From 9b8e01efd6aae8bdc9b11192d6a623333bf91f1f Mon Sep 17 00:00:00 2001
From: Ygal Blum <ygal.blum@gmail.com>
Date: Mon, 16 Oct 2023 13:02:16 +0300
Subject: [PATCH] Quadlet - support ImageName for .image files

Allow overriding the image name resolved from the .image file
Add test and doc

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
---
 docs/source/markdown/podman-systemd.unit.5.md | 44 ++++++----
 pkg/systemd/quadlet/quadlet.go                |  6 ++
 test/system/252-quadlet.bats                  | 87 +++++++++++++++++++
 3 files changed, 122 insertions(+), 15 deletions(-)

diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md
index 0067c361d6..0132ffb97f 100644
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@@ -1070,21 +1070,22 @@ particularly interesting when using special options to control image pulls.
 
 Valid options for `[Image]` are listed below:
 
-| **[Image] options**                 | **podman image pull equivalent**                |
-|-------------------------------------|-------------------------------------------------|
-| AllTags=true                        | --all-tags                                      |
-| Arch=aarch64                        | --arch=aarch64                                  |
-| AuthFile=/etc/registry/auth\.json   | --authfile=/etc/registry/auth\.json             |
-| CertDir=/etc/registry/certs        | --cert-dir=/etc/registry/certs                   |
-| ContainersConfModule=/etc/nvd\.conf | --module=/etc/nvd\.conf                         |
-| Creds=myname\:mypassword            | --creds=myname\:mypassword                      |
-| DecryptionKey=/etc/registry\.key   | --decryption-key=/etc/registry\.key              |
-| GlobalArgs=--log-level=debug        | --log-level=debug                               |
-| Image=quay.io/centos/centos\:latest | podman image pull quay.io/centos/centos\:latest |
-| OS=windows                          | --os=windows                                    |
-| PodmanArgs=--os=linux               | --os=linux                                      |
-| TLSVerify=false                     | --tls-verify=false                              |
-| Variant=arm/v7                      | --variant=arm/v7                                |
+| **[Image] options**                    | **podman image pull equivalent**                 |
+|----------------------------------------|--------------------------------------------------|
+| AllTags=true                           | --all-tags                                       |
+| Arch=aarch64                           | --arch=aarch64                                   |
+| AuthFile=/etc/registry/auth\.json      | --authfile=/etc/registry/auth\.json              |
+| CertDir=/etc/registry/certs            | --cert-dir=/etc/registry/certs                   |
+| ContainersConfModule=/etc/nvd\.conf    | --module=/etc/nvd\.conf                          |
+| Creds=myname\:mypassword               | --creds=myname\:mypassword                       |
+| DecryptionKey=/etc/registry\.key       | --decryption-key=/etc/registry\.key              |
+| GlobalArgs=--log-level=debug           | --log-level=debug                                |
+| Image=quay\.io/centos/centos:latest    | podman image pull quay.io/centos/centos\:latest  |
+| ImageTag=quay\.io/centos/centos:latest | Use this name when resolving `.image` references |
+| OS=windows                             | --os=windows                                     |
+| PodmanArgs=--os=linux                  | --os=linux                                       |
+| TLSVerify=false                        | --tls-verify=false                               |
+| Variant=arm/v7                         | --variant=arm/v7                                 |
 
 ### `AllTags=`
 
@@ -1150,6 +1151,19 @@ performance and robustness reasons.
 The format of the name is the same as when passed to `podman pull`. So, it supports using
 `:tag` or digests to guarantee the specific image version.
 
+### `ImageTag=`
+
+Actual FQIN of the referenced `Image`.
+Only meaningful when source is a file or directory archive.
+
+For example, an image saved into a `docker-archive` with the following Podman command:
+
+`podman image save --format docker-archive --output /tmp/archive-file.tar quay.io/podman/stable:latest`
+
+requires setting
+- `Image=docker-archive:/tmp/archive-file.tar`
+- `ImageTag=quay.io/podman/stable:latest`
+
 ### `OS=`
 
 Override the OS, defaults to hosts, of the image to be pulled.
diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go
index d90de98f8e..094166d7a2 100644
--- a/pkg/systemd/quadlet/quadlet.go
+++ b/pkg/systemd/quadlet/quadlet.go
@@ -90,6 +90,7 @@ const (
 	KeyIP                    = "IP"
 	KeyIP6                   = "IP6"
 	KeyImage                 = "Image"
+	KeyImageTag              = "ImageTag"
 	KeyKubeDownForce         = "KubeDownForce"
 	KeyLabel                 = "Label"
 	KeyLogDriver             = "LogDriver"
@@ -290,6 +291,7 @@ var (
 		KeyDecryptionKey:        true,
 		KeyGlobalArgs:           true,
 		KeyImage:                true,
+		KeyImageTag:             true,
 		KeyOS:                   true,
 		KeyPodmanArgs:           true,
 		KeyTLSVerify:            true,
@@ -1222,6 +1224,10 @@ func ConvertImage(image *parser.UnitFile) (*parser.UnitFile, string, error) {
 		// The default syslog identifier is the exec basename (podman) which isn't very useful here
 		"SyslogIdentifier", "%N")
 
+	if name, ok := image.Lookup(ImageGroup, KeyImageTag); ok && len(name) > 0 {
+		imageName = name
+	}
+
 	return service, imageName, nil
 }
 
diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats
index fe49a3e15a..2b57e58edd 100644
--- a/test/system/252-quadlet.bats
+++ b/test/system/252-quadlet.bats
@@ -1325,4 +1325,91 @@ EOF
     run_podman rmi --ignore $(pause_image)
 }
 
+@test "quadlet - image tag" {
+    local quadlet_tmpdir=$PODMAN_TMPDIR/quadlets
+    local archive_file=$PODMAN_TMPDIR/archive-file.tar
+    local image_for_test=localhost/quadlet_image_test:$(random_string)
+
+    local quadlet_image_unit=image_test_$(random_string).image
+    local quadlet_image_file=$PODMAN_TMPDIR/$quadlet_image_unit
+    cat > $quadlet_image_file <<EOF
+[Image]
+Image=docker-archive:$archive_file
+ImageTag=$image_for_test
+EOF
+
+    local quadlet_volume_unit=image_test_$(random_string).volume
+    local quadlet_volume_file=$PODMAN_TMPDIR/$quadlet_volume_unit
+    local volume_name=systemd-$(basename $quadlet_volume_file .volume)
+    cat > $quadlet_volume_file <<EOF
+[Volume]
+Driver=image
+Image=$quadlet_image_unit
+EOF
+
+    local quadlet_container_unit=image_test_$(random_string).container
+    local quadlet_container_file=$PODMAN_TMPDIR/$quadlet_container_unit
+    cat > $quadlet_container_file <<EOF
+[Container]
+Image=$IMAGE
+Exec=sh -c "echo STARTED CONTAINER; echo "READY=1" | socat -u STDIN unix-sendto:\$NOTIFY_SOCKET; sleep inf"
+Volume=$quadlet_volume_unit:/vol
+EOF
+
+    # Tag the image, save it into a file and remove it
+    run_podman image tag $IMAGE $image_for_test
+    run_podman image save --format docker-archive --output $archive_file $image_for_test
+    run_podman image rm $image_for_test
+
+    # Use the same directory for all quadlet files to make sure later steps access previous ones
+    mkdir $quadlet_tmpdir
+
+    # Have quadlet create the systemd unit file for the image unit
+    run_quadlet "$quadlet_image_file" "$quadlet_tmpdir"
+    # Save the image service name since the variable will be overwritten
+    local image_service=$QUADLET_SERVICE_NAME
+
+    # Have quadlet create the systemd unit file for the volume unit
+    run_quadlet "$quadlet_volume_file" "$quadlet_tmpdir"
+    # Save the image service name since the variable will be overwritten
+    local volume_service=$QUADLET_SERVICE_NAME
+
+    # Image should not exist
+    run_podman 1 image exists ${image_for_test}
+    # Volume should not exist
+    run_podman 1 volume exists ${volume_name}
+
+    # Have quadlet create the systemd unit file for the image unit
+    run_quadlet "$quadlet_container_file" "$quadlet_tmpdir"
+    local container_service=$QUADLET_SERVICE_NAME
+    local container_name=$QUADLET_CONTAINER_NAME
+
+    service_setup $container_service
+
+    # Image system unit should be active
+    run systemctl show --property=ActiveState "$image_service"
+    assert "$output" = "ActiveState=active" \
+           "quadlet - image tag: image service ActiveState"
+
+    # Volume system unit should be active
+    run systemctl show --property=ActiveState "$volume_service"
+    assert "$output" = "ActiveState=active" \
+           "quadlet - image tag: volume service ActiveState"
+
+    # Image should exist
+    run_podman image exists ${image_for_test}
+
+    # Volume should exist
+    run_podman volume exists ${volume_name}
+
+    run_podman exec $QUADLET_CONTAINER_NAME cat /vol/home/podman/testimage-id
+    assert "$output" = $PODMAN_TEST_IMAGE_TAG \
+            "quadlet - image files: incorrect testimage-id in bound volume"
+
+    # Shutdown the service and remove the image
+    service_cleanup $container_service failed
+    run_podman image rm --ignore $image_for_test
+    run_podman rmi --ignore $(pause_image)
+}
+
 # vim: filetype=sh