Merge pull request #30 from nishanttotla/rename-trust-function

Moving docker service digest pinning to client side

cli/command/service/create.go

@@ -6,6 +6,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"golang.org/x/net/context"
@@ -92,7 +93,7 @@ func runCreate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *service
 		service.TaskTemplate.ContainerSpec.Configs = configs
 	}
 
-	if err := resolveServiceImageDigest(dockerCli, &service); err != nil {
+	if err := resolveServiceImageDigestContentTrust(dockerCli, &service); err != nil {
 		return err
 	}
 
@@ -106,6 +107,11 @@ func runCreate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *service
 		createOpts.EncodedRegistryAuth = encodedAuth
 	}
 
+	// query registry if flag disabling it was not set
+	if !opts.noResolveImage && versions.GreaterThanOrEqualTo(apiClient.ClientVersion(), "1.30") {
+		createOpts.QueryRegistry = true
+	}
+
 	response, err := apiClient.ServiceCreate(ctx, service, createOpts)
 	if err != nil {
 		return err

cli/command/service/opts.go

@@ -542,7 +542,8 @@ type serviceOptions struct {
 	networks       opts.ListOpts
 	endpoint       endpointOptions
 
-	registryAuth bool
+	registryAuth   bool
+	noResolveImage bool
 
 	logDriver logDriverOptions
 
@@ -797,6 +798,8 @@ func addServiceFlags(flags *pflag.FlagSet, opts *serviceOptions, defaultFlagValu
 	flags.StringVar(&opts.endpoint.mode, flagEndpointMode, defaultFlagValues.getString(flagEndpointMode), "Endpoint mode (vip or dnsrr)")
 
 	flags.BoolVar(&opts.registryAuth, flagRegistryAuth, false, "Send registry authentication details to swarm agents")
+	flags.BoolVar(&opts.noResolveImage, flagNoResolveImage, false, "Do not query the registry to resolve image digest and supported platforms")
+	flags.SetAnnotation(flagNoResolveImage, "version", []string{"1.30"})
 
 	flags.StringVar(&opts.logDriver.name, flagLogDriver, "", "Logging driver for service")
 	flags.Var(&opts.logDriver.opts, flagLogOpt, "Logging driver options")
@@ -899,6 +902,7 @@ const (
 	flagUser                    = "user"
 	flagWorkdir                 = "workdir"
 	flagRegistryAuth            = "with-registry-auth"
+	flagNoResolveImage          = "no-resolve-image"
 	flagLogDriver               = "log-driver"
 	flagLogOpt                  = "log-opt"
 	flagHealthCmd               = "health-cmd"

cli/command/service/trust.go

@@ -15,10 +15,10 @@ import (
 	"golang.org/x/net/context"
 )
 
-func resolveServiceImageDigest(dockerCli command.Cli, service *swarm.ServiceSpec) error {
+func resolveServiceImageDigestContentTrust(dockerCli command.Cli, service *swarm.ServiceSpec) error {
 	if !command.IsTrusted() {
-		// Digests are resolved by the daemon when not using content
-		// trust.
+		// When not using content trust, digest resolution happens later when
+		// contacting the registry to retrieve image information.
 		return nil
 	}
 

cli/command/service/update.go

@@ -164,9 +164,12 @@ func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, options *serv
 	}
 
 	if flags.Changed("image") {
-		if err := resolveServiceImageDigest(dockerCli, spec); err != nil {
+		if err := resolveServiceImageDigestContentTrust(dockerCli, spec); err != nil {
 			return err
 		}
+		if !options.noResolveImage && versions.GreaterThanOrEqualTo(apiClient.ClientVersion(), "1.30") {
+			updateOpts.QueryRegistry = true
+		}
 	}
 
 	updatedSecrets, err := getUpdatedSecrets(apiClient, flags, spec.TaskTemplate.ContainerSpec.Secrets)