From b5573018073b22b923d88efc853f8f1c35ca8119 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 26 Mar 2021 10:54:33 -0400 Subject: Remove resize race condition Since podman-remote resize requests can come in at random times, this generates a real potential for race conditions. We should only be attempting to resize TTY on running containers, but the containers can go from running to stopped at any time, and returning an error to the caller is just causing noice. This change will basically ignore requests to resize terminals if the container is not running and return the caller to success. All other callers will still return failure. Fixes: https://github.com/containers/podman/issues/9831 Signed-off-by: Daniel J Walsh Signed-off-by: Matthew Heon --- pkg/api/handlers/compat/resize.go | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/pkg/api/handlers/compat/resize.go b/pkg/api/handlers/compat/resize.go index 1bf7ad460..23ed33a22 100644 --- a/pkg/api/handlers/compat/resize.go +++ b/pkg/api/handlers/compat/resize.go @@ -19,8 +19,9 @@ func ResizeTTY(w http.ResponseWriter, r *http.Request) { // /containers/{id}/resize query := struct { - Height uint16 `schema:"h"` - Width uint16 `schema:"w"` + Height uint16 `schema:"h"` + Width uint16 `schema:"w"` + IgnoreNotRunning bool `schema:"running"` }{ // override any golang type defaults } @@ -48,14 +49,17 @@ func ResizeTTY(w http.ResponseWriter, r *http.Request) { if state, err := ctnr.State(); err != nil { utils.InternalServerError(w, errors.Wrapf(err, "cannot obtain container state")) return - } else if state != define.ContainerStateRunning { + } else if state != define.ContainerStateRunning && !query.IgnoreNotRunning { utils.Error(w, "Container not running", http.StatusConflict, fmt.Errorf("container %q in wrong state %q", name, state.String())) return } + // If container is not running, ignore since this can be a race condition, and is expected if err := ctnr.AttachResize(sz); err != nil { - utils.InternalServerError(w, errors.Wrapf(err, "cannot resize container")) - return + if errors.Cause(err) != define.ErrCtrStateInvalid || !query.IgnoreNotRunning { + utils.InternalServerError(w, errors.Wrapf(err, "cannot resize container")) + return + } } // This is not a 204, even though we write nothing, for compatibility // reasons. @@ -70,14 +74,16 @@ func ResizeTTY(w http.ResponseWriter, r *http.Request) { if state, err := ctnr.State(); err != nil { utils.InternalServerError(w, errors.Wrapf(err, "cannot obtain session container state")) return - } else if state != define.ContainerStateRunning { + } else if state != define.ContainerStateRunning && !query.IgnoreNotRunning { utils.Error(w, "Container not running", http.StatusConflict, fmt.Errorf("container %q in wrong state %q", name, state.String())) return } if err := ctnr.ExecResize(name, sz); err != nil { - utils.InternalServerError(w, errors.Wrapf(err, "cannot resize session")) - return + if errors.Cause(err) != define.ErrCtrStateInvalid || !query.IgnoreNotRunning { + utils.InternalServerError(w, errors.Wrapf(err, "cannot resize session")) + return + } } // This is not a 204, even though we write nothing, for compatibility // reasons. -- cgit v1.2.3-54-g00ecf From 62b49e176f5d10b8c7bfa6e293bb8b2a423db3ea Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 26 Mar 2021 07:02:58 -0400 Subject: [NO TESTS NEEDED] Use same function podman-remote rmi as podman Make sure fixes that go into local podman commands also work in podman-remote, by using the same function. Since this is just a rewrite of existing code, existing tests should handle it. Signed-off-by: Daniel J Walsh --- pkg/api/handlers/compat/images_remove.go | 35 +++++++++++++++++++------------- 1 file changed, 21 insertions(+), 14 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/pkg/api/handlers/compat/images_remove.go b/pkg/api/handlers/compat/images_remove.go index 874c57f16..e89558a86 100644 --- a/pkg/api/handlers/compat/images_remove.go +++ b/pkg/api/handlers/compat/images_remove.go @@ -4,7 +4,10 @@ import ( "net/http" "github.com/containers/podman/v3/libpod" + "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/api/handlers/utils" + "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/containers/podman/v3/pkg/domain/infra/abi" "github.com/gorilla/schema" "github.com/pkg/errors" ) @@ -30,28 +33,32 @@ func RemoveImage(w http.ResponseWriter, r *http.Request) { } } name := utils.GetName(r) - newImage, err := runtime.ImageRuntime().NewFromLocal(name) - if err != nil { - utils.ImageNotFound(w, name, errors.Wrapf(err, "failed to find image %s", name)) - return + imageEngine := abi.ImageEngine{Libpod: runtime} + + options := entities.ImageRemoveOptions{ + Force: query.Force, } + report, rmerrors := imageEngine.Remove(r.Context(), []string{name}, options) + if len(rmerrors) > 0 && rmerrors[0] != nil { + err := rmerrors[0] + if errors.Cause(err) == define.ErrNoSuchImage { + utils.ImageNotFound(w, name, errors.Wrapf(err, "failed to find image %s", name)) + return + } - results, err := runtime.RemoveImage(r.Context(), newImage, query.Force) - if err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, err) return } - - response := make([]map[string]string, 0, len(results.Untagged)+1) - deleted := make(map[string]string, 1) - deleted["Deleted"] = results.Deleted - response = append(response, deleted) - - for _, u := range results.Untagged { + response := make([]map[string]string, 0, len(report.Untagged)+1) + for _, d := range report.Deleted { + deleted := make(map[string]string, 1) + deleted["Deleted"] = d + response = append(response, deleted) + } + for _, u := range report.Untagged { untagged := make(map[string]string, 1) untagged["Untagged"] = u response = append(response, untagged) } - utils.WriteResponse(w, http.StatusOK, response) } -- cgit v1.2.3-54-g00ecf From 1089f83a40af084d4a3c0a03f2279ff3f58c2b4c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 26 Mar 2021 15:44:02 -0400 Subject: Fix podman build --pull-never Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh Signed-off-by: Matthew Heon --- cmd/podman/images/build.go | 17 +++++++++++- contrib/cirrus/setup_environment.sh | 3 +++ pkg/api/handlers/compat/images_build.go | 14 +++++++--- pkg/bindings/images/build.go | 7 +++-- test/e2e/build/basicalpine/Containerfile | 2 +- test/e2e/build/basicalpine/Containerfile.path | 2 +- test/e2e/build/basicalpine/Containerfile.volume | 2 +- test/e2e/build/squash/Dockerfile.squash-a | 2 +- test/e2e/build/squash/Dockerfile.squash-c | 2 +- test/e2e/build_test.go | 35 +++++++++++++------------ test/e2e/containers_conf_test.go | 2 +- test/e2e/exec_test.go | 4 +-- test/e2e/prune_test.go | 7 ++--- test/e2e/ps_test.go | 4 +-- test/e2e/rmi_test.go | 19 ++++++++------ test/e2e/run_passwd_test.go | 9 ++++--- test/e2e/run_privileged_test.go | 16 +++++------ test/e2e/run_security_labels_test.go | 7 ++--- test/e2e/run_test.go | 12 ++++----- test/e2e/run_volume_test.go | 9 +++---- test/e2e/run_working_dir_test.go | 5 ++-- test/e2e/runlabel_test.go | 20 +++++++------- test/e2e/system_df_test.go | 2 +- test/system/070-build.bats | 27 +++++++++++++++++++ 24 files changed, 143 insertions(+), 86 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index f24e9a8f6..7db927e55 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -304,6 +304,21 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil return nil, err } + pullFlagsCount := 0 + if c.Flag("pull").Changed { + pullFlagsCount++ + } + if c.Flag("pull-always").Changed { + pullFlagsCount++ + } + if c.Flag("pull-never").Changed { + pullFlagsCount++ + } + + if pullFlagsCount > 1 { + return nil, errors.Errorf("can only set one of 'pull' or 'pull-always' or 'pull-never'") + } + pullPolicy := define.PullIfMissing if c.Flags().Changed("pull") && flags.Pull { pullPolicy = define.PullAlways @@ -313,7 +328,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil } if flags.PullNever { - pullPolicy = define.PullIfMissing + pullPolicy = define.PullNever } args := make(map[string]string) diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 64ea3b7b4..429621024 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -36,6 +36,9 @@ do fi done +# Make sure cni network plugins directory exists +mkdir -p /etc/cni/net.d + # Ensure that all lower-level contexts and child-processes have # ready access to higher level orchestration (e.g Cirrus-CI) # variables. diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 7751b91a7..9aa035212 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -13,6 +13,7 @@ import ( "time" "github.com/containers/buildah" + "github.com/containers/buildah/define" "github.com/containers/buildah/imagebuildah" "github.com/containers/buildah/util" "github.com/containers/image/v5/types" @@ -98,6 +99,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { OutputFormat string `schema:"outputformat"` Platform string `schema:"platform"` Pull bool `schema:"pull"` + PullPolicy string `schema:"pullpolicy"` Quiet bool `schema:"q"` Registry string `schema:"registry"` Rm bool `schema:"rm"` @@ -273,10 +275,14 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { jobs = query.Jobs } - pullPolicy := buildah.PullIfMissing - if _, found := r.URL.Query()["pull"]; found { - if query.Pull { - pullPolicy = buildah.PullAlways + pullPolicy := define.PullIfMissing + if utils.IsLibpodRequest(r) { + pullPolicy = define.PolicyMap[query.PullPolicy] + } else { + if _, found := r.URL.Query()["pull"]; found { + if query.Pull { + pullPolicy = define.PullAlways + } } } diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 9d77883f9..17095b84b 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -15,7 +15,6 @@ import ( "strconv" "strings" - "github.com/containers/buildah" "github.com/containers/podman/v3/pkg/auth" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" @@ -175,9 +174,9 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO if len(platform) > 0 { params.Set("platform", platform) } - if options.PullPolicy == buildah.PullAlways { - params.Set("pull", "1") - } + + params.Set("pullpolicy", options.PullPolicy.String()) + if options.Quiet { params.Set("q", "1") } diff --git a/test/e2e/build/basicalpine/Containerfile b/test/e2e/build/basicalpine/Containerfile index 67fd37901..f6e07066c 100644 --- a/test/e2e/build/basicalpine/Containerfile +++ b/test/e2e/build/basicalpine/Containerfile @@ -1 +1 @@ -FROM alpine +FROM quay.io/libpod/alpine:latest diff --git a/test/e2e/build/basicalpine/Containerfile.path b/test/e2e/build/basicalpine/Containerfile.path index d2b03a6b8..a1349eb05 100644 --- a/test/e2e/build/basicalpine/Containerfile.path +++ b/test/e2e/build/basicalpine/Containerfile.path @@ -1,2 +1,2 @@ -FROM alpine +FROM quay.io/libpod/alpine:latest ENV PATH=/tmp:/bin:/usr/bin:/usr/sbin diff --git a/test/e2e/build/basicalpine/Containerfile.volume b/test/e2e/build/basicalpine/Containerfile.volume index 6a4fc8242..283d6376e 100644 --- a/test/e2e/build/basicalpine/Containerfile.volume +++ b/test/e2e/build/basicalpine/Containerfile.volume @@ -1,2 +1,2 @@ -FROM alpine +FROM quay.io/libpod/alpine:latest VOLUME "/volume0" diff --git a/test/e2e/build/squash/Dockerfile.squash-a b/test/e2e/build/squash/Dockerfile.squash-a index f084e093d..ade3eafce 100644 --- a/test/e2e/build/squash/Dockerfile.squash-a +++ b/test/e2e/build/squash/Dockerfile.squash-a @@ -1,2 +1,2 @@ -FROM busybox:latest +FROM quay.io/libpod/busybox:latest ADD alpinetest.tgz /data diff --git a/test/e2e/build/squash/Dockerfile.squash-c b/test/e2e/build/squash/Dockerfile.squash-c index df9c90388..63bf84e69 100644 --- a/test/e2e/build/squash/Dockerfile.squash-c +++ b/test/e2e/build/squash/Dockerfile.squash-c @@ -1,3 +1,3 @@ -FROM busybox:latest +FROM quay.io/libpod/busybox:latest ADD alpinetest.tgz /data RUN rm -rf /data diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index e061a2154..95ed23313 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "io/ioutil" "os" "path/filepath" @@ -150,7 +151,7 @@ var _ = Describe("Podman build", func() { } fakeFile := filepath.Join(os.TempDir(), "Containerfile") - Expect(ioutil.WriteFile(fakeFile, []byte("FROM alpine"), 0755)).To(BeNil()) + Expect(ioutil.WriteFile(fakeFile, []byte(fmt.Sprintf("FROM %s", ALPINE)), 0755)).To(BeNil()) targetFile := filepath.Join(targetPath, "Containerfile") Expect(ioutil.WriteFile(targetFile, []byte("FROM scratch"), 0755)).To(BeNil()) @@ -219,8 +220,8 @@ var _ = Describe("Podman build", func() { podmanTest.StartRemoteService() } podmanTest.AddImageToRWStore(ALPINE) - dockerfile := `FROM quay.io/libpod/alpine:latest -RUN printenv http_proxy` + dockerfile := fmt.Sprintf(`FROM %s +RUN printenv http_proxy`, ALPINE) dockerfilePath := filepath.Join(podmanTest.TempDir, "Dockerfile") err := ioutil.WriteFile(dockerfilePath, []byte(dockerfile), 0755) @@ -263,9 +264,9 @@ RUN printenv http_proxy` err = ioutil.WriteFile(dummyFile, []byte("dummy"), 0644) Expect(err).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest + containerfile := fmt.Sprintf(`FROM %s ADD . /test -RUN find /test` +RUN find /test`, ALPINE) containerfilePath := filepath.Join(targetPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -307,7 +308,7 @@ RUN find /test` err = os.Mkdir(targetSubPath, 0755) Expect(err).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest` + containerfile := fmt.Sprintf("FROM %s", ALPINE) containerfilePath := filepath.Join(targetSubPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -344,9 +345,9 @@ RUN find /test` targetPath, err := CreateTempDirInTempDir() Expect(err).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest + containerfile := fmt.Sprintf(`FROM %s ADD . /testfilter/ -RUN find /testfilter/` +RUN find /testfilter/`, ALPINE) containerfilePath := filepath.Join(targetPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -428,10 +429,10 @@ subdir**` Expect(os.Chdir(targetSubPath)).To(BeNil()) Expect(os.Symlink("dummy", "dummy-symlink")).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest + containerfile := fmt.Sprintf(`FROM %s ADD . /test RUN find /test -RUN [[ -L /test/dummy-symlink ]] && echo SYMLNKOK || echo SYMLNKERR` +RUN [[ -L /test/dummy-symlink ]] && echo SYMLNKOK || echo SYMLNKERR`, ALPINE) containerfilePath := filepath.Join(targetSubPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -475,14 +476,14 @@ RUN grep CapEff /proc/self/status` // When session := podmanTest.Podman([]string{ - "build", "--pull-never", "--cap-drop=all", "--cap-add=net_bind_service", "--add-host", "testhost:1.2.3.4", "--from", "alpine", targetPath, + "build", "--pull-never", "--cap-drop=all", "--cap-add=net_bind_service", "--add-host", "testhost:1.2.3.4", "--from", ALPINE, targetPath, }) session.WaitWithDefaultTimeout() // Then Expect(session.ExitCode()).To(Equal(0)) Expect(strings.Fields(session.OutputToString())). - To(ContainElement("alpine")) + To(ContainElement(ALPINE)) Expect(strings.Fields(session.OutputToString())). To(ContainElement("testhost")) Expect(strings.Fields(session.OutputToString())). @@ -494,7 +495,7 @@ RUN grep CapEff /proc/self/status` Expect(err).To(BeNil()) containerFile := filepath.Join(targetPath, "Containerfile") - Expect(ioutil.WriteFile(containerFile, []byte("FROM alpine"), 0755)).To(BeNil()) + Expect(ioutil.WriteFile(containerFile, []byte(fmt.Sprintf("FROM %s", ALPINE)), 0755)).To(BeNil()) defer func() { Expect(os.RemoveAll(containerFile)).To(BeNil()) @@ -502,7 +503,7 @@ RUN grep CapEff /proc/self/status` // When session := podmanTest.Podman([]string{ - "build", "--pull-never", "--isolation", "oci", "--arch", "arm64", targetPath, + "build", "--isolation", "oci", "--arch", "arm64", targetPath, }) session.WaitWithDefaultTimeout() // Then @@ -510,7 +511,7 @@ RUN grep CapEff /proc/self/status` // When session = podmanTest.Podman([]string{ - "build", "--pull-never", "--isolation", "chroot", "--arch", "arm64", targetPath, + "build", "--isolation", "chroot", "--arch", "arm64", targetPath, }) session.WaitWithDefaultTimeout() // Then @@ -534,8 +535,8 @@ RUN grep CapEff /proc/self/status` }) It("podman build --timestamp flag", func() { - containerfile := `FROM quay.io/libpod/alpine:latest -RUN echo hello` + containerfile := fmt.Sprintf(`FROM %s +RUN echo hello`, ALPINE) containerfilePath := filepath.Join(podmanTest.TempDir, "Containerfile") err := ioutil.WriteFile(containerfilePath, []byte(containerfile), 0755) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index aa2380c51..803124de1 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -91,7 +91,7 @@ var _ = Describe("Podman run", func() { if IsRemote() { podmanTest.RestartRemoteService() } - session := podmanTest.Podman([]string{"run", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", BB, "grep", "CapEff", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).ToNot(Equal(cap.OutputToString())) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 2ffb5cd2e..df86eab15 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -475,10 +475,10 @@ var _ = Describe("Podman exec", func() { }) It("podman exec preserves container groups with --user and --group-add", func() { - dockerfile := `FROM registry.fedoraproject.org/fedora-minimal + dockerfile := fmt.Sprintf(`FROM %s RUN groupadd -g 4000 first RUN groupadd -g 4001 second -RUN useradd -u 1000 auser` +RUN useradd -u 1000 auser`, fedoraMinimal) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go index 73da77417..cbe38fc76 100644 --- a/test/e2e/prune_test.go +++ b/test/e2e/prune_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -8,11 +9,11 @@ import ( . "github.com/onsi/gomega" ) -var pruneImage = ` -FROM alpine:latest +var pruneImage = fmt.Sprintf(` +FROM %s LABEL RUN podman --version RUN apk update -RUN apk add bash` +RUN apk add bash`, ALPINE) var _ = Describe("Podman prune", func() { var ( diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index ac0910a83..37b6516c1 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -351,7 +351,7 @@ var _ = Describe("Podman ps", func() { }) It("podman --format by size", func() { - session := podmanTest.Podman([]string{"create", "busybox", "ls"}) + session := podmanTest.Podman([]string{"create", BB, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -366,7 +366,7 @@ var _ = Describe("Podman ps", func() { }) It("podman --sort by size", func() { - session := podmanTest.Podman([]string{"create", "busybox", "ls"}) + session := podmanTest.Podman([]string{"create", BB, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go index d8367d636..5e6d66d53 100644 --- a/test/e2e/rmi_test.go +++ b/test/e2e/rmi_test.go @@ -184,19 +184,20 @@ var _ = Describe("Podman rmi", func() { It("podman rmi with cached images", func() { podmanTest.AddImageToRWStore(cirros) - dockerfile := `FROM quay.io/libpod/cirros:latest + dockerfile := fmt.Sprintf(`FROM %s RUN mkdir hello RUN touch test.txt ENV foo=bar - ` + `, cirros) podmanTest.BuildImage(dockerfile, "test", "true") - dockerfile = `FROM quay.io/libpod/cirros:latest + dockerfile = fmt.Sprintf(`FROM %s RUN mkdir hello RUN touch test.txt RUN mkdir blah ENV foo=bar - ` + `, cirros) + podmanTest.BuildImage(dockerfile, "test2", "true") session := podmanTest.Podman([]string{"images", "-q", "-a"}) @@ -249,14 +250,15 @@ var _ = Describe("Podman rmi", func() { }) It("podman rmi -a with parent|child images", func() { - dockerfile := `FROM quay.io/libpod/cirros:latest AS base + podmanTest.AddImageToRWStore(cirros) + dockerfile := fmt.Sprintf(`FROM %s AS base RUN touch /1 ENV LOCAL=/1 RUN find $LOCAL FROM base RUN find $LOCAL -` +`, cirros) podmanTest.BuildImage(dockerfile, "test", "true") session := podmanTest.Podman([]string{"rmi", "-a"}) session.WaitWithDefaultTimeout() @@ -284,14 +286,15 @@ RUN find $LOCAL // a race, we may not hit the condition a 100 percent of times // but ocal reproducers hit it all the time. + podmanTest.AddImageToRWStore(cirros) var wg sync.WaitGroup buildAndRemove := func(i int) { defer GinkgoRecover() defer wg.Done() imageName := fmt.Sprintf("rmtest:%d", i) - containerfile := `FROM quay.io/libpod/cirros:latest -RUN ` + fmt.Sprintf("touch %s", imageName) + containerfile := fmt.Sprintf(`FROM %s +RUN touch %s`, cirros, imageName) podmanTest.BuildImage(containerfile, imageName, "false") session := podmanTest.Podman([]string{"rmi", "-f", imageName}) diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 12b6c64df..0d5dd5f3b 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -60,9 +61,9 @@ var _ = Describe("Podman run passwd", func() { }) It("podman can run container without /etc/passwd", func() { - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN rm -f /etc/passwd /etc/shadow /etc/group -USER 1000` +USER 1000`, ALPINE) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) @@ -113,9 +114,9 @@ USER 1000` }) It("podman run numeric group from image and no group file", func() { - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN rm -f /etc/passwd /etc/shadow /etc/group -USER 1000` +USER 1000`, ALPINE) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 33b3b85c5..0bf68e20b 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -59,7 +59,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged make sure sys is mounted rw", func() { - session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "mount"}) + session := podmanTest.Podman([]string{"run", "--privileged", BB, "mount"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) ok, lines := session.GrepString("sysfs") @@ -71,7 +71,7 @@ var _ = Describe("Podman privileged container tests", func() { hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(hostCap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--privileged", BB, "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -83,7 +83,7 @@ var _ = Describe("Podman privileged container tests", func() { hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(hostCap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "all", BB, "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -95,7 +95,7 @@ var _ = Describe("Podman privileged container tests", func() { hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(hostCap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", BB, "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -103,7 +103,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman cap-drop CapEff", func() { - session := podmanTest.Podman([]string{"run", "--cap-drop", "all", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--cap-drop", "all", BB, "grep", "CapEff", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) capEff := strings.Split(session.OutputToString(), " ") @@ -120,7 +120,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman non-privileged should have very few devices", func() { - session := podmanTest.Podman([]string{"run", "-t", "busybox", "ls", "-l", "/dev"}) + session := podmanTest.Podman([]string{"run", "-t", BB, "ls", "-l", "/dev"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(len(session.OutputToStringArray())).To(Equal(17)) @@ -147,12 +147,12 @@ var _ = Describe("Podman privileged container tests", func() { Skip("Can't determine NoNewPrivs") } - session := podmanTest.Podman([]string{"run", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", BB, "grep", "NoNewPrivs", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) privs := strings.Split(session.OutputToString(), ":") - session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) + session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", BB, "grep", "NoNewPrivs", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_security_labels_test.go b/test/e2e/run_security_labels_test.go index a2e0b2aab..b714df323 100644 --- a/test/e2e/run_security_labels_test.go +++ b/test/e2e/run_security_labels_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" "strings" @@ -128,9 +129,9 @@ var _ = Describe("Podman generate kube", func() { It("podman container runlabel (podman --version)", func() { SkipIfRemote("runlabel not supported on podman-remote") - PodmanDockerfile := ` -FROM alpine:latest -LABEL io.containers.capabilities=chown,kill` + PodmanDockerfile := fmt.Sprintf(` +FROM %s +LABEL io.containers.capabilities=chown,kill`, ALPINE) image := "podman-caps:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 4e5106731..53a304aec 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -489,8 +489,8 @@ var _ = Describe("Podman run", func() { if IsRemote() { podmanTest.RestartRemoteService() } - dockerfile := `FROM busybox -USER bin` + dockerfile := fmt.Sprintf(`FROM %s +USER bin`, BB) podmanTest.BuildImage(dockerfile, "test", "false") session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", "test", "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() @@ -898,10 +898,10 @@ USER bin` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - dockerfile := `FROM busybox + dockerfile := fmt.Sprintf(`FROM %s RUN mkdir -p /myvol/data && chown -R mail.0 /myvol VOLUME ["/myvol/data"] -USER mail` +USER mail`, BB) podmanTest.BuildImage(dockerfile, "test", "false") session = podmanTest.Podman([]string{"run", "--rm", "test", "ls", "-al", "/myvol/data"}) @@ -1478,8 +1478,8 @@ USER mail` It("podman run makes workdir from image", func() { // BuildImage does not seem to work remote - dockerfile := `FROM busybox -WORKDIR /madethis` + dockerfile := fmt.Sprintf(`FROM %s +WORKDIR /madethis`, BB) podmanTest.BuildImage(dockerfile, "test", "false") session := podmanTest.Podman([]string{"run", "--rm", "test", "pwd"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 454dfdc83..a0407804f 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -308,9 +308,9 @@ var _ = Describe("Podman run with volumes", func() { It("podman named volume copyup symlink", func() { imgName := "testimg" - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN touch /testfile -RUN sh -c "cd /etc/apk && ln -s ../../testfile"` +RUN sh -c "cd /etc/apk && ln -s ../../testfile"`, ALPINE) podmanTest.BuildImage(dockerfile, imgName, "false") baselineSession := podmanTest.Podman([]string{"run", "--rm", "-t", "-i", imgName, "ls", "/etc/apk/"}) @@ -479,9 +479,8 @@ RUN sh -c "cd /etc/apk && ln -s ../../testfile"` It("Podman mount over image volume with trailing /", func() { image := "podman-volume-test:trailing" - dockerfile := ` -FROM alpine:latest -VOLUME /test/` + dockerfile := fmt.Sprintf(`FROM %s +VOLUME /test/`, ALPINE) podmanTest.BuildImage(dockerfile, image, "false") ctrName := "testCtr" diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go index 2d16cdc18..de0f55134 100644 --- a/test/e2e/run_working_dir_test.go +++ b/test/e2e/run_working_dir_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -46,9 +47,9 @@ var _ = Describe("Podman run", func() { }) It("podman run a container on an image with a workdir", func() { - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN mkdir -p /home/foobar /etc/foobar; chown bin:bin /etc/foobar -WORKDIR /etc/foobar` +WORKDIR /etc/foobar`, ALPINE) podmanTest.BuildImage(dockerfile, "test", "false") session := podmanTest.Podman([]string{"run", "test", "pwd"}) diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index 2eec15c62..54fa7e2f6 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -8,18 +9,17 @@ import ( . "github.com/onsi/gomega" ) -var PodmanDockerfile = ` -FROM alpine:latest -LABEL RUN podman --version` +var PodmanDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN podman --version`, ALPINE) -var LsDockerfile = ` -FROM alpine:latest -LABEL RUN ls -la` +var LsDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN ls -la`, ALPINE) -var GlobalDockerfile = ` -FROM alpine:latest -LABEL RUN echo \$GLOBAL_OPTS -` +var GlobalDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN echo \$GLOBAL_OPTS`, ALPINE) var _ = Describe("podman container runlabel", func() { var ( diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go index 9daf3f8f9..9aee85ca3 100644 --- a/test/e2e/system_df_test.go +++ b/test/e2e/system_df_test.go @@ -44,7 +44,7 @@ var _ = Describe("podman system df", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"create", "-v", "data:/data", "--name", "container1", "busybox"}) + session = podmanTest.Podman([]string{"create", "-v", "data:/data", "--name", "container1", BB}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 8f6cdb46b..e5b68a0d8 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -668,6 +668,33 @@ EOF run_podman image prune -f } +@test "podman build --pull-never" { + local tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + + # First, confirm that --pull-never is a NOP if image exists locally + local random_string=$(random_string 15) + + cat >$tmpdir/Containerfile <$tmpdir/Containerfile < Date: Thu, 25 Mar 2021 01:32:00 +0100 Subject: Fix filters in image http compat/libpod api endpoints Signed-off-by: Jakub Guzik --- libpod/image/prune.go | 7 +++++ pkg/api/handlers/compat/images_prune.go | 19 ++++--------- pkg/api/handlers/libpod/images.go | 18 ++++++------ pkg/api/handlers/utils/images.go | 14 ++++++---- test/apiv2/10-images.at | 49 +++++++++++++++++++++++++++++++++ 5 files changed, 80 insertions(+), 27 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/libpod/image/prune.go b/libpod/image/prune.go index d6ae5feaf..21867698a 100644 --- a/libpod/image/prune.go +++ b/libpod/image/prune.go @@ -2,6 +2,7 @@ package image import ( "context" + "strconv" "strings" "time" @@ -52,6 +53,12 @@ func generatePruneFilterFuncs(filter, filterValue string) (ImageFilter, error) { } return false }, nil + case "dangling": + danglingImages, err := strconv.ParseBool(filterValue) + if err != nil { + return nil, errors.Wrapf(err, "invalid filter dangling=%s", filterValue) + } + return ImageFilter(DanglingFilter(danglingImages)), nil } return nil, nil } diff --git a/pkg/api/handlers/compat/images_prune.go b/pkg/api/handlers/compat/images_prune.go index 63daaa780..ddf559ec6 100644 --- a/pkg/api/handlers/compat/images_prune.go +++ b/pkg/api/handlers/compat/images_prune.go @@ -8,8 +8,8 @@ import ( "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/pkg/api/handlers" "github.com/containers/podman/v3/pkg/api/handlers/utils" + "github.com/containers/podman/v3/pkg/util" "github.com/docker/docker/api/types" - "github.com/gorilla/schema" "github.com/pkg/errors" ) @@ -17,27 +17,20 @@ func PruneImages(w http.ResponseWriter, r *http.Request) { var ( filters []string ) - decoder := r.Context().Value("decoder").(*schema.Decoder) runtime := r.Context().Value("runtime").(*libpod.Runtime) - query := struct { - All bool - Filters map[string][]string `schema:"filters"` - }{ - // This is where you can override the golang default value for one of fields - } - - if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + filterMap, err := util.PrepareFilters(r) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) return } - for k, v := range query.Filters { + for k, v := range *filterMap { for _, val := range v { filters = append(filters, fmt.Sprintf("%s=%s", k, val)) } } - imagePruneReports, err := runtime.ImageRuntime().PruneImages(r.Context(), query.All, filters) + imagePruneReports, err := runtime.ImageRuntime().PruneImages(r.Context(), false, filters) if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 1f306a533..158babcdc 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -22,6 +22,7 @@ import ( "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/domain/infra/abi" "github.com/containers/podman/v3/pkg/errorhandling" + "github.com/containers/podman/v3/pkg/util" utils2 "github.com/containers/podman/v3/utils" "github.com/gorilla/schema" "github.com/pkg/errors" @@ -125,31 +126,32 @@ func PruneImages(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value("runtime").(*libpod.Runtime) decoder := r.Context().Value("decoder").(*schema.Decoder) query := struct { - All bool `schema:"all"` - Filters map[string][]string `schema:"filters"` + All bool `schema:"all"` }{ // override any golang type defaults } - if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, + filterMap, err := util.PrepareFilters(r) + + if dErr := decoder.Decode(&query, r.URL.Query()); dErr != nil || err != nil { + utils.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) return } var libpodFilters = []string{} if _, found := r.URL.Query()["filters"]; found { - dangling := query.Filters["all"] + dangling := (*filterMap)["all"] if len(dangling) > 0 { - query.All, err = strconv.ParseBool(query.Filters["all"][0]) + query.All, err = strconv.ParseBool((*filterMap)["all"][0]) if err != nil { utils.InternalServerError(w, err) return } } // dangling is special and not implemented in the libpod side of things - delete(query.Filters, "dangling") - for k, v := range query.Filters { + delete(*filterMap, "dangling") + for k, v := range *filterMap { libpodFilters = append(libpodFilters, fmt.Sprintf("%s=%s", k, v[0])) } } diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go index 743629db8..da3c9e985 100644 --- a/pkg/api/handlers/utils/images.go +++ b/pkg/api/handlers/utils/images.go @@ -11,6 +11,7 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/image" + "github.com/containers/podman/v3/pkg/util" "github.com/gorilla/schema" "github.com/pkg/errors" ) @@ -58,13 +59,17 @@ func GetImages(w http.ResponseWriter, r *http.Request) ([]*image.Image, error) { runtime := r.Context().Value("runtime").(*libpod.Runtime) query := struct { All bool - Filters map[string][]string `schema:"filters"` Digests bool Filter string // Docker 1.24 compatibility }{ // This is where you can override the golang default value for one of fields } + filterMap, err := util.PrepareFilters(r) + if err != nil { + return nil, err + } + if err := decoder.Decode(&query, r.URL.Query()); err != nil { return nil, err } @@ -72,12 +77,9 @@ func GetImages(w http.ResponseWriter, r *http.Request) ([]*image.Image, error) { if _, found := r.URL.Query()["digests"]; found && query.Digests { UnSupportedParameter("digests") } - var ( - images []*image.Image - err error - ) + var images []*image.Image - queryFilters := query.Filters + queryFilters := *filterMap if !IsLibpodRequest(r) && len(query.Filter) > 0 { // Docker 1.24 compatibility if queryFilters == nil { queryFilters = make(map[string][]string) diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at index 4ebaeff45..f854d38ab 100644 --- a/test/apiv2/10-images.at +++ b/test/apiv2/10-images.at @@ -77,6 +77,55 @@ for i in $iid ${iid:0:12} $PODMAN_TEST_IMAGE_NAME; do t GET "libpod/images/$i/get?compress=false" 200 '[POSIX tar archive]' done +#compat api list images sanity checks +t GET images/json?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t GET images/json?filters='{"label":["testl' 500 \ + .cause="unexpected end of JSON input" + +#libpod api list images sanity checks +t GET libpod/images/json?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t GET libpod/images/json?filters='{"label":["testl' 500 \ + .cause="unexpected end of JSON input" + +# Prune images - bad filter input +t POST images/prune?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t POST libpod/images/prune?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" + +## Prune images with illformed label +t POST images/prune?filters='{"label":["tes' 500 \ + .cause="unexpected end of JSON input" +t POST libpod/images/prune?filters='{"label":["tes' 500 \ + .cause="unexpected end of JSON input" + + +#create, list and remove dangling image +podman image build -t test:test -<file1 +EOF + +podman image build -t test:test --label xyz -<file2 +EOF + +t GET images/json?filters='{"dangling":["true"]}' 200 length=1 +t POST images/prune?filters='{"dangling":["true"]}' 200 +t GET images/json?filters='{"dangling":["true"]}' 200 length=0 + +#label filter check in libpod and compat +t GET images/json?filters='{"label":["xyz"]}' 200 length=1 +t GET libpod/images/json?filters='{"label":["xyz"]}' 200 length=1 + +t DELETE libpod/images/test:test 200 + +t GET images/json?filters='{"label":["xyz"]}' 200 length=0 +t GET libpod/images/json?filters='{"label":["xyz"]}' 200 length=0 + # Export more than one image # FIXME FIXME FIXME, this doesn't work: # not ok 64 [10-images] GET images/get?names=alpine,busybox : status -- cgit v1.2.3-54-g00ecf From 31351ad94bf961a1e2341abbdf66145073445526 Mon Sep 17 00:00:00 2001 From: Matej Vasek Date: Tue, 23 Mar 2021 16:36:23 +0100 Subject: fix: build endpoint for compat API Signed-off-by: Matej Vasek --- pkg/api/handlers/compat/images_build.go | 48 +++++++++++++++++++++++++++++--- test/python/docker/compat/test_images.py | 2 +- 2 files changed, 45 insertions(+), 5 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 9aa035212..fb759b7aa 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -70,7 +70,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { BuildArgs string `schema:"buildargs"` CacheFrom string `schema:"cachefrom"` Compression uint64 `schema:"compression"` - ConfigureNetwork int64 `schema:"networkmode"` + ConfigureNetwork string `schema:"networkmode"` CpuPeriod uint64 `schema:"cpuperiod"` // nolint CpuQuota int64 `schema:"cpuquota"` // nolint CpuSetCpus string `schema:"cpusetcpus"` // nolint @@ -85,7 +85,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { ForceRm bool `schema:"forcerm"` From string `schema:"from"` HTTPProxy bool `schema:"httpproxy"` - Isolation int64 `schema:"isolation"` + Isolation string `schema:"isolation"` Ignore bool `schema:"ignore"` Jobs int `schema:"jobs"` // nolint Labels string `schema:"labels"` @@ -207,9 +207,15 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { isolation := buildah.IsolationDefault */ if utils.IsLibpodRequest(r) { - // isolation = buildah.Isolation(query.Isolation) + // isolation = parseLibPodIsolation(query.Isolation) registry = "" format = query.OutputFormat + } else { + if _, found := r.URL.Query()["isolation"]; found { + if query.Isolation != "" && query.Isolation != "default" { + logrus.Debugf("invalid `isolation` parameter: %q", query.Isolation) + } + } } var additionalTags []string if len(query.Tag) > 1 { @@ -335,7 +341,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { CNIConfigDir: rtc.Network.CNIPluginDirs[0], CNIPluginPath: util.DefaultCNIPluginPath, Compression: compression, - ConfigureNetwork: buildah.NetworkConfigurationPolicy(query.ConfigureNetwork), + ConfigureNetwork: parseNetworkConfigurationPolicy(query.ConfigureNetwork), ContextDirectory: contextDirectory, Devices: devices, DropCapabilities: dropCaps, @@ -465,6 +471,40 @@ loop: } } +func parseNetworkConfigurationPolicy(network string) buildah.NetworkConfigurationPolicy { + if val, err := strconv.Atoi(network); err == nil { + return buildah.NetworkConfigurationPolicy(val) + } + switch network { + case "NetworkDefault": + return buildah.NetworkDefault + case "NetworkDisabled": + return buildah.NetworkDisabled + case "NetworkEnabled": + return buildah.NetworkEnabled + default: + return buildah.NetworkDefault + } +} + +func parseLibPodIsolation(isolation string) buildah.Isolation { + if val, err := strconv.Atoi(isolation); err == nil { + return buildah.Isolation(val) + } + switch isolation { + case "IsolationDefault", "default": + return buildah.IsolationDefault + case "IsolationOCI": + return buildah.IsolationOCI + case "IsolationChroot": + return buildah.IsolationChroot + case "IsolationOCIRootless": + return buildah.IsolationOCIRootless + default: + return buildah.IsolationDefault + } +} + func extractTarFile(r *http.Request) (string, error) { // build a home for the request body anchorDir, err := ioutil.TempDir("", "libpod_builder") diff --git a/test/python/docker/compat/test_images.py b/test/python/docker/compat/test_images.py index 571b31881..1e2b531b7 100644 --- a/test/python/docker/compat/test_images.py +++ b/test/python/docker/compat/test_images.py @@ -158,7 +158,7 @@ class TestImages(unittest.TestCase): def test_build_image(self): labels = {"apple": "red", "grape": "green"} _ = self.client.images.build( - path="test/python/docker/build_labels", labels=labels, tag="labels" + path="test/python/docker/build_labels", labels=labels, tag="labels", isolation="default" ) image = self.client.images.get("labels") self.assertEqual(image.labels["apple"], labels["apple"]) -- cgit v1.2.3-54-g00ecf From d1589f280474dd90236a59f8b32bb2a4a04fd683 Mon Sep 17 00:00:00 2001 From: Matej Vasek Date: Tue, 23 Mar 2021 18:04:18 +0100 Subject: fixup Signed-off-by: Matej Vasek --- pkg/api/handlers/compat/images_build.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg/api/handlers/compat') diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index fb759b7aa..20331600d 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -487,7 +487,7 @@ func parseNetworkConfigurationPolicy(network string) buildah.NetworkConfiguratio } } -func parseLibPodIsolation(isolation string) buildah.Isolation { +func parseLibPodIsolation(isolation string) buildah.Isolation { // nolint if val, err := strconv.Atoi(isolation); err == nil { return buildah.Isolation(val) } -- cgit v1.2.3-54-g00ecf From 96ffce2198785c9d5717e3104f0afd8a0c38b6af Mon Sep 17 00:00:00 2001 From: Jakub Guzik Date: Sat, 20 Mar 2021 22:56:01 +0100 Subject: Fix containers list/prune http api filter behaviour The problem described in #9711 and followed by #9758 affects containers as well. When user provides wrong filter input, error message should occur, not fallback to full list/prune command. This change fixes the issue. Additionally, there are error message fixes for docker http api compat. Signed-off-by: Jakub Guzik --- pkg/api/handlers/compat/containers.go | 22 ++++++++++++---------- pkg/api/handlers/compat/containers_prune.go | 17 +++++++---------- pkg/api/handlers/libpod/containers.go | 24 +++++++++++++----------- test/apiv2/20-containers.at | 26 ++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 31 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/pkg/api/handlers/compat/containers.go b/pkg/api/handlers/compat/containers.go index d3277b815..e7146a5d8 100644 --- a/pkg/api/handlers/compat/containers.go +++ b/pkg/api/handlers/compat/containers.go @@ -19,6 +19,7 @@ import ( "github.com/containers/podman/v3/pkg/domain/infra/abi" "github.com/containers/podman/v3/pkg/ps" "github.com/containers/podman/v3/pkg/signal" + "github.com/containers/podman/v3/pkg/util" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/docker/go-connections/nat" @@ -92,23 +93,24 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value("runtime").(*libpod.Runtime) decoder := r.Context().Value("decoder").(*schema.Decoder) query := struct { - All bool `schema:"all"` - Limit int `schema:"limit"` - Size bool `schema:"size"` - Filters map[string][]string `schema:"filters"` + All bool `schema:"all"` + Limit int `schema:"limit"` + Size bool `schema:"size"` }{ // override any golang type defaults } - if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + filterMap, err := util.PrepareFilters(r) + + if dErr := decoder.Decode(&query, r.URL.Query()); dErr != nil || err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) return } - filterFuncs := make([]libpod.ContainerFilter, 0, len(query.Filters)) + filterFuncs := make([]libpod.ContainerFilter, 0, len(*filterMap)) all := query.All || query.Limit > 0 - if len(query.Filters) > 0 { - for k, v := range query.Filters { + if len((*filterMap)) > 0 { + for k, v := range *filterMap { generatedFunc, err := filters.GenerateContainerFilterFuncs(k, v, runtime) if err != nil { utils.InternalServerError(w, err) @@ -120,7 +122,7 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { // Docker thinks that if status is given as an input, then we should override // the all setting and always deal with all containers. - if len(query.Filters["status"]) > 0 { + if len((*filterMap)["status"]) > 0 { all = true } if !all { diff --git a/pkg/api/handlers/compat/containers_prune.go b/pkg/api/handlers/compat/containers_prune.go index dc4d53af6..e37929d27 100644 --- a/pkg/api/handlers/compat/containers_prune.go +++ b/pkg/api/handlers/compat/containers_prune.go @@ -9,23 +9,20 @@ import ( "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities/reports" "github.com/containers/podman/v3/pkg/domain/filters" - "github.com/gorilla/schema" + "github.com/containers/podman/v3/pkg/util" "github.com/pkg/errors" ) func PruneContainers(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value("runtime").(*libpod.Runtime) - decoder := r.Context().Value("decoder").(*schema.Decoder) - - query := struct { - Filters map[string][]string `schema:"filters"` - }{} - if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + filtersMap, err := util.PrepareFilters(r) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) return } - filterFuncs := make([]libpod.ContainerFilter, 0, len(query.Filters)) - for k, v := range query.Filters { + + filterFuncs := make([]libpod.ContainerFilter, 0, len(*filtersMap)) + for k, v := range *filtersMap { generatedFunc, err := filters.GenerateContainerFilterFuncs(k, v, runtime) if err != nil { utils.InternalServerError(w, err) diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go index 01b9ec101..77269db8b 100644 --- a/pkg/api/handlers/libpod/containers.go +++ b/pkg/api/handlers/libpod/containers.go @@ -11,6 +11,7 @@ import ( "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/domain/infra/abi" + "github.com/containers/podman/v3/pkg/util" "github.com/gorilla/schema" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -59,20 +60,21 @@ func ContainerExists(w http.ResponseWriter, r *http.Request) { func ListContainers(w http.ResponseWriter, r *http.Request) { decoder := r.Context().Value("decoder").(*schema.Decoder) query := struct { - All bool `schema:"all"` - External bool `schema:"external"` - Filters map[string][]string `schema:"filters"` - Last int `schema:"last"` // alias for limit - Limit int `schema:"limit"` - Namespace bool `schema:"namespace"` - Size bool `schema:"size"` - Sync bool `schema:"sync"` + All bool `schema:"all"` + External bool `schema:"external"` + Last int `schema:"last"` // alias for limit + Limit int `schema:"limit"` + Namespace bool `schema:"namespace"` + Size bool `schema:"size"` + Sync bool `schema:"sync"` }{ // override any golang type defaults } - if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, + filterMap, err := util.PrepareFilters(r) + + if dErr := decoder.Decode(&query, r.URL.Query()); dErr != nil || err != nil { + utils.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) return } @@ -94,7 +96,7 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { opts := entities.ContainerListOptions{ All: query.All, External: query.External, - Filters: query.Filters, + Filters: *filterMap, Last: limit, Namespace: query.Namespace, // Always return Pod, should not be part of the API. diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 478717700..9030f0095 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -280,6 +280,32 @@ t GET containers/json 200 \ podman stop bar +#compat api list containers sanity checks +t GET containers/json?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t GET containers/json?filters='{"label":["testl' 500 \ + .cause="unexpected end of JSON input" + +#libpod api list containers sanity checks +t GET libpod/containers/json?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t GET libpod/containers/json?filters='{"label":["testl' 500 \ + .cause="unexpected end of JSON input" + +# Prune containers - bad filter input +t POST containers/prune?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t POST libpod/containers/prune?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" + +## Prune containers with illformed label +t POST containers/prune?filters='{"label":["tes' 500 \ + .cause="unexpected end of JSON input" +t POST libpod/containers/prune?filters='{"label":["tes' 500 \ + .cause="unexpected end of JSON input" + +t GET libpod/containers/json?filters='{"label":["testlabel"]}' 200 length=0 + # Test CPU limit (NanoCPUs) t POST containers/create Image=$IMAGE HostConfig='{"NanoCpus":500000}' 201 \ .Id~[0-9a-f]\\{64\\} -- cgit v1.2.3-54-g00ecf From 670e1ac67c3e0afbd583dd7fda5fa94f373c1a86 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 26 Mar 2021 15:47:48 -0400 Subject: [NO TESTS NEEDED] Turn on podman-remote build --isolation Currently podman only works with --isolation chroot. This PR fixes this by allowing the isolation mode to default to OCI and to also allow users to pass the isolation mode into the containers. The current tests for --isolation should cause this code to be tested. Signed-off-by: Daniel J Walsh --- cmd/podman/images/build.go | 17 ++++++++--------- pkg/api/handlers/compat/images_build.go | 8 ++------ 2 files changed, 10 insertions(+), 15 deletions(-) (limited to 'pkg/api/handlers/compat') diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index 7db927e55..da6d556b1 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -8,7 +8,6 @@ import ( "strings" "time" - "github.com/containers/buildah" "github.com/containers/buildah/define" buildahCLI "github.com/containers/buildah/pkg/cli" "github.com/containers/buildah/pkg/parse" @@ -159,11 +158,11 @@ func buildFlags(cmd *cobra.Command) { flags.SetNormalizeFunc(buildahCLI.AliasFlags) if registry.IsRemote() { flag = flags.Lookup("isolation") - buildOpts.Isolation = buildah.OCI - if err := flag.Value.Set(buildah.OCI); err != nil { - logrus.Errorf("unable to set --isolation to %v: %v", buildah.OCI, err) + buildOpts.Isolation = define.OCI + if err := flag.Value.Set(define.OCI); err != nil { + logrus.Errorf("unable to set --isolation to %v: %v", define.OCI, err) } - flag.DefValue = buildah.OCI + flag.DefValue = define.OCI _ = flags.MarkHidden("disable-content-trust") _ = flags.MarkHidden("cache-from") _ = flags.MarkHidden("sign-by") @@ -427,10 +426,10 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil format := "" flags.Format = strings.ToLower(flags.Format) switch { - case strings.HasPrefix(flags.Format, buildah.OCI): - format = buildah.OCIv1ImageManifest - case strings.HasPrefix(flags.Format, buildah.DOCKER): - format = buildah.Dockerv2ImageManifest + case strings.HasPrefix(flags.Format, define.OCI): + format = define.OCIv1ImageManifest + case strings.HasPrefix(flags.Format, define.DOCKER): + format = define.Dockerv2ImageManifest default: return nil, errors.Errorf("unrecognized image type %q", flags.Format) } diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 20331600d..36785a362 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -201,13 +201,9 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { } format := buildah.Dockerv2ImageManifest registry := query.Registry - isolation := buildah.IsolationChroot - /* - // FIXME, This is very broken. Buildah will only work with chroot - isolation := buildah.IsolationDefault - */ + isolation := buildah.IsolationDefault if utils.IsLibpodRequest(r) { - // isolation = parseLibPodIsolation(query.Isolation) + isolation = parseLibPodIsolation(query.Isolation) registry = "" format = query.OutputFormat } else { -- cgit v1.2.3-54-g00ecf