Add podman image scp option (#970)

* Add podman image scp option

Fix #536


---------

Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>

tests/integration/targets/podman_image/tasks/additional_tests.yml

@@ -186,6 +186,10 @@
           - extra_args_build is changed
           - "'Built image test-extra-args:latest from' in extra_args_build.actions[0]"
 
+    # SCP transport tests
+    - name: Include scp transport tests
+      include_tasks: scp.yml
+
     # Test push functionality with different transports
     - name: Test push to directory transport
       containers.podman.podman_image:

tests/integration/targets/podman_image/tasks/scp.yml

@@ -0,0 +1,155 @@
+- name: Validate scp transport behavior in podman_image
+  block:
+    - name: Fail when scp transport is used without destination
+      containers.podman.podman_image:
+        executable: "{{ test_executable | default('podman') }}"
+        name: testimage
+        pull: false
+        push: true
+        push_args:
+          transport: scp
+      register: scp_missing_dest
+      ignore_errors: true
+
+    - name: Ensure scp without dest fails with clear message
+      assert:
+        that:
+          - scp_missing_dest is failed
+          - "'push_args.dest must be provided' in scp_missing_dest.msg"
+
+
+- name: Build a local image to test scp transport idempotence
+  containers.podman.podman_image:
+    executable: "{{ test_executable | default('podman') }}"
+    name: testimage_scp
+    path: /var/tmp/build
+  register: built_local
+
+- name: Try to scp push to a fake remote (should fail on CI env without remote)
+  containers.podman.podman_image:
+    executable: "{{ test_executable | default('podman') }}"
+    name: testimage_scp
+    pull: false
+    push: true
+    push_args:
+      dest: user@server
+      transport: scp
+  register: scp_push_fake
+  ignore_errors: true
+
+- name: Ensure scp push to fake remote fails but reports action
+  assert:
+    that:
+      - built_local is changed
+      - scp_push_fake is failed
+      - scp_push_fake.actions is defined
+
+- name: Prepare SSH access to localhost for scp tests
+  block:
+
+    - name: Ensure SSH keys exist
+      ansible.builtin.shell: >-
+        ssh-keygen -b 2048 -t rsa -f {{ lookup('env','HOME') }}/.ssh/id_rsa -N "" || true
+      args:
+        creates: "{{ lookup('env','HOME') }}/.ssh/id_rsa"
+
+    - name: Get public key for user
+      ansible.builtin.command: >-
+        cat {{ lookup('env','HOME') }}/.ssh/id_rsa.pub
+      register: public_key
+
+    - name: Authorize our public key for localhost for user
+      ansible.posix.authorized_key:
+        user: "{{ lookup('env','USER') }}"
+        state: present
+        key: "{{ public_key.stdout }}"
+
+    - name: Authorize our public key for localhost for root user
+      become: true
+      ansible.posix.authorized_key:
+        user: root
+        state: present
+        key: "{{ public_key.stdout }}"
+
+    - name: Start SSH service (Ubuntu uses 'ssh')
+      ansible.builtin.systemd_service:
+        name: ssh
+        state: started
+      become: true
+      ignore_errors: true
+
+    - name: Start SSH service (fallback to 'sshd')
+      ansible.builtin.systemd_service:
+        name: sshd
+        state: started
+      become: true
+      ignore_errors: true
+
+    - name: Verify we can SSH to localhost non-interactively
+      ansible.builtin.command: >-
+        ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {{ lookup('env','USER') }}@localhost true
+
+- name: Build a local image for scp to localhost
+  containers.podman.podman_image:
+    executable: "{{ test_executable | default('podman') }}"
+    name: testimage_scp_local
+    path: /var/tmp/build
+  register: built_localhost
+
+- name: Add system connection for Podman < 5
+  ansible.builtin.command: podman system connection add local --identity {{ lookup('env','HOME') }}/.ssh/id_rsa {{ lookup('env','USER') }}@127.0.0.1
+
+- name: Add system connection for root user for Podman < 5
+  ansible.builtin.command: podman system connection add rootlocal --identity {{ lookup('env','HOME') }}/.ssh/id_rsa root@127.0.0.1
+
+- name: Push image to localhost via scp transport
+  containers.podman.podman_image:
+    executable: "{{ test_executable | default('podman') }}"
+    name: testimage_scp_local
+    pull: false
+    push: true
+    push_args:
+      dest: "local::newimage"
+      transport: scp
+  register: scp_localhost_push
+
+- name: Validate scp localhost push executed
+  assert:
+    that:
+      - built_localhost is changed
+      - scp_localhost_push is changed
+      - scp_localhost_push.actions is defined
+      - scp_localhost_push.podman_actions is defined
+      - scp_localhost_push.actions | select('search', 'image scp') | list | length > 0
+
+- name: Push image to localhost via scp transport root user
+  containers.podman.podman_image:
+    executable: "{{ test_executable | default('podman') }}"
+    name: testimage_scp_local
+    pull: false
+    push: true
+    push_args:
+      dest: "rootlocal"
+      transport: scp
+  register: scp_localhost_push
+
+- name: Validate scp localhost push executed
+  assert:
+    that:
+      - built_localhost is changed
+      - scp_localhost_push is changed
+      - scp_localhost_push.actions is defined
+      - scp_localhost_push.podman_actions is defined
+      - scp_localhost_push.actions | select('search', 'image scp') | list | length > 0
+
+- name: Ensure image is available for root user
+  become: true
+  ansible.builtin.command: >-
+    podman images --format '{{ '{{.Repository}}:{{.Tag}}' }}' testimage_scp_local
+  register: scp_localhost_root_check
+
+- name: Validate image is available for root user
+  assert:
+    that:
+      - "'testimage_scp_local:latest' in scp_localhost_root_check.stdout"
+      - scp_localhost_root_check.stderr == ''