The docker CLI matches objects either by ID _prefix_
or a full name match, but not partial name matches.
The correct order of resolution is;
- Full ID match (a name should not be able to mask an ID)
- Full name
- ID-prefix
This patch changes the way services are matched.
Also change to use the first matching service, if there's a
full match (by ID or Name) instead of continue looking for
other possible matches.
Error handling changed;
- Do not error early if multiple services were requested
and one or more services were not found. Print the
services that were not found after printing those that
_were_ found instead
- Print an error if ID-prefix matching is ambiguous
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Volumes tend to carry important data and pruning them on `docker system
prune` can easily cause unwanted data loss.
Let's play it safe and not prune volumes on `system prune` by default,
and instead provide an option.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The current implementation of the ElectAuthServer doesn't handle well when the
default Registry server is not included in the response from the daemon Info
endpoint.
That leads to the storage and usage of the credentials for the default registry
(`https://index.docker.io/v1/`) under an empty string on the client config file.
Sample config file after a login via a Docker Daemon without Registry
information:
```json
{
"auths": {
"": {
"auth": "***"
}
}
}
```
That can lead to duplication of the password for the default registry and
authentication failures against the default registry if a pull/push is performed
without first authenticating via the misbehaving daemon.
Also, changes the output of the warning message from stdout to sdterr as
per dnephin suggestion.
Signed-off-by: Marcus Martins <marcus@docker.com>
be attached to special networks such as host and bridge. This fix brings
in the required changes to make sure the stack file accepts these
networks as well.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
If use docker attach command to attach to a stop container, it will return
"You cannot attach to a stopped container" error, it's ok, but when
attach to a running container, it(docker attach) use inspect to check
the container's state, if it pass the state check on the client side,
and then the container is stopped, docker attach command still attach to
the container and not exit.
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
It has been refactored to a hijackedIOStreamer type which has several
methods which are used to prepare input and handle streaming the input
and output separately.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
The docker/client package was updated to support the updated Container
Wait API functionality. The run and start commands have been updated to
use the new wait features.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This adds a pretty template for both inspect subcommands. For configs,
it's particularly useful because it's a way to expose the config payload
in the CLI in a non-base64-encoded way.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This command inserts a variable amount of padding in the log line:
padding := strings.Repeat(" ", f.padding-getMaxLength(task.Slot))
If the service is scaled up, or the slot numbers are noncontiguous, the
subtraction can underflow, causing a crash.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Michael Friis <friism@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This mess things up using the `Substitute` method from
outside (i.e. the error is nil but not nil kinda)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The `read_only` key in a composefile is not taken into account right
now. Now that services support `--read-only`, so should `stack deploy`
Ref: moby/moby#32994
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
responses to the CLI. In `node ls`, display only whether the nodes' TLS
info matches the cluster's TLS info, or whether the node needs cert rotation.
Signed-off-by: Ying Li <ying.li@docker.com>
Commit bb5dfdb8c5acd48f17498b111db360820a50baec added a
labels option to the docker-compose file format, but
added it to the 3.2 schema.
This patch moves the change to the 3.3 schema
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Colin Hebert <hebert.colin@gmail.com>
- The cli version defaults to "unknown-version" unless set via the VERSION env var
- The commit version can be overridden via GITCOMMIT env var
- The build time can be overridden via BUILDTIME env var
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This is necessary in order to avoid execId leaks in the case where a
`docker exec -it` is run without a terminal available for the client.
You can reproduce this issue by running the following command many
times.
% nohup docker exec -it some_container true
The container `some_container` will have execIDs that will never
normally be cleaned up (because the client died before they were
started).
In addition, this patch adds a docker-inspect step to ensure that we
give "container does not exist" errors consistently.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This is synonymous with `docker run --cidfile=FILE` and writes the digest of
the newly built image to the named file. This is intended to be used by build
systems which want to avoid tagging (perhaps because they are in CI or
otherwise want to avoid fixed names which can clash) by enabling e.g. Makefile
constructs like:
image.id: Dockerfile
docker build --iidfile=image.id .
do-some-more-stuff: image.id
do-stuff-with <image.id
Currently the only way to achieve this is to use `docker build -q` and capture
the stdout, but at the expense of losing the build output.
In non-silent mode (without `-q`) with API >= v1.29 the caller will now see a
`JSONMessage` with the `Aux` field containing a `types.BuildResult` in the
output stream for each image/layer produced during the build, with the final
one being the end product. Having all of the intermediate images might be
interesting in some cases.
In silent mode (with `-q`) there is no change, on success the only output will
be the resulting image digest as it was previosuly.
There was no wrapper to just output an Aux section without enclosing it in a
Progress, so add one here.
Added some tests to integration cli tests.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This new flag will allow the configuration of an interface that
can be used for data path traffic to be isolated from control
plane traffic. This flag is simply percolated down to libnetwork
and will be used by all the global scope drivers (today overlay)
Negative test added for invalid flag arguments
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
swarmkit's API type. Make sure this parameter gets propagated to
swarmkit, and also add an extra option to the CLI when providing
external CAs to parse the CA cert from a file.
Signed-off-by: Ying Li <ying.li@docker.com>
These tests were caught in the crossfire of the transition to testify.
testify has a few subtle differences from the similar custom framework
it replaced:
- Error behaves differently
- Equal takes its arguments in a different order
This PR also takes the opportunity to use a few shorthands from testify,
such as Len, True, and False.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This avoids issues when copy/pasting between different shells on
different OSes, which may not all support `\` as a continuation
character.
Fixes#32725
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
Whitelist some existing offenders, and use a high limit for now.
This limit should decrese over time.
Signed-off-by: Daniel Nephin <dnephin@docker.com>