We use the name as alias but using the hostname makes also sense and
this is what docker does. We have to keep the short id as well for
docker compat.
While adding some tests I removed some duplicated tests that were
executed twice for nv for no reason.
Fixes#17370
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When fetching the user name, you need to use User.Username
instead of User.Name, as with other tests.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Adds a `--no-trunc` flag to `podman kube generate` preventing the
annotations from being trimmed at 63 characters. However, due to
the fact the annotations will not be trimmed, any annotation that is
longer than 63 characters means this YAML will no longer be Kubernetes
compatible. However, these YAML files can still be used with `podman
kube play` due to the addition of the new flag below.
Adds a `--no-trunc` flag to `podman kube play` supporting YAML files with
annotations that were not truncated to the Kubernetes maximum length of
63 characters.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Do not use podman info/version as they are expensive and clutter the log
for no reason. Just checking if we can connect to the socket should be
good enough and much faster.
Fix the non existing error checking, so that we actually see an useful
error when this does not work.
Also change the interval, why wait 2s for a retry lets take 100ms steps
instead.
Fixes#19010
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Previous tests have worked by pure chance since the client and server
ran on the same host; the server picked up the credentials created by
the client login.
Extend the gating tests and add a new integration test which is further
capable of exercising the remote code.
Note that fixing authentication support requires adding a new
`--authfile` CLi flag to `manifest inspect`. This will at least allow
for passing an authfile to be bindings. Username and password are not
yet supported.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Users may want to replace the secret used within containers, without
destroying the secret and recreating it.
Partial fix for https://github.com/containers/podman/issues/18667
Make sure podman --remote secret inspect and podman secret inspect
return the same error message.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
1. toolbox UID/GID allocation: pick numbers < 1500. Otherwise
we run the risk of colliding with the Cirrus rootless user.
2. WaitContainerReady(): check the results of the last "podman logs"
before timing out. Otherwise, the user will see "READY" followed
immediately by "Container is not ready".
(global bug, not just toolbox, but that's where I discovered it).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Using GinkgoT().TempDir() will automatically result in the directy to be
cleaned up when the test is done. This should help to prevent leaking
files and we do not need to error check every time.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Like LockTmpDir use a random tmpdir for this directory. Make sure it is
set for all parallel ginkgo processes.
Also GinkgoT().TempDir() will automatcially remove the directory at the
end so we do not need to worry about cleanup.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
AFAIK the latest podman will not even run on RHEL 7 anymore, in any case
we do not need these tests to run there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Using the OS tempdir here is not good. This defaults to /tmp which means
the inital podman test setup uses these paths:
`--root /tmp/root --runroot /tmp/runroot and --tmpdir /tmp`
Thus we create many files directly under /tmp. Also they were never
removed thus leaked out. When running as root and then later as rooltess
this would fail to permission problems.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Ginkgo currently logs a warning because the cli version (defnied in
test/tools/go.mod) does not match the library version (defnied in
go.mod).
Simply fix this by updating ginkgo to the latest version.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no need to buffer them all into an array then write them once
at the end. Just write directly to the file.
Fixes#19104
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The --authfile flag has been ignored. Fix that and add a test to make
sure we won't regress another time. Requires a new --tls-verify flag
to actually test the code.
Also bump c/common since common/pull/1538 is required to correctly check
for updates. Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The podman-login tests have accumulated much cruft over the
years, because that's the only place where we run a local
registry, and the process was crufty: we actually start/stopped
the registry as the first & last tests of the file. Meaning,
you couldn't do 'hack/bats 150:just-one-test' because that
would skip the registry start. And just now, a completely
unrelated test has had to be shoved into the login file.
This PR revamps the whole thing, by adding a new registry helper
module that can be used anywhere. And, once the registry is
started, it just stays running until the end of tests. (This
requires BATS 1.7 or greater).
Signed-off-by: Ed Santiago <santiago@redhat.com>
For pods with bridged and slirp4netns networking we create /etc/hosts
entries to make it more convenient for the containers to address each
other. We omitted to do this for pasta networking, however. Add the
necessary code to do this.
Closes: https://github.com/containers/podman/issues/17922
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Confirm that pasta test name agrees with the test being run.
This is a development-time-only check, it must never fail
beyond CI. The idea is to prevent something like
@test "... Single TCP ... IPv4" {
pasta_test_to 6 ... udp ...
}
Signed-off-by: Ed Santiago <santiago@redhat.com>
- typo fix, a misspelled variable resulting in test being NOP
- remove unnecessary variable (followup to #19044)
- add opportunistic CONTAINERS_CONF test (followup to #19032)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure we use the config field to know if we should use pasta or
slirp4netns as default.
While at it fix broken code which sets the default at two different
places, also do not set in Validate() as this should not modify the
specgen IMO, so set it directly before that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit c2a24abc0d33cdb21681cfec63677ac29e92446c, which
itself reverted 1c08f2edac3f9ecf128cf8da91276e963e6ad14c, which
reverted e33f4e0bc7429038ba6aa82285ae8749c9037c88.
The original e33f4e0bc742 "pasta: Use two connections instead of three
in TCP range forward tests" was a workaround to avoid intermittent
errors in CI where the pasta networking port range forwarding tests
would fail. It was reverted and unreverted when we thought we'd fixed
the problem, but that turned out not to be the case.
We're now much more confident that we've genuinely found and fixed (or
at least, worked around) the underlying problem, so we revert it again.
Link: https://github.com/containers/podman/issues/17287
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
With a number of the port range forwarding tests, we've seen occasional
failures where the sending socat fails with an EINTR on connect(). This
was mitigated by e33f4e0bc742 "pasta: Use two connections instead of three
in TCP range forward tests" (which has been reverted and un-reverted
several times). However, this did not eliminate the problem, for example
see [0].
For the failing tests we are using the socat address "EXEC:printf x" to
make socat invoke printf(1) to generate a single byte of data to transfer.
Closer analysis shows that the SIGCHLD as the printf process ends is
occasionally intersecting with the connect() call causing this failure.
This is arguably a bug in socat, to not handle this race one way or
another. However, we can easily workaround the problem by using a
temporary file with the data to transfer, rather than invoking printf every
time. Do this, to avoid the flakiness of these tests.
[0]
https://github.com/containers/podman/issues/17287#issuecomment-1611855165
Closes: https://github.com/containers/podman/issues/17287
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
https://github.com/containers/podman/pull/19021 fixed bugs with the pasta
networking tests not working on hosts with multiple interfaces. Alas, the
patch left in some stale code that generates spurious error messages for
the IPv6 case. This is sort of harmless - later code overrides what's done
here and the tests can pass anyway. However if a test fails for some other
reason it means we get a misleading irrelevant error message.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
It is pretty complicated to display the secret on the host, but is
not really secured. This patch makes it easier to examine the secret.
Partial fix for https://github.com/containers/podman/issues/18667
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
[October 2022] While mucking around in this test, I noticed that
a test was being unnecessarily skipped in rootless. Reason was,
test was creating a /etc/systemd file, which it really shouldn't
have been doing anyway.
[Flash forward to June 2023] Ugh. This got complicated, so I
abandoned it. But it's flaking in CI, so one focus-push later,
here's everything that this PR fixes:
- create systemd unit file in proper (safe) path.
- create it *with proper podman options!!!* As in, the
whole --this --that --root --tmpdir options! Sheesh!
- use a pseudorandom service name, not just "redis"
- invoke systemctl/journalctl with --system or --user
as appropriate.
- remove unnecessary "bash -c"
- remove SkipIfRootless, but add SkipIfRemote
Signed-off-by: Ed Santiago <santiago@redhat.com>
At various points the pasta bats tests need to know the name of the
interface that pasta will use by default, and the host addresses it will
use by default. Currently we use the pre-existing helper functions
ether_get_name and ipv[46]_get_addr_global to retreive that.
However, those just pick the first non-loopback interface or address, which
may not be the one that pasta uses if there are multiple connected host
interfaces.
Replace those helpers with local ones which examine the routing table to
more closely match pasta's internal logic about which interface to select.
This allows the tests to run successfully on a host with multiple
interfaces.
Closes: https://github.com/containers/podman/issues/19007
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
There was a huge cut and paste of mount options which were not constent
in parsing tmpfs, bind and volume mounts. Consolidated into a single
function to guarantee all parse the same.
Fixes: https://github.com/containers/podman/issues/18995
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit was automatically cherry-picked
by buildah-vendor-treadmill v0.3
from the buildah vendor treadmill PR, #13808
Changes since 2023-05-01:
- skip a new test, it fails in remote
- skip encrypted-FROM test, broken by buildah PR 4746
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
After[1] c/image no longer prints "Storing signatures" so we should
not check for it.
[1] https://github.com/containers/image/pull/2001
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Sometimes this tests flakes but in the CI log I see all expected lines
printed but still for some reason the matcher fails.
Right now it will truncate the array so it is not possible to verify
what the matcher sees. Change this be removing the truncate limit for
this specific test only.
see #18501
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
we were silently ignoring --device-cgroup-rule in rootless mode. Make
sure an error is returned if the user tries to use it.
Closes: https://github.com/containers/podman/issues/18698
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Handle more TOCTOUs operating on listed images. Also pull in
containers/common/pull/1520 and containers/common/pull/1522 which do the
same on the internal layer tree.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2216700
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
