mirror of https://github.com/docker/cli.git
Merge pull request #30 from nishanttotla/rename-trust-function
Moving docker service digest pinning to client side
This commit is contained in:
commit
74cc280521
|
@ -6,6 +6,7 @@ import (
|
|||
"github.com/docker/cli/cli"
|
||||
"github.com/docker/cli/cli/command"
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/versions"
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/spf13/pflag"
|
||||
"golang.org/x/net/context"
|
||||
|
@ -92,7 +93,7 @@ func runCreate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *service
|
|||
service.TaskTemplate.ContainerSpec.Configs = configs
|
||||
}
|
||||
|
||||
if err := resolveServiceImageDigest(dockerCli, &service); err != nil {
|
||||
if err := resolveServiceImageDigestContentTrust(dockerCli, &service); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -106,6 +107,11 @@ func runCreate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *service
|
|||
createOpts.EncodedRegistryAuth = encodedAuth
|
||||
}
|
||||
|
||||
// query registry if flag disabling it was not set
|
||||
if !opts.noResolveImage && versions.GreaterThanOrEqualTo(apiClient.ClientVersion(), "1.30") {
|
||||
createOpts.QueryRegistry = true
|
||||
}
|
||||
|
||||
response, err := apiClient.ServiceCreate(ctx, service, createOpts)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -543,6 +543,7 @@ type serviceOptions struct {
|
|||
endpoint endpointOptions
|
||||
|
||||
registryAuth bool
|
||||
noResolveImage bool
|
||||
|
||||
logDriver logDriverOptions
|
||||
|
||||
|
@ -797,6 +798,8 @@ func addServiceFlags(flags *pflag.FlagSet, opts *serviceOptions, defaultFlagValu
|
|||
flags.StringVar(&opts.endpoint.mode, flagEndpointMode, defaultFlagValues.getString(flagEndpointMode), "Endpoint mode (vip or dnsrr)")
|
||||
|
||||
flags.BoolVar(&opts.registryAuth, flagRegistryAuth, false, "Send registry authentication details to swarm agents")
|
||||
flags.BoolVar(&opts.noResolveImage, flagNoResolveImage, false, "Do not query the registry to resolve image digest and supported platforms")
|
||||
flags.SetAnnotation(flagNoResolveImage, "version", []string{"1.30"})
|
||||
|
||||
flags.StringVar(&opts.logDriver.name, flagLogDriver, "", "Logging driver for service")
|
||||
flags.Var(&opts.logDriver.opts, flagLogOpt, "Logging driver options")
|
||||
|
@ -899,6 +902,7 @@ const (
|
|||
flagUser = "user"
|
||||
flagWorkdir = "workdir"
|
||||
flagRegistryAuth = "with-registry-auth"
|
||||
flagNoResolveImage = "no-resolve-image"
|
||||
flagLogDriver = "log-driver"
|
||||
flagLogOpt = "log-opt"
|
||||
flagHealthCmd = "health-cmd"
|
||||
|
|
|
@ -15,10 +15,10 @@ import (
|
|||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
func resolveServiceImageDigest(dockerCli command.Cli, service *swarm.ServiceSpec) error {
|
||||
func resolveServiceImageDigestContentTrust(dockerCli command.Cli, service *swarm.ServiceSpec) error {
|
||||
if !command.IsTrusted() {
|
||||
// Digests are resolved by the daemon when not using content
|
||||
// trust.
|
||||
// When not using content trust, digest resolution happens later when
|
||||
// contacting the registry to retrieve image information.
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -164,9 +164,12 @@ func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, options *serv
|
|||
}
|
||||
|
||||
if flags.Changed("image") {
|
||||
if err := resolveServiceImageDigest(dockerCli, spec); err != nil {
|
||||
if err := resolveServiceImageDigestContentTrust(dockerCli, spec); err != nil {
|
||||
return err
|
||||
}
|
||||
if !options.noResolveImage && versions.GreaterThanOrEqualTo(apiClient.ClientVersion(), "1.30") {
|
||||
updateOpts.QueryRegistry = true
|
||||
}
|
||||
}
|
||||
|
||||
updatedSecrets, err := getUpdatedSecrets(apiClient, flags, spec.TaskTemplate.ContainerSpec.Secrets)
|
||||
|
|
Loading…
Reference in New Issue