feat: Implement autoupdate endpoint in libpod REST API

cmd/podman/auto-update.go

@@ -31,7 +31,6 @@ var (
   or similar units that create new containers in order to run the updated images.
   Please refer to the podman-auto-update(1) man page for details.`
 	autoUpdateCommand = &cobra.Command{
-		Annotations:       map[string]string{registry.EngineMode: registry.ABIMode},
 		Use:               "auto-update [options]",
 		Short:             "Auto update containers according to their auto-update policy",
 		Long:              autoUpdateDescription,

hack/swagger-check

@@ -343,6 +343,11 @@ sub operation_name {
         $main   = 'image';
         $action = $1;
     }
+    # Top-level autoupdate endpoint
+    elsif ($main eq 'autoupdate') {
+        $main   = 'autoupdate';
+        $action = '';
+    }
     # Top-level system endpoints
     elsif ($main =~ /^(auth|event|info|version)$/) {
         $main   = 'system';

pkg/api/handlers/libpod/autoupdate.go

@@ -0,0 +1,53 @@
+//go:build !remote
+
+package libpod
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/containers/podman/v5/libpod"
+	"github.com/containers/podman/v5/pkg/api/handlers/utils"
+	api "github.com/containers/podman/v5/pkg/api/types"
+	"github.com/containers/podman/v5/pkg/domain/entities"
+	"github.com/containers/podman/v5/pkg/domain/infra/abi"
+	"github.com/containers/podman/v5/pkg/errorhandling"
+	"github.com/gorilla/schema"
+	"go.podman.io/image/v5/types"
+)
+
+func AutoUpdate(w http.ResponseWriter, r *http.Request) {
+	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+
+	query := struct {
+		Authfile  string `schema:"authfile"`
+		DryRun    bool   `schema:"dryRun"`
+		Rollback  bool   `schema:"rollback"`
+		TLSVerify bool   `schema:"tlsVerify"`
+	}{
+		TLSVerify: true,
+	}
+
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	containerEngine := abi.ContainerEngine{Libpod: runtime}
+
+	options := entities.AutoUpdateOptions{
+		Authfile:              query.Authfile,
+		DryRun:                query.DryRun,
+		Rollback:              query.Rollback,
+		InsecureSkipTLSVerify: types.NewOptionalBool(!query.TLSVerify),
+	}
+
+	allReports, failures := containerEngine.AutoUpdate(r.Context(), options)
+	if allReports == nil {
+		utils.Error(w, http.StatusInternalServerError, errorhandling.JoinErrors(failures))
+		return
+	}
+
+	utils.WriteResponse(w, http.StatusOK, allReports)
+}

pkg/api/handlers/swagger/responses.go

@@ -520,3 +520,10 @@ type artifactPushResponse struct {
 	// in:body
 	Body entities.ArtifactPushReport
 }
+
+// Auto Update
+// swagger:response
+type autoupdateResponse struct {
+	// in:body
+	Body []*entities.AutoUpdateReport
+}

pkg/api/server/register_autoupdate.go

@@ -0,0 +1,52 @@
+//go:build !remote
+
+package server
+
+import (
+	"net/http"
+
+	"github.com/containers/podman/v5/pkg/api/handlers/libpod"
+	"github.com/gorilla/mux"
+)
+
+func (s *APIServer) registerAutoUpdateHandlers(r *mux.Router) error {
+	// swagger:operation POST /libpod/autoupdate libpod AutoupdateLibpod
+	// ---
+	// tags:
+	//   - autoupdate
+	// summary: Auto update
+	// description: |
+	//   Auto update containers according to their auto-update policy.
+	//
+	//   Auto-update policies are specified with the "io.containers.autoupdate" label.
+	//   Containers are expected to run in systemd units created with "podman-generate-systemd --new",
+	//   or similar units that create new containers in order to run the updated images.
+	//   Please refer to the podman-auto-update(1) man page for details.
+	// parameters:
+	//   - in: query
+	//     name: authfile
+	//     type: string
+	//     description: Authfile to use when contacting registries.
+	//   - in: query
+	//     name: dryRun
+	//     type: boolean
+	//     description: Only check for but do not perform any update. If an update is pending, it will be indicated in the Updated field.
+	//   - in: query
+	//     name: rollback
+	//     type: boolean
+	//     description: If restarting the service with the new image failed, restart it another time with the previous image.
+	//   - in: query
+	//     name: tlsVerify
+	//     type: boolean
+	//     default: true
+	//     description: Require HTTPS and verify signatures when contacting registries.
+	// produces:
+	//   - application/json
+	// responses:
+	//   200:
+	//     $ref: "#/responses/autoupdateResponse"
+	//   500:
+	//     $ref: '#/responses/internalError'
+	r.HandleFunc(VersionedPath("/libpod/autoupdate"), s.APIHandler(libpod.AutoUpdate)).Methods(http.MethodPost)
+	return nil
+}

pkg/api/server/server.go

@@ -113,6 +113,7 @@ func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.Ser
 		server.registerAuthHandlers,
 		server.registerArtifactHandlers,
 		server.registerArchiveHandlers,
+		server.registerAutoUpdateHandlers,
 		server.registerContainersHandlers,
 		server.registerDistributionHandlers,
 		server.registerEventsHandlers,

pkg/api/tags.yaml

@@ -1,6 +1,8 @@
 tags:
     - name: artifacts
       description: Actions related to artifacts
+    - name: autoupdate
+      description: Actions related to auto update
     - name: containers
       description: Actions related to containers
     - name: exec

pkg/bindings/auto-update/auto-update.go

@@ -0,0 +1,52 @@
+package autoupdate
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+
+	"github.com/containers/podman/v5/pkg/auth"
+	"github.com/containers/podman/v5/pkg/bindings"
+	"github.com/containers/podman/v5/pkg/domain/entities"
+	imageTypes "go.podman.io/image/v5/types"
+)
+
+func AutoUpdate(ctx context.Context, options *AutoUpdateOptions) ([]*entities.AutoUpdateReport, []error) {
+	conn, err := bindings.GetClient(ctx)
+	if err != nil {
+		return nil, []error{err}
+	}
+	if options == nil {
+		options = new(AutoUpdateOptions)
+	}
+
+	params, err := options.ToParams()
+	if err != nil {
+		return nil, []error{err}
+	}
+	// InsecureSkipTLSVerify is special.  We need to delete the param added by
+	// ToParams() and change the key and flip the bool
+	if options.InsecureSkipTLSVerify != nil {
+		params.Del("SkipTLSVerify")
+		params.Set("tlsVerify", strconv.FormatBool(!options.GetInsecureSkipTLSVerify()))
+	}
+
+	header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, "", "")
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	response, err := conn.DoRequest(ctx, nil, http.MethodPost, "/autoupdate", params, header)
+	if err != nil {
+		return nil, []error{err}
+	}
+	defer response.Body.Close()
+
+	var reports []*entities.AutoUpdateReport
+
+	if err := response.Process(&reports); err != nil {
+		return nil, []error{err}
+	}
+
+	return reports, nil
+}

pkg/bindings/auto-update/types.go

@@ -0,0 +1,19 @@
+package autoupdate
+
+// AutoUpdateOptions are the options for running auto-update
+//
+//go:generate go run ../generator/generator.go AutoUpdateOptions
+type AutoUpdateOptions struct {
+	// Authfile to use when contacting registries.
+	Authfile *string
+	// Only check for but do not perform any update.  If an update is
+	// pending, it will be indicated in the Updated field of
+	// AutoUpdateReport.
+	DryRun *bool
+	// If restarting the service with the new image failed, restart it
+	// another time with the previous image.
+	Rollback *bool
+	// Allow contacting registries over HTTP, or HTTPS with failed TLS
+	// verification. Note that this does not affect other TLS connections.
+	InsecureSkipTLSVerify *bool
+}

pkg/domain/infra/tunnel/auto-update.go

@@ -2,11 +2,21 @@ package tunnel
 
 import (
 	"context"
-	"errors"
 
+	autoupdate "github.com/containers/podman/v5/pkg/bindings/auto-update"
 	"github.com/containers/podman/v5/pkg/domain/entities"
+	"go.podman.io/image/v5/types"
 )
 
-func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) ([]*entities.AutoUpdateReport, []error) {
-	return nil, []error{errors.New("not implemented")}
+func (ic *ContainerEngine) AutoUpdate(ctx context.Context, opts entities.AutoUpdateOptions) ([]*entities.AutoUpdateReport, []error) {
+	options := new(autoupdate.AutoUpdateOptions).WithAuthfile(opts.Authfile).WithDryRun(opts.DryRun).WithRollback(opts.Rollback)
+	if s := opts.InsecureSkipTLSVerify; s != types.OptionalBoolUndefined {
+		if s == types.OptionalBoolTrue {
+			options.WithInsecureSkipTLSVerify(true)
+		} else {
+			options.WithInsecureSkipTLSVerify(false)
+		}
+	}
+
+	return autoupdate.AutoUpdate(ic.ClientCtx, options)
 }