auto-update: validate container image

[vrothberg]

Auto updates require containers to be created with a fully-qualified image reference. Short names are not supported due the ambiguity of their source registry. Initially, container creation errored out for non FQN images but it seems that Podman has regressed.

Fixes: #15879
Signed-off-by: Valentin Rothberg vrothberg@redhat.com

Does this PR introduce a user-facing change?

Auto update: error out on container creation for non-FQN images.

[vrothberg]

@rhatdan @mheon PTAL

[edsantiago]

Minor nits adding up.

Also... the first half of the test is actually applicable to podman-remote, but it is not run (all tests in this bats file are skipped on remote). Would there be any point to moving this test to another bats file? (My inclination is no, but I think it's worth an explicit decision)

[vrothberg]

Thanks for the review, @edsantiago! Wow, how much a phone call can distract me.

[vrothberg]

Would there be any point to moving this test to another bats file? (My inclination is no, but I think it's worth an explicit decision)

I do not feel strongly either way. If you have a preference, I happily move the test around.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: edsantiago, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [edsantiago,vrothberg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[edsantiago]

Is there any conceivable situation in which this could happen?

# podman create --label ... shortname:latest
Error: you can't do that
# podman-remote !*
[runs just fine]

I'm guessing no. But if there is any possible code flow where that could pass, then it might be worth adding a regression test.

[vrothberg]

Is there any conceivable situation in which this could happen?

No, there is none to my knowledge. There are various ways to create a container but all will be validated. That's why I moved it there. Initially, the check was in specgen which clearly broke at some point (also due to the missing tests).

[rhatdan]

LGTM

[mheon]

LGTM. Tests are red.

[vrothberg]

LGTM. Tests are red.

Fixed. There was a redundant test that I removed. @edsantiago, can you give your blessing for that?

[rhatdan]

/lgtm
/hold

[edsantiago]

OK hold on: is it intentional to revert #10063 then? Because it looks like that PR was deliberate. And if that will be reverted, it looks like we need many more reversions, such as to the man pages and the code?

[vrothberg]

OK hold on: is it intentional to revert #10063 then? Because it looks like that PR was deliberate. And if that will be reverted, it looks like we need many more reversions, such as to the man pages and the code?

That is a fair point. It would break backwards compat as the "local" policy allows short names. In retrospect, I think that was a bad idea but that doesn't justify breaking things. Thank you for catching, Ed.

[rhatdan]

/lgtm
/hold

[edsantiago]

/hold cancel