- (minor): apiv2 tests: check for full ID
Observation made while reviewing #6461: tests were checking
only for a 12-character container/image ID in return value.
It's actually 64, and we should test for that. This should
also minimize confusion in a future maintainer.
- podman pause/unpause: new test
Runs a 'date/sleep' loop, pauses container, sleeps 3s,
restarts, then confirms that there's a 3- to 6-second
gap in the logs for the container.
- podman healthcheck: new test
run a container with healthcheck, test both healthy
and unhealthy conditions
- podman pod: check '{{.Pod}}' field in podman ps
Hey, as long as we have a pod with two running
containers, might as well confirm that 'podman ps'
returns the expected pod ID.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- exec: add test for #5046, in which conmon swallowed chars
on a large byte transfer
- pod: add 'pod exists' tests, both positive and negative;
consolidate tests; add '--label', and check in 'pod inspect'
add 'pod ps' tests
- networking: add test for #5466, in which detached run
with --userns=keep-id would not forward a port
Signed-off-by: Ed Santiago <santiago@redhat.com>
We previously enforced this for security reasons, but as Dan has
explained on several occasions, it's not very valuable there
(it's trivially easy to bypass) and it does seriously annoy folks
trying to use named volumes. Flip the default from 'on' to 'off'.
Signed-off-by: Matthew Heon <mheon@redhat.com>
* rename pod-top.bats to pod.bats
* add test for TCP port communication between pods
* add test for various podman-pod-create options
Signed-off-by: Ed Santiago <santiago@redhat.com>
Three small fixes for breaking tests on rawhide:
1) run test: looks like runc changed the format of
an error message, adding a colon in one place.
runc is used on rawhide when booted in cgroups v1
2) volumes test: difference in exit status and error
message between runc and crun.
3) systemd test: define XDG_RUNTIME_DIR if unset.
podman helpfully sets this to a reasonable default,
but the 'systemctl' commands used in this test do not.
Signed-off-by: Ed Santiago <santiago@redhat.com>
run test: run positive test before negative; and actually
implement real negative tests. Also, add confirmation tests for
cidfile/pidfile, not just 'exit status is good'.
systemd test: enable rootless, and again add actual content
testing.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The systemd unit test never ran in CI and was broken for various
reasons. Fix the test to execute Podman in systemd units and to also
run generated units files.
Note: more tests will be added in the future. The simple check for now
will prevent regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The --conmon-pidfile was not set in the spec leading to failing systemd
units. Also add a system test to prevent future regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Now that we've agreed that usage messages should match
what the user typed, confirm it. IOW 'podman foo --help'
should not issue a usage message for 'podman container foo'.
Fix one broken instance, 'unpause'.
Signed-off-by: Ed Santiago <santiago@redhat.com>
in cases where commands require input and we dont provide it, we often would segv. This can be attributed in many cases to the subcommand not picked up the cobra Args attribute or neither had them.
Signed-off-by: baude <bbaude@redhat.com>
If a usage message is of the form '... [flags] ARGNAME',
where ARGNAME is all-caps and not in brackets, it must
be a required argument. Try running podman subcommand
without ARGNAME, and make sure that podman bails out
with an informative message. (Since this message is
freeform in each subcommand, not Cobra-generated,
we have a lot of possible variations to check for).
Fix podman login/logout Use messages to indicate that
REGISTRY is now optional (as of #5233).
This test has actually been in place for over a year but
due to a typo on my part -- a missing space -- it was
not being run. "For want of a space, much testing was lost".
Signed-off-by: Ed Santiago <santiago@redhat.com>
skopeo pr #829 adds REGISTRY_AUTH_FILE support; this lets us
enable the following test:
podman login - shares credentials with skopeo - via envariable
(I seriously doubt that the CI VMs have been updated with the
new skopeo, but I can leave this PR in limbo until that happens.
Otherwise I'll forget to enable the test).
Signed-off-by: Ed Santiago <santiago@redhat.com>
the current implementation of info, while typed, is very loosely done so. we need stronger types for our apiv2 implmentation and bindings.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The recently-added 'run --rmi' test was not actually doing
what it thinks it was doing: for one, 'run_podman | grep'
is never going to work; also, the test was leaving behind
stray images.
Rework to do what I believe the intention was; and, combine
into one test (down from two) for readability.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The --rmi flag will delete the container image after its execution
unless that image is already been used by another container(s).
This is useful when one wants to execute a container once and remove
any resources attached to it.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
9f69c4eca (part of the f31 pr, #3091) semi-broke the kill test,
there's now an ugly warning:
setup(): removing stray images quay.io/libpod/fedora-minimal:latest 7bb5a60e8a78
The comments also didn't actually explain the problem
being addressed, and included a misleading reference
to busybox.
Here we switch to using fedora-minimal only with podman-remote,
clean it up (rmi) when finished, and include an explanation in
the comments about why this is needed; making it clear that
this workaround can be removed once we get rid of podman-remote.
We also reformat back to 80 columns.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It's possible/likely the container image for the test will need to be
pulled as part of the `run` command. Due to the way BATS handles
output, messages regarding image-pull could be misinterpreted as the
container's CID. Force the CID to be obtained by only the last line of
output.
Signed-off-by: Chris Evich <cevich@redhat.com>
1) Help message for podman port was missing [PORT]
2) Add test for 'podman port'. And, actually, an entire
networking test that I'd written some weeks ago but
apparently didn't 'git add'.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
Great timing: this new test collided against #5268, which added
a warning about using command-line --password. CI is now going
to fail all over.
Fix: rework test to use --password-stdin. Am doing so only
in the places where output string is checked; other instances
can keep using '--password xxx' because it's simpler.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Looks like a bit of a misunderstanding from early on.
Docker implements --filter=since=IMAGE. Podman implements 'after'
instead of 'since'. Add an equivalent case statement to handle
both, keeping 'after' because we have no way of knowing if it
is used in the field.
Update documentation ... and fix what looks like a complete
misinterpretation of what the code actually does: the man page
claimed that these were time fields, but I don't see any
possible incantation in which a time value works or could
work. Updated docs to reflect IMAGE usage. Also changed
nonworking '==' to single '='.
Added tests. [UPDATE: skip with broken podman-remote]
Fixes: #5040
Signed-off-by: Ed Santiago <santiago@redhat.com>
Test podman login/logout, login with wrong credentials,
auth file contents, auth file path override, push/pull,
and, if skopeo is installed, credentials sharing
Fixes: #4283
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add pkg/signal to deal with parts of signal processing and translating
signals from string to numeric representations. The code has been
copied from docker/docker (and attributed with the copyright) but been
reduced to only what libpod needs (on Linux).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
- run: --name (includes 'podman container exists' tests)
- run: --pull (always, never, missing)
- build: new test for ADD URL (#4420)
- exec: new test for issue #4785 (pipe getting lost)
- diff: new test
- selinux (mostly copied from docker-autotest)
Plus a bug fix: the wait_for_output() helper would continue
checking, eventually timing out, even if the container had
already exited (probably because of an error). Fix: as
part of the loop, run 'podman inspect' and bail out if
container is not running. Include exit code and logs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When you open a FIFO for reading, but there's no writer, you hang.
This is just one of those obscure UNIXisms we all know but just
forget all too often.
My last PR was guilty of introducing such a condition; I caught
it by accident while testing other stuff. In short, the signal
container was doing 'echo DONE' as its last step, and we (BATS)
were reading the FIFO to check for it; but if the container
exited before we opened the FIFO for read, the open would hang.
This is not a hang that we can catch in the test: it would hang
the entire job forever. CI would presumably time out eventually,
but with no useful indication of the cause of the error.
Solution: use 'exec' to open the FIFO early and keep it open,
and use 'read -u FD' instead of 'read <$fifo': the former
reads from an open FD, the latter forces a new open() each time.
There is a shorter, more maintainable solution -- see #4755 -- but
that suffers from the same hanging problem in the (unlikely) case
where the signal-handling container exits, e.g. if signal handling
is broken in podman. The test would hang, with no helpful indicator.
Although this PR is a little more advanced scripting, I have
commented the relevant code well and believe the maintenance
cost is worth the risk of undebuggable hangs.
There is still a hang risk: if 'podman logs -f' fails and exits
immediately, the 'exec' will hang. I can't think of a non-racy
way to prevent that, and choose to live with that risk.
Tested by temporarily including 9 (SIGKILL) in the signals list.
The read timeout triggers, and the end user has a fair chance
of tracking down the root cause.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The helper function we use for signal name mapping does not
check for negative numbers nor invalid (too-high) ones. This
can yield unexpected error messages:
# podman kill -s -1 foo
ERRO[0000] unknown signal "18446744073709551615"
This PR introduces a small wrapper for it that:
1) Strips off a leading dash, allowing '-1' or '-HUP'
as valid inputs; and
2) Rejects numbers <1 or >64 (SIGRTMAX)
Also adds a test suite checking signal handling as well as
ensuring that invalid signals are rejected by the command line.
Fixes: #4746
Signed-off-by: Ed Santiago <santiago@redhat.com>
As initially written the test does not work other than in
a CI environment because it relies on an empty tag history.
Rewrite so we can guarantee that, by creating a new image.
Also add slightly more helpful tests: the initial tests
would just show "expected 0, got 1" which is unhelpful.
Tweak so we test on actual history contents, which will
show more informative messages on failure.
And, finally, clean up after ourselves.
Signed-off-by: Ed Santiago <santiago@redhat.com>
See https://github.com/containers/buildah/pull/1955
I've confirmed that this test fails under podman-1.6.2-2.fc30
and passes under current master.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We leverage the containers/storage image history tracking feature to
show the previously used image names when running:
`podman images --history`
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Unless specified otherwise by --all, --latest or via arguments, list all
running containers. This matches the behaviour of Docker and is also
illustrated in the man pages where containers and options are marked to
be optional.
Fixes: #4274
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
podman exec leaks an exec_pid_<hash> file for every exec in tmpfs,
it's known rhbz#1731117, this case makes sure leakage issue has
been fixed.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1731117
Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
When a container is created with a given OCI runtime, but then it
is uninstalled or removed from the configuration file, Libpod
presently reacts very poorly. The EvictContainer code can
potentially remove these containers, but we still can't see them
in `podman ps` (aside from the massive logrus.Errorf messages
they create).
Providing a minimal OCI runtime implementation for missing
runtimes allows us to behave better. We'll be able to retrieve
containers from the database, though we still pop up an error for
each missing runtime. For containers which are stopped, we can
remove them as normal.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Ed Santiago
OpenShift Merge Robot
Jhon Honce
Boaz Shuster
Sujil02
Daniel J Walsh
Matthew Heon
Valentin Rothberg
baude
Kunal Kushwaha
Chris Evich
Sascha Grunert
Alex Jia
Matthew Heon