* To aid in debugging log API request and response bodies at trace
level. Events can be correlated using the X-Reference-Id.
* Server now echos X-Reference-Id from client if set, otherwise
generates an unique id.
* Move logic for X-Reference-Id into middleware
* Change uses of Header.Add() to Set() when setting Content-Type
* Log API operations in Apache format using gorilla middleware
* Port server code to use BaseContext and ConnContext
Fixes#10053
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Filtering is missing in both compat API and libpod API, while docker
has filtering functinality. This commit enables filtering option using
name and id in both libpod and http API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Endpoint /build logs an info entry when a client uses the wrong
Content-Type for build payload. Given Content-Type is ignored and
assumed to be "application/x-tar".
Endpoint /libpod/build will fail unless "application/x-tar" or
"application/tar" is given for Content-Type. "application/tar" will
be logged as an info entry.
Fixes#11012
Signed-off-by: Jhon Honce <jhonce@redhat.com>
This commit adds additional until filter to podman pod ps (ls/list).
Additionally, it also adds descriptions for podman pod ps filters available
via http api.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Fixes:
- Do not show healthcheck status if not available or if container
status is "created" (Docker behaviour)
- Show healthcheck configuration if present (Config.Healthcheck)
Tests:
- Ensure State.Health is not present if container status is "created"
- Ensure Config.Healthcheck is present and values correct
- Ensure State.Health is present if container started
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
Compat healthcheck tests are of the format []string but podman's were of
the format string. Converted podman's to []string at the specgen level since it has the same effect
and removed the incorrect parsing of compat healthchecks.
fixes#10617
Signed-off-by: cdoern <cdoern@redhat.com>
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Handle the platform parameter correctly. The parameter was only parsed
in presence of credentials and the code was a bit complex. Also add a
regression test.
Fixes: #10977
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
There are a handful of tests that aren't actually being run because
there are missing \ which is prevented the tests from being executed.
Additionally some of the test syntax was incorrect but not showing up
because these tests didn't run.
Signed-off-by: Alex Schultz <aschultz@redhat.com>
Added parsing and handling for the healthCheck status within containers.go. Also modified tests
fixes#10457
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
As stated in #10579 docker silently implements until filter for volume prune.
This commit adds initial support to the HTTP API, both libpod and compat.
It enables further work on that issue, such as adding cli support in the future.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Refactor podman commands that have drifted from using
c/common report pkg. Report pkg is needed to implement
go template functions.
Removed obsolete code from podman which exists in c/common.
Latest template library added default newlines and method to
remove them. Incorporated needed changes in c/common PR below.
Depends on https://github.com/containers/common/pull/624
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1855983
Signed-off-by: Jhon Honce <jhonce@redhat.com>
added handling in entities and compat to support passing a specified OS/Arch while importing from SRC.
fixes#10566
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
a9cb824981 changed the expectations of the
dockerfile parameter to be json data however it's a string. In order to
support both, let's attempt json and fall back to a string if the json
parsing fails.
Closes#10660
Signed-off-by: Alex Schultz <aschultz@redhat.com>
The rework of namespace handling for rootless CNI broke this, as
CNI networks were being computed incorrectly. Fix handling of
CNI networks for the Compat Create REST API for containers, and
add a test so we don't regress again.
Fixes#10569
Signed-off-by: Matthew Heon <mheon@redhat.com>
There is race condition in the remote client attach logic. Because the
resize api call was handled in an extra goroutine the container was
started before the resize call happend. To fix this we have to call
resize in the same goroutine as attach. When the first resize is done
start a goroutine to listen on SIGWINCH in the background and resize
again if the signal is received.
Fixes#9859
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Remove all Types no longer referenced, they were never used
A future API breaking version of Podman API, may restore these Types
and push formatting into presentation layer vs. server.
Fixes#9578
Signed-off-by: Jhon Honce <jhonce@redhat.com>
The `Error` part of response must be nil (or omitted) if no error occurred.
Before this commit a zero value for the struct was returned.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Tests broken up into areas of concern
* Introduced fixtures to reduce duplicated code
* Introduced new assert methods with APITestCase
* General cleanup of code while visiting
* Tests now targeting quay.io
Known issues:
* is-official against quay.io not working
Fixes: #9238
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Using event API to detect changes to container instead of polling.
Polling was unreliable, sometime change of a state might have been
missed.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The compat endpoint for container inspect must return {} instead of null
for NetworkSettings.Networks.
Fixes#9837
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This commits fixes until filter. It is now checking if the created
timestamp is before until filter value as expected in the docs.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Swagger documentation reported that the API endpoint /pods/create
returned 200 while the as-built code returned 201. 201 is more
correct so documentation updated.
Tests already checked for 201 so no updated needed.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add validation for manifest name
* Always return an array for manifests even if empty
* Add missing return in df handler when returning error. Caused an
additional null to be written to client crashing python decoder.
When c/image is refactored to include manifests, manifest endpoints should
be revisited.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
libpod df handler missing a return after writing error to client. This
caused a null to be appended to JSON and crashed python decoder.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Volumes endpoints for HTTP compat and libpod APIs allowed
usage of list HTTP endpoint filter funcs. Documentation in
case of compat API does not allow that. This commit aligns
code with the documentation and also ligns libpod with compat API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Versions of the ps command have additional spaces between fields, this
manifests as the container asking to run "top" and API reporting "top "
as a process.
Endpoint and tests updated to check that "top" is reported.
There is no libpod specialized endpoint to update.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP
endpoint filter funcs. Documentation in case of libpod and compat API does not allow that.
This commit aligns code with the documentation.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
It is tedious and error-prone to update the 'APIVersion=<exact>'
test every time there's a minor bump. Change the test so it
confirms only the major version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The problem described in #9711 and followed by #9758 affects
containers as well. When user provides wrong filter input, error
message should occur, not fallback to full list/prune command.
This change fixes the issue. Additionally, there are error message
fixes for docker http api compat.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
This is the continuation work started in #9711. It turns out
that list/prune commands for volumes in libpod/compat api have
very dangerous error handling when broken filter input is supplied.
Problem also affects network list/prune in libpod. This commit
unifies filter handling across libpod/compat api and adds sanity
apiv2 testcases.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
- cp test: clean up stray image
- build test: add workaround for #9567 (ultra-slow ubuntu).
We're seeing CI flakes (timeouts) due to ubuntu 2004 being
absurdly slow. Workaround: double our timeout on one specific
test when ubuntu + remote.
- build test: clean up new copy-from test (from #9275).
The test was copy-pasted from buildah system tests, without
really adapting for podman environment (e.g. it was using
images that we don't use here, and would cause pulls, which
will cause flakes). Rewrite test so it references only $IMAGE,
remove some confusing/unnecessary stuff, selectively run
parts of it even when rootless or remote, and add a
test to confirm that copy-from succeeded.
- load test: add error-message test to new load-invalid (#9672).
Basically, make sure the command fails for the right reason.
- play test (kube): use $IMAGE, not alpine; and add pause-image
cleanup to teardown()
- apiv2 mounts test: add a maintainability comment in a tricky
section of code; and tighten up the mount point test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When I originally wrote this code I had no idea what POST
would look like so I did a sloppy job, deferring making it
usable. Now that we have some real-world examples in place,
I have a better understanding of what params look like and
how to make tests more readable/maintainable. (Deferring isn't
always bad: one of my early ideas was to separate params using
commas; that would've been a disaster because some JSON values,
such as arrays, include commas).
This commit implements a better way of dealing with POST:
* The main concept is still 'key=value'
* When value is a JSON object (dictionary, array), it
can be quoted.
* Multiple params are simply separated by spaces.
The 3-digit HTTP code is a prominent, readable separator
between POST params and expected results. The parsing
code is a little uglier, but test developers need
never see that. The important thing is that writing
tests is now easier.
* POST params can be empty (this removes the need for a
useless '')
I snuck in one unrelated change: one of the newly-added
tests, .NetworkSettings, was failing when run rootless
(which is how I test on my setup). I made it conditional.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Currently we were overwrapping error returned from removal
of a non existing container.
$ podman rm bogus -f
Error: failed to evict container: "": failed to find container "bogus" in state: no container with name or ID bogus found: no such container
Removal of wraps gets us to.
./bin/podman rm bogus -f
Error: no container with name or ID "bogus" found: no such container
Finally also added quotes around container name to help make it standout
when you get an error, currently it gets lost in the error.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
...and a rudimentary set of /auth tests for PR#9589 (disabled).
This simply adds a new start_registry() helper function that
allocates a random unused port, pulls a registry image, creates
a local certificate + random username + random password, and
fires everything up. Since none of this is (yet) used in CI,
this is very low risk.
The only infinitessimally-risky change is using a dedicated
subdirectory of $WORKDIR (instead of $WORKDIR itself) as
the podman root. This fixes a dumb oversight on my part:
the workdir has grown to be used for much more than just
podman root; this change removes clutter and makes it
easier for humans to debug in cases of problems.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The NanoCpus field in HostConfig was not wired up. It conflicts
with CPU period and quota (it hard-codes period to a specific
value and then sets the user-specified value as Quota).
Fixes#9523
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Server, bindings, and CLI all now pull version information from version
package.
* Current /libpod API version slaved to podman/libpod Version
* Bindings validate against libpod API Minimal version
* Remove pkg/bindings/bindings.go and updated tests
Fixes: #9207
Signed-off-by: Jhon Honce <jhonce@redhat.com>
It took a lot to figure out exactly how this should work, but I
think I finally have it. My initial versions of this created the
directory with the same owner as the user the container was run
with, which was rather complicated - but after review against
Docker, I have determined that is incorrect, and it's always made
as root:root 0755 (Ubuntu's Docker, which I was using to try and
test, is a snap - and as such it was sandboxed, and not actually
placing directories it made in a place I could find?). This makes
things much easier, since I just need to parse out source
directories for binds and ensure they exist.
Fixes#9510
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The compatibility endpoint for listing containers should have the
summarized network configuration with it.
Fixes: #9529
Signed-off-by: baude <bbaude@redhat.com>
Docker api expects secrets endpoint to have a version field. So, the
version field is added into the compat endpoint only. The version field
is always 1, since Docker uses the version to keep track of updates to
the secret, and currently we cannot update a secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
* Introduce sub-package compat to meet packaging and import requirements
* Update documenation for running tests
* Add requirements.txt to improve IDE support
Signed-off-by: Jhon Honce <jhonce@redhat.com>
While I wasn't looking, some completely unreadable cruft
crept in here, and it's totally my fault: I never knew
you could pass JSON to a GET query. Everyone who DID
know that, did so, but had to URL-escape it into a
completely gobbledygook mess to make curl happy.
Solution: trivial, do the URL-escaping in 't' itself. I
just never realized that was needed.
I'm so sorry. I hope this helps.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Docker allows both the old `map[string]map[string]bool`
and the newer `map[string][]string` for the filter param
so we should too.
Fixes#9526
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Create is not formatted as `key=value` but rather `key:value`
(technically `path:option1,option2`). As such we can't use the
stringMapToArray function, and instead need to generate it
manually.
Fixes#9511
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The `images/create` endpoint should always attempt to pull a newer
image. Previously, the local images was used which is not compatible
with Docker and caused issues in the Gitlab CI.
Fixes: #9232
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Correcting the structure of the compat network prune response. They
should follow {"NetworksDeleted": [<network_name>",...]}
Fixes: #9310
Signed-off-by: baude <bbaude@redhat.com>
When docker-java calls images/create?fromImage=x, it expects two things
for a successful response: that both "error" and "errorDetail" are not
set, and that the "progress" message contains one of five hard-coded
strings ("Download complete" being one of them).
Signed-off-by: Igor Korolev <missterr@gmail.com>
The networks list compat api endpoint must return `[]`
and not `null` if no networks are found.
Fixes#9293
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
It's been a while since I last looked at these; some cruft
has crept in, generating noise and hence unreadable test
results. Clean it up:
* remove pushd/popd in one subtest, replace with 'tar -C'.
(Also remove confusing quotation marks). This removes
spurious directory names from output.
* in like(), show only first line of actual output.
Some commands ('tree', 'generate kube') produce
voluminous multi-line output, which is super useless
and distracting when reading a test run.
* Recognize that some queries will not generate output,
e.g. HEAD requests and some POSTs. Deal with that.
This fixes "curl.result.out: no such file" and "parse
error" warnings.
* In cleanup, 'podman rm -a' and 'rmi -af'; this gets
rid of errors when deleting $WORKDIR. (EBUSY error
when root, EPERM when rootless).
And, the original reason for poking in here: refactor the
wait-for-port part of start_server() into its own helper
function, so we can use it when starting a local registry
in 12-imagesMore. (Ref: #9270)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Docker doesn't have the destination parameter as libpod does,
the "image name" path parameter is supposed to be the destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
add the ability to prune unused cni networks. filters are not implemented
but included both compat and podman api endpoints.
Fixes :#8673
Signed-off-by: baude <bbaude@redhat.com>
- When one or more containers in the Pod reports an error on an operation
report StatusConflict and report the error(s)
- jsoniter type encoding used to marshal error as string using error.Error()
- Update test framework to allow setting any flag when creating pods
- Fix test_resize() result check
Fixes#8865
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Eclipse and Intellij Docker plugin determines the state of the
container via the Status field, returned from /containers/json call.
Podman always returns empty string, and because of that, both IDEs
show the wrong state of the container.
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
Docker has, for unclear reasons, three separate fields in their
Create Container struct in which volumes can be placed. Right now
we support two of those - Binds and Mounts, which (roughly)
correspond to `-v` and `--mount` respectively. Unfortunately, we
did not support the third, `Volumes`, which is used for anonymous
named volumes created by `-v` (e.g. `-v /test`). It seems that
volumes listed here are *not* included in the remaining two from
my investigation, so it should be safe to just append them into
our handling of the `Binds` (`-v`) field.
Fixes#8649
Signed-off-by: Matthew Heon <mheon@redhat.com>
docker-client is a library written in Java and used in Eclipse to
speak with Docker API. When endpoint /images/search is called,
HTTP header attribute X-Registry-Auth has value "null". This is for
sure wrong but Docker tolerates this value, and call works. With this
patch call works also with Podman. #7857
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
This implements support for mounting and unmounting volumes
backed by volume plugins. Support for actually retrieving
plugins requires a pull request to land in containers.conf and
then that to be vendored, and as such is not yet ready. Given
this, this code is only compile tested. However, the code for
everything past retrieving the plugin has been written - there is
support for creating, removing, mounting, and unmounting volumes,
which should allow full functionality once the c/common PR is
merged.
A major change is the signature of the MountPoint function for
volumes, which now, by necessity, returns an error. Named volumes
managed by a plugin do not have a mountpoint we control; instead,
it is managed entirely by the plugin. As such, we need to cache
the path in the DB, and calls to retrieve it now need to access
the DB (and may fail as such).
Notably absent is support for SELinux relabelling and chowning
these volumes. Given that we don't manage the mountpoint for
these volumes, I am extremely reluctant to try and modify it - we
could easily break the plugin trying to chown or relabel it.
Also, we had no less than *5* separate implementations of
inspecting a volume floating around in pkg/infra/abi and
pkg/api/handlers/libpod. And none of them used volume.Inspect(),
the only correct way of inspecting volumes. Remove them all and
consolidate to using the correct way. Compat API is likely still
doing things the wrong way, but that is an issue for another day.
Fixes#4304
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Restore correct API endpoint payloads including reclaimed space numbers
* Include tests for API prune endpoints
* Clean up function signatures with unused parameters
* Update swagger for /networks/prune
Fixes#8891
Signed-off-by: Jhon Honce <jhonce@redhat.com>
This change adds code to report the reclaimed space after a prune.
Reclaimed space from volumes, images, and containers is recorded
during the prune call in a PruneReport struct. These structs are
collected into a slice during a system prune and processed afterwards
to calculate the total reclaimed space.
Closes#8658
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
This change was missed in pull/8689. Now that volume pruneing supports
filters system pruneing can pass its filters down to the volume
pruneing. Additionally this change adds tests for the following components
* podman system prune subcommand with `--volumes` & `--filter` options
* apiv2 api tests for `/system/` and `/libpod/system` endpoints
Relates to #8453, #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes#8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
Network create could panic when used with a json body like this:
`{"Name":"net","IPAM":{"Config":[]}}`
The network scope for list and inspect should not be empty. It can
be swarm, global or local. We only support local networks so
hardcode this field to local.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The libpod images exists endpoint panics when called with
a non existing image and therefore returns 500 as status
code instead of the expected 404.
A test is added to ensure it is working.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
* Update tests to reflect system endpoints
* First implementation of compat /system/df, only fields that are
populated by libpod are set
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add network API tests
* Update network create endpoint to return ID not Name
Audit:
- GET /networks ListNetworks
- GET /networks/{id} InspectNetwork
- DELETE /networks/{id} RemoveNetwork
- POST /networks/create CreateNetwork
- POST /networks/prune 405 not implemented
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Audit and add tests for required fields.
* Added issue for /images/load implementation
Audit:
- GET /images/json GetImages
- POST /build BuildImage
- POST /build/prune 404 not found
- POST /images/create CreateImageFromImage/CreateImageFromSrc
- GET /images/{name}/json GetImage
- GET /images/{name}/history HistoryImage
- POST /images/{name}/push PushImage
- POST /images/{name}/tag TagImage
- DELETE /images/{name} RemoveImage
- POST /images/prune PruneImages
- POST /commit CommitContainer
- GET /images/{name}/get ExportImage
- GET /images/get ExportImages
- POST /images/load LoadImages See https://github.com/containers/podman/issues/8586
Signed-off-by: Jhon Honce <jhonce@redhat.com>
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-confighttps://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Make endpoint compatibile with docker-py network expectations
* Update specgen helper when called from compat endpoint
* Update godoc on types
* Add test for network/container create using docker-py method
* Add syslog logging when DEBUG=1 for tests
Fixes#8361
Signed-off-by: Jhon Honce <jhonce@redhat.com>
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
Recent changes in networking require that the cni network driver be set.
If the user provides no driver, we set the driver to the
defaultnetworkdriver which currently is "bridge".
Fixes: #8294
Signed-off-by: baude <bbaude@redhat.com>
* Update reference to docker-py to docker to reflect change in library
name
* Update tests to create storage sandbox
* Enable all tests that endpoints support
* Refactor containers/{id}/rename to return 404 not 500
* Refactor tests to use quay.io vs. docker.io
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters.
This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint
Closes#6765
Signed-off-by: Ashley Cui <acui@redhat.com>
* renamed old API tests to not be discovered, they do not pass
* Updated the API tests to use a pristine storage configuration
* Skipped attach test, it needs to be re-written
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Followon to #7965 (mirror registry). mirror.gcr.io doesn't
cache all the images we need, and I can't find a way to
add to its cache, so let's just use quay.io for those
images that it can't serve.
Tools used:
skopeo copy --all docker://docker.io/library/alpine:3.10.2 \
docker://quay.io/libpod/alpine:3.10.2
...and also:
docker.io/library/alpine:3.2
docker.io/library/busybox:latest
docker.io/library/busybox:glibc
docker.io/library/busybox:1.30.1
docker.io/library/redis:alpine
docker.io/libpod/alpine-with-bogus-seccomp:label
docker.io/libpod/alpine-with-seccomp:label
docker.io/libpod/alpine_healthcheck:latest
docker.io/libpod/badhealthcheck:latest
Since most of those were new quay.io/libpod images, they required
going in through the quay.io GUI, image, settings, Make Public.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- apiv2 - the 'ten /info requests' test is flaking often,
taking ~8 seconds (our limit is 7, up from 5 a few weeks
ago). Brent suggested that the first /info call might be
expensive, because it needs to access storage. So, let's
prime it by running one /info outside the timing loop.
And, because even that continues to fail, bump it up
to 10 seconds and file #8076 to track the slowdown.
- toolbox test - WaitForReady() has timed out, even on one
occasion causing a run failure because it failed 3 times.
Solution: bump up timeout from 2s to 5s. Not really great,
but CI systems are underpowered, and it's not unreasonable
that 2s might be too low.
- sdnotify test - add a 'podman wait' between stop & rm.
This may prevent a "cannot rm container as it is running"
race condition.
While working on this, Brent and I noticed a few ways that
test-apiv2 logging can be improved:
- test name: when request is POST, display the jsonified
parameters, not the original input ones. This should
make it much easier to reproduce failures.
- use curl's "--write-out" option to capture http code,
content type, and request time. We were getting the
first two via grep from logged headers; this is cleaner.
And there was no other way to get timing. We now include
the timing as X-Response-Time in the log file.
- abort on *any* curl error, not just 7 (cannot connect).
Any error at all from curl is bad news.
Signed-off-by: Ed Santiago <santiago@redhat.com>
when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later.
Signed-off-by: baude <bbaude@redhat.com>
CI discovered that a lot of networking tests are failing; my
fault, for not having run my tests as root on my laptop.
Disable those.
Also: bump up the ten-request time limit, from 5 to 7 seconds.
Looks like something keeps getting slower and slower, but I
guess there's not much we can do about it.
Also: when we get a mismatch response code (e.g. 500 when we
expect 200), dump the response body and skip any subsequent
response checks.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In the new-Cirrus transition, APIv2 tests were inadvertently
disabled. As expected when tests get disabled, they break.
This commit fixes some failing tests, and comments out others
(with big FIXMEs) because I have neither the expertise nor
time to figure out the real problems.
The big change to test-apiv2 is due to a recently-added
test that looks for an '=' sign in json output. My '=' vs '~'
detector completely barfed on that, and there's just no
way to make it work in a bash 'case' statement. So, switch
to an 'if' with 'expr'.
And, unrelated, fix a longstanding (harmless) bug that was
issuing spurious "expected" messages to the test log; those
should've been going to the full results log.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Currenly if a user specifies the name or ID of an external storage
container, we report an error to them.
buildah from scratch
working-container-2
podman rm working-container-2
Error: no container with name or ID working-container-2 found: no such container
Since the user specified the correct name and the container is in storage we
force them to specify --storage to remove it. This is a bad experience for the
user.
This change will just remove the container from storage. If the container
is known by libpod, it will remove the container from libpod as well.
The podman rm --storage option has been deprecated, and removed from docs.
Also cleaned documented options that are not available to podman-remote.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
with the recent inclusion of dealing with multiple images in a tar archive, we can now add a compatibility endpoint that was missing images/get?names=one,two.
Fixes: #7950
Signed-off-by: baude <bbaude@redhat.com>
The `tag` parameter of the compat `images/create` endpoint can be both,
a tag and a digest. Fix parsing of the parameter to detect digests and
use the appropriate `@` separator.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
id is the last image id from the set of id's returned via the images
stanza.
id may be deprecated in a future version of the API
Created test_rest_v2_0_0.py to reflect the bump in the API Version.
Fixes#7686
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* API-Version header now Major.Minor to support tools parsing this
header
* Libpod Version updated to 2.0.0 to reflect changes in API field
values
* API-Version and Libpod-API-Version headers are now included in all
results
Fixes#7327
* Header support tested against goland 2020.2 and
https://www.jetbrains.com/help/idea/docker.html plugin
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Add the filter option to the libpod endpoint.
Add support for the name filter on the docker endpoint.
Add apiv2 tests for the network list endpoints.
Enable podman network integration tests for remote.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
It's not possible to run any of the scripts on distributions which do
have `bash` not in `/bin`. This is being fixed by using `/usr/bin/env
bash` instead.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Add a simple test to exercise the events API without the "filters"
parameter. Prevents regressing on #7078.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
A newly-added test in #6835 was flaking in CI with:
not ok 143 [20-containers] DELETE libpod/containers/SHA
500 cannot remove container <sha> as it is running - running or paused containers cannot be removed without force: container state improper
Root cause: DELETE being run immediately after container start.
Although the container is short-lived, it does take time to
run and exit.
Solution: wait for container to exit (should be quick) before
deleting. This gives us a new test for the /wait endpoint.
Also: tweaked some comments for readability, removed unnecessary
container ps, added actual container status checks, and added
actual message checks to another test that was merely checking
exit status.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Docker api version 1.24 uses a query parameter named Filter
for filtering images by names. In more recent versions of
api name filter is in filters query parameter with other
filters
This patch adds a mapping that translates Filter query
parameter to Filters={"reference": [""]}
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
test-apiv2 has two basic comparisons of returned JSON:
equality and likeness ('=' and '~'). When logging failures,
the test runner shows both actual and expected values. When
logging success, for '=' there's no need to show both actual
and expected. But for '~', it can be helpful (for verifying
test correctness) to show the actual returned value.
To be specific:
old: ok ... .MemTotal~[0-9]\+
new: ok ... .MemTotal ('33509068800') ~ [0-9]\+
old: ok ... .[0].State~\(exited\|stopped\)
new: ok ... .[0].State ('exited') ~ \(exited\|stopped\)
The main benefit is that a developer or end user can
easily see precisely what was returned; this can help
confirm that the test is working as intended, and/or
help fine-tune how the test is written.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Support both `last` and `limit` for in the containers listing endpoint.
We intended to use `limit` which is also mentioned in the docs, but the
implementation ended up using `last` as the http parameter; likely being
caused by the CLI using `--last`. To avoid any regression, we decided
for supporting both and aliasing `last`.
Fixes: #6413
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
- (minor): apiv2 tests: check for full ID
Observation made while reviewing #6461: tests were checking
only for a 12-character container/image ID in return value.
It's actually 64, and we should test for that. This should
also minimize confusion in a future maintainer.
- podman pause/unpause: new test
Runs a 'date/sleep' loop, pauses container, sleeps 3s,
restarts, then confirms that there's a 3- to 6-second
gap in the logs for the container.
- podman healthcheck: new test
run a container with healthcheck, test both healthy
and unhealthy conditions
- podman pod: check '{{.Pod}}' field in podman ps
Hey, as long as we have a pod with two running
containers, might as well confirm that 'podman ps'
returns the expected pod ID.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add testing for displaying image history and exporting image
Deal with API returning binary (Content-Type =~ 'octet').
When so, set $output to the output of 'file'.
Bug fix: in 't' helper, declare loop var $i as local
to avoid contaminating caller
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* Update blang/semver to allow ParseTolerant() support
* Provide helper functions for API handlers to obtain client's 'version'
path variable focused on API endpoint tree: libpod vs. compat
* Introduce new errors:
* version not given in path, endpoints may determine if this is a hard
error (ErrVersionNotGiven)
* given version not supported (ErrVersionNotSupported), only a soft
error if the handler is going to hijack the connection
* Added unit tests for version parsing
* bindings check version on connect:
* client <= Server API version connection is continued
* client >= Server API version connection fails
Signed-off-by: Jhon Honce <jhonce@redhat.com>
apiv2 tests emit TAP-compliant output; recognize it and
highlight it the same way we do BATS tests.
Add anchor links to TAP output, so other tools (e.g.
cirrus-flake-summarize) can link to particular lines
And, remove a "-f" from "wait" in test-apiv2; looks
like there's some version of bash used in some CI VM
that doesn't grok it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* Allow for descriptive comment in 't' invocations, making it
easier to distinguish similar requests
* Include test file basename (eg 40-pods) in 'ok/not ok' line
* Always symlink $TMPDIR/test-apiv2.log to latest YYMMDDetc file
* Include test result ('ok', 'not ok') in said log
* When curl results are JSON, filter them through jq into log
Signed-off-by: Ed Santiago <santiago@redhat.com>
using the factory approach similar to container, we now create pods based on a pod spec generator. wired up the podmanv2 pod create command, podcreatewithspec binding, simple binding test, and apiv2 endpoint.
also included some code refactoring as it introduced as easy circular import.
Signed-off-by: Brent Baude <bbaude@redhat.com>
API v2 has been quiet for a few days, and the test script is
actually passing. Let's take advantage of this opportunity
to get them running in CI.
Requires adding a check for cgroupsv2
Signed-off-by: Ed Santiago <santiago@redhat.com>
Looks like /libpod/pods/create has been fixed to return an
actual pod ID. Extend those tests.
Also, update timeout in the server command: it's now seconds,
not milliseconds.
Also, update FIXME comments in /pods/prune . Still doesn't
work, but clarify what we're seeing.
Also, add a new test that runs ten /info requests and
barfs if it takes more than 5 seconds.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Lots has changed since I first checked this in:
* Switch to new podman system service invocation
* /containers API has changed drastically
* /pods API has some fixes; check for them (e.g.
container-exists is now 409 Conflict, not 500)
* One test ('?invalidparam=x') still doesn't work;
comment it out so we can get everything passing.
Also, some work on the test framework itself:
* Cleaner port-open testing (the bash /dev/tcp check).
* Add a 'podman' function to invoke local podman and
log its output.
The above two allow us to:
* Get rid of stderr special-casing
Furthermore:
* t() no longer needs leading '.'; this allows jq
features such as 'length' and perhaps other filters
* special-case handling of 204 and 304: rfc2616 demands
that they return no message body; assert that it is so.
* new root & rootless helper functions (check server)
* remove the "unlikely to work" message for rootless;
it seems to be working fine
* fix pod tests for rootless
* BUT: add a bolder FIXME because the ID field seems wrong
Signed-off-by: Ed Santiago <santiago@redhat.com>
Initial framework for testing the version 2 (HTTP) API.
Includes a collection of tests for some of the existing
endpoints. Not all tests are currently passing.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Jason T. Greene
Jhon Honce
Jakub Guzik
openshift-ci[bot]
Milivoje Legenovic
cdoern
Matthew Heon
OpenShift Merge Robot
Valentin Rothberg
Ed Santiago
Vikas Goel
Alex Schultz
cdoern
Matej Vasek
Matthew Heon
Paul Holzinger
Paul Holzinger
Daniel J Walsh
troyready
baude
Ashley Cui
Nikolay Edigaryev
Igor Korolev
Baron Lenardson
Josh Soref
zhangguanzhang
Edward Shen
Yuhui Jiang
Sascha Grunert
Korhonen Sami (Samlink)
Alex Jia
Yiqiao Pu