Following flags are silently ignored when they're passed with no
`--network` specified (ie. when the default network is used):
- `--network-alias`
- `--ip`
- `--ip6`
- `--link-local-ip`
This is not really an issue right now since the first 3 parameters are
not allowed on the default bridge network. However, with
[moby/moby#45905][1], the container-wide MacAddress parameter will be
deprecated and dismissed. Because of that, with [docker/cli#4419][2],
it's currently not possible to use the `--mac-address` flag with no
default network specified.
Morever, `docker network connect --link-local-ip ...` works properly, so
it should also work on `docker container create`. This also lay the
ground for making the default bridge network just a "normal" network.
Since the 3 parameters in the list above aren't ignored anymore, if
users provide them, moby's ContainerStart endpoint will complain about
those. To provide better UX, [moby/moby#46183][3] make sure these
invalid parameters lead to a proper error message on `docker container
create` / `docker run`.
[1]: https://github.com/moby/moby/pull/45905
[2]: https://github.com/docker/cli/pull/4419
[3]: https://github.com/moby/moby/pull/46183
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Remove some redundant error-checks or combine them. Also made a small
optimisation when initialising a slice.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also make it slightly more clearer we're returning a default (empty)
policy if the input is empty.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was skipped if the host was not using UTC timezone, because the output
of timestamps would be different, causing the test to fail.
This patch overrides the TZ env-var to make the test use UTC, so that we don't
have to skip the test.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.
A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".
This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.
To verify:
- create a PAT with limited access (read-only)
- log in with your username and the PAT as password
Before this patch:
docker manifest inspect ubuntu:latest
Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes
With this patch applied:
docker manifest inspect ubuntu:latest
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 424,
"digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 424,
"digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
}
]
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.
Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.
This replaces #4079, which was bitrotted by #4218. See also #4028.
Closes#4079.
Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
The IsAutomated field is being deprecated by Docker Hub's search API and
will always be "false" in future.
This patch:
- Deprecates the field and the related "is-automated" filter
- Removes the "AUTOMATED" column from the default output of "docker search"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.
This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use consts for fixed values, and rename some for clarity
- remove testAuthErrors map and inline the logic (same as we do for other cases)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- TestSearchContext: don't use un-keyed structs
- TestSearchContext: don't use CompareMultipleValues as it was not needed
- TestSearchContextDescription: don't use un-keyed structs
- TestSearchContextDescription: don't use CompareMultipleValues as it was not needed
- TestSearchContextWrite: don't use un-keyed structs, and include the
code-comments into the test-table as names for the tests to give them
some context.
- TestSearchContextWriteJSON and TestSearchContextWriteJSONField were not
validating the output format, but validating if the JSON output could
be marshalled back to a struct. Let's just role them into TestSearchContextWrite.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.
Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
It's unused in the CLI itself, and does nothing other than
initializing a new, empty StartOptions struct.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.
Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.
We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The flag-set that was returned is a pointer to the command's Flags(), which
is in itself passed by reference (as it is modified / set up).
This patch removes the flags return, to prevent assuming it's different than
the command's flags.
While SetupRootCommand is exported, a search showed that it's only used internally,
so changing the signature should not be a problem.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This flag was kept separate from the other flags, because at the time, the
CLI code and Daemon code still used the same codebase, and shared some parts.
This option only applied to the `docker` CLI, and thus was kept separate when
migrating to Cobra in 0452ff5a4d
Now that this code is only used for the CLI (and plugins), we can move this
flag together with the other flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Albin Kerouanton
Sebastiaan van Stijn
Sebastiaan van Stijn
Bjorn Neergaard
Ed Morley
Djordje Lukic
Danial
Paweł Gronowski
Brian Goff
Evan Lezar
Laura Brehm