2018-11-09 09:10:41 -05:00
|
|
|
package context
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
"github.com/docker/cli/cli/context"
|
|
|
|
|
"github.com/docker/cli/cli/context/docker"
|
|
|
|
|
"github.com/docker/cli/cli/context/store"
|
|
|
|
|
"github.com/docker/docker/client"
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2019-03-22 10:20:40 -04:00
|
|
|
keyFrom = "from"
|
2018-11-09 09:10:41 -05:00
|
|
|
keyHost = "host"
|
|
|
|
|
keyCA = "ca"
|
|
|
|
|
keyCert = "cert"
|
|
|
|
|
keyKey = "key"
|
|
|
|
|
keySkipTLSVerify = "skip-tls-verify"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type configKeyDescription struct {
|
|
|
|
|
name string
|
|
|
|
|
description string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
allowedDockerConfigKeys = map[string]struct{}{
|
2019-03-22 10:20:40 -04:00
|
|
|
keyFrom: {},
|
2018-11-09 09:10:41 -05:00
|
|
|
keyHost: {},
|
|
|
|
|
keyCA: {},
|
|
|
|
|
keyCert: {},
|
|
|
|
|
keyKey: {},
|
|
|
|
|
keySkipTLSVerify: {},
|
|
|
|
|
}
|
|
|
|
|
dockerConfigKeysDescriptions = []configKeyDescription{
|
|
|
|
|
{
|
2019-03-22 10:20:40 -04:00
|
|
|
name: keyFrom,
|
|
|
|
|
description: "Copy named context's Docker endpoint configuration",
|
2018-11-09 09:10:41 -05:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: keyHost,
|
|
|
|
|
description: "Docker endpoint on which to connect",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: keyCA,
|
|
|
|
|
description: "Trust certs signed only by this CA",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: keyCert,
|
|
|
|
|
description: "Path to TLS certificate file",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: keyKey,
|
|
|
|
|
description: "Path to TLS key file",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: keySkipTLSVerify,
|
|
|
|
|
description: "Skip TLS certificate validation",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func parseBool(config map[string]string, name string) (bool, error) {
|
|
|
|
|
strVal, ok := config[name]
|
|
|
|
|
if !ok {
|
|
|
|
|
return false, nil
|
|
|
|
|
}
|
|
|
|
|
res, err := strconv.ParseBool(strVal)
|
|
|
|
|
return res, errors.Wrap(err, name)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func validateConfig(config map[string]string, allowedKeys map[string]struct{}) error {
|
|
|
|
|
var errs []string
|
|
|
|
|
for k := range config {
|
|
|
|
|
if _, ok := allowedKeys[k]; !ok {
|
linting: fmt.Sprintf can be replaced with string concatenation (perfsprint)
cli/registry/client/endpoint.go:128:34: fmt.Sprintf can be replaced with string concatenation (perfsprint)
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
^
cli/command/telemetry_docker.go:88:14: fmt.Sprintf can be replaced with string concatenation (perfsprint)
endpoint = fmt.Sprintf("unix://%s", path.Join(u.Host, u.Path))
^
cli/command/cli_test.go:195:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
opts := &flags.ClientOptions{Hosts: []string{fmt.Sprintf("unix://%s", socket)}}
^
cli/command/registry_test.go:59:24: fmt.Sprintf can be replaced with string concatenation (perfsprint)
inputServerAddress: fmt.Sprintf("https://%s", testAuthConfigs[1].ServerAddress),
^
cli/command/container/opts_test.go:338:35: fmt.Sprintf can be replaced with string concatenation (perfsprint)
if config, _, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
^
cli/command/context/options.go:79:24: fmt.Sprintf can be replaced with string concatenation (perfsprint)
errs = append(errs, fmt.Sprintf("%s: unrecognized config key", k))
^
cli/command/image/build.go:461:68: fmt.Sprintf can be replaced with string concatenation (perfsprint)
line = dockerfileFromLinePattern.ReplaceAllLiteralString(line, fmt.Sprintf("FROM %s", reference.FamiliarString(trustedRef)))
^
cli/command/image/remove_test.go:21:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("Error: No such image: %s", n.imageID)
^
cli/command/image/build/context.go:229:102: fmt.Sprintf can be replaced with string concatenation (perfsprint)
progReader := progress.NewProgressReader(response.Body, progressOutput, response.ContentLength, "", fmt.Sprintf("Downloading build context from remote url: %s", remoteURL))
^
cli/command/service/logs.go:215:16: fmt.Sprintf can be replaced with string concatenation (perfsprint)
taskName += fmt.Sprintf(".%s", task.ID)
^
cli/command/service/logs.go:217:16: fmt.Sprintf can be replaced with string concatenation (perfsprint)
taskName += fmt.Sprintf(".%s", stringid.TruncateID(task.ID))
^
cli/command/service/progress/progress_test.go:877:18: fmt.Sprintf can be replaced with string concatenation (perfsprint)
ID: fmt.Sprintf("task%s", nodeID),
^
cli/command/stack/swarm/remove.go:61:24: fmt.Sprintf can be replaced with string concatenation (perfsprint)
errs = append(errs, fmt.Sprintf("Failed to remove some resources from stack: %s", namespace))
^
cli/command/swarm/ipnet_slice_test.go:32:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
arg := fmt.Sprintf("--cidrs=%s", strings.Join(vals, ","))
^
cli/command/swarm/ipnet_slice_test.go:137:30: fmt.Sprintf can be replaced with string concatenation (perfsprint)
if err := f.Parse([]string{fmt.Sprintf("--cidrs=%s", strings.Join(test.FlagArg, ","))}); err != nil {
^
cli/compose/schema/schema.go:105:11: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("must be a %s", humanReadableType(expectedType))
^
cli/manifest/store/store.go:165:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("No such manifest: %s", n.object)
^
e2e/image/push_test.go:340:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_ROOT_PASSPHRASE=%s", pwd),
^
e2e/image/push_test.go:341:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_TARGETS_PASSPHRASE=%s", pwd),
^
e2e/image/push_test.go:342:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_SNAPSHOT_PASSPHRASE=%s", pwd),
^
e2e/image/push_test.go:343:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_DELEGATION_PASSPHRASE=%s", pwd),
^
e2e/plugin/trust_test.go:23:16: fmt.Sprintf can be replaced with string concatenation (perfsprint)
pluginName := fmt.Sprintf("%s/plugin-content-trust", registryPrefix)
^
e2e/plugin/trust_test.go:53:8: fmt.Sprintf can be replaced with string concatenation (perfsprint)
Out: fmt.Sprintf("Installed plugin %s", pluginName),
^
e2e/trust/revoke_test.go:62:57: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success)
^
e2e/trust/revoke_test.go:64:49: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)),
^
e2e/trust/revoke_test.go:68:58: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success)
^
e2e/trust/revoke_test.go:70:49: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)),
^
e2e/trust/sign_test.go:36:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
assert.Check(t, is.Contains(result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha)))
^
e2e/trust/sign_test.go:53:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
assert.Check(t, is.Contains(result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.BusyboxSha)))
^
e2e/trust/sign_test.go:65:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
assert.Check(t, is.Contains(result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha)))
^
opts/file.go:21:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("poorly formatted environment: %s", e.msg)
^
opts/hosts_test.go:26:31: fmt.Sprintf can be replaced with string concatenation (perfsprint)
"tcp://host:": fmt.Sprintf("tcp://host:%s", defaultHTTPPort),
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-10 15:07:37 -04:00
|
|
|
errs = append(errs, "unrecognized config key: "+k)
|
2018-11-09 09:10:41 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if len(errs) == 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return errors.New(strings.Join(errs, "\n"))
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-20 07:36:54 -04:00
|
|
|
func getDockerEndpoint(contextStore store.Reader, config map[string]string) (docker.Endpoint, error) {
|
2018-11-09 09:10:41 -05:00
|
|
|
if err := validateConfig(config, allowedDockerConfigKeys); err != nil {
|
|
|
|
|
return docker.Endpoint{}, err
|
|
|
|
|
}
|
2019-03-22 10:20:40 -04:00
|
|
|
if contextName, ok := config[keyFrom]; ok {
|
2023-06-20 07:36:54 -04:00
|
|
|
metadata, err := contextStore.GetMetadata(contextName)
|
2019-03-22 10:20:40 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return docker.Endpoint{}, err
|
|
|
|
|
}
|
|
|
|
|
if ep, ok := metadata.Endpoints[docker.DockerEndpoint].(docker.EndpointMeta); ok {
|
|
|
|
|
return docker.Endpoint{EndpointMeta: ep}, nil
|
|
|
|
|
}
|
|
|
|
|
return docker.Endpoint{}, errors.Errorf("unable to get endpoint from context %q", contextName)
|
2018-11-09 09:10:41 -05:00
|
|
|
}
|
|
|
|
|
tlsData, err := context.TLSDataFromFiles(config[keyCA], config[keyCert], config[keyKey])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return docker.Endpoint{}, err
|
|
|
|
|
}
|
|
|
|
|
skipTLSVerify, err := parseBool(config, keySkipTLSVerify)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return docker.Endpoint{}, err
|
|
|
|
|
}
|
|
|
|
|
ep := docker.Endpoint{
|
|
|
|
|
EndpointMeta: docker.EndpointMeta{
|
|
|
|
|
Host: config[keyHost],
|
|
|
|
|
SkipTLSVerify: skipTLSVerify,
|
|
|
|
|
},
|
|
|
|
|
TLSData: tlsData,
|
|
|
|
|
}
|
|
|
|
|
// try to resolve a docker client, validating the configuration
|
|
|
|
|
opts, err := ep.ClientOpts()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return docker.Endpoint{}, errors.Wrap(err, "invalid docker endpoint options")
|
|
|
|
|
}
|
|
|
|
|
if _, err := client.NewClientWithOpts(opts...); err != nil {
|
|
|
|
|
return docker.Endpoint{}, errors.Wrap(err, "unable to apply docker endpoint options")
|
|
|
|
|
}
|
|
|
|
|
return ep, nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-20 07:36:54 -04:00
|
|
|
func getDockerEndpointMetadataAndTLS(contextStore store.Reader, config map[string]string) (docker.EndpointMeta, *store.EndpointTLSData, error) {
|
|
|
|
|
ep, err := getDockerEndpoint(contextStore, config)
|
2018-11-09 09:10:41 -05:00
|
|
|
if err != nil {
|
|
|
|
|
return docker.EndpointMeta{}, nil, err
|
|
|
|
|
}
|
|
|
|
|
return ep.EndpointMeta, ep.TLSData.ToStoreTLSData(), nil
|
|
|
|
|
}
|
