Commit Graph

21 Commits

Author SHA1 Message Date
Sebastiaan van Stijn d2047b954e
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 17:29:04 +02:00
Sebastiaan van Stijn 7189716d5a
replace uses of deprecated api/types.AuthConfig
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 19:57:16 +02:00
Sebastiaan van Stijn 9252fae838
cli/registry/client: AuthorizeRequest(): remove name for unused arg (revive)
This method implements the interface defined in distribution, but doesn't
use the argument.

    cli/registry/client/endpoint.go:123:69: unused-parameter: parameter 'params' seems to be unused, consider removing or renaming it as _ (revive)
    func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
                                                                        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 17:05:31 +02:00
Justin Chadwell 070825bc74 manifest: add support for oci image types
Signed-off-by: Justin Chadwell <me@jedevc.com>
2023-01-27 13:51:57 +00:00
Sebastiaan van Stijn 801113fb8d
cli/registry/client: remove unused IsNotFound(), and slight refactor
This function was not used anywhere, and the error type already satisfied
the github.com/docker/docker/errdefs.ErrNotFound interface, so let's remove
this utility and (if needed at some point) use errdefs.IsNotFound() instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-30 20:00:36 +02:00
Sebastiaan van Stijn 48745da16c
cli/registry/client: remove unused RegistryClient.GetTags()
This was added in fd2f1b3b66 as part of
the `docker engine` sub-commands, which were deprecated, and removed in
43b2f52d0c.

This function is not used by anyone, so safe to remove.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-30 20:00:34 +02:00
Sebastiaan van Stijn e83d6cd2c8
cli/registry/client: remove unused GetRegistryAuth()
This was added in fd2f1b3b66 as part of
the `docker engine` sub-commands, which were deprecated, and removed
in 43b2f52d0c.

This function is not used by anyone, so safe to remove.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-30 20:00:32 +02:00
Sebastiaan van Stijn ac06c971fa
remove unneeded "digest" alias for "go-digest"
This was there for historic reasons (I think `goimports` expected this,
and we used to have a linter that wanted it), but it's not needed, so
let's remove it (to make my IDE less complaining about unneeded aliases)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 14:45:37 +01:00
Sebastiaan van Stijn a04c8210a6
vendor: github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491
b0f5bc36fe..25917217ca

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 10:16:54 +02:00
Tengfei Wang 83478fe7cb try http for docker manifest --insecure
Signed-off-by: Tengfei Wang <tfwang@alauda.io>
2020-03-24 23:42:33 +08:00
Sebastiaan van Stijn 612d83d6df
cli: remove unnecessary newlines (whitespace)
```
cli/config/config_test.go:465: unnecessary trailing newline (whitespace)

}
cli/compose/interpolation/interpolation.go:56: unnecessary leading newline (whitespace)
	switch value := value.(type) {

cli/compose/interpolation/interpolation.go:94: unnecessary trailing newline (whitespace)

	}
cli/command/image/build/context.go:348: unnecessary trailing newline (whitespace)

		}
internal/licenseutils/client_test.go:98: unnecessary leading newline (whitespace)
func (c *fakeLicensingClient) LoadLocalLicense(ctx context.Context, dclnt licensing.WrappedDockerClient) (*model.Subscription, error) {

cli/registry/client/fetcher.go:211: unnecessary leading newline (whitespace)
	for _, endpoint := range endpoints {
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:36 +01:00
Silvin Lubecki 5ceed3059f
cli/registry/client/fetcher.go:106:9: nilness: impossible condition: nil != nil (govet)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:14 +01:00
Kir Kolyshkin 51848bf3bb cli/registry: fix a Debugf statement
Fix this warning from go-1.11

> cli/registry/client/fetcher.go:234: Debugf format %s has arg
> repoEndpoint of wrong type client.repositoryEndpoint

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-10-11 01:13:13 -07:00
Christy Norman d57adbc034 fix insecure manifest inspect with restrictive certs perms
If, for some reason, the certs directory has permissions that are
inaccessible by docker, we should still be able to fetch manifests using
the `insecure` flag.

Since the cli doesn't access the engine's list of insecure registries,
the registry client should make a singleton list of the registry being queried with the
`insecure` flag.

Closes #1358

Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
2018-09-20 10:51:29 -05:00
Daniel Hiltgen fd2f1b3b66 Add engine commands built on containerd
This new collection of commands supports initializing a local
engine using containerd, updating that engine, and activating
the EE product

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-08-20 09:42:05 -07:00
Derek McGowan 1fd2d66df8 Fix manifest lists to always use correct size
Stores complete OCI descriptor instead of digest and platform
fields. This includes the size which was getting lost by not
storing the original manifest bytes.

Attempt to support existing cached files, if not output
the filename with the incorrect content.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-06-28 18:17:38 -07:00
Mathieu Champlon 5d54584f03 Bump moby to d37f5c6bdf788a6cb82c07fb707e31a240eff5f9
Also bringing:
. golang.org/x/net 5561cd9b4330353950f399814f427425c0a26fd2
. github.com/docker/distribution 83389a148052d74ac602f5f1d62f86ff2f3c4aa5
. github.com/docker/swarmkit bd69f6e8e301645afd344913fa1ede53a0a111fb
. github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
. github.com/prometheus/client_golang 52437c81da6b127a9925d17eb3a382a2e5fd395e
. github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
. github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
. github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
. github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
. github.com/matttproud/golang_protobuf_extensions v1.0.0

Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2018-05-18 11:44:14 +02:00
Kir Kolyshkin 6f8070deb2 Switch from x/net/context to context
Since go 1.7, "context" is a standard package. Since go 1.9,
x/net/context merely provides some types aliased to those in
the standard context package.

The changes were performed by the following script:

for f in $(git ls-files \*.go | grep -v ^vendor/); do
	sed -i 's|golang.org/x/net/context|context|' $f
	goimports -w $f
	for i in 1 2; do
		awk '/^$/ {e=1; next;}
			/\t"context"$/ {e=0;}
			{if (e) {print ""; e=0}; print;}' < $f > $f.new && \
				mv $f.new $f
		goimports -w $f
	done
done

[v2: do awk/goimports fixup twice]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-11 16:49:43 -07:00
Christy Norman c26e2264fb specify specific permissions
When creating manifest lists, don't use "*" as the permission when
creating the token handler. This causes problems with gitlab's repos.

Fixes https://github.com/docker/cli/issues/1010

Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
2018-04-24 17:01:57 -05:00
Vincent Demeester 0cf2e6353a
Fixes some unit tests to be able to run them on windows
Some of them are skipped for now (because the feature is not supported
or needs more work), some of them are fixed.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-03-07 18:18:13 +01:00
Christy Perez 02719bdbb5 add manifest command
Enable inspection (aka "shallow pull") of images' manifest info, and
also the creation of manifest lists (aka "fat manifests").

The workflow for creating a manifest list will be:

`docker manifest create new-list-ref-name image-ref [image-ref...]`
`docker manifest annotate new-list-ref-name image-ref --os linux --arch
arm`
`docker manifest push new-list-ref-name`

The annotate step is optional. Most architectures are fine by default.

There is also a `manifest inspect` command to allow for a "shallow pull"
of an image's manifest: `docker manifest inspect
manifest-or-manifest_list`.

To be more in line with the existing external manifest tool, there is
also a `-v` option for inspect that will show information depending on
what the reference maps to (list or single manifest).

Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-01-08 10:43:56 -06:00