Support UIDMap, GIDMap, SubUIDMap and SubGIDMap
If any of them are set disregard the deprecated Remap keys
Add tests and man
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
...while Ed was napping:
- create/run based on remote image: was not actually testing anything
- create/run --tls-verify: ditto
- run --decryption-key: sort of testing but not really
- Fail(), not Skip(), if we can't start registry.
- never Skip() halfway through a test: emit a message, and return
The Skip-in-the-middle thing deserves to be shouted from the rooftops.
Let's please never do that again. Skip() says "this entire test was
skipped", which can be misleading to a spelunker trying to track
down a problem related to those tests.
Also, more minor:
- reduce use of port 5000
- rename a confusingly-named test
Ref: #11205, #12009
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is something I've long wanted in logs: an indicator of
which bats file the test lives in. As of v1.7.0 there is
now a way to do that, BATS_TEST_NAME_PREFIX. Use it. Logs
now look like:
ok 14 [001] podman - shutdown engines
ok 15 [005] podman info - basic test
...
not ok 195 [065] podman cp - dot notation ....
(As a bonus, we can remove the super-long "test blah blah pasta"
duplication from 505.bats).
Also, removed no-longer-necessary (fingers crossed) debug code
for the recently fixed containers-storage umount/EINVAL flake.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This will only fail if someone ever adds a system test that
runs podman with "--db-backend boltdb", which nobody should
ever do, but this is a cheap way to make sure it never happens.
See #20563
Signed-off-by: Ed Santiago <santiago@redhat.com>
When using the local client, we should display the compression
algorithm.
If the compression level is set, then show this also.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It seems certain test infrastructure prevents cloning repo which
contains symlink outside of the repo itself, generate symlink for such
test by the testsuite itself just before running test and remove it when
test is completed.
Signed-off-by: Aditya R <arajan@redhat.com>
Followup to #20318: now that sqlite is the podman default,
enforce that in CI as well. Test boltdb only in Prior Fedora.
In the process, discovered & cleaned up some duplication
and unused YAML anchors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Under some circumstances BATS tests hang, causing a CI timeout.
One prominent reason is pasta test failures: BATS will not
exit until all child processes are finished, and in some
environments the socat client can stay forever.
Workaround: run socat with a timeout, and with limited retries.
Tested on an f38 system with broken IPv6: without this fix,
bats hangs until I ^C. With this fix, bats exits as it should.
Signed-off-by: Ed Santiago <santiago@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Followup from #20050. Lots of tiny problems in tests, all of
them adding up to significant maintainability problems.
These tests are currently impossible to run in a dev environment,
and super-painful to set up in 1mt, so I've just done a few hours
of cleanup and am giving up for the week.
This is ready for merge, in the sense that it's much better than
what exists now, but it still needs boatloads more work.
Signed-off-by: Ed Santiago <santiago@redhat.com>
I don't really like this solution because it can't be undone by
`--security-opt unmask=all` but I don't see another way to make
this retroactive. We can potentially change things up to do this
the right way with 5.0 (actually have it in the list of masked
paths, as opposed to adding at spec finalization as now).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Our aarch64 CI system uses 172.31.0.0/20. Because I was (and am)
lazy, my random_rfc1918_subnet() helper was only checking /24.
This causes flakes.
Solution is to actually do it right: binary arithmetic, prefix
matching. This is effectively impossible in bash, so, use a
hairy perl helper and add copious tests.
Fixes: #18693
Signed-off-by: Ed Santiago <santiago@redhat.com>
Problem: frequent CI flakes of the form:
Error: cannot listen on the TCP port: listen tcp4 :5355: bind: address already in use
Always 5355.
Cause: systemd-resolve listens on 5355, but not on 127.0.0.1. So
when GetPort() tries its is-it-in-use check by binding localhost,
it succeeds; but then podman binds * and fails.
Solution: GetPort(): test by binding 0.0.0.0.
Also, improve the failure message.
Signed-off-by: Ed Santiago <santiago@redhat.com>
There's a whole slew of networking-related flakes whose common
element seems to be improper use of curl. Fix those by:
* add --retry --retry-connrefused; and/or
* add -S ("show errors". Plain -s silences everything!); and/or
* test exit status from curl; and/or
* add wait_for_port after "podman run -d", to avoid races
* log commands, to make debugging easier
Important note: wait_for_port() was not working with rootless
podman ports. Trivial proof:
$ podman run -d --name foo -p 8192:80 \
quay.io/libpod/testimage:20221018 \
/bin/busybox-extras httpd -f -p 80
$ grep :2000 /proc/net/tcp
[no results]
Solution: use ss tool; it seems to handle this just fine.
There may be a better solution.
Oh, also, add -t1 to a podman restart, to shave 18s from test run.
Fixes: #20335 and, I think, a handful of others
Signed-off-by: Ed Santiago <santiago@redhat.com>
