flag wasn't working before either, older Podman clients do not set it. Also add regression tests to make sure we won't regress again. Fixes: #11554 Fixes: #14971 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* libpod: create /etc/passwd if missingGiuseppe Scrivano2022-07-26
| | | | | | | | | create the /etc/passwd and /etc/group files if they are missing in the image. Closes: https://github.com/containers/podman/issues/14966 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* e2e: show command and output when a timeout happensPaul Holzinger2022-07-26
| | | | | | | To make debugging easier we should see the command and its output when a failure happens. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* podman-remote pull: fix duplicate progress outputsValentin Rothberg2022-07-26
| | | | | | | By vendoring the fixes from containers/image. Also add a test (thanks @edsantiago) to make sure we won't regress in the future again. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Update init ctr default for play kubeUrvashi Mohnani2022-07-26
| | | | | | | | | Update the init container type default to once instead of always to match k8s behavior. Add a new annotation that can be used to change the init ctr type in the kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* system tests: new system-service bats fileEd Santiago2022-07-26
| | | | | | | | | | | | | Followup to #14957, which added a new test that doesn't actually belong in the 250-systemd.bats file. It was copy-pasted from another test that doesn't belong there. Move both tests to a new .bats file, because (1) they need a custom cleanup, and (2) one of the tests should very definitely run under podman-remote, and the 250 bats file has a global skip_if_remote(). Signed-off-by: Ed Santiago <santiago@redhat.com>
* buildah vendor treadmillEd Santiago2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | As you run --sync, please update this commit message with your actual changes. Changes since 2022-06-14: - apply-podman-deltas: (minor) buildah 4057 changed the name of a test; make corresponding change here - apply-podman-deltas: buildah 4071 adds a new OCI-hook test that's failing in remote. Skip it. - apply-podman-deltas: buildah 4096 changed an error message - apply-podman-deltas: buildah 4097 added a test that doesn't work with podman-remote - run-buildah-bud-tests: only run 'sudo --validate' if we need to sudo later (for running tests). Otherwise, same thing: I run the treadmill script, step away, and come back to an unnecessary sudo prompt. - system tests: the new containers-storage changes some error messages; fix tests to reflect that. (And, unrelated, fix a red cleanup warning) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Run codespellDaniel J Walsh2022-07-26
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --host and -H as equivalent options to --urlDaniel J Walsh2022-07-26
| | | | | | | | | | Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Podman pull --all-tags shorthand optionJake Correnti2022-07-26
| | | | | | | I added the shorthand option for `podman pull --all-tags`. Like Docker, Podman can now do `podman pull -a`. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* Podman stop --filter flagKarthik Elango2022-07-26
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Add podman events -f to be alias for --filterDaniel J Walsh2022-07-26
| | | | | | Needed for Docker compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Docker uses "-c" to mean "--cpu-shares" in create and runDaniel J Walsh2022-07-26
| | | | | | | Add support for -c as an alias for --cpu-shares to be compatible with Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* test,manifest-run: declare TARGETPLATFORM before using itAditya R2022-07-26
| | | | | | | | | | | | | | | As part of fix for https://github.com/openshift/imagebuilder/issues/231 `FROM` does not expands `ARGS` which are not declared so `TARGETPLATFORM` Note: I think a patch should be added at imagebuilder to allow using inbuilt ARGS in FROM without declaring it as well but it is something to be discussed so lets declare it manually in our tests [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* [CI:DOCS] Improve language. Fix spelling and typos.Erik Sjölund2022-07-26
| | | | | | | | | * Correct spelling and typos. * Improve language. Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #14181 from umohnani8/kube-hostnameopenshift-ci[bot]2022-07-11
|\ | | | | Add ports and hostname correctly in kube yaml
| * Add ports and hostname correctly in kube yamlUrvashi Mohnani2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | If a pod is created without net sharing, allow adding separate ports for each container to the kube yaml and also set the pod level hostname correctly if the uts namespace is not being shared. Add a warning if the default namespace sharing options have been modified by the user. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #14874 from vrothberg/fix-14859openshift-ci[bot]2022-07-11
|\ \ | | | | | | exit code improvements
| * | podman wait: return 0 if container never ranValentin Rothberg2022-07-11
| | | | | | | | | | | | | | | | | | | | | Make sure to return/exit with 0 when waiting for a container that never ran. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | test/system/130-kill.bats: use $IMAGEValentin Rothberg2022-07-11
| | | | | | | | | | | | | | | | | | A copy-paste error led to use `alpine` instead. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14826 from sstosh/net-pruneopenshift-ci[bot]2022-07-11
|\ \ \ | |/ / |/| | Refactored networkPrune function
| * | Refactored networkPrune functionToshiki Sonoda2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactored the networkPrune function to improve readability. This commit changes the `networkPrune` function to use the `PrintNetworkPruneResults` function. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | Merge pull request #14818 from rhatdan/waitopenshift-ci[bot]2022-07-11
|\ \ \ | | | | | | | | podman wait can take multiple conditions
| * | | podman wait can take multiple conditionsDaniel J Walsh2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman wait should not be defaulting to just stopped. By default wait API waits for stopped and exited. We should not override this on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #14219 from mheon/bump_versionopenshift-ci[bot]2022-07-08
|\ \ \ \ | | | | | | | | | | Bump Compat API maximum version to v1.41
| * | | | Bump Compat API maximum version to v1.41Matthew Heon2022-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker bumped their API, so we should do the same. Fixes #14204 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Manifest test cleanup: use defer()Ed Santiago2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #14845: use defer(), not fragile global context, to stop registry and clean up temporary envariable. Thanks to mitr for the suggestion. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #14839 from saschagrunert/errors-pkgopenshift-ci[bot]2022-07-08
|\ \ \ \ \ | |_|/ / / |/| | | | pkg: switch to golang native error wrapping
| * | | | pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* / | | manifest_test: safer registry setup and teardownEd Santiago2022-07-07
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | manifest_test:authenticated_push() is the final test left to fix before merging #14397. The reason it's failing _seems_ to be that podman is running with a mix of netavark and CNI, and that _seems_ to be because this test invokes hack/podman-registry which invokes plain podman without whatever options used in e2e. Starting a registry directly from the test is insane: there is no reusable code for doing that (see login_logout_test.go and push_test.go. Yeesh.) Solution: set $PODMAN, by inspecting the podmanTest object which includes both a path and a list of options. podman-registry will invoke that. (It will also override --root and --runroot. This is the desired behavior). Also: add cleanup. If auth-push test fails, stop the registry. Also: add a sanity check to podman-registry script, have it wait for the registry port to activate. Die if it doesn't. That could've saved us a nice bit of debugging time. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #14857 from edsantiago/dedup_uts_testnameopenshift-ci[bot]2022-07-07
|\ \ \ | | | | | | | | [minor] fix duplicate test name
| * | | [minor] fix duplicate test nameEd Santiago2022-07-07
| | | | | | | | | | | | | | | | | | | | | | | | copy/paste error in #14501. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #14855 from edsantiago/port_forward_duhopenshift-ci[bot]2022-07-07
|\ \ \ \ | |/ / / |/| | | port forward range test: fix an oops
| * | | port forward range test: fix many oopsesEd Santiago2022-07-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wrong variable. And, wrong index range. And, wrong bash syntax for extracting end_port. And, add explicit check for valid range, because die() inside 'foo=$(...)' will not actually die. And, refactor some confusing code. And, reformat/clean up a confusing and too-wide comment. Fixes: #14854 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #14852 from cdoern/podUTSEd Santiago2022-07-07
|\ \ \ \ | |/ / / |/| | | fix namespace reporting
| * | | fix namespace reportingCharlie Doern2022-07-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | somehow, #14501 got through CI even though the remote tests fail. The testa are failing due to the PodSpecGenerator not containing the UTSNs entitiy and infra's spec is not yet allowed to be accessed remotely [NO NEW TESTS NEEDED] resolves #14847 Signed-off-by: Charlie Doern <cdoern@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-17 08:27:50 +0000