Merge pull request containers#20966 from ygalblum/kube-play-build-pri…

…vate-reg Kube Play - pass arguments to build
baude · Dec 14, 2023 · fb9e9de · fb9e9de
2 parents 9c16f1b + d026ccf
commit fb9e9de
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 0 deletions.
diff --git a/cmd/podman/kube/play.go b/cmd/podman/kube/play.go
@@ -12,6 +12,7 @@ import (
 	"strings"
 	"syscall"
 
+	buildahParse "github.com/containers/buildah/pkg/parse"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/image/v5/types"
@@ -219,6 +220,13 @@ func play(cmd *cobra.Command, args []string) error {
 	}
 	if cmd.Flags().Changed("build") {
 		playOptions.Build = types.NewOptionalBool(playOptions.BuildCLI)
+		if playOptions.Build == types.OptionalBoolTrue {
+			systemContext, err := buildahParse.SystemContextFromOptions(cmd)
+			if err != nil {
+				return err
+			}
+			playOptions.SystemContext = systemContext
+		}
 	}
 	if cmd.Flags().Changed("authfile") {
 		if err := auth.CheckAuthFile(playOptions.Authfile); err != nil {

diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
@@ -75,6 +75,8 @@ type PlayKubeOptions struct {
 	PublishAllPorts bool
 	// Wait - indicates whether to return after having created the pods
 	Wait bool
+	// SystemContext - used when building the image
+	SystemContext *types.SystemContext
 }
 
 // PlayKubePod represents a single pod and associated containers created by play kube

diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
@@ -1025,6 +1025,7 @@ func (ic *ContainerEngine) getImageAndLabelInfo(ctx context.Context, cwd string,
 		}
 		buildOpts.Isolation = isolation
 		buildOpts.CommonBuildOpts = commonOpts
+		buildOpts.SystemContext = options.SystemContext
 		buildOpts.Output = container.Image
 		buildOpts.ContextDirectory = filepath.Dir(buildFile)
 		buildOpts.ReportWriter = writer

diff --git a/test/system/700-play.bats b/test/system/700-play.bats
@@ -5,6 +5,7 @@
 
 load helpers
 load helpers.network
+load helpers.registry
 
 # This is a long ugly way to clean up pods and remove the pause image
 function teardown() {
@@ -934,3 +935,46 @@ spec:
     run_podman pod rm -a
     run_podman rm -a
 }
+
+@test "podman play --build private registry" {
+    skip_if_remote "--build is not supported in context remote"
+
+    local registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT}
+    local from_image=$registry/quadlet_image_test:$(random_string)
+    local authfile=$PODMAN_TMPDIR/authfile.json
+
+    mkdir -p $PODMAN_TMPDIR/userimage
+    cat > $PODMAN_TMPDIR/userimage/Containerfile << _EOF
+from $from_image
+USER bin
+_EOF
+
+    # Start the registry and populate the authfile that we can use for the test.
+    start_registry
+    run_podman login --authfile=$authfile \
+        --tls-verify=false \
+        --username ${PODMAN_LOGIN_USER} \
+        --password ${PODMAN_LOGIN_PASS} \
+        $registry
+
+    # Push the test image to the registry
+    run_podman image tag $IMAGE $from_image
+    run_podman image push --tls-verify=false --authfile=$authfile $from_image
+
+    # Remove the local image to make sure it will be pulled again
+    run_podman image rm --ignore $from_image
+
+    _write_test_yaml command=id image=userimage
+    run_podman 125 play kube --build --start=false $PODMAN_TMPDIR/test.yaml
+    assert "$output" "=~" \
+        "Error: short-name resolution enforced but cannot prompt without a TTY|Resolving \"userimage\" using unqualified-search registries" \
+        "The error message does match any of the expected ones"
+
+    run_podman play kube --replace --context-dir=$PODMAN_TMPDIR --tls-verify=false --authfile=$authfile --build --start=false $PODMAN_TMPDIR/test.yaml
+    run_podman inspect --format "{{ .Config.User }}" test_pod-test
+    is "$output" bin "expect container within pod to run as the bin user"
+
+    run_podman stop -a -t 0
+    run_podman pod rm -t 0 -f test_pod
+    run_podman rmi -f userimage:latest $from_image
+}