Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
Podman Desktop [1] is looking into improving the user experience which
requires to know the source of an image. Consider the user triggers an
image pull and Podman Desktop wants to figure out whether the image name
refers to a Red Hat registry, for instance, to prompt installing the RH
auth extension.
Since the input values of images may be a short name [2], Podman Desktop
has no means to figure out the (potential) source of the image. Hence,
add a new `/resolve` endpoint to allow external callers to figure out
the (potential) fully-qualified image name of a given value.
With the new endpoint, Podman Desktop can ask Podman directly to resolve
the image name and then make an informed decision whether to prompt the
user to perform certain tasks or not. This for sure can also be used
for any other registry (e.g., Quay, Docker Hub).
[1] https://github.com/containers/podman-desktop/issues/5771
[2] https://www.redhat.com/sysadmin/container-image-short-names
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
SpecGen is our primary container creation abstraction, and is
used to connect our CLI to the Libpod container creation backend.
Because container creation has a million options (I exaggerate
only slightly), the struct is composed of several other structs,
many of which are quite large.
The core problem is that SpecGen is also an API type - it's used
in remote Podman. There, we have a client and a server, and we
want to respect the server's containers.conf. But how do we tell
what parts of SpecGen were set by the client explicitly, and what
parts were not? If we're not using nullable values, an explicit
empty string and a value never being set are identical - and we
can't tell if it's safe to grab a default from the server's
containers.conf.
Fortunately, we only really need to do this for booleans. An
empty string is sufficient to tell us that a string was unset
(even if the user explicitly gave us an empty string for an
option, filling in a default from the config file is acceptable).
This makes things a lot simpler. My initial attempt at this
changed everything, including strings, and it was far larger and
more painful.
Also, begin the first steps of removing all uses of
containers.conf defaults from client-side. Two are gone entirely,
the rest are marked as remove-when-possible.
[NO NEW TESTS NEEDED] This is just a refactor.
Signed-off-by: Matt Heon <mheon@redhat.com>
Cut is a cleaner & more performant api relative to SplitN(_, _, 2) added in go 1.18
Previously applied this refactoring to buildah:
https://github.com/containers/buildah/pull/5239
Signed-off-by: Philip Dubé <philip@peerdb.io>
The push binding endpoint wasn't actually writing the
output data to the stream when quiet=false and there
was no push error.
Do not hard code quiet=true anymore, take into account the
user input.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When committing containers to create new images, accept a container
config blob being passed in the body of the API request by adding a
Config field to our API structures. Populate it from the body of
requests that we receive, and use its contents as the body of requests
that we make.
Make the libpod commit endpoint split changes values at newlines, just
like the compat endpoint does.
Pass both the config blob and the "changes" slice to buildah's Commit()
API, so that it can handle cases where they overlap or conflict.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Instead of relying on the remote server to create tar files
with the right account IDs (which the remote server doesn't
even know, when the client and server run under different accounts),
have the remote client ignore the account IDs when unpacking.
Then just hard-code 0 in the remote server, so that the remote
server's account identity does not leak in the tar file contents.
Compare https://github.com/containers/image/issues/1627 .
[NO NEW TESTS NEEDED] : https://github.com/containers/podman/pull/18563
suggests that existing tests already cover these code paths / properties.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add a new `compatMode` parameter to libpod's pull endpoint. If set, the
streamed JSON payload is identical to the one of the Docker compat
endpoint and allows for a smooth integration into existing tooling such
as podman-py and Podman Desktop, some of which already have code for
rendering the compat progress data.
We may add a libpod-specific parameter in the future which will stream
differnt progress data.
Fixes: issues.redhat.com/browse/RUN-1936?
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The libpod containers create endpoint wasn't checking whether
the image existed before creating the container. If the image
doesn't exist, it should return a 404 status code but it was
failing and returning a 500 status code.
This fix matches the behavior of the compat endpoint.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
As requested in containers/podman/issues/20000, add a `privileged` field
to the containers table in containers.conf. I was hesitant to add such
a field at first (for security reasons) but I understand that such a
field can come in handy when using modules - certain workloads require a
privileged container.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
... by updating for a c/common API change.
[NO NEW TESTS NEEDED]: Only moves unchanged code,
should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Value of `--force-compression` should be already `true` is
`--compression-format` is selected otherwise let users decide.
Signed-off-by: Aditya R <arajan@redhat.com>
Move SupportedVersion() and IsLibpodRequest() to separate package to
avoid import cycle when using it in libpod.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds support for --force-compression which allows end-users to force
push blobs with the selected compresison in --compression option, in
order to make sure that blobs of other compression on registry are not
reused.
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for --force-compression which allows end-users to force
push blobs with the selected compresison in --compression option, in
order to make sure that blobs of other compression on registry are not
reused.
Is equivalent to: force-compression here: https://docs.docker.com/build/exporters/#compression
Closes: https://github.com/containers/podman/issues/18660
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for --add-compression which accepts multiple compression
formats and when used it will add all instances in a manifest list with
requested compression formats.
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for `since` as a valid filter option for `podman volume ls`
and `podman volume prune`.
Implements: #19228
Initially suggested from: #19119
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Fixes a bug where `podman volume ls` with multiple `label` filters would
return volumes that matched *any* of the filters, not *all* of them.
Adapts generating volume filter functions to be more in
line with how it is done for containers and pods.
Fixes: #19219
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Adds an `--podman-only` flag to `podman generate kube` to allow for
reserved annotations to be included in the generated YAML file.
Associated with: #19102
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
When I reworked pod removal to provide more detailed errors
(including per-container errors, not just a single multierror
with all errors squashed), I made it part of the struct returned
by the REST API and assumed that would be enough to get errors
through to clients. Unfortunately, in case of an overarching
error removing the pod (as any error with any container would
cause), we don't send the response struct that would include the
container errors - we just send a standardized REST error. We
could work around this with custom, potentially backwards
incompatible error handling for the REST pod delete endpoint, or
we could just do what was done before, and package up all the
errors in a multierror to send to the other side. Of those
options, the multierror seems far simpler.
Fixes#19159
Signed-off-by: Matt Heon <mheon@redhat.com>
Adds a `--no-trunc` flag to `podman kube generate` preventing the
annotations from being trimmed at 63 characters. However, due to
the fact the annotations will not be trimmed, any annotation that is
longer than 63 characters means this YAML will no longer be Kubernetes
compatible. However, these YAML files can still be used with `podman
kube play` due to the addition of the new flag below.
Adds a `--no-trunc` flag to `podman kube play` supporting YAML files with
annotations that were not truncated to the Kubernetes maximum length of
63 characters.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Previous tests have worked by pure chance since the client and server
ran on the same host; the server picked up the credentials created by
the client login.
Extend the gating tests and add a new integration test which is further
capable of exercising the remote code.
Note that fixing authentication support requires adding a new
`--authfile` CLi flag to `manifest inspect`. This will at least allow
for passing an authfile to be bindings. Username and password are not
yet supported.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The libpod API does not set a default. Also PodTop is podman sepecific
so we can just rmeove this extra branch there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Users may want to replace the secret used within containers, without
destroying the secret and recreating it.
Partial fix for https://github.com/containers/podman/issues/18667
Make sure podman --remote secret inspect and podman secret inspect
return the same error message.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This probably should have been in the API since the beginning,
but it's not too late to start now.
The extra information is returned (both via the REST API, and to
the CLI handler for `podman rm`) but is not yet printed - it
feels like adding it to the output could be a breaking change?
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Make sure that the directory formats are not just substituted with their
archive counterparts but actually tar'ed up directories. Also make sure
that the clients don't get chown errors by setting rootless user and
group ID instead of O when running in the user namespace.
Fixes: #15897
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The Report will be used in a future change as a new return value for the
internal Push API.
Note: this change is only breaking internal APIs while user-facing
external ones remain unchanges.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman is attempting to split the headers returned by the ps
command into a list of headers. Problem is that some headers
are multi-word, and headers are not guaranteed to be split via
a tab. This PR splits the headers bases on white space, and for
the select group of CAPS headers which are multi-word, combines
them back together.
Fixes: https://github.com/containers/podman/issues/17524
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use the kube_generate_type from the containers.conf as
the default value for the --type flag for kube generate.
Override the default when userexplicitly sets the --type
flag.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The standard lib states that server handlers don't need to close the
body, so let's not do that to avoid any unforeseen side effect.
[NO TESTS NEEDED] - existing tests should suffice.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add the command along with the abi and tunnel support
Add e2e tests
Add man page
Add apiv2 test to ensure return codes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The podman kube generate command can now generate a
Deployment kind when the --ype flag is set to deployment.
By default, a Pod spec will be generated if --type flag is
not set.
Add --replicas flag to kube generate to allow users to set
the value of replicas in the generated yaml when generating a
Deployment kind.
Add e2e and minikube tests for this feature.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The default_ulimits field is currently ignored in podman run commands.
This PR fixes this.
Fixes: https://github.com/containers/podman/issues/17396
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a way to keep play kube running in the foreground and terminating all pods
after receiving a a SIGINT or SIGTERM signal. The pods will also be
cleaned up after the containers in it have exited.
If an error occurrs during kube play, any resources created till the
error point will be cleane up also.
Add tests for the various scenarios.
Fixes#14522
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
