Container command arguments treated as arguments to podman run

[Viktor45]

Podlet parses all arguments as podman arguments, instead to parse it like podman container arguments.

Here is the example.

Command to run container with extra container arguments.

podman run --replace --net=host \
--cap-add=NET_ADMIN --cap-add=SYS_ADMIN --cap-add=CAP_MKNOD --security-opt="label=disable" \
-v /var/app/list.txt:/list.txt:z \
--device=/dev/net/tun --device=/dev/null \
--name cdpi -d localhost/my-cdpi:latest -d 1 -s 1 -H /list.txt

Note the extra container arguments -d 1 -s 1 -H /list.txt.

Command to generate podlet from running containers
podlet generate container cdpi

Got error:

Error:
0: error creating Quadlet file(s) from an existing object
1: error parsing Podman container command from ["podman", "run", "--replace", "--net=host", "--cap-add=NET_ADMIN", "--cap-add=SYS_ADMIN", "--cap-add=CAP_MKNOD", "--security-opt=label=disable", "-v", "/var/app/list.txt:/list.txt:z", "--device=/dev/net/tun", "--device=/dev/null", "--name", "cdpi", "-d", "localhost/my-cdpi:latest", "-d", "1", "-s", "1", "-H", "/list.txt"]
2: error: the argument '--detach' cannot be used multiple times

2: Usage: podlet [OPTIONS] [COMMAND]...

  For more information, try '--help'.

2:

Location:
src/cli/generate.rs:152

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⋮ 1 frame hidden ⋮
2: ::ext_report::h8eff283722d67991
at :
3: podlet::cli::generate::ContainerParser::from_container::hd917c4d329b2876c
at :
4: podlet::cli::generate::Generate::try_into_quadlet_files::hdb29da458a256c5d
at :
5: podlet::cli::Cli::try_into_files::h272c29d01695c5cd
at :
6: podlet::cli::Cli::print_or_write_files::h7a108ecbab21c253
at :
7: podlet::main::hcdc3a3cc51275317
at :
8: std::sys_common::backtrace::__rust_begin_short_backtrace::hbb3b36e6fe2a6b73
at :
9: std::rt::lang_start::{{closure}}::hdcdbeec9943261a6
at :
10: core::ops::function::impls::<impl core::ops::function::FnOnce for &F>::call_once::h52f5991f9ab8b369
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/core/src/ops/function.rs:284
11: std::panicking::try::do_call::h0ac4bee9a397a1bf
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/panicking.rs:552
12: std::panicking::try::hc005decaf198d0ed
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/panicking.rs:516
13: std::panic::catch_unwind::hb0f967d870b2a382
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/panic.rs:146
14: std::rt::lang_start_internal::{{closure}}::hd140b84b0efe534b
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/rt.rs:148
15: std::panicking::try::do_call::h1ddfaf1d0d576c38
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/panicking.rs:552
16: std::panicking::try::hdd4bdf855547659f
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/panicking.rs:516
17: std::panic::catch_unwind::h276ba91c7706110c
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/panic.rs:146
18: std::rt::lang_start_internal::h103c42a9c4e95084
at /rustc/9b00956e56009bab2aa15d7bff10916599e3d6d6/library/std/src/rt.rs:148
19: main
at :
20: __libc_start_call_main
at :
21: __libc_start_main_impl
at :
22: _start
at :

[k9withabone]

Due to the way clap is parsing arguments for the container command (set to a trailing_var_arg, see cli::container::Container) and that you have -d as the first argument after the image, it's being treated as a second --detach. It's not "all arguments" as you claimed. This can be confirmed with the following command, switching -d 1 and -s 1:

podlet podman run --replace --net=host \
  --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --cap-add=CAP_MKNOD --security-opt="label=disable" \
  -v /var/app/list.txt:/list.txt:z \
  --device=/dev/net/tun --device=/dev/null \
  --name cdpi -d localhost/my-cdpi:latest -s 1 -d 1 -H /list.txt

Which successfully generates the .container file:

# cdpi.container
[Container]
AddCapability=NET_ADMIN SYS_ADMIN CAP_MKNOD
AddDevice=/dev/net/tun
AddDevice=/dev/null
ContainerName=cdpi
Exec=-s 1 -d 1 -H /list.txt
Image=localhost/my-cdpi:latest
Network=host
SecurityLabelDisable=true
Volume=/var/app/list.txt:/list.txt:z

trailing_var_arg positional arguments (with allow_hyphen_values set) start collecting values at the first unrecognized argument (-s in the above example) or after -- (e.g., podlet podman run image -- command).

Unfortunately, I can't think of a good solution to this problem. The only thing I can think of is to combine the image and command fields/arguments in cli::container::Container (also removing allow_hyphen_values) and then separate out the image in the conversion. However, that screws up the usage and arguments in the help for podlet podman run, so that's no good. Hopefully someone can come up with a better solution.