fix: error reporting for archive endpoint #12431
Conversation
Returning 500 when copying to read-only destination. Signed-off-by: Matej Vasek <[email protected]>
|
@containers/podman-maintainers PTAL |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, giuseppe, matejvasek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
lgtm
| if err := copyFunc(); err != nil { | ||
| logrus.Error(err.Error()) | ||
| utils.Error(w, "Something went wrong.", http.StatusInternalServerError, err) |
There was a problem hiding this comment.
Per spec here, we should return 403 if the container is RO.
https://docs.podman.io/en/latest/_static/api.html#operation/PutContainerArchiveLibpod
There was a problem hiding this comment.
I've go 500 from original docker implementation so I used that.
There was a problem hiding this comment.
Interesting, their docs also says it should be a 403. I'm ok with either paths (say same behavior with docker vs say same behavior with the documentation).
https://docs.docker.com/engine/api/v1.41/#operation/ContainerArchive
There was a problem hiding this comment.
Also I am not sure if I can determine precise error here, beside doing string matching on error message. It's not necessarily perm. denied.
There was a problem hiding this comment.
Agreed. I don't see any better options than matching the error messages. Let's keep it 500 then.
There was a problem hiding this comment.
Ref: docker's implementation.
https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/daemon/archive.go#L362
There was a problem hiding this comment.
interesting I believe that I got 500 on moby on Fedora with your usecase, ReadonlyRootfs is that used only for root not mounts?
There was a problem hiding this comment.
I'm not familiar with docker source code, but that seems to be the case.
On my archlinux box, it also reports 500 (docker 20.10.11)
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Api-Version: 1.41
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/20.10.11 (linux)
< Date: Tue, 30 Nov 2021 03:32:37 GMT
< Content-Length: 99
<
{"message":"Error processing tar file(exit status 1): lchown /run/act/act: read-only file system"}
* Connection #0 to host localhost left intact
There was a problem hiding this comment.
--unix-socket /var/run/docker.sock \
-X PUT \
-T act.tar \
"http://localhost/v1.40/containers/act-CI-build/archive?noOverwriteDirNonDir=true&path=%2Fvar%2Frun%2Fact%2F"
* Trying /var/run/docker.sock:0...
* Connected to localhost (/run/docker.sock) port 80 (#0)
> PUT /v1.40/containers/act-CI-build/archive?noOverwriteDirNonDir=true&path=%2Fvar%2Frun%2Fact%2F HTTP/1.1
> Host: localhost
> User-Agent: curl/7.76.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 20480
> Expect: 100-continue
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Api-Version: 1.41
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/20.10.9 (linux)
< Date: Tue, 30 Nov 2021 03:38:05 GMT
< Content-Length: 107
<
{"message":"Error processing tar file(exit status 1): unlinkat /run/act/README.md: read-only file system"}
* Connection #0 to host localhost left intact
|
Oops, seems I'm too late to the party. @matejvasek if you could, please consider reporting |
github-actions
bot
added
the
locked - please file new issue/PR
Returning 500 when copying to read-only destination.
resolves #12420