Commit Graph

10260 Commits

Author SHA1 Message Date
Laura Brehm fcfdd7b91f
auth: add support for oauth device-code login
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow)
login flow when authenticating against the official registry.

This is achieved by adding `cli/internal/oauth`, which contains code to manage
interacting with the Docker OAuth tenant (`login.docker.com`), including launching
the device-code flow, refreshing access using the refresh-token, and logging out.

The `OAuthManager` introduced here is also made available through the `command.Cli`
interface method `OAuthManager()`.

In order to maintain compatibility with any clients manually accessing
the credentials through `~/.docker/config.json` or via credential
helpers, the added `OAuthManager` uses the retrieved access token to
automatically generate a PAT with Hub, and store that in the
credentials.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-14 19:48:04 +01:00
David Karlsson 2dd4eb06ae docs: update link to moved build context doc
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-08-13 11:48:29 +02:00
Sebastiaan van Stijn 35666cf7cb
Merge pull request #5345 from thaJeztah/connhelper_cleanups
cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure
2024-08-13 11:38:44 +02:00
Sebastiaan van Stijn 0fd3fb0840
cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure
The addSSHTimeout and disablePseudoTerminalAllocation were added in commits
a5ebe2282a and f3c2c26b10,
and called inside the Dialer function, which means they're called every
time the Dialer is called. Given that the sshFlags slice is not mutated
by the Dialer, we can call these functions once.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-12 17:28:32 +02:00
Sebastiaan van Stijn 1a7b7dd7dd
Merge pull request #5320 from trajano/patch-1
disable pseudoterminal creation
2024-08-12 16:59:47 +02:00
Archimedes Trajano f3c2c26b10
disable pseudoterminal creation
avoided the join, also did manual iteration

added test, also added reflect for the DeepEqual comparison

Signed-off-by: Archimedes Trajano <developer@trajano.net>
2024-08-12 16:53:49 +02:00
David Karlsson 211a5403b3
Merge pull request #5342 from dvdksn/docs-update-internal-links
docs: update internal links after refactor
2024-08-12 10:10:05 +02:00
David Karlsson d4a362aa1c docs: update internal links after refactor
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-08-11 16:58:08 +02:00
Sebastiaan van Stijn 471862b122
Merge pull request #5323 from jongwu/fix_bps_limit
run: fix GetList return empty issue for throttledevice
2024-08-09 19:46:23 +02:00
David Karlsson fc3e949a66
Merge pull request #5338 from dvdksn/fix-proxy-doclink
docs: fix link to http proxy document
2024-08-09 19:11:04 +02:00
David Karlsson 78a8fba2cc docs: fix link to http proxy document
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-08-09 18:19:58 +02:00
Paweł Gronowski c537fb9f48
Merge pull request #5332 from thaJeztah/bump_engine
vendor: github.com/docker/docker 2269acc7a31d (master, v-next)
2024-08-09 09:45:24 +02:00
Sebastiaan van Stijn 6440816c7c
vendor: github.com/docker/docker 2269acc7a31d (master, v-next)
removes (indirect) dependencie on the moby/sys/user/userns package, which
was retracted and moved to moby/sys/userns

- full diff: f3cf9359bd...2269acc7a3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-08 13:37:58 +02:00
Sebastiaan van Stijn 7fc8802889
Merge pull request #5330 from vvoland/vendor-docker-master
vendor: github.com/docker/docker master  (f3cf9359bdf6)
2024-08-08 12:09:30 +02:00
Paweł Gronowski 91b173e69f
Merge pull request #5316 from thaJeztah/add_security
add security policy
2024-08-08 11:48:43 +02:00
Paweł Gronowski b8a53ee340
vendor: github.com/docker/docker master (f3cf9359bdf6)
full diff: 2b1097f080...f3cf9359bd

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-08-08 11:44:02 +02:00
Sebastiaan van Stijn 0052d2ce05
Merge pull request #5327 from laurazard/fix-panic-pluginserver
plugins: don't panic on Close if PluginServer nil
2024-08-07 17:16:00 +02:00
Laura Brehm 9c4480604e
plugins: don't panic on Close if PluginServer nil
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-07 14:04:31 +01:00
Sebastiaan van Stijn 87c6624cb7
Merge pull request #5324 from vvoland/update-go-1.21.13
update to go1.21.13
2024-08-07 12:01:32 +02:00
Paweł Gronowski 434d8b75e8
update to go1.21.13
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.13+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.12...go1.21.13

go1.21.13 (released 2024-08-06) includes fixes to the go command, the
covdata command, and the bytes package. See the [Go 1.21.13 milestone](https://github.com/golang/go/issues?q=milestone%3AGo1.21.13+label%3ACherryPickApproved)
on our issue tracker for details.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-08-07 11:49:40 +02:00
Jianyong Wu 73e78a5822 run: fix GetList return empty issue for throttledevice
Test "--device-read-bps" "--device-write-bps" will fail. The root
cause is that GetList helper return empty as its local variable
initialized to zero size.

This patch fix it by setting the related slice size to non-zero.

Signed-off-by: Jianyong Wu <wujianyong@hygon.cn>
Fixes: #5321
2024-08-07 02:48:39 +00:00
Sebastiaan van Stijn e29292f921
add security policy
Based on the security policy in the Moby repository (with the name
of the project changed, and a link to to the Moby documentation for
maintained branches).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-05 11:58:34 +02:00
Laura Brehm 78de7da660
Merge pull request #5310 from thaJeztah/gha_permissions
gha: set permissions to read-only by default
2024-08-02 11:26:06 +01:00
Laura Brehm 93ee2e6638
Merge pull request #5311 from thaJeztah/vendor_otel_trace
vendor: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0
2024-08-02 11:25:20 +01:00
Sebastiaan van Stijn 40a5b297b6
vendor: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0
commit 89db01ef97 added these tracing modules
as dependency, but did not require the otlptracehttp module. This module
was added later through f0a29af0f3 as indirect
dependency for docker/docker. The otlptracehttp and otlptracegrpc modules
have no dependency between each-other, but similar to their otlpmetric
cousins, are preferred to be on the same version.

This patch aligns their versions. No changes in vendored code;

full diff: https://github.com/open-telemetry/opentelemetry-go/compare/exporters/otlp/otlptrace/otlptracehttp/v1.19.0...exporters/otlp/otlptrace/otlptracehttp/v1.21.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-31 22:28:36 +02:00
Sebastiaan van Stijn e4d99b4b60
gha: set permissions to read-only by default
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-31 14:19:02 +02:00
Laura Brehm ddd4c39930
Merge pull request #5303 from laurazard/fix-flaky-runattach-test
tests/run: fix flaky `RunAttachTermination` test
2024-07-29 13:43:31 +01:00
Laura Brehm eac83574c1
tests/run: fix flaky `RunAttachTermination` test
This test was just incorrect (and testing incorrect
behavior): it was checking that `docker run` exited with a `context
canceled` error after signalling the CLI/cancelling the command's
context, but this was incorrect (and was fixed in
991b1303da - which was when this test
started failing).

However, since this test assertion was happening inside of a goroutine,
it would sometimes pass if this assertion didn't get to run before the
test suite terminated. It was flaky because sometimes this assertion
inside the goroutine did get to execute, but after the test finished
execution, which is a big no-no.

As an aside, assertions inside goroutines are generally bad, and `govet`
even has a linter for this (but it only catches `t.Fatal` and `t.FailNow`
calls and not `assert.Xx`.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-29 13:29:12 +01:00
Paweł Gronowski 393de5f44f
Merge pull request #5252 from thaJeztah/migrate_userns
vendor: docker/docker 2b1097f08088 (removes containerd dependency)
2024-07-26 16:25:11 +02:00
Laura Brehm bc7e64d425
Merge pull request #5297 from laurazard/fix-context-cancel-attach-exit-code
attach: wait for exit code from `ContainerWait`
2024-07-26 14:11:01 +01:00
Laura Brehm 7b46bfc5ac
attach: wait for exit code from `ContainerWait`
Such as with `docker run`, if a user CTRL-Cs while attached to a
container, we should forward the signal and wait for the exit from
`ContainerWait`, instead of just returning.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-26 14:05:31 +01:00
Sebastiaan van Stijn f0a29af0f3
vendor: docker/docker 2b1097f08088 (removes containerd dependency)
full diff: aae044039c...2b1097f080

The userns package in libcontainer was integrated into the moby/sys/user
module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d.

The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.

[3778ae603c706494fd1e2c2faf83b406e38d687d]: 3778ae603c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:57:30 +02:00
Sebastiaan van Stijn b34e8e4dff
vendor: github.com/moby/sys/sequential v0.6.0
full diff: https://github.com/moby/sys/compare/sequential/v0.5.0...sequential/v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:56:13 +02:00
Sebastiaan van Stijn ea37ac9bac
vendor: github.com/moby/sys/symlink v0.3.0
full diff: https://github.com/moby/sys/compare/symlink/v0.2.0...symlink/v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:55:23 +02:00
Sebastiaan van Stijn 435c658333
vendor: github.com/moby/sys/signal v0.7.1
full diff: https://github.com/moby/sys/compare/signal/v0.7.0...signal/v0.7.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:54:29 +02:00
Sebastiaan van Stijn 501904d48f
vendor: golang.org/x/sys v0.22.0
full diff: https://github.com/golang/sys/compare/v0.21.0...v0.22.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:53:35 +02:00
Laura Brehm 826fc32e82
Merge pull request #5298 from laurazard/fix-linter
lint: replace deprecated linter names
2024-07-25 12:37:19 +01:00
Laura Brehm cc4163296f
lint: replace deprecated linter names
`megacheck` has been deprecated/split into `gosimple`, `staticcheck`,
and `unused`, which we're already using.

d2b439faa5/pkg/lint/lintersdb/validator_test.go (L227)

`vet` is now `govet`.

d2b439faa5/pkg/lint/lintersdb/validator_test.go (L228)

For more context, see: https://github.com/golangci/golangci-lint/pull/4562

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-25 12:18:50 +01:00
Sebastiaan van Stijn 788e99620d
Merge pull request #5295 from laurazard/fix-context-cancel-attach
attach: don't return context cancelled error
2024-07-25 02:00:26 +02:00
Laura Brehm 66aa0f672c
attach: don't return context cancelled error
In 3f0d90a2a9 we introduced a global
signal handler and made sure all the contexts passed into command
execution get (appropriately) cancelled when we get a SIGINT.

Due to that change, and how we use this context during `docker attach`,
we started to return the context cancelation error when a user signals
the running `docker attach`.

Since this is the intended behavior, we shouldn't return an error, so
this commit adds checks to ignore this specific error in this case.

Also adds a regression test.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-25 00:49:33 +01:00
Sebastiaan van Stijn 0cc1b8c0df
Merge pull request #5289 from thaJeztah/remove_ubuntu_23.10
docs: refresh image versions in examples
2024-07-24 13:11:35 +02:00
Laura Brehm 1e0f669b00
Merge pull request #5291 from laurazard/fix-all-the-flaky-connhelper-tests
tests: fix other flaky `connhelper` tests
2024-07-24 12:03:55 +01:00
Laura Brehm 4a7388f0dd
tests: fix other flaky `connhelper` tests
Follow up to cc68c66c95 (there were more
tests with incorrect syntax).

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-24 11:52:23 +01:00
Laura Brehm 1055536c5c
Merge pull request #5290 from laurazard/fix-flaxy-connhelper-test
Fix flaky `TestCloseRunningCommand` test
2024-07-24 11:03:24 +01:00
Laura Brehm cc68c66c95
tests: fix flaxy `TestCloseRunningCommand` test
Looks like this test was failing due to bad syntax on the `while` loop,
which caused it to die after 1 second. If the test took a bit longer,
the process would be dead before the following assertions run, causing
the test to fail/be flaky.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-24 10:31:45 +01:00
Sebastiaan van Stijn b36522b473
docs: refresh image versions in examples
use current LTS versions of ubuntu where suitable, remove uses of
ubuntu:23.10 (which reache EOL), and and update some other examples
to use more current versions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-24 09:47:36 +02:00
Paweł Gronowski a69c0365b6
Merge pull request #5273 from thaJeztah/vendor_containerd_1.7.20
vendor: github.com/containerd/containerd v1.7.20
2024-07-23 14:59:23 +02:00
Laura Brehm 8f20c9a238
Merge pull request #5259 from thaJeztah/move_file_warning
cli/config/credentials: move warning to fileStore
2024-07-22 17:59:14 +01:00
Sebastiaan van Stijn d5f90ed547
Merge pull request #5236 from thaJeztah/cleanup_run_errors
cli/command/container: remove reportError, and put StatusError to use
2024-07-22 17:56:16 +02:00
Sebastiaan van Stijn 6559d86217
Merge pull request #5145 from psaintlaurent/ENGINE-903
Add OomScoreAdj to "docker service create" and "docker compose"
2024-07-19 19:09:28 +02:00