Proof-of-concept: set up necessary idmappings for userns_mode=auto in Container.create()

[vmsh0]

This is a proof-of-concept commit to gather initial feedback.

This addresses the issue in #493, i.e., that passing userns='auto' to Container.create() results in the option being silently ignored.

Before this patch, podman-py used to set up the userns API parameter when the userns parameter was given to Container.create(). However, upon investigation, it seems like the Podman service silently ignores the passed userns if parameter idmappings is missing.

This patch addresses this behaviour by setting up idmappings with neutral values (i.e., the values resulting in the same behaviour as the Podman client when called with --userns=auto without more specific options), while specifically retaining any explicit values passed by the user using the undocumented argument idmappings.

I am looking for some feedback about this PR:

• Is the general structure of the solution acceptable?
• I do not see any other instances where a dict merge approach is used to set up default values. Is there perhaps a better place to put the merge_dicts() function? Or would it be better altogether to merge the relatively small structure manually and avoid adding that function altogether?
• I see that, in general, integration testing is pretty minimal and doesn't cover very many of the possible use cases of podman-py. In your view, what would be a good collection of integration tests for this PR/feature? At a minimum, I will be contributing one integration test which checks that passing the userns='auto' results in a container with a private user namespace, with IDs not overlapping with the initial namespace, as that is my use case

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vmsh0
Once this PR has been reviewed and has the lgtm label, please assign mheon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rhatdan]

@giuseppe PTAL

[giuseppe]

would you be interested to try to fix it in Podman? If you are not interested/familiar with the project or language, then it is fine to fix it here

[vmsh0]

would you be interested to try to fix it in Podman? If you are not interested/familiar with the project or language, then it is fine to fix it here

I would be interested in attempting that :) I am not a Go programmer by trade, but I am probably familiar enough with it for this particular fix.

I have successfully built podman yesterday, now I'm trying to get the tests to run. Can I bother you (or someone else) if I can't get the tests to run? What is the preferred channel, GitHub or something more ephemeral (e.g., IRC)?

[inknos]

@vmsh0 maybe late to the party, but here are the comms channels :) https://github.com/containers/podman/blob/main/README.md#communications

[vmsh0]

Hi, sorry for reviving this after a year. I have twice attempted to allocate some time last year to get podman to compile and try to get this fixed, but this is just not fitting in in my life at the moment.

Would the project still be interested in the Python workaround?

[giuseppe]

is this comment a left over?

[vmsh0]

Yep. So far this patch is just a workaround I have deployed in my software to make things work, but if it is something that you would include in the library I'll clean it up and perhaps see about adding tests

[giuseppe]

@jwhonce are you fine with it?