Commit Graph

1865 Commits

Author SHA1 Message Date
Sebastiaan van Stijn d2047b954e
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 17:29:04 +02:00
Bjorn Neergaard cdabfa2aa5
Merge pull request #4497 from edmorley/improve-pruning-docs
Update docs/command output for volume pruning
2023-08-17 07:01:59 -06:00
Bjorn Neergaard 3dbf1af2ea
Merge pull request #4478 from rumpl/feat-pat-suggest
login: Add message about using PATs
2023-08-16 07:23:13 -06:00
Ed Morley 6e2e92d774
Update docs/command output for volume pruning
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.

Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.

This replaces #4079, which was bitrotted by #4218. See also #4028.

Closes #4079.

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
2023-08-12 14:22:23 +01:00
Sebastiaan van Stijn 4fc3f0e6f6
search: deprecate "is-automated" filter and "IsAutomated" field
The IsAutomated field is being deprecated by Docker Hub's search API and
will always be "false" in future.

This patch:

- Deprecates the field and the related "is-automated" filter
- Removes the "AUTOMATED" column from the default output of "docker search"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 12:11:05 +02:00
Sebastiaan van Stijn 53671c2fef
Merge pull request #4488 from thaJeztah/registry_test_cleanups
cli/command/registry: cleanup "search" and "login" tests
2023-08-09 12:04:54 +02:00
Sebastiaan van Stijn 211220cbb0
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.

This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:35:16 +02:00
Sebastiaan van Stijn 57f0e46de1
cli/command/registry: cleanup login tests
- use consts for fixed values, and rename some for clarity
- remove testAuthErrors map and inline the logic (same as we do for other cases)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn 84c956a171
cli/command/registry: cleanup search tests
- TestSearchContext: don't use un-keyed structs
- TestSearchContext: don't use CompareMultipleValues as it was not needed
- TestSearchContextDescription: don't use un-keyed structs
- TestSearchContextDescription: don't use CompareMultipleValues as it was not needed
- TestSearchContextWrite: don't use un-keyed structs, and include the
  code-comments into the test-table as names for the tests to give them
  some context.
- TestSearchContextWriteJSON and TestSearchContextWriteJSONField were not
  validating the output format, but validating if the JSON output could
  be marshalled back to a struct. Let's just role them into TestSearchContextWrite.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn 3d0b14c3e3
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
full diff: dab9ffb252...4b19b2f4ba

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 09:41:47 +02:00
Djordje Lukic 8d51f36ca3
login: Add message about using PATs
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-08-03 10:35:04 +02:00
Sebastiaan van Stijn 7a89e897ea
cli/command/container: waitExitOrRemoved: take APIClient as argument
It only needs the API client, not the whole DockerCLI.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-24 09:54:11 +02:00
Sebastiaan van Stijn 0b7c72c3ba
cli/command/container: RunStart: inline variable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:03:11 +02:00
Danial ad43df5e86
configfile: Initialize nil AuthConfigs
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.

Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-07-19 15:36:10 +02:00
Sebastiaan van Stijn 298bddcc23
cli/command/container: deprecate NewStartOptions
It's unused in the CLI itself, and does nothing other than
initializing a new, empty StartOptions struct.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-19 14:12:07 +02:00
Sebastiaan van Stijn 223bf80d4b
cli/context/docker: Endpoint.ClientOpts, withHTTPClient: inline variables
Remove some intermediate variables, and inline them.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 14:41:25 +02:00
Sebastiaan van Stijn 3469beb80d
replace uses of deprecated api/types that moved to api/types/system
These types were moved to api/types/system:

- types.Info
- types.Commit
- types.PluginsInfo
- types.NetworkAddressPool
- types.Runtime
- types.SecurityOpt
- types/KeyValue
- types.DecodeSecurityOptions()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 01:20:49 +02:00
Paweł Gronowski fe7afb700f
cli/container: Don't ignore error when parsing volume spec
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-07-12 09:45:55 +02:00
Sebastiaan van Stijn df04aca5d2
Merge pull request #4405 from cpuguy83/health_start_interval
Add support for health start interval
2023-07-07 18:15:10 +02:00
Brian Goff 986879c071 Add flags to container/service for health start interval
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-07-06 19:05:34 +00:00
Evan Lezar dad225d1e2 Support CDI devices in --device flag
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-07-04 14:52:46 +02:00
Sebastiaan van Stijn dc2eb3bf7c
Merge pull request #4394 from laurazard/fix-flaky-ssh
commandconn: return original error while closing
2023-06-30 19:25:22 +02:00
Laura Brehm d5f564adaa
commandconn: return original error while closing
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.

Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-06-30 19:15:18 +02:00
Sebastiaan van Stijn 92d7a234dd
docker info: fix condition for printing debug information
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.

We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 15:00:31 +02:00
Sebastiaan van Stijn 88f44ec159
cli: SetupRootCommand: remove redundant flags return
The flag-set that was returned is a pointer to the command's Flags(), which
is in itself passed by reference (as it is modified / set up).

This patch removes the flags return, to prevent assuming it's different than
the command's flags.

While SetupRootCommand is exported, a search showed that it's only used internally,
so changing the signature should not be a problem.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-28 16:26:50 +02:00
Sebastiaan van Stijn 3cad05fbf9
cli: move "config" flag to cli/flags/ClientOptions.InstallFlags()
This flag was kept separate from the other flags, because at the time, the
CLI code and Daemon code still used the same codebase, and shared some parts.
This option only applied to the `docker` CLI, and thus was kept separate when
migrating to Cobra in 0452ff5a4d

Now that this code is only used for the CLI (and plugins), we can move this
flag together with the other flags.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-28 16:04:09 +02:00
Sebastiaan van Stijn 27bae1172a
Merge pull request #4366 from thaJeztah/remove_deprecated_context_stubs
cli/command/context: remove deprecated k8s / orchestrator option-stubs
2023-06-28 14:42:18 +02:00
Sebastiaan van Stijn fcaf1def27
Merge pull request #4386 from thaJeztah/tls_const
cli/flags: add EnvEnableTLS const for "DOCKER_TLS"
2023-06-28 14:41:59 +02:00
Sebastiaan van Stijn 697bd4bebf
Merge pull request #4378 from acim/master
rename and update mergo module
2023-06-28 14:17:24 +02:00
Sebastiaan van Stijn e382d43f20
Merge pull request #4384 from thaJeztah/config_sync
cli/config: add synchronisation for configDir (Dir, SetDir)
2023-06-28 14:11:36 +02:00
Sebastiaan van Stijn 1c1329fc7e
cli/flags: add EnvEnableTLS const for "DOCKER_TLS"
Add a const to allow documenting the environment variable in code. The location
of this const is a bit "unfortunate", due to CLI and Client-config to be spread
over the cli/config, cli/config/configfile, and docker/docker/client packages
(some options are for the client, others for the CLI), and some reorganizing
may be useful for easier consumption.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-28 13:56:24 +02:00
Sebastiaan van Stijn 0b3cadb056
cli/config: add EnvOverrideConfigDir const
Add a const for the DOCKER_CONFIG to allow documenting its purpose
in code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-28 13:20:29 +02:00
Sebastiaan van Stijn 13e842a110
cli/config: add synchronisation for configDir (Dir, SetDir)
commit 8a30653ed5 introduced a sync.Once
to allow for the config-directory (and home-dir) to be looked up lazily
instead of in an `init()`.

However, the package-level `configDir` variable can be set through two
separate paths; implicitly (through `config.Dir()`), and explicitly,
through `config.SetDir()`. The existing code had no synchronisation for
this, which could lead to a potential race-condition (code requesting
`config.Dir()` and code setting a custom path through `config.SetDir()`).

This patch adds synchronisation by triggering the `sync.Once` as part of
`config.SetDir()` to prevent it being triggered later (overwriting the
value that was set). It also restores the `resetConfigDir()` utility that
was removed in 379122b033, to allow resetting
the `sync.Once` for this test.

In general, we should get rid of this package-level variable, and store
it as a config on the client (passing the option to locations where its
used instead).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-28 12:58:26 +02:00
Boban Acimovic b32264a1af rename and update mergo module
Signed-off-by: Boban Acimovic <boban.acimovic@gmail.com>
2023-06-26 22:25:52 +02:00
Sebastiaan van Stijn 79ff64f06d
cli/command/context: don't use pkg/homedir in test
I'm considering deprecating the "Key()" utility, as it was only
used in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 13:35:42 +02:00
Sebastiaan van Stijn 085d5c2816
Merge pull request #4343 from thaJeztah/cleanup_sprintf
replace some basic uses of fmt.Sprintf(), and minor refactor
2023-06-21 11:49:50 +02:00
Sebastiaan van Stijn c96484a114
Merge pull request #4346 from thaJeztah/build_errors
build: error if Dockerfile name is passed with Dockerfile from stdin
2023-06-21 11:48:12 +02:00
Sebastiaan van Stijn 2133d0446a
cli/command/context: remove deprecated k8s / orchestrator option-stubs
support for kubernetes contexts was deprecated in docker 20.10 through
b639ea8b89, 0793f96394,
and 1d37fb3027, and removed altoghether in
23.0 through 193ede9b12.

This patch removes the remaining stubs for options that were deprecated
and no longer used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-21 11:39:04 +02:00
Sebastiaan van Stijn 3c99d229d9
Merge pull request #4363 from thaJeztah/cleanup_useragent
cli/command: newAPIClientFromEndpoint: use WithUserAgent
2023-06-21 11:38:55 +02:00
Sebastiaan van Stijn 2d06cfcde6
cli/command: newAPIClientFromEndpoint: use WithUserAgent
More things to be done after this, to allow passing a custom user-agent,
but let's start with just using this utility.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-20 15:01:41 +02:00
Sebastiaan van Stijn 8181aa8879
cli/command/context: don't pass CLI if we only need context-store
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-20 13:39:02 +02:00
Sebastiaan van Stijn c2535aa467
build: error if Dockerfile name is passed with Dockerfile from stdin
When passing a Dockerfile through stdin, it's not possible to specify the
name of the Dockerfile (using the `-f` option). When building with BuildKit
enabled, an error is already produced for this case, but the classic builder
silently ignored it.

This patch adds an error for this situation:

    echo -e 'FROM busybox' | DOCKER_BUILDKIT=0 docker build -f some.Dockerfile -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
    BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
    environment-variable.

    unable to prepare context: ambiguous Dockerfile source: both stdin and flag correspond to Dockerfiles

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-13 14:03:03 +02:00
Sebastiaan van Stijn 77dd05caad
cli/command/image: remove errStdinConflict
This error was only used in a single location, so no need to define a
package-level variable for this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-13 13:47:56 +02:00
Sebastiaan van Stijn 7d723e2ba7
Merge pull request #4337 from thaJeztah/dont_mutate_configfile
cli/command/container: don't mutate ConfigFile.DetachKeys
2023-06-12 21:37:37 +02:00
Sebastiaan van Stijn d68b361538
cli/compose/convert: convertEnvironment: sort results
All users of this function sorted the results afterwards, so let's
do it as part of the function itself.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 19:03:59 +02:00
Sebastiaan van Stijn f4bde68694
replace some basic uses of fmt.Sprintf()
Really tiny gains here, and doesn't significantly impact readability:

    BenchmarkSprintf
    BenchmarkSprintf-10    11528700     91.59 ns/op   32 B/op  1 allocs/op
    BenchmarkConcat
    BenchmarkConcat-10    100000000     11.76 ns/op    0 B/op  0 allocs/op

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 19:03:49 +02:00
Sebastiaan van Stijn 9e481e09e0
Merge pull request #4226 from laurazard/fix-connhelper-docker-example
ssh: fix error on commandconn close, add ping and default timeout
2023-06-09 22:56:16 +02:00
Laura Brehm a5ebe2282a
commandconn: don't return error if command closed successfully
---
commandconn: fix race on `Close()`

During normal operation, if a `Read()` or `Write()` call results
in an EOF, we call `onEOF()` to handle the terminating command,
and store it's exit value.

However, if a Read/Write call was blocked while `Close()` is called
the in/out pipes are immediately closed which causes an EOF to be
returned. Here, we shouldn't call `onEOF()`, since the reason why
we got an EOF is because we're already terminating the connection.
This also prevents a race between two calls to the commands `Wait()`,
in the `Close()` call and `onEOF()`

---
Add CLI init timeout to SSH connections

---
connhelper: add 30s ssh default dialer timeout

(same as non-ssh dialer)

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-06-09 11:24:19 +02:00
Sebastiaan van Stijn 2331e4d521
cli/command/container: don't mutate ConfigFile.DetachKeys
This code was introduced in 15aa2a663b,
but from those changes, it appears that overwriting the config value was
merely out of convenience, and that struct being used as an intermediate.

While changing the config here should be mostly ephemeral, and not written
back to the config-file, let's be clear on intent, and not mutatte the config
as part of this code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-08 16:54:41 +02:00
Sebastiaan van Stijn 23e26f40fe
cli/command/container: createContainer(): return container-ID
This function returned the whole response, but we already handled the
warnings included in the response as part of the function. All consumers
of this function only used the container-ID, so let's simplify and return
just that (it's a non-exported func, so we can change the signature again
if we really need it).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-08 16:54:41 +02:00