summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* remove SkipIfNotFedora() from events testPaul Holzinger2022-09-06
| | | | | | They should work on all distros. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix podman events with custom formatPaul Holzinger2022-09-06
| | | | | | | podman events --format {{.ID}} was not working since the template was converted to a range but we only render each event individually. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add container GID to additional groupsMatthew Heon2022-09-06
| | | | | | | Mitigates a potential permissions issue. Mirrors Buildah PR #4200 and CRI-O PR #6159. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix bind-mount-option annotation in gen/play kubeUrvashi Mohnani2022-09-06
| | | | | | | | | The format used for setting the bind-mount-options annotations in the kube yaml was incorrect and caused k8s to throw an error when trying to play the generated kube yaml. Fix the annotation format to match the rules of k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* updated apiv2 tests to reflect hash compat fixJason Ertel2022-09-06
| | | | Signed-off-by: Jason Ertel <jason.ertel@securityonionsolutions.com>
* Compat API image remove events now have 'delete' statusMatthew Heon2022-09-06
| | | | | | | | | Change only the compat API, so we don't force a breaking change on Libpod API users. Partial fix for #15485 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* vendor containers/psgo@v1.7.3Valentin Rothberg2022-09-06
| | | | | | | | | | | | | | Add three new capabilities that would otherwise be reported as unknown. Also add an e2e test making sure that `podman top` knows all capabilities of the current kernel. I refrained from adding a system test since this may blow up in gating tests. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Allow podman to run in an environment with keys containing spacesDaniel J Walsh2022-09-06
| | | | | | Fixes: https://github.com/containers/podman/issues/15251 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pass environment variables to container cloneCharlie Doern2022-09-06
| | | | | | | | the env vars are held in the spec rather than the config, so they need to be mapped manually. They are also of a different format so special handling needed to be added. All env from the parent container will now be passed to the clone. resolves #15242 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Fix #15499 already connected networkAlessandro Rossi2022-08-30
| | | | | | | | | | | Compat: Treat already attached networks as a no-op Applies only to containers in created state. Maintain error in running state. Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com> Co-authored-by: Brent Baude <bbaude@redhat.com> Co-authored-by: Jason T. Greene <jason.greene@redhat.com> Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com> Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* fix CI: remove hardcodeded alpine versionValentin Rothberg2022-08-30
| | | | | | | | The apiv2 test hardcoded the tag of the alpine image. Remove it to unblock CI. Fixes: #15388 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Skip / update some tests under runcEd Santiago2022-08-15
| | | | | | | | | | | | | | | | | | | Two fixes done in #14972 (the "oops test under runc again" PR which was not backported into 4.2): - "survive service stop" - skip. Test is only applicable under crun. - "volume exec/noexec" - update the expected error message One hail-mary fix for a test failure seen in RHEL87 gating: - "nonexistent labels" - slight tweak to expected error message None of these fixes will actually be tested in CI, because v4.2 does not run any runc tests. We'll have to wait and see what happens on the next RHEL build. Signed-off-by: Ed Santiago <santiago@redhat.com>
* cmd: refuse --userns if a mapping is specifiedGiuseppe Scrivano2022-08-10
| | | | | | | | | if an explicit mapping is specified, do not accept `--userns` since it overriden to "private". Closes: https://github.com/containers/podman/issues/15233 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* e2e: Add rootless mount cleanup testToshiki Sonoda2022-08-10
| | | | | | `podman run -d mount cleanup test` adapt to rootless environment. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* start filter flag changesKarthik Elango2022-08-10
| | | | | | Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy Signed-off-by: Karthik Elango <kelango@redhat.com>
* Cirrus: Fix e2e tests for "mount_rootless_test"Toshiki Sonoda2022-08-10
| | | | | | | | | | | | | | | | | | | | | e2e `mount_rootless_test` did not load `podman binary path` successfully. This PR fix this problem. [It] podman unshare podman mount: ``` [+1596s] Running: ... unshare mount <cid> [+1596s] Error: exec: no command [+1596s] output: ``` [It] podman unshare image podman mount: ``` [+1599s] Running: ... unshare image mount quay.io/libpod/alpine:latest [+1599s] Error: exec: no command [+1599s] output: ``` Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* test: verify manifest inspect must contain OCI annotationsAditya R2022-08-10
| | | | Signed-off-by: Aditya R <arajan@redhat.com>
* With --rm option remove container if podman run failsDaniel J Walsh2022-08-10
| | | | | | | | | | Fixes https://github.com/containers/podman/issues/15049 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Bump golang.org/x/tools from 0.1.11 to 0.1.12 in /test/toolsdependabot[bot]2022-08-10
| | | | | | | | | | | | | | Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.11 to 0.1.12. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.11...v0.1.12) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Fix: manifest push --rm removes a correct manifest listToshiki Sonoda2022-08-10
| | | | | | | | | | | | | | | | | | | This bug is reproduced when we execute the following command: 1. podman manifest add <manifest list> <images exist on local storage> 2. podman manifest push --rm <manifest list> dir:<directory> If pushing succeeds, it is expected to remove only a manifest list. However, manifest list remains on local storage and images are removed. This commit fixes `podman manifest push --rm` to remove only a manifest list. And, supports `manifest push --rm option` in remote environment, like host environment. Fixes: https://github.com/containers/podman/issues/15033 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* Fix: Restore a container which name is equal to a image nameToshiki Sonoda2022-08-10
| | | | | | | | If there is a match for both container and image, we restore the container. Fixes: https://github.com/containers/podman/issues/15055 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* When removing objects specifying --force,podman should exit with 0Daniel J Walsh2022-08-10
| | | | | | | | | | | | This Patch will cause podman COMMAND rm --force bogus not fail This is how Docker works, so Podman should follow this to allow existing scripts to convert from Docker to Podman. Fixes: #14612 Oprignal version of this patch came from wufan 1991849113@qq.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* test: update apply-podman-deltas for new testsAditya R2022-08-10
| | | | | | | | | | Skip some newly added test for remote and modify error output of a test case which is reporter early in case of podman. [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* Add support for creating sigstore signatures, and providing passphrasesMiloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Allow creating sigstore signatures via --sign-by-sigstore-private-key . Like existing --sign-by, it does not work remote (in this case because we would have to copy the private key to the server). - Allow passing a passphrase (which is mandatory for sigstore private keys) via --sign-passphrase-file; if it is not provided, prompt interactively. - Also, use that passphrase for --sign-by as well, allowing non-interactive GPG use. (But --sign-passphrase-file can only be used with _one of_ --sign-by and --sign-by-sigstore-private-key.) Note that unlike the existing code, (podman build) does not yet implement sigstore (I'm not sure why it needs to, it seems not to push images?) because Buildah does not expose the feature yet. Also, (podman image sign) was not extended to support sigstore. The test for this follows existing (podman image sign) tests and doesn't work rootless; that could be improved by exposing a registries.d override option. The test for push is getting large; I didn't want to start yet another registry container, but that would be an alternative. In the future, Ginkgo's Ordered/BeforeAll would allow starting a registry once and using it for two tests. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Update the registry server we test against from 2.6 to 2.8Miloslav Trmač2022-08-02
| | | | | | | | | | | | | ... primarily so that it can support OCI artifacts. 2.8 already seems to exist in the repo. This requires changing WaitContainerReady to also check stderr (ultimately because docker/distribution was updated to a more recent sirupsen/logrus, which logs by default to stderr instead of stdout). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use existing REGISTRY_IMAGE variables in more placesMiloslav Trmač2022-08-02
| | | | | | | | | ... instead of hard-coding a copy of the value. Notably this makes hack/podman_registry actually support the documented -i option. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use httpasswd from the surrouding OS instead of the registry imageMiloslav Trmač2022-08-02
| | | | | | | | | | | htpasswd is no longer included in docker.io/library/distribution after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 , and we want to upgrade to a recent version. At least system tests currently execute htpasswd from the OS, so it seems that it is likely to be available. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* fix e2e sign testsValentin Rothberg2022-08-02
| | | | | | | The key used in the tests has expired. Remove the expiration date to turn CI happy and green. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Skip one failing test on UbuntuMatthew Heon2022-07-27
| | | | | | | | Probably a result of the Ubuntu images being bumped on Main but not in this branch. Not worth chasing down exactly what's going wrong, so let's just disable it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* pod create --share none should not create infraCharlie Doern2022-07-26
| | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* Semiperiodoc cleanup of obsolete FIXMEsEd Santiago2022-07-26
| | | | | | | | | | | | | | | | Some refer to issues that are closed. Remove them. Some are runc bugs that will never be fixed. Say so, and remove the FIXME. One (bps/iops) should probably be fixed. File an issue for it, and update comment to include the issue# so my find-obsolete-skips script can track it. And one (rootless mount with a "kernel bug?" comment) is still not fixed. Leave the skip, but add a comment documenting the symptom. Signed-off-by: Ed Santiago <santiago@redhat.com>
* benchmarks: fix create testValentin Rothberg2022-07-26
| | | | | | And a new one for `run --detach`. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* integration test: fix network backend option with remotePaul Holzinger2022-07-26
| | | | | | | | | | | | | I honestly do not understand all this extra option parsing here but there is really no reason to exclude the option for remote, all the other global options are also set there. This fixes a problem with mixed cni/netavark use because the option was unset. Fixes #15017 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* API: libpod/create use correct default umaskPaul Holzinger2022-07-26
| | | | | | | | | Make sure containers created via API have the correct umask from containers.conf set. Fixes #15036 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* compose test: remove cni config copyPaul Holzinger2022-07-26
| | | | | | | The network backend always has default config in memory so there is no need to copy it. Also netavark cannot use it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* compat api: allow default bridge name for networksPaul Holzinger2022-07-26
| | | | | | | | | | Docker uses "bridge" as default network name so some tools expect this to work with network list or inspect. To fix this we change "bridge" to the podman default ("podman") name. Fixes #14983 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* remote push: show copy progressValentin Rothberg2022-07-26
| | | | | | | | | | | | | | | `podman-remote push` has shown absolutely no progress at all. Fix that by doing essentially the same as the remote-pull code does. The get-free-out-of-jail-card for backwards compatibility is to let the `quiet` parameter default to true. Since the --quioet flag wasn't working before either, older Podman clients do not set it. Also add regression tests to make sure we won't regress again. Fixes: #11554 Fixes: #14971 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* libpod: create /etc/passwd if missingGiuseppe Scrivano2022-07-26
| | | | | | | | | create the /etc/passwd and /etc/group files if they are missing in the image. Closes: https://github.com/containers/podman/issues/14966 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* e2e: show command and output when a timeout happensPaul Holzinger2022-07-26
| | | | | | | To make debugging easier we should see the command and its output when a failure happens. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* podman-remote pull: fix duplicate progress outputsValentin Rothberg2022-07-26
| | | | | | | By vendoring the fixes from containers/image. Also add a test (thanks @edsantiago) to make sure we won't regress in the future again. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Update init ctr default for play kubeUrvashi Mohnani2022-07-26
| | | | | | | | | Update the init container type default to once instead of always to match k8s behavior. Add a new annotation that can be used to change the init ctr type in the kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* system tests: new system-service bats fileEd Santiago2022-07-26
| | | | | | | | | | | | | Followup to #14957, which added a new test that doesn't actually belong in the 250-systemd.bats file. It was copy-pasted from another test that doesn't belong there. Move both tests to a new .bats file, because (1) they need a custom cleanup, and (2) one of the tests should very definitely run under podman-remote, and the 250 bats file has a global skip_if_remote(). Signed-off-by: Ed Santiago <santiago@redhat.com>
* buildah vendor treadmillEd Santiago2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | As you run --sync, please update this commit message with your actual changes. Changes since 2022-06-14: - apply-podman-deltas: (minor) buildah 4057 changed the name of a test; make corresponding change here - apply-podman-deltas: buildah 4071 adds a new OCI-hook test that's failing in remote. Skip it. - apply-podman-deltas: buildah 4096 changed an error message - apply-podman-deltas: buildah 4097 added a test that doesn't work with podman-remote - run-buildah-bud-tests: only run 'sudo --validate' if we need to sudo later (for running tests). Otherwise, same thing: I run the treadmill script, step away, and come back to an unnecessary sudo prompt. - system tests: the new containers-storage changes some error messages; fix tests to reflect that. (And, unrelated, fix a red cleanup warning) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Run codespellDaniel J Walsh2022-07-26
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --host and -H as equivalent options to --urlDaniel J Walsh2022-07-26
| | | | | | | | | | Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Podman pull --all-tags shorthand optionJake Correnti2022-07-26
| | | | | | | I added the shorthand option for `podman pull --all-tags`. Like Docker, Podman can now do `podman pull -a`. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* Podman stop --filter flagKarthik Elango2022-07-26
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Add podman events -f to be alias for --filterDaniel J Walsh2022-07-26
| | | | | | Needed for Docker compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Docker uses "-c" to mean "--cpu-shares" in create and runDaniel J Walsh2022-07-26
| | | | | | | Add support for -c as an alias for --cpu-shares to be compatible with Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>