From 3ae0c80806b68f712756fd660d06449e71eb41b7 Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Thu, 19 Jul 2018 14:24:22 -0400
Subject: Add --namespace flag to Podman

Allows joining libpod to a specific namespace when running a
Podman command.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
---
 cmd/podman/libpodruntime/runtime.go | 4 ++++
 cmd/podman/main.go                  | 5 +++++
 2 files changed, 9 insertions(+)

(limited to 'cmd')

diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 3216d288b..9d1347cc5 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -88,6 +88,10 @@ func GetRuntimeWithStorageOpts(c *cli.Context, storageOpts *storage.StoreOptions
 	// TODO CLI flags for image config?
 	// TODO CLI flag for signature policy?
 
+	if c.GlobalIsSet("namespace") {
+		options = append(options, libpod.WithNamespace(c.GlobalString("namespace")))
+	}
+
 	if c.GlobalIsSet("runtime") {
 		options = append(options, libpod.WithOCIRuntime(c.GlobalString("runtime")))
 	}
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 3dbf196c2..9ae45e056 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -172,6 +172,11 @@ func main() {
 			Usage: "log messages above specified level: debug, info, warn, error (default), fatal or panic",
 			Value: "error",
 		},
+		cli.StringFlag{
+			Name:  "namespace",
+			Usage: "set the libpod namespace, used create separate views of the containers and pods on the system",
+			Value: "",
+		},
 		cli.StringFlag{
 			Name:  "root",
 			Usage: "path to the root directory in which data, including images, is stored",
-- 
cgit v1.2.3-54-g00ecf


From 7a358e427738294180a14b1298dfc3a569f0e0fc Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Thu, 19 Jul 2018 17:21:27 -0400
Subject: Address first round of review comments

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
---
 cmd/podman/main.go        |  2 +-
 docs/podman.1.md          |  2 +-
 libpod/boltdb_state.go    | 66 ++++++++++++++++-------------------------------
 libpod/in_memory_state.go | 36 ++++++--------------------
 4 files changed, 32 insertions(+), 74 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 9ae45e056..dbd7c1155 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -174,7 +174,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:  "namespace",
-			Usage: "set the libpod namespace, used create separate views of the containers and pods on the system",
+			Usage: "set the libpod namespace, used to create separate views of the containers and pods on the system",
 			Value: "",
 		},
 		cli.StringFlag{
diff --git a/docs/podman.1.md b/docs/podman.1.md
index ffc2669a4..41c427ec6 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -41,7 +41,7 @@ log messages above specified level: debug, info, warn, error (default), fatal or
 
 **--namespace**
 
-set namespace libpod namespace. Namespaces are used to separate groups of containers and pods in libpod's state.
+set libpod namespace. Namespaces are used to separate groups of containers and pods in libpod's state.
 When namespace is set, created containers and pods will join the given namespace, and only containers and pods in the given namespace will be visible to Podman.
 
 **--root**=**value**
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index b2a246ca8..24785248f 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -443,10 +443,8 @@ func (s *BoltState) UpdateContainer(ctr *Container) error {
 		return ErrCtrRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != ctr.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != ctr.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace)
 	}
 
 	newState := new(containerState)
@@ -511,10 +509,8 @@ func (s *BoltState) SaveContainer(ctr *Container) error {
 		return ErrCtrRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != ctr.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != ctr.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace)
 	}
 
 	stateJSON, err := json.Marshal(ctr.state)
@@ -576,10 +572,8 @@ func (s *BoltState) ContainerInUse(ctr *Container) ([]string, error) {
 		return nil, ErrCtrRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != ctr.config.Namespace {
-			return nil, errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != ctr.config.Namespace {
+		return nil, errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace)
 	}
 
 	depCtrs := []string{}
@@ -876,10 +870,8 @@ func (s *BoltState) PodHasContainer(pod *Pod, id string) (bool, error) {
 		return false, ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return false, errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return false, errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	ctrID := []byte(id)
@@ -941,10 +933,8 @@ func (s *BoltState) PodContainersByID(pod *Pod) ([]string, error) {
 		return nil, ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return nil, errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return nil, errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	podID := []byte(pod.ID())
@@ -1005,10 +995,8 @@ func (s *BoltState) PodContainers(pod *Pod) ([]*Container, error) {
 		return nil, ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return nil, errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return nil, errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	podID := []byte(pod.ID())
@@ -1077,10 +1065,8 @@ func (s *BoltState) AddPod(pod *Pod) error {
 		return ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	podID := []byte(pod.ID())
@@ -1203,10 +1189,8 @@ func (s *BoltState) RemovePod(pod *Pod) error {
 		return ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	podID := []byte(pod.ID())
@@ -1301,10 +1285,8 @@ func (s *BoltState) RemovePodContainers(pod *Pod) error {
 		return ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	podID := []byte(pod.ID())
@@ -1492,10 +1474,8 @@ func (s *BoltState) UpdatePod(pod *Pod) error {
 		return ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	newState := new(podState)
@@ -1551,10 +1531,8 @@ func (s *BoltState) SavePod(pod *Pod) error {
 		return ErrPodRemoved
 	}
 
-	if s.namespace != "" {
-		if s.namespace != pod.config.Namespace {
-			return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
-		}
+	if s.namespace != "" && s.namespace != pod.config.Namespace {
+		return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q but we are in namespace %q", pod.ID(), pod.config.Namespace, s.namespace)
 	}
 
 	stateJSON, err := json.Marshal(pod.state)
diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index e323b069c..d421a5e8b 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -144,17 +144,11 @@ func (s *InMemoryState) HasContainer(id string) (bool, error) {
 	}
 
 	ctr, ok := s.containers[id]
-	if ok {
-		if s.namespace != "" {
-			if s.namespace != ctr.config.Namespace {
-				return false, nil
-			}
-			return true, nil
-		}
-		return true, nil
+	if !ok || (s.namespace != "" && s.namespace != ctr.config.Namespace) {
+		return false, nil
 	}
 
-	return false, nil
+	return true, nil
 }
 
 // AddContainer adds a container to the state
@@ -295,11 +289,7 @@ func (s *InMemoryState) UpdateContainer(ctr *Container) error {
 		return errors.Wrapf(ErrNoSuchCtr, "container with ID %s not found in state", ctr.ID())
 	}
 
-	if err := s.checkNSMatch(ctr.ID(), ctr.Namespace()); err != nil {
-		return err
-	}
-
-	return nil
+	return s.checkNSMatch(ctr.ID(), ctr.Namespace())
 }
 
 // SaveContainer saves a container's state
@@ -318,11 +308,7 @@ func (s *InMemoryState) SaveContainer(ctr *Container) error {
 		return errors.Wrapf(ErrNoSuchCtr, "container with ID %s not found in state", ctr.ID())
 	}
 
-	if err := s.checkNSMatch(ctr.ID(), ctr.Namespace()); err != nil {
-		return err
-	}
-
-	return nil
+	return s.checkNSMatch(ctr.ID(), ctr.Namespace())
 }
 
 // ContainerInUse checks if the given container is being used by other containers
@@ -441,17 +427,11 @@ func (s *InMemoryState) HasPod(id string) (bool, error) {
 	}
 
 	pod, ok := s.pods[id]
-	if ok {
-		if s.namespace != "" {
-			if s.namespace != pod.config.Namespace {
-				return false, nil
-			}
-			return true, nil
-		}
-		return true, nil
+	if !ok || (s.namespace != "" && s.namespace != pod.config.Namespace) {
+		return false, nil
 	}
 
-	return false, nil
+	return true, nil
 }
 
 // PodHasContainer checks if the given pod has a container with the given ID
-- 
cgit v1.2.3-54-g00ecf