Commit Graph

1286 Commits

Author SHA1 Message Date
Sebastiaan van Stijn f3886f354a
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-30 10:03:45 +02:00
Maximillian Fan Xavier 12370ad1f4
Add progress bar to copy into and from container
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Maximillian Fan Xavier <maximillianfx@gmail.com>
2021-04-24 13:24:19 +02:00
Sebastiaan van Stijn 168173a3f1
Use net.JoinHostPort() to fix formatting with IPv6 addresses
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-20 11:05:24 +02:00
Brian Goff e1a7517514 Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-03-02 00:54:13 +00:00
Sebastiaan van Stijn 9342ec6b71
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-01 18:31:30 +01:00
Chris Crone 8c2872d2a3
context: Ensure context name is valid on import
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 9ecc69d17e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:15 +01:00
Silvin Lubecki 375faee9bc
Merge pull request #2939 from thaJeztah/fix_swarm_rollback_exitcode
Fix swarm rollback exitcode, and fix skipping verify step
2021-02-01 11:29:15 +01:00
Tibor Vass 8d199d5bba Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Sebastiaan van Stijn 104469be0b
service rollback: always verify state
Prior to this change, progressbars would sometimes be hidden, and the function
would return early. In addition, the direction of the progressbars would sometimes
be "incrementing" (similar to "docker service update"), and sometimes be "decrementing"
(to indicate a "rollback" is being performed).

This fix makes sure that we always proceed with the "verifying" step, and now
prints a message _after_ the verifying stage was completed;

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: starting  [===========>                                       ]
    3/5: starting  [===========>                                       ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-19 14:47:30 +01:00
Sebastiaan van Stijn ce26a165b0
docker service rollback: fix non-zero exit code in some cases
Before this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    1

After this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 1 seconds to verify that tasks are stable...

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    0

    $ docker service ps foo
    ID             NAME      IMAGE          NODE             DESIRED STATE   CURRENT STATE           ERROR     PORTS
    4dt4ms4c5qfb   foo.1     nginx:alpine   docker-desktop   Running         Running 2 minutes ago

Remaining issues with reconciliation
--------------------------------------------

Note that both before, and after this change, the command sometimes terminates
early, and does not wait for the service to reconcile; this is most apparent
when rolling back is scaling up (so more tasks are deployed);

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 5 tasks
    1/5: pending   [=================================>                 ]
    2/5: running   [>                                                  ]
    3/5: pending   [=================================>                 ]
    4/5: pending   [=================================>                 ]
    5/5: pending   [=================================>                 ]
    service rolled back: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-19 14:47:28 +01:00
Sebastiaan van Stijn a49d70ca7f
Merge pull request #2927 from jimlinntu/fix_update_rollback_order
fix --update-order and --rollback-order flags
2021-01-18 17:26:47 +01:00
Jim Lin 26a6a724aa fix --update-order and --rollback-order flags
Signed-off-by: Jim Lin <b04705003@ntu.edu.tw>
2021-01-18 22:33:45 +08:00
Brian Goff fff164c22e Ignore SIGURG on Linux.
In go1.14+, SIGURG is used by the runtime to handle preemtable system
calls.
In practice this signal caught *frequently*.

For reference:

https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md
https://github.com/golang/go/issues/37942

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-01-15 19:03:39 +00:00
Silvin Lubecki 2563f04c0a
Merge pull request #2918 from thaJeztah/fix_login_panic
Fix panic when failing to get DefaultAuthConfig
2021-01-08 11:22:53 +01:00
Sebastiaan van Stijn c2820a7e3b
Fix panic when failing to get DefaultAuthConfig
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.

However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 22:11:29 +01:00
Alexey Igrychev fc9ca9a94a Fix reading context and dockerfile from stdin with BuildKit
Signed-off-by: Alexey Igrychev <alexey.igrychev@flant.com>
2020-12-14 13:40:48 +00:00
Djordje Lukic 9f9c4b7f3b Remove k8s.io/kubernetes dependency
We are only using the `IsPodReady` function that can be rewritten easily.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2020-12-04 00:27:40 +01:00
Tibor Vass 40ec81a79a build: display [auth] output
Signed-off-by: Tibor Vass <tibor@docker.com>
2020-12-02 21:22:36 +00:00
Sebastiaan van Stijn 9a0a071d55 vendor: buildkit v0.8.0-rc2, docker
diffs:

- full diff: af34b94a78...6c0a036dce
- full diff: 4d1f260e84...v0.8.0-rc2

New dependencies:

- go.opencensus.io v0.22.3
- github.com/containerd/typeurl v1.0.1
- github.com/golang/groupcache 869f871628b6baa9cfbc11732cdf6546b17c1298

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 0e96d92567 vendor: golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
full diff: 75b288015a...c1f2f97bff

relevant changes:

- pkcs12: document that we use the wrong PEM type
- pkcs12: drop PKCS#12 attributes with unknown OIDs
- ocsp: Improve documentation for ParseResponse and ParseResponseForCert

other changes (not in vendor);

- ssh: improve error message for KeyboardInteractiveChallenge
- ssh: remove slow unnecessary diffie-hellman-group-exchange primality check
- ssh/terminal: replace with a golang.org/x/term wrapper
    - Deprecates ssh/terminal in favor of golang.org/x/term
- ssh/terminal: add support for zos
- ssh/terminal: bump x/term dependency to fix js/nacl
- nacl/auth: use Size instead of KeySize for Sum output
- sha3: remove go:nocheckptr annotation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn e3d93058fd
build: remove PersistentPreRunE hack for experimental --platform
This hack was added in an attempt to continue supporting the experimental
(non-buildkit) `--platform` option, by dynamically updating the API version
required if buildkit isn't enabled.

This hack didn't work, however, because at the moment the override is
added, the command is not yet attached to the "root" (`docker`) command,
and because of that, the command itself is the `root` command;
`cmd.Root()` returned the `build` command.

As a result, validation steps defined as `PersistentPreRunE` on the root
command were not executed, causing invalid flags/options to not producing
an error.

Attempts to use an alternative approach (for example, cobra supports both
a `PersistentPreRun` and `PersistentPreRunE`) did not work either, because
`PersistentPreRunE` takes precedence over `PersistentPreRun`, and only one
will be executed.

Now that `--platform` should be supported for other cases than just for
experimental (LCOW), let's remove the 'experimental' check, and just assume
it's supported for API v1.32 and up.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-16 14:58:11 +01:00
Sebastiaan van Stijn ae5899e2b0
cli/command/container/stats.go: fix goimports
cli/command/container/stats.go:159: File is not `goimports`-ed (goimports)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-10 17:47:57 +01:00
Sebastiaan van Stijn b07e921289
Merge pull request #2785 from bn4t/2784-use-waitgroup-instead-of-sleep
Wait on waitgroup instead of using time.Sleep
2020-11-06 21:29:11 +01:00
Tibor Vass 1d20b15adc
Merge pull request #2818 from thaJeztah/prevent_panic
GetDefaultAuthConfig: fix potential panic due to unhandled error
2020-10-29 14:43:01 -07:00
Sebastiaan van Stijn f32731f902
GetDefaultAuthConfig: fix potential panic due to unhandled error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-29 01:42:35 +01:00
Sebastiaan van Stijn a40beedcc3
builder: print deprecation warning instead of failing for --stream
While performance will be worse, we can safely ignore the --stream
option when used, and print a deprecation warning instead of failing
the build.

With this patch:

    echo -e "FROM scratch\nLABEL foo=bar" | docker build --stream -
    DEPRECATED: The experimental --stream flag has been removed and the build context
                will be sent non-streaming. Enable BuildKit instead with DOCKER_BUILDKIT=1
                to stream build context, see https://docs.docker.com/go/buildkit/

    Sending build context to Docker daemon  2.048kB
    Step 1/2 : FROM scratch
     --->
    Step 2/2 : LABEL foo=bar
     ---> Running in 99e4021085b6
    Removing intermediate container 99e4021085b6
     ---> 1a7a41be241f
    Successfully built 1a7a41be241f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-24 01:58:47 +02:00
bn4t 53e2110fa3 Wait on waitgroup instead of using time.Sleep
Closes #2784
Signed-off-by: bn4t <me@bn4t.me>
2020-10-12 10:32:53 +02:00
Sebastiaan van Stijn 977d3ae046
Always enable experimental features
The CLI disabled experimental features by default, requiring users
to set a configuration option to enable them.

Disabling experimental features was a request from Enterprise users
that did not want experimental features to be accessible.

We are changing this policy, and now enable experimental features
by default. Experimental features may still change and/or removed,
and will be highlighted in the documentation and "usage" output.

For example, the `docker manifest inspect --help` output now shows:

    EXPERIMENTAL:
      docker manifest inspect is an experimental feature.

      Experimental features provide early access to product functionality. These features
      may change between releases without warning or can be removed entirely from a future
      release. Learn more about experimental features: https://docs.docker.com/go/experimental/

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:59:42 +02:00
Sebastiaan van Stijn 2b1138c118
Fix initializing client modifying custom HTTPHeaders
When initializing the API client, the User-Agent was added to any custom
HTTPHeaders that were configured. However, because the map was not properly
dereferenced, the original map was modified, causing the User-Agent to also
be saved to config.json after `docker login` and `docker logout`:

Before this change;

    $ cat ~/.docker/config.json
    cat: can't open '/root/.docker/config.json': No such file or directory

    $ docker login -u myusername
    Password:
    ...
    Login Succeeded

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        },
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

    $ docker logout
    {
        "auths": {},
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

After this change:

    $ cat ~/.docker/config.json
    cat: can't open '/root/.docker/config.json': No such file or directory

    $ docker login -u myusername
    Password:
    ...
    Login Succeeded

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        }
    }

    $ docker logout
    Removing login credentials for https://index.docker.io/v1/

    $ cat ~/.docker/config.json
    {
        "auths": {}
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-29 17:24:07 +02:00
Sebastiaan van Stijn 0eb3cfd261
Add test-case for env with, and without =
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 20:33:48 +02:00
Jorge Vallecillo e7203bf81b Fix 2 typos
Consecutive occurrences of 'the'

Signed-off-by: Jorge Vallecillo <jorgevallecilloc@gmail.com>
2020-09-18 09:26:39 -06:00
Jennings Zhang 185d71262a
Subcommand `docker manifest rm`
Squashed commit of the following:

commit b9ef85e74833ba405f68cfc20989c69d64bac4e9
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Mon Sep 14 21:39:57 2020 -0400

    Fix bash completion

    https://github.com/docker/cli/pull/2449#pullrequestreview-488110510
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 8c46bd6e6ed151bb43865c8b1d79c00fd62e4345
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 01:48:12 2020 -0400

    Add tests for docker manifest rm

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 7e3d9a9bc60e44d96953093fa0b1bc3397ca7813
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 00:55:37 2020 -0400

    docker manifest rm multiple args

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 30466e28d28f6722053c5a232e99ddbae8222715
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 00:01:20 2020 -0400

    No need to search before Remove

    https://github.com/docker/cli/pull/2449#discussion_r485544044
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit ccdc4ed0a620cf8c9ec6ecc6804d1a45f7c61be5
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sat Sep 12 23:42:41 2020 -0400

    Completion should also handle --help

    https://github.com/docker/cli/pull/2449#discussion_r443140909
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit ed260afa71a4f8feb6550f79692e47ad7430d786
Merge: 46c61d85e9 2955ece024
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sat Sep 12 23:31:54 2020 -0400

    Merge branch 'master' into manifest-rm

commit 46c61d85e973cc9fdd28d42db9ecebe373e9b942
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:53:33 2020 -0400

    Remove extra space

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 6d31d26c10e8d395ab08561cdb9b29829bb4bd91
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:15:21 2020 -0400

    Bash completion for `docker manifest rm`

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 3c8c843deb2f751a5f51ee6fcaa75da2a4525d99
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:05:50 2020 -0400

    Frankenstein a `docker manifest rm` command

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
2020-09-15 16:26:47 -04:00
Tibor Vass cec8723d8c
Merge pull request #2656 from thaJeztah/bump_buildkit
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
2020-09-10 17:43:42 -04:00
Tibor Vass 7836597b3d
Merge pull request #2712 from thaJeztah/carry_2660_ulimits
Add ulimits support to docker service and docker stack deploy (carry 2660)
2020-09-10 15:40:25 -04:00
Albin Kerouanton a9158bdc50
Add ulimits option to docker service create/update/inspect
This is related to moby/moby 40639.

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:41:33 +02:00
Sebastiaan van Stijn 23660be600
Service cap-add/cap-drop: add special "RESET" value
This implements a special "RESET" value that can be used to reset the
list of capabilities to add/drop when updating a service.

Given the following service;

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-drop RESET`, the "drop" list
is reset to its default:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service, and applying `--cap-drop RESET`, combined with
`--cap-add CAP_SOME_CAP` and `--cap-drop CAP_SOME_OTHER_CAP`:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_FOO_CAP    | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:14:38 +02:00
Sebastiaan van Stijn 7edc00d808
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
full diff: df35e9818d...4d1f260e84

- moby/buildkit#1551 session: track sessions with a group construct
- moby/buildkit#1534 secrets: allow providing secrets with env
- moby/buildkit#1533 git: support for token authentication
- moby/buildkit#1549 progressui: fix logs time formatting

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 15:19:02 +02:00
Sebastiaan van Stijn 95037299cb
Service cap-add/cap-drop: handle updates as "tri-state"
Adding/removing capabilities when updating a service is considered a tri-state;

- if the capability was previously "dropped", then remove it from "CapabilityDrop",
  but do NOT add it to "CapabilityAdd". However, if the capability was not yet in
  the service's "CapabilityDrop", then simply add it to the service's "CapabilityAdd"
- likewise, if the capability was previously "added", then remove it from
  "CapabilityAdd", but do NOT add it to "CapabilityDrop". If the capability was
  not yet in the service's "CapabilityAdd", then simply add it to the service's
  "CapabilityDrop".

In other words, given a service with the following:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-add CAP_SOME_CAP`, the previously
dropped capability is removed:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service a second time, applying `--cap-add CAP_SOME_CAP`,
capability is now added:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:42:39 +02:00
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
Albin Kerouanton c6ec4e081e
service: Add --cap-add & --cap-drop to service cmds
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:55 +02:00
Sebastiaan van Stijn dace8fdc75
formatter: reduce minimum width for columns in table-view
The tabwriter was configured to have a min-width for columns of 20 positions.
This seemed quite wide, and caused smaller columns to be printed with a large
gap between.

Before:

    docker container stats

    CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
    29184b3ae391        amazing_shirley     0.00%               800KiB / 1.944GiB     0.04%               1.44kB / 0B         0B / 0B             1
    403c101bad56        agitated_swartz     0.15%               34.31MiB / 1.944GiB   1.72%               10.2MB / 206kB      0B / 0B             51
    0dc4b7f6c6be        container2          0.00%               1.012MiB / 1.944GiB   0.05%               12.9kB / 0B         0B / 0B             5
    2d99abcc6f62        container99         0.00%               972KiB / 1.944GiB     0.05%               13kB / 0B           0B / 0B             5
    9f9aa90173ac        foo                 0.00%               820KiB / 1.944GiB     0.04%               13kB / 0B           0B / 0B             5

    docker container ls

    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
    29184b3ae391        docker-cli-dev      "ash"                    4 hours ago         Up 4 hours                              amazing_shirley
    403c101bad56        docker-dev:master   "hack/dind bash"         3 days ago          Up 3 days                               agitated_swartz
    0dc4b7f6c6be        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              container2
    2d99abcc6f62        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              container99
    9f9aa90173ac        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              foo

    docker image ls

    REPOSITORY          TAG                    IMAGE ID            CREATED             SIZE
    docker-cli-dev      latest                 5f603caa04aa        4 hours ago         610MB
    docker-cli-native   latest                 9dd29f8d387b        4 hours ago         519MB
    docker-dev          master                 8132bf7a199e        3 days ago          2.02GB
    docker-dev          improve-build-errors   69e208994b3f        11 days ago         2.01GB
    docker-dev          refactor-idtools       69e208994b3f        11 days ago         2.01GB

After:

    docker container stats

    CONTAINER ID   NAME              CPU %     MEM USAGE / LIMIT     MEM %     NET I/O          BLOCK I/O   PIDS
    29184b3ae391   amazing_shirley   0.14%     5.703MiB / 1.944GiB   0.29%     1.44kB / 0B      0B / 0B     10
    403c101bad56   agitated_swartz   0.15%     56.97MiB / 1.944GiB   2.86%     10.2MB / 206kB   0B / 0B     51
    0dc4b7f6c6be   container2        0.00%     1016KiB / 1.944GiB    0.05%     12.9kB / 0B      0B / 0B     5
    2d99abcc6f62   container99       0.00%     956KiB / 1.944GiB     0.05%     13kB / 0B        0B / 0B     5
    9f9aa90173ac   foo               0.00%     980KiB / 1.944GiB     0.05%     13kB / 0B        0B / 0B     5

    docker container ls

    CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS     NAMES
    29184b3ae391   docker-cli-dev      "ash"                    12 minutes ago   Up 12 minutes             amazing_shirley
    403c101bad56   docker-dev:master   "hack/dind bash"         3 days ago       Up 3 days                 agitated_swartz
    0dc4b7f6c6be   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    container2
    2d99abcc6f62   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    container99
    9f9aa90173ac   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    foo

    docker image ls

    REPOSITORY          TAG                    IMAGE ID       CREATED         SIZE
    docker-cli-dev      latest                 5f603caa04aa   4 hours ago     610MB
    docker-cli-native   latest                 9dd29f8d387b   4 hours ago     519MB
    docker-dev          master                 8132bf7a199e   3 days ago      2.02GB
    docker-dev          improve-build-errors   69e208994b3f   11 days ago     2.01GB
    docker-dev          refactor-idtools       69e208994b3f   11 days ago     2.01GB

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-31 16:31:15 +02:00
Sebastiaan van Stijn b951b5b8c9
formatter: minor refactor to reduce needless conversions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 23:09:27 +02:00
Tibor Vass 8fc038afe7
Merge pull request #2694 from thaJeztah/fix_vbomml_util
Replace vbom.ml/util with fvbommel/sortorder
2020-08-28 16:00:24 +02:00
Sebastiaan van Stijn 6703919c71
Replace vbom.ml/util with fvbommel/sortorder
The vanity domain is down, and the project has moved
to a new location.

vendor check started failing because of this:

    Collecting initial packages
    Download dependencies
    unrecognized import path "vbom.ml/util" (https fetch: Get https://vbom.ml/util?go-get=1: dial tcp: lookup vbom.ml on 169.254.169.254:53: no such host)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 15:35:42 +02:00
Brian Goff 612567cb21
Merge pull request #2678 from thaJeztah/fix_rm_force_exit_status
Return zero exit-code when force-removing non-existing containers
2020-08-27 14:40:08 -07:00
Sebastiaan van Stijn ca35f2973a
Merge pull request #2646 from horpto/patch-1
Add shorthand for --tail option
2020-08-17 17:19:03 +02:00
Sebastiaan van Stijn 9a071a993a
Return zero exit-code when force-removing non-existing containers
When using `docker rm` / `docker container rm` with the `-f` / `--force` option, attempts to remove non-existing containers should print a warning, but should return a zero exit code ("successful").

Currently, a non-zero exit code is returned, marking the removal as "failed";

	$ docker rm -fv 798c9471b695
	Error: No such container: 798c9471b695
	$ echo $?
	1

The command should match the behavior of `rm` / `rm -f`, with the exception that
a warning is printed (instead of silently ignored):

Running `rm` with `-f` silences output and returns a zero exit code:

    touch some-file && rm -f no-such-file some-file; echo exit code: $?; ls -la
    # exit code: 0
    # total 0
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 12:17 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..

    mkdir some-directory && rm -rf no-such-directory some-directory; echo exit code: $?; ls -la
    # exit code: 0
    # total 0
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 12:17 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..

Note that other reasons for a delete to fail should still result in a non-zero
exit code, matching the behavior of `rm`. For instance, in the example below,
the `rm` failed because directories can only be removed if the `-r` option is used;

    touch some-file && mkdir some-directory && rm -f some-directory no-such-file some-file; echo exit code: $?; ls -la
    # rm: some-directory: is a directory
    # exit code: 1
    # total 0
    # drwxr-xr-x    3 sebastiaan  staff    96 Aug 14 14:15 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 14:15 some-directory

This patch updates the `docker rm` / `docker container rm` command to not produce
an error when attempting to remove a missing containers, and instead only print
the error, but return a zero (0) exit code.

With this patch applied:

    docker create --name mycontainer busybox \
    && docker rm nosuchcontainer mycontainer; \
    echo exit code: $?; \
    docker ps -a --filter name=mycontainer
    # df23cc8573f00e97d6e948b48d9ea7d75ce3b4faaab4fe1d3458d3bfa451f39d
    # mycontainer
    # Error: No such container: nosuchcontainer
    # exit code: 0
    # CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-14 16:17:40 +02:00
horpto 0b7147a2a5 fix docs, completion and docker service
Signed-off-by: horpto <__Singleton__@hackerdom.ru>
2020-08-06 17:37:08 +03:00
Sebastiaan van Stijn 2fc608cea6
Fix order of processing of some xx-add/xx-rm service update flags
Combining `-add` and `-rm` flags on `docker service update` should
be usable to explicitly replace existing options. The current order
of processing did not allow this, causing the `-rm` flag to remove
properties that were specified in `-add`. This behavior was inconsistent
with (for example) `--host-add` and `--host-rm`.

This patch updates the behavior to first remove properties, then
add new properties.

Note that there's still some improvements to make, to make the removal
more granulas (e.g. to make `--label-rm label=some-value` only remove
the label if value matches `some-value`); these changes are left for
a follow-up.

Before this change:
-----------------------------

Create a service with two env-vars

```bash
docker service create --env FOO=bar --env BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "FOO=bar",
  "BAR=baz"
]
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --env-rm FOO --env-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "BAR=baz"
]
```

Create a service with two labels

```bash
docker service create --label FOO=bar --label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --label-rm FOO --label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz"
}
```

Create a service with two container labels

```bash
docker service create --container-label FOO=bar --container-label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --container-label-rm FOO --container-label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
}
```

With this patch applied:
--------------------------------

Create a service with two env-vars

```bash
docker service create --env FOO=bar --env BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "FOO=bar",
  "BAR=baz"
]
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --env-rm FOO --env-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "BAR=baz",
  "FOO=updated-foo"
]
```

Create a service with two labels

```bash
docker service create --label FOO=bar --label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --label-rm FOO --label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "updated-foo"
}
```

Create a service with two container labels

```bash
docker service create --container-label FOO=bar --container-label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --container-label-rm FOO --container-label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "updated-foo"
}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-04 19:09:59 +02:00
Sebastiaan van Stijn 1d9ee72178
Merge pull request #2654 from tonistiigi/rosetta
support emulated version detection
2020-07-30 21:40:01 +02:00
Tonis Tiigi e531875ff0 support emulated version detection
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-30 11:38:29 -07:00
Albin Kerouanton 21da11c5fd
docker service inspect fails when TaskTemplate.Resources is nil
When doing `docker service inspect --pretty` on services without
`TaskTemplate.Resources` or `TaskTemplate.Resources.Limits`, the command
fails. This is due to a missing check on ResourceLimitPids().

This bug has been introduced by 395a6d560d
and produces following error message:

```
Template parsing error: template: :139:10: executing "" at <.ResourceLimitPids>: error calling ResourceLimitPids: runtime error: invalid memory address or nil pointer dereference
```

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-07-28 22:38:33 +02:00
horpto 04ab71457a Add shorthand for --tail option
I chose -n shorthand as it's similar with linux `tail` command.

Signed-off-by: Александр Менщиков <__Singleton__@hackerdom.ru>
2020-07-23 15:25:12 +03:00
Wang Yumu 1f907fb7ba Add DefaultAddressPools to docker info output #40388
Signed-off-by: Wang Yumu <37442693@qq.com>
2020-07-22 01:45:30 +08:00
Sebastiaan van Stijn 0c2fe385bf
cli/formatter: reformat TestImageContext test cases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:34:52 +02:00
Sebastiaan van Stijn d642de78f3
cli/command/formatter: remove deprecated compareMultipleValues() utility
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:34:50 +02:00
Sebastiaan van Stijn fde22be3ea
TestServiceUpdateResolveImageChanged: use subtests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:58:40 +02:00
Sebastiaan van Stijn 732d8b51a8
un-wrap some code
The wrapping made the code harder to read (and in some cases destracted
from the actual code flow).

Some of these functions take too many arguments; instead of hiding that,
it probably better to make it apparent that something needs to be done
(and fix it :-)).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:55:17 +02:00
Sebastiaan van Stijn 47fce8f4bc
clean-up "resolve image" option logic
- change `validateResolveImageFlag()` to only perform _validation_,
  and not combine it with modifying the option.
- use a `switch` instead of `if` in `validateResolveImageFlag()`
- `deployServices()`: break up some `switch` cases to make them
  easier to read/understand the logic.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:55:08 +02:00
Sebastiaan van Stijn cce2f7fd9c
refactor opts tests
- TestParseRunAttach: use subtests to reduce cyclomatic complexity
- TestParseRunWithInvalidArgs: use subtests, and check if the expected
  error is returned.
- Removed parseMustError() as it was mostly redundant

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-01 14:45:47 +02:00
Brian Wieder a6cfbd2351 Added env-file flag to docker exec
Signed-off-by: Brian Wieder <brian@4wieders.com>
2020-06-29 18:32:44 -04:00
Silvin Lubecki e0654a584b
Merge pull request #2604 from thaJeztah/skip_on_mac
command/container: skip some tests on macOS
2020-06-26 16:05:58 +02:00
Sebastiaan van Stijn 1c31e193c0
command/container: skip some tests on macOS
These tests failed when running natively on macOS;

    unknown server OS: darwin

Skipping them, like we do on Windows

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-26 15:37:44 +02:00
Sebastiaan van Stijn 851eeb9639
Add support for pids limit in stacks (swarm)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-18 21:25:08 +02:00
Sebastiaan van Stijn 395a6d560d
Add support for --limit-pids on service create / update (swarm)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-18 21:25:02 +02:00
Sebastiaan van Stijn ba2a712ff0
Merge pull request #2583 from simonferquel/logout-config-out-of-sync2
Don't filter out registries to logout from with config file contents
2020-06-17 17:31:36 +02:00
Sebastiaan van Stijn a8df5e974e
Merge pull request #2580 from dominikbraun/2565-remove-image-images-alias
Remove 'images' alias from 'image ls' command
2020-06-16 00:09:41 +02:00
Sebastiaan van Stijn 077af8151f
Merge pull request #2578 from cpuguy83/anotate_os_version
Added support for setting OS version in docker manifest annotate.
2020-06-15 19:31:17 +02:00
Dominik Braun 1570025f00 Remove 'images' alias from 'image ls' command
Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>

Remove assertion for 'images' alias of 'image ls'

Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>
2020-06-15 17:48:43 +02:00
Simon Ferquel 6248f2fb6f Don't filter out registries to logout from with config file contents
Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used
to ask the credential helper to forget about it. It causes problem for people working with
multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as
it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to
bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-06-15 14:29:37 +02:00
Sebastiaan van Stijn 0d57a400b3
vendor: docker/docker aaf470eca7b588aa19e6681bff8bf08d17be1bf2
full diff: 41ac6bef8d...aaf470eca7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 13:32:53 +02:00
Saswat Bhattacharya bc5f102244 Added support for setting OS version in docker manifest annotate.
Signed-off-by: Saswat Bhattacharya <sas.saswat@gmail.com>
2020-06-12 12:04:03 -07:00
Sebastiaan van Stijn af2c31c4a7
Merge pull request #2572 from simonferquel/context-dont-loose-additional-fields
Don't loose additional metadata fields when read/writing contexts metadata
2020-06-12 10:59:23 +02:00
Tibor Vass 31822ff745
Merge pull request #2551 from cpuguy83/platform_on_create
Platform on create
2020-06-11 11:35:32 -07:00
Simon Ferquel 2ab4b4d536 Don't loose additional metadata fields
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-06-10 15:07:23 +02:00
Sebastiaan van Stijn a3af1f47da
Use consistent name for errors
This prevents inconsistent errors when using a symlink, or when renaming
the binary;

Before this change;

    ln -s $(which docker) toto
    ./toto rune
    docker: 'rune' is not a docker command.

    ./toto run daslkjadslkjdaslkj
    Unable to find image 'adslkjadslakdsj:latest' locally
    ./toto: Error response from daemon: pull access denied for adslkjadslakdsj, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

After this change:

    ln -s $(which docker) toto
    ./toto rune
    docker: 'rune' is not a docker command.

    ./toto run daslkjadslkjdaslkj
    Unable to find image 'adslkjadslakdsj:latest' locally
    docker: Error response from daemon: pull access denied for adslkjadslakdsj, repository does not exist or may require 'docker login': denied: requested access to the resource is den>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-09 16:24:35 +02:00
Sebastiaan van Stijn 8f14db8df2
Merge pull request #2555 from devisions/timestam_with_z_doc_upd
Explicit Z on logs timestamp examples
2020-06-04 17:53:52 +02:00
devisions 1183a3e6e7 Explicit Z on logs timestamp examples
Signed-off-by: devisions <marius.ileana@gmail.com>
2020-05-28 15:24:07 +03:00
Brian Goff ccd9d633bb Set platform on container create API.
Previously we only set the platform when performing a pull, which is
only initiated if pull always is set, or if the image reference does not
exist in the daemon.

The daemon now supports specifying which platform you wanted on
container create so it can validate the image reference is the platform
you thought you were getting.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-05-27 17:16:56 -07:00
Daniil Nikolenko cb010db830 Fix bug with panic when DOCKER_CLI_EXPERIMENTAL environment variable is incorrect
Signed-off-by: Daniil Nikolenko <qoo2p5@gmail.com>
2020-05-24 23:21:20 +03:00
Silvin Lubecki 54f766d240 Partially revert cf663b526a as it breaks the version negotiation with an older docker engine.
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2020-05-20 16:10:43 +02:00
Silvin Lubecki 7cd6e893a1
Merge pull request #2500 from thaJeztah/version_context
Add "context" to "docker version" and "docker info"
2020-05-07 16:10:16 +02:00
Sebastiaan van Stijn 719169db63
Replace deprecated Cobra command.SetOutput() with command.SetOut()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:25:59 +02:00
Sebastiaan van Stijn bc938e4dea
docker info: add "context" to output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:07:22 +02:00
Sebastiaan van Stijn 181e60499f
docker version: add "context" to output
This adds the currently selected "docker context" to the output
of "docker version", which allows users to see which context
is selected to produce the version output, and can be used (for
example), to set the prompt to the currently selected context:

(in `~/.bashrc`):

```bash
function docker_context_prompt() {
        PS1="context: $(docker version --format='{{.Client.Context}}')> "
}

PROMPT_COMMAND=docker_context_prompt
```

After reloading the `~/.bashrc`, the prompt now shows the currently selected
`docker context`:

```bash
$ source ~/.bashrc
context: default> docker context create --docker host=unix:///var/run/docker.sock my-context
my-context
Successfully created context "my-context"
context: default> docker context use my-context
my-context
Current context is now "my-context"
context: my-context> docker context use default
default
Current context is now "default"
context: default>
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:07:15 +02:00
Sebastiaan van Stijn 4f058143c7
Merge pull request #2262 from dperny/swarm-jobs
Add jobs support to CLI
2020-05-06 17:00:01 +02:00
Sebastiaan van Stijn 80a2256478
Swarm init: use local IPNetSliceValue
This flag type was not yet merged upstream, so instead of
using a fork of spf13/pflag, define the type locally, so that
we can vendor the upstream package again.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-04 16:30:50 +02:00
Akihiro Suda dbc61787a7 info: print Cgroup Version
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-30 06:48:12 +09:00
Drew Erny 9375644e34 Add jobs support to CLI
* Added two new modes accepted by the `--mode` flag
  * `replicated-job` creates a replicated job
  * `global-job` creates a global job.
* When using `replicated-job` mode, the `replicas` flag sets the
  `TotalCompletions` parameter of the job. This is the total number of
  tasks that will run
* Added a new flag, `max-concurrent`, for use with `replicated-job`
  mode. This flag sets the `MaxConcurrent` parameter of the job, which
  is the maximum number of replicas the job will run simultaneously.
* When using `replicated-job` or `global-job` mode, using any of the
  update parameter flags will result in an error, as jobs cannot be
  updated in the traditional sense.
* Updated the `docker service ls` UI to include the completion status
  (completed vs total tasks) if the service is a job.
* Updated the progress bars UI for service creation and update to
  support jobs. For jobs, there is displayed a bar covering the overall
  progress of the job (the number of tasks completed over the total
  number of tasks to complete).
* Added documentation explaining the use of the new flags, and of jobs
  in general.

Signed-off-by: Drew Erny <derny@mirantis.com>
2020-04-24 11:22:10 -05:00
Sebastiaan van Stijn d0a80bf445
update docker, replace github.com/docker/pkg/term, github.com/docker/pkg/mount
These packages are now living in their own repository. Updating
docker/docker to replace the dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:16:13 +02:00
Silvin Lubecki 9fee14a814
Merge pull request #2432 from thaJeztah/network_prune_improve_message
improve "network prune" output to mention custom networks only
2020-04-21 17:06:42 +02:00
Silvin Lubecki ae66898200
Merge pull request #2424 from thaJeztah/lazy_feature_detection
cli: perform feature detection lazily
2020-04-15 16:42:26 +02:00
Sebastiaan van Stijn f88ae74135
Add "host-gateway" to tests for extra_hosts / --add-host
67ebcd6dcf added an exception for
the "host-gateway" magic value to the validation rules, but didn't
add thise value to any of the tests.

This patch adds the magic value to tests, to verify the validation
is skipped for this magic value.

Note that validation on the client side is "optional" and mostly
done to provide a more user-friendly error message for regular
values (IP-addresses).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-15 09:52:55 +02:00
Akihiro Suda a4a07c6430 calculateMemUsageUnixNoCache: subtract total_inactive_file, not cache
The new stat definition corresponds to containerd/CRI and cadvisor.

c1115d4e57/pkg/server/container_stats_list_unix.go (L106-L129)
307d1b1cb3

Fix https://github.com/moby/moby/issues/40727

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-11 08:13:21 +09:00
Sebastiaan van Stijn b39739123b
cli: perform feature detection lazily
- Perform feature detection when actually needed, instead of during
  initializing
- Version negotiation is performed either when making an API request,
  or when (e.g.) running `docker help` (to hide unsupported features)
- Use a 2 second timeout when 'pinging' the daemon; this should be
  sufficient for most cases, and when feature detection failed, the
  daemon will still perform validation (and produce an error if needed)
- context.WithTimeout doesn't currently work with ssh connections (connhelper),
  so we're only applying this timeout for tcp:// connections, otherwise
  keep the old behavior.

Before this change:

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker help &> /dev/null'
    real   0m32.919s
    user   0m0.370s
    sys    0m0.227s

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker context ls &> /dev/null'
    real   0m32.072s
    user   0m0.029s
    sys    0m0.023s

After this change:

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker help &> /dev/null'
    real   0m 2.28s
    user   0m 0.03s
    sys    0m 0.03s

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker context ls &> /dev/null'
    real   0m 0.13s
    user   0m 0.02s
    sys    0m 0.02s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:33:21 +02:00
Sebastiaan van Stijn a88a1bea23
docker build: check experimental --platform on pre-run
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:33:15 +02:00
Sebastiaan van Stijn eb93a865ed
improve "network prune" output to mention custom networks only
The `docker network prune` command removes unused custom networks,
but built-in networks won't be removed. This patch updates the
message to mention that it's only removing custom networks.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 13:45:10 +02:00
Silvin Lubecki ad256ba023
Merge pull request #2426 from thaJeztah/fix_test_env
test: make sure environment vars are reset after tests
2020-04-09 17:39:24 +02:00
Sebastiaan van Stijn 19bcebd122
test: make sure environment vars are reset after tests
The trust tests were not resetting the environment after they
ran, which could result in tests following those tests to fail.

While at it, I also updated some other tests to use gotest.tools

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-09 13:40:45 +02:00
Sebastiaan van Stijn 650c717580
TestHistoryContext_CreatedSince: skip on non-UTC environments
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-09 13:38:52 +02:00
Dominik Braun 9d9568263f Replace 'numeric' with object in -q description
Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>
2020-03-02 10:28:52 +01:00
Silvin Lubecki c3b48c5c9c
Merge pull request #2343 from thaJeztah/fix_prune_flag_description
Fix builder prune -a/--all flag description
2020-02-26 16:22:29 +01:00
Sebastiaan van Stijn 2c0e93063b
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-23 00:28:55 +01:00
Sebastiaan van Stijn aad9d2c958
Fix builder prune -a/--all flag description
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-18 14:30:28 +01:00
Andrii Berehuliak 80b22064d1
Improve service tasks grouping on printing
When printing services' tasks with `docker service ps` command, tasks are grouped only by task slot.
This leads to interleaving tasks from different services when `docker service ps` is called with multiple services.

Besides this, global services do not have slots at all and printing tasks for them doesn't group and
doesn't properly indent tasks with \_.

With this patch all tasks are grouped by service ID, slot and node ID (relevant only for global services) and it fixes issue 533.

Before this patch:

```console
docker service ps a b c

ID                  NAME                              IMAGE               NODE                DESIRED STATE       CURRENT STATE                     ERROR               PORTS
xbzm6ed776yw        c.j1afavbqqhr21jvnid3nnfoyt       nginx:alpine        docker-desktop      Running             Running 5 seconds ago
4mcsovp8ckwn         \_ c.j1afavbqqhr21jvnid3nnfoyt   nginx:alpine        docker-desktop      Shutdown            Shutdown 6 seconds ago
qpcgdsx1r21a        b.1                               nginx:alpine        docker-desktop      Running             Running 2 seconds ago
kfjo1hly92l4        a.1                               nginx:alpine        docker-desktop      Running             Running 5 seconds ago
pubrerosvsw5        b.1                               nginx:alpine        docker-desktop      Shutdown            Shutdown 3 seconds ago
fu08gfi8tfyv        a.1                               nginx:alpine        docker-desktop      Shutdown            Shutdown 7 seconds ago
pu6qmgyoibq4        b.2                               nginx:alpine        docker-desktop      Running             Ready 1 second ago
tz1n4hjne6pk         \_ b.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown less than a second ago
xq8dogqcbxd2        a.2                               nginx:alpine        docker-desktop      Running             Running 44 seconds ago
rm40lofzed0h        a.3                               nginx:alpine        docker-desktop      Running             Starting less than a second ago
sqqj2n9fpi82        b.3                               nginx:alpine        docker-desktop      Running             Running 5 seconds ago
prv3gymkvqk6         \_ b.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 6 seconds ago
qn7c7jmjuo76        a.3                               nginx:alpine        docker-desktop      Shutdown            Shutdown less than a second ago
wi9330mbabpg        a.4                               nginx:alpine        docker-desktop      Running             Running 2 seconds ago
p5oy6h7nkvc3         \_ a.4                           nginx:alpine        docker-desktop      Shutdown            Shutdown 3 seconds ago
```

After this patch:

```console
docker service ps a b c

ID                  NAME                              IMAGE               NODE                DESIRED STATE       CURRENT STATE             ERROR               PORTS
kfjo1hly92l4        a.1                               nginx:alpine        docker-desktop      Running             Running 32 seconds ago
fu08gfi8tfyv         \_ a.1                           nginx:alpine        docker-desktop      Shutdown            Shutdown 34 seconds ago
3pam0limnn24        a.2                               nginx:alpine        docker-desktop      Running             Running 23 seconds ago
xq8dogqcbxd2         \_ a.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown 24 seconds ago
rm40lofzed0h        a.3                               nginx:alpine        docker-desktop      Running             Running 26 seconds ago
qn7c7jmjuo76         \_ a.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 27 seconds ago
wi9330mbabpg        a.4                               nginx:alpine        docker-desktop      Running             Running 29 seconds ago
p5oy6h7nkvc3         \_ a.4                           nginx:alpine        docker-desktop      Shutdown            Shutdown 30 seconds ago
qpcgdsx1r21a        b.1                               nginx:alpine        docker-desktop      Running             Running 29 seconds ago
pubrerosvsw5         \_ b.1                           nginx:alpine        docker-desktop      Shutdown            Shutdown 30 seconds ago
pu6qmgyoibq4        b.2                               nginx:alpine        docker-desktop      Running             Running 26 seconds ago
tz1n4hjne6pk         \_ b.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown 27 seconds ago
sqqj2n9fpi82        b.3                               nginx:alpine        docker-desktop      Running             Running 32 seconds ago
prv3gymkvqk6         \_ b.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 33 seconds ago
xbzm6ed776yw        c.j1afavbqqhr21jvnid3nnfoyt       nginx:alpine        docker-desktop      Running             Running 32 seconds ago
4mcsovp8ckwn         \_ c.j1afavbqqhr21jvnid3nnfoyt   nginx:alpine        docker-desktop      Shutdown            Shutdown 33 seconds ago
```

Signed-off-by: Andrii Berehuliak <berkusandrew@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-17 14:47:12 +01:00
Sebastiaan van Stijn c84f95815d
Remove deprecated docker search --automated and --stars flags
The `docker search --automated` and `docker search --stars` options were
deprecated in release v1.12.0, and scheduled for removal in v17.09.

This patch removes the deprecated flags, in favor of their equivalent
`--filter` options (`docker search --filter=is-automated=<true|false>` and
`docker search --filter=stars=...`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 17:19:54 +01:00
Sebastiaan van Stijn 9b549401b6
vendor: update docker to 58c2615208962a458ed94f4b6262eb27e5e021cd
full diff: a9507c6f76...58c2615208

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:12 +01:00
Sebastiaan van Stijn 8ef8547eb6
Merge pull request #2024 from rgulewich/1988-run-cgroupns-mode
docker run: specify cgroup namespace mode with --cgroupns
2020-02-11 11:16:05 +01:00
Rob Gulewich 5ad1d4d4c8 docker run: specify cgroup namespace mode with --cgroupns
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2020-01-29 22:50:37 +00:00
Sebastiaan van Stijn 9e620e990f
implement docker push -a/--all-tags
The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998)
always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.)
all of  `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`.

Pushing all tags of an image was not desirable in many case, so docker v0.10.0
enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`)
(see https://github.com/moby/moby/issues/3411 and the pull request that implemented
this: https://github.com/moby/moby/pull/4948).

This behavior exists up until today, and is confusing, because unlike other commands,
`docker push` does not default to use the `:latest` tag when omitted, but instead
makes it push "all tags of the image"

For example, in the following situation;

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
```

Running `docker push thajeztah/myimage` seemingly does the expected behavior (it
pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the
reason expected (`:latest` being the default tag), but because `:latest` happens
to be the only tag present for the `thajeztah/myimage` image.

If another tag exists for the image:

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
thajeztah/myimage   v1.0.0                     b534869c81f0        41 hours ago        1.22MB
```

Running the same command (`docker push thajeztah/myimage`) will push _both_ images
to Docker Hub.

> Note that the behavior described above is currently not (clearly) documented;
> the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/)
does not mention that omitting the tag will push all tags

This patch changes the default behavior, and if no tag is specified, `:latest` is
assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar
to the flag that's present on `docker pull`.

With this change:

- `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest`
- to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 16:21:06 +01:00
Sebastiaan van Stijn 8f5379b301
Update flag description for docker rm -v
The `-v` option removes anonymous volume only, and keeps
named volumes.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-25 13:54:23 +01:00
Sebastiaan van Stijn 94443920b1
Fix: docker push --quiet suppressing errors and exit code
Before this patch:

    docker push --quiet nosuchimage
    docker.io/library/nosuchimage

    echo $?
    0

With this patch applied:

    docker push --quiet nosuchimage:latest
    An image does not exist locally with the tag: nosuchimage

    echo $?
    1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-24 13:53:24 +01:00
Rahul Zoldyck 139af1f6d6
Add log-driver and options to service inspect "pretty" format
Signed-off-by: Rahul Zoldyck <rahulzoldyck@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-17 15:10:36 +01:00
Sebastiaan van Stijn 73dcf50d5a
cli/command: fix formatting of comments, and minor linting issues
Comments should have a leading space unless the comment is
for special purposes (go:generate, nolint:)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-16 12:47:12 +01:00
Aleksander Piotrowski c2c7503d49
Convert ports before parsing.
Refactor code to allow mixed notation with -p flag.

Signed-off-by: Aleksander Piotrowski <apiotrowski312@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-15 15:09:00 +01:00
Nick Adcock 154a1f6df8 Reverse order of long-form ports
Reverses the order long-form port options when converted to short-form
to correctly match the documentation and `docker service create`.

Post change `-p published=8111,target=8112` is the equivalent of
`8111:8112`

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-15 12:11:57 +00:00
Sebastiaan van Stijn aef6b04a7c
Fix docker ps table headers with custom format and "split" or "join"
Update the list of overrides for table headers so that columns using split or
join will produce the correct table header.

Before this patch:

    docker ps --format='table {{split .Names "/"}}'
    [NAMES]
    [unruffled_mclean]
    [eloquent_meitner]
    [sleepy_grothendieck]

With this patch applied:

    docker ps --format='table {{split .Names "/"}}'
    NAMES
    [unruffled_mclean]
    [eloquent_meitner]
    [sleepy_grothendieck]

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-27 12:36:02 +01:00
Sebastiaan van Stijn 69f216f6e4
Fix docker ps --format with templating functions
Before this patch, using a template that used templating functions (such as
`lower` or `json`) caused the command to fail in the pre-processor step (in
`buildContainerListOptions`):

    docker ps --format='{{upper .Names}}'
    template: :1:8: executing "" at <.Names>: invalid value; expected string

This problem was due to the pre-processing using a different "context" type than
was used in the actual template, and custom functions to not be defined when
instantiating the Go template.

With this patch, using functions in templates works correctly:

    docker ps --format='{{upper .Names}}'
    MUSING_NEUMANN
    ELOQUENT_MEITNER

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-27 12:35:55 +01:00
Sebastiaan van Stijn b062726313
command/container: unify list tests in a single file
Move the remaining test with the others, and rename it from
`TestBuildContainerListOptions` to `TestContainerListBuildContainerListOptions`,
so that it has the same prefix as the other tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-20 14:59:43 +01:00
Sebastiaan van Stijn 43b2f52d0c
Remove "docker engine" subcommands
These subcommands were created to allow upgrading a Docker Community
engine to Docker Enterprise, but never really took off.

This patch removes the `docker engine` subcommands, as they added
quite some complexity / additional code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 17:51:25 +01:00
Silvin Lubecki 0fd5c16ab9
Merge pull request #1936 from thaJeztah/bump_jwt_go
bump dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a
2019-12-12 14:50:10 +01:00
Brian Goff 08eaead288
Merge pull request #2216 from thaJeztah/remove_dab_deploy
Remove experimental "deploy" from "dab" files
2019-12-10 11:00:34 -08:00
Sebastiaan van Stijn dd87cd9feb
bump github.com/dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a4f59e9e70764ea6f6901cf17b88059789
full diff:

- a2c85815a7...v3.2.0
  - https://github.com/dgrijalva/jwt-go/blob/v3.2.0/VERSION_HISTORY.md
- 9781369abd...5f0f1276fe42dd721c1c093604995a9f758ace21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-10 14:24:37 +01:00
Sebastiaan van Stijn 585ec4da97
docker cp: prevent NPE when failing to stat destination
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 15:32:02 +01:00
Sebastiaan van Stijn 99ad13e374
Remove experimental "deploy" from "dab" files
The top-level `docker deploy` command (using the "Docker Application Bundle"
(`.dab`) file format was introduced as an experimental feature in Docker 1.13 /
17.03, but superseded by support for Docker Compose files.

With no development being done on this feature, and no active use of the file
format, support for the DAB file format and the top-level `docker deploy` command
(hidden by default in 19.03), is removed in this patch, in favour of `docker stack deploy`
using compose files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 10:34:14 +01:00
Silvin Lubecki 8547dfcff7
Merge pull request #1803 from thaJeztah/add_ip_address_to_advanced_options
Add ip address to advanced options
2019-12-04 15:16:15 +01:00
Silvin Lubecki 6eee39df0c
Merge pull request #2175 from thaJeztah/pin_in_scope
parseNetworkOpts, updatePorts: pin variables in scope (scopelint)
2019-12-04 14:50:00 +01:00
Tibor Vass 13fb276442
Merge pull request #2129 from derskeal/patch-1
Fix typo
2019-12-02 15:02:38 -08:00
Sebastiaan van Stijn 01883d5e2c
Merge pull request #2194 from tiborvass/fix-cp-trailing-slash
cp: allow trailing slash in non-existant destination
2019-11-26 21:27:42 +01:00
Justyn Temme 756ab2fb92
Add support for docker push --quiet
Signed-off-by: Justyn Temme <justyntemme@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-12 09:48:04 -08:00
Tibor Vass 26dbc3226c cp: allow trailing slash in non-existant destination
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-11-12 17:25:25 +00:00
Anca Iordache 22a5dad847 app-214 Load Client info in getter function
Signed-off-by: Anca Iordache <anca.iordache@docker.com>

Possible approach for client info

- split ClientInfo() into ClientInfo() and loadClientInfo()
- split ConfigFile() into ConfigFile() and loadConfigFile()
- ConfigFile() and ClientInfo() call their corresponding loadXX function
  if it has not yet been loaded; this allows them to be used before
  Initialize() was called.
- Initialize() *always* (re-)loads the configuration; this makes sure
  that the correct configuration is used when actually calling commands.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-08 11:39:07 +01:00
Silvin Lubecki 9e041dd34c
Merge pull request #2107 from jonatasbaldin/2047-fix-image-createdsince-without-value
Fix CREATED field when listing image if date is not specified
2019-11-05 09:46:14 +01:00
Tibor Vass 3d35fd40d2
Merge pull request #2179 from sj26/builder-prune-filter-docs
unused-for is a deprecated synonym for until
2019-11-04 17:27:51 -08:00
Sebastiaan van Stijn 1e7774228c
service: remove unused opts from newService() (unparam)
```
cli/command/service/client_test.go:75:41: `newService` - `opts` always receives `nil` (unparam)
func newService(id string, name string, opts ...func(*swarm.Service)) swarm.Service {
                                        ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:43 +01:00
Sebastiaan van Stijn 640305f33c
cli/command/stack/kubernetes: Using the variable on range scope `c` in function literal (scopelint)
```
cli/command/stack/kubernetes/convert_test.go:199:35: Using the variable on range scope `c` in function literal (scopelint)
			conv, err := NewStackConverter(c.version)
			                               ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:42 +01:00
Sebastiaan van Stijn 542f80241e
cli/command/container: Using the variable on range scope `c` in function literal (scopelint)
```
cli/command/container/create_test.go:120:20: Using the variable on range scope `c` in function literal (scopelint)
				defer func() { c.ResponseCounter++ }()
				               ^
cli/command/container/create_test.go:121:12: Using the variable on range scope `c` in function literal (scopelint)
				switch c.ResponseCounter {
				       ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:42 +01:00
Sebastiaan van Stijn 754fc6fe67
cli/command/stack/kubernetes: Using a reference for the variable on range scope `obj` (scopelint)
```
cli/command/stack/kubernetes/watcher_test.go:44:20: Using a reference for the variable on range scope `obj` (scopelint)
		if err := o.Add(&obj); err != nil {
		                 ^
cli/command/stack/kubernetes/watcher_test.go:49:20: Using a reference for the variable on range scope `obj` (scopelint)
		if err := o.Add(&obj); err != nil {
		                 ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:41 +01:00
Sebastiaan van Stijn 79dc83e78b
cli/command/container: suppress dogsled warnings
```
cli/command/container/opts_test.go:68:2: declaration has 3 blank identifiers (dogsled)
	_, _, _, err := parseRun(strings.Split(args+" ubuntu bash", " "))
	^
cli/command/container/opts_test.go:542:2: declaration has 3 blank identifiers (dogsled)
	_, _, _, err = parseRun([]string{"--uts=container:", "img", "cmd"})
	^
cli/command/container/opts_test.go:603:2: declaration has 3 blank identifiers (dogsled)
	_, _, _, err := parseRun([]string{"--rm", "--restart=always", "img", "cmd"})
	^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:38 +01:00
Sebastiaan van Stijn 612d83d6df
cli: remove unnecessary newlines (whitespace)
```
cli/config/config_test.go:465: unnecessary trailing newline (whitespace)

}
cli/compose/interpolation/interpolation.go:56: unnecessary leading newline (whitespace)
	switch value := value.(type) {

cli/compose/interpolation/interpolation.go:94: unnecessary trailing newline (whitespace)

	}
cli/command/image/build/context.go:348: unnecessary trailing newline (whitespace)

		}
internal/licenseutils/client_test.go:98: unnecessary leading newline (whitespace)
func (c *fakeLicensingClient) LoadLocalLicense(ctx context.Context, dclnt licensing.WrappedDockerClient) (*model.Subscription, error) {

cli/registry/client/fetcher.go:211: unnecessary leading newline (whitespace)
	for _, endpoint := range endpoints {
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:36 +01:00
Sebastiaan van Stijn 2ec424a2d9
cli/command: Using the variable on range scope `testcase` in function literal (scopelint)
```
cli/command/cli_test.go:157:15: Using the variable on range scope `testcase` in function literal (scopelint)
				pingFunc: testcase.pingFunc,
				          ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:36 +01:00
Sebastiaan van Stijn 7c4b63b1c3
cli/command/trust: Using the variable on range scope `keyBytes` in function literal (scopelint)
```
cli/command/trust/key_load_test.go:121:27: Using the variable on range scope `keyID` in function literal (scopelint)
			testLoadKeyFromPath(t, keyID, keyBytes)
			                       ^
cli/command/trust/key_load_test.go:176:32: Using the variable on range scope `keyBytes` in function literal (scopelint)
			testLoadKeyTooPermissive(t, keyBytes)
			                            ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:35 +01:00
Sebastiaan van Stijn a269e17d72
cli/command/context: Using the variable on range scope `c` in function literal (scopelint)
```
cli/command/context/create_test.go:270:31: Using the variable on range scope `c` in function literal (scopelint)
				Name:                     c.name,
				                          ^
cli/command/context/create_test.go:271:31: Using the variable on range scope `c` in function literal (scopelint)
				Description:              c.description,
				                          ^
cli/command/context/create_test.go:272:31: Using the variable on range scope `c` in function literal (scopelint)
				DefaultStackOrchestrator: c.orchestrator,

cli/command/context/create_test.go:346:31: Using the variable on range scope `c` in function literal (scopelint)
				Name:                     c.name,
				                          ^
cli/command/context/create_test.go:347:31: Using the variable on range scope `c` in function literal (scopelint)
				Description:              c.description,
				                          ^
cli/command/context/create_test.go:348:31: Using the variable on range scope `c` in function literal (scopelint)
				DefaultStackOrchestrator: c.orchestrator,
				                          ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:35 +01:00
Sebastiaan van Stijn e74e2c7741
cli/command/formatter: Error return value of `ContainerWrite` is not checked (errcheck)
```
cli/command/formatter/container_test.go:315:17: Error return value of `ContainerWrite` is not checked (errcheck)
		ContainerWrite(context.context, containers)
		              ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:31 +01:00
Sebastiaan van Stijn 008f6a2da3
cli/command: Error return value of `cli.Apply` is not checked (errcheck)
```
cli/command/cli_test.go:297:11: Error return value of `cli.Apply` is not checked (errcheck)
	cli.Apply(
	         ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:31 +01:00
Sebastiaan van Stijn 9275e2cb66
cli/command/formatter: Error return value of `ImageWrite` is not checked (errcheck)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:30 +01:00
Sebastiaan van Stijn 709728e723
cli/command/image: SA1006: printf-style with no further arguments (staticcheck)
cli/command/image/build.go:434:32: SA1006: printf-style function with dynamic format string and no further arguments should use print-style function instead (staticcheck)
    		fmt.Fprintf(dockerCli.Out(), imageID)
    		                             ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:29 +01:00
Sebastiaan van Stijn ea64a1ceb9
cli/command/utils: SA1006: printf-style with no further arguments (staticcheck)
```
cli/command/utils.go:81:20: SA1006: printf-style function with dynamic format string and no further arguments should use print-style function instead (staticcheck)
	fmt.Fprintf(outs, message)
	                  ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:29 +01:00
Sebastiaan van Stijn f0614ca788
cli/command/trust: SA1006: printf-style with no further arguments (staticcheck)
```
cli/command/trust/key_generate.go:91:30: SA1006: printf-style function with dynamic format string and no further arguments should use print-style function instead (staticcheck)
		fmt.Fprintf(streams.Out(), err.Error())
		                           ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:28 +01:00
Sebastiaan van Stijn 0e4bd30cfe
cli/command/image/build: G107: Potential HTTP request made with variable url (gosec)
cli/command/image/build/context.go:235: G107: Potential HTTP request made with variable url (gosec)
    	if resp, err = http.Get(url); err != nil {

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:28 +01:00
Sebastiaan van Stijn 8d64c2af1a
cli/command/service: SA1012: do not pass a nil Context (staticcheck)
```
cli/command/service/update_test.go:31:16: SA1012: do not pass a nil Context, even if a function permits it; pass context.TODO if you are unsure about which Context to use (staticcheck)
	updateService(nil, nil, flags, spec)
	              ^
cli/command/service/update_test.go:535:16: SA1012: do not pass a nil Context, even if a function permits it; pass context.TODO if you are unsure about which Context to use (staticcheck)
	updateService(nil, nil, flags, spec)
	              ^
cli/command/service/update_test.go:540:16: SA1012: do not pass a nil Context, even if a function permits it; pass context.TODO if you are unsure about which Context to use (staticcheck)
	updateService(nil, nil, flags, spec)
	              ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:27 +01:00
Sebastiaan van Stijn 1850a0595b
cli/command/secret: G101: Potential hardcoded credentials (gosec)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:27 +01:00
Silvin Lubecki b83545ebbc
cli/command/image/build/context_test.go:244:38: `createTestTempDir` - `prefix` always receives `"builder-context-test"` (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:25 +01:00
Silvin Lubecki 4be924a0af
cli/command/registry/login_test.go:66:25: unnecessary conversion (unconvert)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:25 +01:00
Silvin Lubecki 6047259e5a
File is not `goimports`-ed (goimports)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:24 +01:00
Silvin Lubecki 0153624a56
cli/command/trust/sign_test.go:119:70: unnecessary conversion (unconvert)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:23 +01:00
Silvin Lubecki 47741f81d1
cli/command/system/info.go:116:68: prettyPrintClientInfo - result 0 (error) is always nil (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:20 +01:00
Silvin Lubecki a3c7cb4f12
cli/command/stack/kubernetes/deploy_test.go:65:68: `checkOwnerReferences` - `stackName` always receives `"test"` (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:19 +01:00
Silvin Lubecki ab1aeedb27
cli/command/plugin/list_test.go:61:31: `TestList$1` - `filter` is unused (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:19 +01:00
Silvin Lubecki 75c60c1af7
cli/command/image/build_session.go:133:45: getBuildSharedKey - result 1 (error) is always nil (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:18 +01:00
Silvin Lubecki 28ac2f82c6
cli/command/image/build_buildkit.go:450:56: parseSSH - result 1 (error) is always nil (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:18 +01:00
Silvin Lubecki 0ce2eae5a2
cli/command/image/build/context_test.go:252:71: `createTestTempFile` - `perm` always receives `0777` (`511`) (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:17 +01:00
Silvin Lubecki 70bd64d037
cli/command/image/build/context_test.go:244:38: `createTestTempDir` - `dir` always receives `""` (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:17 +01:00
Silvin Lubecki e1c0c7979e
unchecked errors
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:16 +01:00
Silvin Lubecki 584da37756
cli/command/container/attach.go:141:15: nilness: impossible condition: nil != nil (govet)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:16 +01:00
Silvin Lubecki 9afeb6f432
cli/command/container/start.go:157:20: nilness: nil dereference in type assertion (govet)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:13 +01:00
Silvin Lubecki 85cfd4e518
cli/command/stack/kubernetes/list.go:32:47: nilness: tautological condition: non-nil != nil (govet)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:13 +01:00
Silvin Lubecki f5e8387067
cli/command/trust/key_generate.go:112:9: nilness: impossible condition: nil != nil (govet)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:12 +01:00
Silvin Lubecki 3a428202bf
SA1019: httputil.ErrPersistEOF is deprecated: No longer used. (staticcheck)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:12 +01:00
Silvin Lubecki 7da9360477
cli/command/container/stats.go:211:21: SA1015: using time.Tick leaks the underlying ticker, consider using it only in endless functions, tests and the main package, and use time.NewTicker here (staticcheck)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:11 +01:00
Silvin Lubecki 8018a850cb
cli/command/trust/inspect_pretty_test.go:399:24: SA4010: this result of append is never used, except maybe in other appends (staticcheck)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:10 +01:00
Sebastiaan van Stijn 2d0c10d77a
kubernetes/conversion_test: use test-builders package
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 16:10:22 +01:00
Samuel Cochran 758d12e651
unused-for is a deprecated synonym
See 9e7d5ac5ea/builder/builder-next/builder.go (L574)

Signed-off-by: Samuel Cochran <sj26@sj26.com>
2019-10-30 14:52:14 +11:00
Jonatas Baldin 56729bc0a4 Return empty string if image createdAt is zero
Signed-off-by: Jonatas Baldin <jonatas.baldin@gmail.com>
2019-10-29 17:15:28 -03:00
Djordje Lukic 568ea3a329
Refactor the `stack services` command to be uniform
Running `docker stack services <STACK> --orchestrator swarm would yield
the message "Noting found in stack: asdf" with an exit code 0. The same
command with kubernetes orchestrator would yield "nothing found in
stack: adsf" (note the lower-case "nothing") and a non-zero exit code.
This change makes the `stack services` command uniform for both
orchestrators. The logic of getting and printing services is split to
reuse the same formatting code.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 15:58:10 +01:00
Sebastiaan van Stijn 20424e2f51
Add test for ServiceStatus
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 15:49:35 +01:00
Sebastiaan van Stijn 7405ac5c2d
Services: use ServiceStatus on API v1.41 and up
API v1.41 adds a new option to get the number of desired
and running tasks when listing services. This patch enables
this functionality, and provides a fallback mechanism when
the ServiceStatus is not available, which would be when
using an older API version.

Now that the swarm.Service struct captures this information,
the `ListInfo` type is no longer needed, so it is removed,
and the related list- and formatting functions have been
modified accordingly.

To reduce repetition, sorting the services has been moved
to the formatter. This is a slight change in behavior, but
all calls to the formatter performed this sort first, so
the change will not lead to user-facing changes.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 15:49:28 +01:00
Sebastiaan van Stijn 228e0f5e76
TestStackServicesErrors: use sub-tests, and return tasks
This also sets the services to have a Mode set, otherwise
they would be invalid.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 15:47:52 +01:00
Sebastiaan van Stijn 962015b057
internal/builders: add GlobalService, ServiceStatus, NodeList()
This patch:

- Adds new GlobalService and ServiceStatus options
- Makes the NodeList() function functional
- Minor improvment to the `newService()` function to allow passing options

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 15:47:49 +01:00
Sebastiaan van Stijn 54411e5a92
cli/command/container: Using a reference for the variable on range scope `n` (scopelint)
```
cli/command/container/opts.go:700:37: Using a reference for the variable on range scope `n` (scopelint)
			if err := applyContainerOptions(&n, copts); err != nil {
			                                 ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 14:59:16 +01:00
Sebastiaan van Stijn 648199b321
cli/command/service: Using a reference for the variable on range scope `entry` (scopelint)
```
cli/command/service/update.go:1007:43: Using a reference for the variable on range scope `entry` (scopelint)
		if _, ok := portSet[portConfigToString(&entry)]; !ok {
		                                        ^
cli/command/service/update.go:1008:32: Using a reference for the variable on range scope `entry` (scopelint)
			portSet[portConfigToString(&entry)] = entry
			                            ^
cli/command/service/update.go:1034:44: Using a reference for the variable on range scope `port` (scopelint)
			if _, ok := portSet[portConfigToString(&port)]; ok {
			                                        ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-29 14:59:12 +01:00
Sebastiaan van Stijn 2eb5cdba46
Merge pull request #2087 from shahzzzam/sam/fix-print
fix formatting issue of encoded url
2019-10-29 12:28:09 +01:00
Derskeal 167b3906fe Update flag doc
Signed-off-by: Derskeal <27731088+derskeal@users.noreply.github.com>
2019-10-29 12:01:30 +01:00
Sebastiaan van Stijn 79aa6cce19
TestFormatInfo: add extra test-case
This case was in a test in the engine repository, where
it is being removed, so add it to the list of existing
tests here.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-18 23:40:02 +02:00
Tibor Vass 5d85cdacd2
Merge pull request #2123 from thaJeztah/hide_unsupported_buildkit_flags
Annotate flags that are not supported by Buildkit
2019-10-10 21:54:15 -07:00
Silvin Lubecki 3e07fa728a
Merge pull request #2110 from tiborvass/update-vendor
vendor: align with engine at b6684a403c99aaf6be5b8ce0bef3c6650fcdcd12
2019-10-07 21:37:19 +02:00
Sebastiaan van Stijn 7eecbb96af
Annotate flags that are not supported by Buildkit
Before this patch:

```

Usage:	docker build [OPTIONS] PATH | URL | -

Build an image from a Dockerfile

Options:
      --add-host list           Add a custom host-to-IP mapping (host:ip)
      --build-arg list          Set build-time variables
      --cache-from strings      Images to consider as cache sources
      --cgroup-parent string    Optional parent cgroup for the container
      --cpu-period int          Limit the CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int           Limit the CPU CFS (Completely Fair Scheduler) quota
  -c, --cpu-shares int          CPU shares (relative weight)
      --cpuset-cpus string      CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string      MEMs in which to allow execution (0-3, 0,1)
      --disable-content-trust   Skip image verification (default true)
  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
      --force-rm                Always remove intermediate containers
      --iidfile string          Write the image ID to the file
      --isolation string        Container isolation technology
      --label list              Set metadata for an image
  -m, --memory bytes            Memory limit
      --memory-swap bytes       Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --network string          Set the networking mode for the RUN instructions during build (default "default")
      --no-cache                Do not use cache when building the image
  -o, --output stringArray      Output destination (format: type=local,dest=path)
      --platform string         Set platform if server is multi-platform capable
      --progress string         Set type of progress output (auto, plain, tty). Use plain to show container output (default "auto")
      --pull                    Always attempt to pull a newer version of the image
  -q, --quiet                   Suppress the build output and print image ID on success
      --rm                      Remove intermediate containers after a successful build (default true)
      --secret stringArray      Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret
      --security-opt strings    Security options
      --shm-size bytes          Size of /dev/shm
      --squash                  Squash newly built layers into a single new layer
      --ssh stringArray         SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
  -t, --tag list                Name and optionally a tag in the 'name:tag' format
      --target string           Set the target build stage to build.
      --ulimit ulimit           Ulimit options (default [])
```

With this patch applied:

```
DOCKER_BUILDKIT=1 docker build --help

Usage:	docker build [OPTIONS] PATH | URL | -

Build an image from a Dockerfile

Options:
      --add-host list           Add a custom host-to-IP mapping (host:ip)
      --build-arg list          Set build-time variables
      --cache-from strings      Images to consider as cache sources
      --disable-content-trust   Skip image verification (default true)
  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
      --iidfile string          Write the image ID to the file
      --isolation string        Container isolation technology
      --label list              Set metadata for an image
      --network string          Set the networking mode for the RUN instructions during build (default "default")
      --no-cache                Do not use cache when building the image
  -o, --output stringArray      Output destination (format: type=local,dest=path)
      --platform string         Set platform if server is multi-platform capable
      --progress string         Set type of progress output (auto, plain, tty). Use plain to show container output (default "auto")
      --pull                    Always attempt to pull a newer version of the image
  -q, --quiet                   Suppress the build output and print image ID on success
      --secret stringArray      Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret
      --squash                  Squash newly built layers into a single new layer
      --ssh stringArray         SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
  -t, --tag list                Name and optionally a tag in the 'name:tag' format
      --target string           Set the target build stage to build.
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-04 15:55:04 +02:00
Tibor Vass 38c02a9280 vendor: align with engine at b6684a403c99aaf6be5b8ce0bef3c6650fcdcd12
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-10-02 01:47:08 +00:00
Tibor Vass c3990f3ba6 build: remove --stream
--stream was always experimental and this patch removes the functionality.

Users should enable BuildKit with DOCKER_BUILDKIT=1

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-10-01 18:30:46 +00:00
Sam ee76ac8f93 fix formatting issue of encoded urlSigned-off-by: Sam <samashah@microsoft.com> 2019-09-25 22:58:04 +00:00
Tibor Vass 0df5d6427e vendor: update buildkit to 10cef0c and fsutil 7f9f923
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-24 00:11:38 +00:00
Carlos de Paula 41aa20b6b5 Add riscv64 to manifest annotation and bash completion
Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-10 13:00:23 -03:00
Silvin Lubecki 7aa764bba9
Merge pull request #2028 from pszczekutowicz/master
Sort list of services from swarm stacks using natural sorting
2019-09-05 11:47:58 +02:00
Paweł Szczekutowicz 34447852b5 Sort services from stack from swarm
Signed-off-by: Paweł Szczekutowicz <pszczekutowicz@gmail.com>
2019-09-02 21:19:10 +02:00
knqyf263 7634872a39 fix(pull_test): for quiet option
Signed-off-by: Teppei Fukuda <knqyf263@gmail.com>
2019-08-27 18:23:24 +09:00
Nicolas De Loof e25e077a20
restore support for env variables to configure proxy
regression introduced by b34f34
close #39654

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2019-08-22 16:39:21 +02:00
Sebastiaan van Stijn 1fdbd6181e
docker ps: add State field to formatting
The State field allows printing the container state without
additional information about uptime, healthcheck, etc.

With this patch, the container's state can be printed independently:

```bash
docker ps -a --format '{{.State}}'
running
paused
exited
created
```

```bash
docker ps -a --format 'table {{.Names}}\t{{.State}}\t{{.Status}}'
NAMES                     STATE               STATUS
elastic_burnell           running             Up About a minute
pausie                    paused              Up 5 minutes (Paused)
peaceful_stonebraker      exited              Exited (0) 10 hours ago
vigilant_shaw             created             Created
```

```bash
docker ps -a --format 'raw'

container_id: 0445f73f3a71
image: docker-cli-dev
command: "ash"
created_at: 2019-07-12 11:16:11 +0000 UTC
state: running
status: Up 2 minutes
names: elastic_burnell
labels:
ports:

container_id: 1aff69a3912c
image: nginx:alpine
command: "nginx -g 'daemon of ..."
created_at: 2019-07-12 11:12:10 +0000 UTC
state: paused
status: Up 6 minutes (Paused)
names: pausie
labels: maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
ports: 80/tcp

container_id: d48acf66c318
image: alpine:3.9.3
command: "id -u"
created_at: 2019-07-12 00:52:17 +0000 UTC
state: exited
status: Exited (0) 10 hours ago
names: peaceful_stonebraker
labels:
ports:

container_id: a0733fe0dace
image: b7b28af77ffe
command: "/bin/sh -c '#(nop) ..."
created_at: 2019-07-12 00:51:29 +0000 UTC
state: created
status: Created
names: vigilant_shaw
labels:
ports:
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-12 13:31:16 +02:00
Vincent Demeester c9db0fe938
Merge pull request #1968 from thaJeztah/skip_windows_permissions_check
Windows: skip permissions check on key
2019-07-05 10:16:21 +02:00
Sebastiaan van Stijn ee29504923
Do not disable sig-proxy when using a TTY
This partially reverts e0b59ab52b,
and does not automatically disable proxying signals in TTY-mode

Before this change:
------------------------------------

Start a container with a TTY in one shell:

```
docker run -it --init --name repro-28872 busybox sleep 30
```

then, in another shell, kill the docker cli:

```
kill `pgrep -f repro-28872`
```

Notice that the CLI was killed, but the signal not forwarded to the container;
the container continues running

```
docker container inspect --format '{{ .State.Status }}' repro-28872
running

docker container rm -f repro-28872
```

After this change:
------------------------------------

Start a container with a TTY in one shell:

```
docker run -it --init --name repro-28872 busybox sleep 30
```

then, in another shell, kill the docker cli:

```
kill `pgrep -f repro-28872`
```

Verify that the signal was forwarded to the container, and the container exited

```
docker container inspect --format '{{ .State.Status }}' repro-28872
exited

docker container rm -f repro-28872
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-25 16:29:21 +02:00
Sebastiaan van Stijn 15d361fd77
Windows: skip permissions check on key
This code was attempting to check Linux file permissions
to determine if the key was accessible by other users, which
doesn't work, and therefore prevented users on Windows
to load keys.

Skipping this check on Windows (correspinding tests
were already skipped).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-25 00:12:01 +02:00
Sebastiaan van Stijn 4d7e6bf629
Fix advanced options for backward compatibility
For backward compatibility: if no custom options are provided for the network,
and only a single network is specified, omit the endpoint-configuration
on the client (the daemon will still create it when creating the container)

This fixes an issue on older versions of legacy Swarm, which did not support
`NetworkingConfig.EndpointConfig`.

This was introduced in 5bc09639cc (#1767)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-24 23:17:25 +02:00
Goksu Toprak 291e86289b Introduce .zip import for docker context
Adds capabilities to import a .zip file with importZip.
Detects the content type of source by checking bytes & DetectContentType.
Adds LimitedReader reader, a fork of io.LimitedReader,
was needed for better error messaging instead of just getting back EOF.
We are using limited reader to avoid very big files causing memory issues.
Adds a new file size limit for context imports,
this limit is used for the main file for .zip & .tar and individual compressed
files for .zip.
Added TestImportZip that will check the import content type
Then will assert no err on Importing .zip file

Signed-off-by: Goksu Toprak <goksu.toprak@docker.com>
2019-05-29 12:58:45 -07:00
Ian Campbell c455193d14 Push check for kubernetes requirement down into the endpoint
This is less of a layering violation and removes some ugly hardcoded
`"kubernetes"` strings which were needed to avoid an import loop.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-20 13:28:11 +01:00
Ian Campbell 520be05c49 Dynamically register kubernetes context store endpoint type.
This removes the need for the core context code to import
`github.com/docker/cli/cli/context/kubernetes` which in turn reduces the
transitive import tree in this file to not pull in all of Kubernetes.

Note that this means that any calling code which is interested in the
kubernetes endpoint must import `github.com/docker/cli/cli/context/kubernetes`
itself somewhere in order to trigger the dynamic registration. In practice
anything which is interested in Kubernetes must import that package (e.g.
`./cli/command/context.list` does for the `EndpointFromContext` function) to do
anything useful, so this restriction is not too onerous.

As a special case a small amount of Kubernetes related logic remains in
`ResolveDefaultContext` to handle error handling when the stack orchestrator
includes Kubernetes. In order to avoid a circular import loop this hardcodes
the kube endpoint name.

Similarly to avoid an import loop the existing `TestDefaultContextInitializer`
cannot continue to unit test for the Kubernetes case, so that aspect of the
test is carved off into a very similar test in the kubernetes context package.

Lastly, note that the kubernetes endpoint is now modifiable via
`WithContextEndpointType`.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-20 13:28:11 +01:00
Ian Campbell f820766f6a Export `DefaultContextStoreConfig()` and `ResolveDefaultContext()`
These are needed by any dynamically registered (via
`RegisterDefaultStoreEndpoints`) endpoint type to write a useful/sensible unit
test.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-20 13:28:11 +01:00
Ian Campbell 1433e27420 Allow dynamically registered context endpoint to provide their defaults.
Previously an endpoint registered using `RegisterDefaultStoreEndpoints` would
not be taken into consideration by `resolveDefaultContext` and so could not
provide any details.

Resolve this by passing a `store.Config` to `resolveDefaultContext` and using
it to iterate over all registered endpoints. Any endpoint can ensure that their
type implements the new `EndpointDefaultResolver` in order to provide a default.

The Docker and Kubernetes endpoints are special cased, shortly the Kubernetes
one will be refactored to be dynamically registered.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-20 13:28:11 +01:00
Ian Campbell 087c3f7d08 Support dynamic registration of context store endpoint types
This is a yet unused and the default set remains the same, no expected
functional change.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-20 13:28:11 +01:00
Ian Campbell d84e278aac fix a few typos
Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-20 13:28:11 +01:00
Ian Campbell 8635abd662 Use underlying `NewKubernetesConfig` directly from compose-on-kubernetes.
The comment on `github.com/docker/cli/kubernetes.NewKubernetesConfig` said:

    // Deprecated: Use github.com/docker/compose-on-kubernetes/api.NewKubernetesConfig instead

By making this switch in `github.com/docker/cli/context/kubernetes/load.go` we
break a vendoring chain:

`github.com/docker/cli/cli/command`
→ `vendor/github.com/docker/cli/cli/context/kubernetes/load.go`
  → `vendor/github.com/docker/cli/kubernetes`
     → `github.com/docker/compose-on-kubernetes/api/compose/...`

This means that projects which just want `github.com/docker/cli/cli/command`
(which is itself pulled in transitively by
`github.com/docker/cli/cli-plugins/plugin`) which do not themselves need the
compose-on-kubernetes API avoid a huge pile of transitive dependencies.

On one of my private projects the diff on the vendor dir is:

    280 files changed, 21 insertions(+), 211346 deletions(-)

and includes dropping:

* `github.com/docker/compose-on-kubernetes/api/compose/{clone,impersonation}`
* `github.com/docker/compose-on-kubernetes/api/compose/{v1alpha3,v1beta1,v1beta2,v1beta3}`
* `github.com/google/btree`
* `github.com/googleapis/gnostic`
* `github.com/gregjones/httpcache`
* `github.com/peterbourgon/diskv`
* `k8s.io/api/*` (_lots_ of subpackages)
* `k8s.io/client-go/{discovery,kubernetes/scheme}`

and I've gone from:

    $ du -sh vendor/k8s.io/
    8.1M	vendor/k8s.io/

to:

    $ du -sh vendor/k8s.io/
    2.1M	vendor/k8s.io/

(overall I went from 36M → 29M of vendor dir for this particular project)

The change to `cli/command/system/version.go` is just for consistency and
allows us to drop the now unused alias.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-14 15:43:15 +01:00
Ian Campbell 1e5129f027 rename package import kubcontext → kubecontext
The (small number) of other places which name this import use `kubecontext`,
make it consistent.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-14 13:46:40 +01:00
Tibor Vass 529ef6e89a vendor buildkit to f238f1e
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-05-14 01:29:18 +00:00
Ian Campbell ff44305c47 context: produce consistent output on `context create`.
Refactor `RunCreate` slightly so that all three paths always produce the same
output, namely the name of the new context of `stdout` (for scripting) and the
success log message on `stderr`.

Validate by extending the existing unit tests to always check the output is as
expected.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-05-13 16:42:03 +01:00
Tibor Vass daca70d820 build: add --platform local
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-05-07 22:25:40 +00:00
Tibor Vass 8adcedd658 build: honor BUILDKIT_PROGRESS env config
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-05-07 22:16:01 +00:00
Zander Mackie 483c53ad9d Use single table for all ContainerImagePullPolicy tests
- Cleans up assertions
 - Centralizes and simplifies handler functions

Signed-off-by: Zander Mackie <zmackie@gmail.com>
2019-05-06 14:16:26 -07:00
Zander Mackie ffba7659cc Improve testing of never pull and always pull scenarios
Signed-off-by: Zander Mackie <zmackie@gmail.com>
2019-05-06 14:16:26 -07:00
Zander Mackie ec56136d61 Use closure for common pulling and tagging bevior in container creation
Signed-off-by: Zander Mackie <zmackie@gmail.com>
2019-05-06 14:16:26 -07:00
Zander Mackie 965664d89b Improve flow pull behavior before container creation.
- Also improve test coverage

Signed-off-by: Zander Mackie <zmackie@gmail.com>
2019-05-06 14:16:26 -07:00
Ravi Shekhar Jethani a06b5db594 Update cli/command/container/create.go
Co-Authored-By: Zanadar <zmackie@gmail.com>
Signed-off-by: Zander Mackie <zmackie@gmail.com>
2019-05-06 14:16:26 -07:00
Zander Mackie 22cd418967 Adds flag modifying pull behavior for running and creating containers
- Follows the proposal on issue [#34394](https://github.com/moby/moby/issues/34394)
 - Maintains current behavior as default (Pull image if missing)
 - Adds tristate flag allowing modification (PullMissing, PullAlways, PullNever)

Signed-off-by: Zander Mackie <zmackie@gmail.com>
2019-05-06 14:16:26 -07:00
Tõnis Tiigi 70f48f2231
Merge pull request #1840 from tiborvass/cli-plugin-aliases
cli-plugins: alias an existing allowed command (only builder for now)
2019-04-23 19:13:51 -07:00
Tibor Vass 1ed02c40fe cli-plugins: alias an existing allowed command (only builder for now)
With this patch it is possible to alias an existing allowed command.
At the moment only builder allows an alias.

This also properly puts the build command under builder, instead of image
where it was for historical reasons.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-19 01:26:45 +00:00
Sebastiaan van Stijn d365225c32
Merge pull request #1838 from simonferquel/remove-context-in-function-names
Remove "context" from context store interfaces function names
2019-04-18 18:38:01 +02:00
Sebastiaan van Stijn 04751fd58e
Merge pull request #1830 from thaJeztah/use_google_shlex
Switch to google/shlex
2019-04-18 17:53:37 +02:00
Simon Ferquel a3efd5d195 Cleanup context store interfaces
This remove the term "context" from context store interfaces, to make
them more concise

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-18 15:49:36 +02:00
Sebastiaan van Stijn 84b3805feb
Merge pull request #1836 from simonferquel/context-export-source
Split the context store interface
2019-04-18 15:36:13 +02:00
Simon Ferquel 225c9b189a Split the context store interface
This is to make it easier to implement support for exporting contexts in
3rd party code, or to create mocks in tests.

2 exemples where it simplify things:
- docker-app desktop-specific context decorator (which rewrites parts of
the docker context to simplify UX when using on Docker Desktop contexts)
- ucp for including a context in the connection bundle

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-18 15:03:46 +02:00
Tibor Vass 2432af701a
Merge pull request #1808 from martencassel/securityopt-systempaths-unconfined
add cli integration for unconfined systempaths
2019-04-16 11:48:43 -07:00
Sebastiaan van Stijn 49bd6b729d
Merge pull request #1835 from dhiltgen/refined_login_warning
Refine warning for storing registry passwords
2019-04-16 10:36:24 +02:00
Daniel Hiltgen 5b3f171482 Add unit test coverage for token auth
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2019-04-15 16:13:55 -07:00
Sebastiaan van Stijn d043ab5993
Merge pull request #1823 from simonferquel/refactor-kubernetes-extras
Regroup all kubernetes extra-fields under x-kubernetes
2019-04-14 22:59:41 +02:00
Daniel Hiltgen 80d2496f99 Refine warning for storing registry passwords
This change refines the warning message returned during docker login to
only warn for unencrypted storage when the users password is being stored.
If the remote registry supports identity tokens, omit the warning,
since those tokens can be independently managed and revoked.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2019-04-14 08:33:53 -07:00
Sebastiaan van Stijn acb24f5164
Switch to google/shlex
The github.com/flynn-archive/go-shlex package is a fork of Google/shlex,
and the repository is now archived, so let's switch to the maintained
version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 17:51:15 +02:00
Drew Erny 42ec51e1ae add support for config credentialspecs to compose
Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-04-12 11:17:34 -05:00
Drew Erny 4cacd1304a Add CredentialSpec tests
Adds tests for setting and updating swarm service CredentialSpecs,
especially when using a Config as a credential spec.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-04-12 11:17:34 -05:00
Drew Erny 01f4f2e80a Update CredentialSpec code to allow using configs
Updates the CredentialSpec handling code for services to allow using
swarm Configs.

Additionally, fixes a bug where the `--credential-spec` flag would not
be respected on service updates.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-04-12 11:17:33 -05:00
Sebastiaan van Stijn 6511da877f Add support for using Configs as CredentialSpecs in services
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-12 11:17:29 -05:00
Simon Ferquel e0f20fd86a Regroup all kubernetes extra-fields under x-kubernetes
This regroup all Kubernetes extra fields for compose-on-kubernetes
v1alpha3 in a single x-kubernetes object.
Also use the same naming scheme as cap_add etc. for fiels inside this
object.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-12 15:46:11 +02:00
Sebastiaan van Stijn 409c590fcf
Merge pull request #1815 from simonferquel/expose-to-internal-ports
Support internal Load Balancing for Kubernetes stacks
2019-04-12 14:02:15 +02:00
Simon Ferquel cad20c759f Support internal Load Balancing for Kubernetes stacks
On the server v0.4.21 has introduced a better way of dealing with
intra-stack networking: if the user can specify a list of endpoints
exposed internally, we now can setup a ClusterIP for this to avoid the
pitfalls of DNS-based load balancing.
This exposes the feature using the "Expose" compose field, and adds an
extra x-internal-service-type field to explicitly define how intra-stack
networking is handled on a service.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-12 11:43:30 +02:00
Simon Ferquel 1cefe057cd Add warnings when DOCKER_HOST conflicts with contexts
For clarity, on `docker context use` or `docker context ls`, this adds a
warning if the DOCKER_HOST variable is set because it overrides the
active context.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-10 10:14:47 +02:00
Sebastiaan van Stijn d6af3e143e
Merge pull request #1773 from zappy-shu/create-context-from-current
add --from flag to context create
2019-04-09 16:38:46 +02:00
Mårten Cassel 5bc9f490a9 add cli integration for unconfined systempaths with unit test, implement suggested changes
Signed-off-by: Mårten Cassel <marten.cassel@gmail.com>
2019-04-05 15:46:15 +02:00
Tibor Vass 45ec86b10f vendor github.com/docker/docker to bcaa613d823
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-03 20:57:18 +00:00
Sebastiaan van Stijn 70d8e0b867
Add ip and ip6 to advanced network syntax
This allows setting the ip/ipv6 address as an option in the
advanced `--network` syntax;

```
docker run --network name=mynetwork,ip=172.20.88.22,ip6=2001:db8::8822
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 17:03:34 +02:00
Silvin Lubecki 39f30ef168
Merge pull request #1767 from thaJeztah/carry_317_network_advanced
[carry 317] Cli change to pass driver specific options to docker run
2019-04-03 17:00:03 +02:00
Sebastiaan van Stijn 7ad850e58d
Merge pull request #1800 from tonistiigi/update-buildkit
vendor: update buildkit to 62e55427
2019-04-03 16:56:05 +02:00
Sebastiaan van Stijn 5bc09639cc
Refactor network parsing, add preliminary support for multiple networks
This refactors the way networking options are parsed, and makes the
client able to pass options for multiple networks. Currently, the
daemon does not yet accept multiple networks when creating a container,
and will produce an error.

For backward-compatibility, the following global networking-related
options are associated with the first network (in case multiple
networks are set);

  - `--ip`
  - `--ip6`
  - `--link`
  - `--link-local-ip`
  - `--network-alias`

Not all of these options are supported yet in the advanced notation,
but for options that are supported, setting both the per-network option
and the global option will produce a "conflicting options" error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 16:42:57 +02:00
Abhinandan Prativadi c4844b1fdd
Cli change to pass driver specific options to docker run
The commit contains cli changes to support driver options for a network in
docker run and docker network connect cli's. The driver-opt, aliases is now
supported in the form of csv as per network option in service commands in
swarm mode since docker/cli#62 . This commit extends this support to docker
run command as well.

For docker connect command `--driver-opt` is added to pass driver specific
options for the network the container is connecting to.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 16:30:26 +02:00
Tonis Tiigi 198407c56b vendor: update buildkit to 62e55427
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-04-02 23:40:56 -07:00
Nick Adcock 8bb152d967 add --from option to context create
--from creates a context from a named context.
By default `context create` will create a context from the current context.
Replaced "from-current=" docker/kubernetes option with "from=" to allow specifying which context to copy the settings from.

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2019-04-02 13:41:47 +01:00
Tibor Vass 5bbb56bfee
Merge pull request #1772 from AkihiroSuda/dialstdio-1736
dial-stdio: fix goroutine leakage
2019-04-01 15:17:10 -07:00
Simon Ferquel 8cd74eb33a Fix the stack informer's selector used to track deployment
Old selector was wrong (it watched for the label we applied to child
resources when reconciling the stack, instead of the stack itself)

This should be back-ported to older version of the CLI

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-01 15:18:55 +02:00
Sebastiaan van Stijn f28d078426
Merge pull request #1577 from orisano/1576-improve-validate-context-directory
feat: improves ValidateContextDirectory performance
2019-04-01 13:22:27 +02:00
Sebastiaan van Stijn aa53429cb7
Merge pull request #1774 from zappy-shu/bump-kubernetes-1-13-4
bump kubernetes to v1.14.0
2019-04-01 11:49:52 +02:00
Sebastiaan van Stijn 2236568053
Merge pull request #1789 from djs55/fix-login-logout
Fix login logout when engine is down and credential helper is in use
2019-03-29 15:39:55 +01:00
Nick Adcock 0b6685bca8 bump kubernetes to v1.14.0
bump required:
- replacing vendor ghodss/yaml with sigs.k8s.io/yaml
- adding vendor k8s.io/klog and github.com/evanphx
- compose-on-kubernetes
removed 'IncludeUninitialized' from watch as it have been removed from k8s

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2019-03-29 09:20:28 +00:00
David Scott c9d0e47414 Simplify ElectAuthServer
Instead of using an `if else if else`, switch to a sequence of independent
`if` blocks containing a `return`.

Instead of defining a return variable and updating it in the `if` blocks
and returning at the end, make each `if` block return the desired value
independenly.

Signed-off-by: David Scott <dave.scott@docker.com>
2019-03-28 21:08:13 +00:00
David Scott a82e6868cc Use the default registry even without --debug
Previously if the Docker engine was not running the behaviour of
commands would vary depending on whether the --debug flag was provided.

For example, consider `docker logout`:

    $ docker logout
    Not logged in to

-- note the missing server URL

    $ docker --debug logout
    Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
    Not logged in to https://index.docker.io/v1/

-- note the server URL is present

This patch makes only the debug printing conditional on the `--debug` flag,
not the return value.

Signed-off-by: David Scott <dave.scott@docker.com>
2019-03-28 21:04:39 +00:00
Sune Keller 217308d96d
Fix annotation on docker secret create --template-driver
Signed-off-by: Sune Keller <absukl@almbrand.dk>
2019-03-28 16:18:50 +01:00
Nao YONASHIRO 446762dc19 test: add filepathMatches test
Signed-off-by: Nao YONASHIRO <owan.orisano@gmail.com>
2019-03-28 01:22:11 +09:00
Nao YONASHIRO b41ddc6058 feat: improves ValidateContextDirectory performance
Signed-off-by: Nao YONASHIRO <owan.orisano@gmail.com>
2019-03-28 01:20:42 +09:00
Akihiro Suda f8d4c443ba dial-stdio: fix goroutine leakage
Fix #1736

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-22 20:22:00 +09:00
Lifubang 06e250d37b add test case for DetectArchiveReader
Signed-off-by: Lifubang <lifubang@acmcoder.com>
2019-03-21 15:38:31 -07:00
Kir Kolyshkin 0c20554f69 image build: fix archive detection
As pointed out in #1459, docker cli fails to detect that the input is a tarball,
in case it is generated by `git archive --format=tgz`.

This happens because `git archive` adds some metadata to the initial tar header,
and so it is more than 1 block (of 512 bytes) long, while we only provide 1 block
to archive/tar.Next() and it fails.

To fix, give it 2 blocks :)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-03-21 15:38:07 -07:00
Tõnis Tiigi dca6d2afa1
Merge pull request #1765 from thaJeztah/carry_181_pids_limit
Add `--pids-limit` flag to `docker update`
2019-03-21 14:11:09 -07:00
Sebastiaan van Stijn 059c085261
Merge pull request #1714 from tiborvass/nvidia-gpu
container: --gpus support
2019-03-21 21:26:16 +01:00
Tibor Vass 1ba368a5ac container: --gpus support
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-03-21 20:14:25 +00:00
Tibor Vass bc5ad41e87
Merge pull request #1766 from tonistiigi/outputs
build: allow setting buildkit outputs
2019-03-21 10:49:46 -07:00
Tonis Tiigi ca6eb5049b build: allow setting buildkit outputs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-21 10:27:59 -07:00
Simon Ferquel 470afe11ed Fix annnotation on docker config create --template-driver
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-03-21 16:19:06 +01:00
Sunny de3a5f0fe5
Add `--pids-limit` flag to `docker update`
Signed-off-by: Sunny Gogoi <indiasuny000@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-21 01:20:32 +01:00
Vincent Demeester f762697628
Merge pull request #1756 from thaJeztah/bump_engine_no_buildkit
Update docker/docker, containerd, runc, and some dependencies
2019-03-20 11:35:55 +01:00
Sebastiaan van Stijn fd769e1aff
Update docker/docker to 827cb09f87964ed38b46502f22a585f2ed4a78e1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 22:21:51 +01:00
Sebastiaan van Stijn f620349837
Add systctl support for services
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 13:33:32 +01:00
Vincent Demeester a4a50de4b8
Merge pull request #1671 from thaJeztah/fix_labels_expanding_env_vars
Fix labels copying value from environment variables
2019-03-19 12:18:55 +01:00
Vincent Demeester fc9ef7087e
Merge pull request #1732 from sjeandeaux/fix/issue-117
[pretty print] pretty print and healthcheck
2019-03-19 11:54:41 +01:00
Sebastiaan van Stijn b5d0d179e7
Add back validation for invalid label values on containers
This adds validation to `docker container run` / `docker container create`;

Validation of labels provided through flags was removed in 31dc5c0a9a,
after the validation was changed to fix labels without values, and to prevent
labels from being expanded with environment variables in 2b17f4c8a8

However, now empty label names from _files_ (`--label-file`) followed different
validation rules than labels passed through `--label`.

This patch adds back minimal validation for labels passed through the command-line

Before this patch:

```bash
docker container create \
  --name label \
  --label==with-leading-equal-sign \
  --label=without-value \
  --label=somelabel=somevalue \
  --label "  =  " \
  --label=with-quotes-in-value='{"foo"}' \
  --label='with"quotes"in-key=test' \
  busybox

docker container inspect --format '{{json .Config.Labels}}' label
```

```json
{
  "": "with-leading-equal-sign",
  "  ": "  ",
  "somelabel": "somevalue",
  "with\"quotes\"in-key": "test",
  "with-quotes-in-value": "{\"foo\"}",
  "without-value": ""
}
```

After this patch:

```bash
docker container create \
  --name label \
  --label==with-leading-equal-sign \
  --label=without-value \
  --label=somelabel=somevalue \
  --label "  =  " \
  --label=with-quotes-in-value='{"foo"}' \
  --label='with"quotes"in-key=test' \
  busybox

invalid argument "=with-leading-equal-sign" for "-l, --label" flag: invalid label format: "=with-leading-equal-sign"
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 03:02:06 +01:00
Sebastiaan van Stijn f2424bd375
Fix labels copying value from environment variables
This patch fixes a bug where labels use the same behavior as `--env`, resulting
in a value to be copied from environment variables with the same name as the
label if no value is set (i.e. a simple key, no `=` sign, no value).

An earlier pull request addressed similar cases for `docker run`;
2b17f4c8a8, but this did not address the
same situation for (e.g.) `docker service create`.

Digging in history for this bug, I found that use of the `ValidateEnv`
function for  labels was added in the original implementation of the labels feature in
abb5e9a077 (diff-ae476143d40e21ac0918630f7365ed3cR34)

However, the design never intended it to expand environment variables,
and use of this function was either due to either a "copy/paste" of the
equivalent `--env` flags, or a misunderstanding (the name `ValidateEnv` does
not communicate that it also expands environment variables), and the existing
`ValidateLabel` was designed for _engine_ labels (which required a value to
be set).

Following the initial implementation, other parts of the code followed
the same (incorrect) approach, therefore leading the bug to be introduced
in services as well.

This patch:

- updates the `ValidateLabel` to match the expected validation
  rules (this function is no longer used since 31dc5c0a9a),
  and the daemon has its own implementation)
- corrects various locations in the code where `ValidateEnv` was used instead of `ValidateLabel`.

Before this patch:

```bash
export SOME_ENV_VAR=I_AM_SOME_ENV_VAR
docker service create --label SOME_ENV_VAR --tty --name test busybox

docker service inspect --format '{{json .Spec.Labels}}' test
{"SOME_ENV_VAR":"I_AM_SOME_ENV_VAR"}
```

After this patch:

```bash
export SOME_ENV_VAR=I_AM_SOME_ENV_VAR
docker service create --label SOME_ENV_VAR --tty --name test busybox

docker container inspect --format '{{json .Config.Labels}}' test
{"SOME_ENV_VAR":""}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 03:01:57 +01:00
Stephane Jeandeaux d4ad7a94d2 [#117] remove blank line and fix order
Signed-off-by: Stephane Jeandeaux <stephane.jeandeaux@gmail.com>
2019-03-18 21:37:22 -04:00
Sebastiaan van Stijn 8c3a619d13
Merge pull request #1740 from tonistiigi/platform-flag
build: enable platform flag for build if buildkit
2019-03-18 19:21:46 +01:00
Tonis Tiigi 2caffb12c7 build: enable platform flag for build if buildkit
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-18 10:37:08 -07:00
Sebastiaan van Stijn 26e004797b
Make system prune warning filters human-readable
The warning, printed before running `docker system prune` was printing the
filters in JSON format.

This patch attempts to make the output human readable;

- updating the code, and template to print filters individually
- reducing the indentation (which was quite deep)

Before this patch was applied;

```
docker system prune --filter until=24h --filter label=hello-world --filter label!=foo=bar --filter label=bar=baz

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - all dangling build cache
        - Elements to be pruned will be filtered with:
        - label={"label":{"bar=baz":true,"hello-world":true},"label!":{"foo=bar":true},"until":{"24h":true}}
Are you sure you want to continue? [y/N]
```

With this patch applied;

```
WARNING! This will remove:
  - all stopped containers
  - all networks not used by at least one container
  - all dangling images
  - all dangling build cache

  Items to be pruned will be filtered with:
  - label!=foo=bar
  - label!=never=remove-me
  - label=bar=baz
  - label=hello-world
  - label=remove=me
  - until=24h

Are you sure you want to continue? [y/N]
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-18 13:57:18 +01:00
Sebastiaan van Stijn 4a0218bb11
Fix system prune warning missing filters from config-file
The warning, printed before runing docker system prune was missing any filter
that was set in the configuration file. In addition, the warning prefixes the
filters with `label=`, which is no longer accurate, now that the prune command
also supports "until" as a filter.

Before this change, only the filters set on the command-line were shown,
and any filter set in the configuration file was missing;

```
mkdir -p ./test-config
echo '{"pruneFilters": ["label!=never=remove-me", "label=remove=me"]}' > test-config/config.json
docker --config=./test-config system prune --filter until=24h --filter label=hello-world --filter label!=foo=bar --filter label=bar=baz

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - all dangling build cache
        - Elements to be pruned will be filtered with:
        - label={"label":{"bar=baz":true,"hello-world":true},"label!":{"foo=bar":true},"until":{"24h":true}}
Are you sure you want to continue? [y/N]
```

With this patch applied, both options from the commandline and options set
in the configuration file are shown;

```
mkdir -p ./test-config
echo '{"pruneFilters": ["label!=never=remove-me", "label=remove=me"]}' > test-config/config.json
docker --config=./test-config system prune --filter until=24h --filter label=hello-world --filter label!=foo=bar --filter label=bar=baz

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - all dangling build cache
        - Elements to be pruned will be filtered with:
        - filter={"label":{"bar=baz":true,"hello-world":true,"remove=me":true},"label!":{"foo=bar":true,"never=remove-me":true},"until":{"24h":true}}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-18 13:57:09 +01:00
Jean-Christophe Sirot b3aa17187f Make default context behaves like a real context:
- when using "--context default" parameter
- when printing the list of contexts
- when exporting the default context to a tarball

Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
(+1 squashed commit)
Squashed commits:
[20670495] Fix CLI initialization for the `docker stack deploy --help` command and ensure that the dockerCli.CurrentContext() always returns a non empty context name (default as a fallback)
Remove now obsolete code handling empty string context name
Minor code cleanup

Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
2019-03-18 11:45:46 +01:00
Jean-Christophe Sirot a1af6e261f Cover the changes with unit test
Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
2019-03-13 14:18:41 +01:00
Jean-Christophe Sirot 37fcaf7a29 Resolve the docker Endpoint even if the client already exists. In that case the `TestDialStdio` e2e test had to be modified: the `--tls` option triggers an error since the endpoint resolution tries to read the `${DOCKER_CERT_PATH}/ca.pem` file which does not exist.
Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
2019-03-13 14:18:41 +01:00
Jean-Christophe Sirot 3b26cfce8b Always initialize context store
Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
2019-03-13 14:18:41 +01:00
Sebastiaan van Stijn d6a230606c
Merge pull request #1718 from ijc/dial-stdio-npipe-on-windows
dial-stdio: handle connections which lack CloseRead method.
2019-03-13 11:49:25 +01:00
Stephane Jeandeaux 05674a5096 [pretty print] pretty print and healthcheck
fixes #117

Print healthcheck information in pretty mode.

Signed-off-by: Stephane Jeandeaux <stephane.jeandeaux@gmail.com>
2019-03-12 22:00:46 -04:00
Tibor Vass 81ac432cc2
Merge pull request #1700 from thaJeztah/update_engine
Update docker/docker 8aca18d, containerd v1.2.4
2019-03-12 10:41:51 -07:00
Ian Campbell 0449ad8d06 Revert "Disable `docker system dial-stdio` on Windows"
This reverts commit c41c23813c.

This case is now handled due to the previous commit.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-03-12 14:57:52 +00:00
Ian Campbell 186e7456ac dial-stdio: Close the connection
This was leaking the fd.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-03-12 14:57:40 +00:00
Ian Campbell 8919bbf04d dial-stdio: handle connections which lack CloseRead method.
This happens on Windows when dialing a named pipe (a path which is used by CLI
plugins), in that case some debugging shows:

    DEBU[0000] conn is a *winio.win32MessageBytePipe
    DEBU[0000] conn is a halfReadCloser: false
    DEBU[0000] conn is a halfWriteCloser: true
    the raw stream connection does not implement halfCloser
In such cases we can simply wrap with a nop function since closing for read
isn't too critical.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-03-12 14:52:42 +00:00
Sebastiaan van Stijn bf4a96e564
Merge pull request #1688 from luoyunpeng/optimize-blockIOTypecheck
use char to check blockIO type
2019-03-12 10:32:31 +01:00
Silvin Lubecki b86bff84b6
Merge pull request #1710 from ijc/no-dial-stdio-on-windows
Disable `docker system dial-stdio` on Windows
2019-03-11 15:14:23 +01:00
Elliot Luo 0bb397f9ef use char to check blockIO type
Signed-off-by: Elliot Luo <956941328@qq.com>
2019-03-11 10:01:22 +08:00
Ryan Zhang f60369dfe6 Export cli/command/config
Signed-off-by: Ryan Zhang <ryan.zhang@docker.com>
2019-03-05 14:26:42 -08:00
Ian Campbell c41c23813c Disable `docker system dial-stdio` on Windows
The `conn` here is `*winio.win32MessageBytePipe` which does not have a
`CloseRead` method (it does have `CloseWrite`) resulting in:

    docker@WIN-NUC0 C:\Users\docker>.\docker-windows-amd64.exe system dial-stdio
    the raw stream connection does not implement halfCloser

Also disable the path which uses this for cli-plugins on Windows.

Signed-off-by: Ian Campbell <ijc@docker.com>
2019-03-04 17:36:21 +00:00
Sebastiaan van Stijn 0fc0015173
bump docker/docker to 8aca18d631f3f72d4c6e3dc01b6e5d468ad941b8
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-02 13:41:42 +01:00