Commit Graph

10208 Commits

Author SHA1 Message Date
Laura Brehm d6ce04640f
Support plaintext credentials as multi-call binary
The Docker CLI supports storing/managing credentials without a
credential-helper, in which case credentials are fetched from/saved to
the CLI config file (`~/.docker/config.json`). This is all managed
entirely by the CLI itself, without resort to a separate binary.

There are a few issues with this approach – for one, saving the
credentials together with all the configurations make it impossible to
share one without the other, so one can't for example bind mount the
config file into a container without also including all configured
credentials.

Another issue is that this has made it so that any other clients
accessing registry credentials (such as
https://github.com/google/go-containerregistry) all have to both:
- read/parse the CLI `config.json`, to check for credentials there,
  which also means they're dependent on this type and might break if the
  type changes/we need to be careful not to break other codebases parsing
  this file, and can't change the location where plaintext credentials
  are stored.
- support the credential helper protocol, so that they can access
  credentials when users do have configured credential helpers.

This means that if we want to do something like support oauth
credentials by having credential-helpers refresh oauth tokens before
returning them, we have to both implement that in each credential-helper
and in the CLI itself, and any client directly reading `config.json`
will also need to implement this logic.

This commit turns the Docker CLI binary into a multicall binary, acting
as a standalone credentials helper when invoked as
`docker-credential-file`, while still storing/fetching credentials from
the configuration file (`~/.docker/config.json`), and without any
further changes.

This represents a first step into aligning the "no credhelper"/plaintext
flow with the "credhelper" flow, meaning that instead of this being an
exception where credentials must be read directly from the config file,
credentials can now be accessed in the exact same way as with other
credential helpers – by invoking `docker-credential-[credhelper name]`,
such as `docker-credential-pass`, `docker-credential-osxkeychain` or
`docker-credential-wincred`.

This would also make it possible for any other clients accessing
credentials to untangle themselves from things like the location of the
credentials, parsing credentials from `config.json`, etc. and instead
simply support the credential-helper protocol, and call the
`docker-credential-file` binary as they do others.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-10-15 15:19:01 +01:00
Sebastiaan van Stijn 31eeed7ca4
Merge pull request #5533 from thaJeztah/completions_coverage
cli/command/completion: add more unit-tests
2024-10-14 17:38:02 +02:00
Sebastiaan van Stijn 089448ba6d
Merge pull request #5532 from thaJeztah/update_badges
README: update pkg.go.dev badge, add OpenSSF scorecard
2024-10-14 17:18:23 +02:00
Sebastiaan van Stijn 6ed137f7dd
Merge pull request #5529 from thaJeztah/bump_deps
vendor assorted dependencies in preparation of engine update
2024-10-14 13:29:16 +02:00
Sebastiaan van Stijn e1c472a436
completion: add test for VolumeNames
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 19:08:56 +02:00
Sebastiaan van Stijn 302d73f990
completion: add test for NetworkNames
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 19:08:52 +02:00
Sebastiaan van Stijn ab418a38d8
completion: add test for ImageNames
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 19:08:26 +02:00
Sebastiaan van Stijn f3b4094eb0
completion: add test for ContainerNames
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 19:07:52 +02:00
Sebastiaan van Stijn be197da6b8
completion: add test for NoComplete
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 17:54:40 +02:00
Sebastiaan van Stijn 51713196c9
completion: add test for FromList
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 17:53:19 +02:00
Sebastiaan van Stijn a5ca5b33f1
completion: add test for FileNames
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 17:52:50 +02:00
Sebastiaan van Stijn 8f2e5662e7
completion: add test for EnvVarNames
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 17:48:49 +02:00
Sebastiaan van Stijn b8cddc63ad
completion: ContainerNames: don't panic on nil filter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-13 17:47:07 +02:00
Sebastiaan van Stijn a58faf7971
README: update pkg.go.dev badge, add OpenSSF scorecard
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 22:12:38 +02:00
Sebastiaan van Stijn b6d27ff60e
vendor: google.golang.org/grpc v1.66.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:52:41 +02:00
Sebastiaan van Stijn 200225f530
vendor: google.golang.org/protobuf v1.34.1
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.33.0...v1.34.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:49:59 +02:00
Sebastiaan van Stijn 9599251d07
vendor: github.com/cespare/xxhash/v2 v2.3.0
full diff: https://github.com/cespare/xxhash/compare/v2.2.0...v2.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:48:45 +02:00
Sebastiaan van Stijn ea8aa2a419
vendor: golang.org/x/net v0.29.0
no changes in vendored code

full diff: https://github.com/golang/net/compare/v0.28.0...v0.29.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:47:34 +02:00
Sebastiaan van Stijn 61867feecf
vendor: golang.org/x/crypto v0.27.0
no changes in vendored code

full diff: https://github.com/golang/crypto/compare/v0.26.0...v0.27.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:46:59 +02:00
Sebastiaan van Stijn 843ae6d7e2
vendor: golang.org/x/term v0.24.0
full diff: https://github.com/golang/term/compare/v0.23.0...v0.24.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:46:04 +02:00
Sebastiaan van Stijn bea4ee6588
vendor: golang.org/x/text v0.18.0
no changes in vendored code

full diff: https://github.com/golang/text/compare/v0.17.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:43:36 +02:00
Sebastiaan van Stijn a88ee33f71
vendor: golang.org/x/sys v0.25.0
full diff: https://github.com/golang/sys/compare/v0.24.0...v0.25.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:42:42 +02:00
Sebastiaan van Stijn 21eea1e003
Merge pull request #5527 from albers/completion-container-rm
Improve completion of containers for `docker rm`
2024-10-11 22:35:25 +02:00
Harald Albers 147630a309 Only complete removable containers if --force is not given
Signed-off-by: Harald Albers <github@albersweb.de>
2024-10-10 21:34:38 +00:00
Sebastiaan van Stijn 88f1e99e8e
Merge pull request #5507 from p-rogalski/link-supported-go-duration-strings
docs: Link supported Go duration strings
2024-10-10 18:04:19 +02:00
Sebastiaan van Stijn f483aacd6b
Merge pull request #5331 from vvoland/c8d-saveload-platform
c8d: Add `--platform` flag to history, save and load
2024-10-10 17:33:08 +02:00
Paweł Gronowski d085e2445c
image/history: Add `--platform` flag
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-10 17:00:43 +02:00
Paweł Gronowski b0bb4ba7f2
image/load: Add `--platform`
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-10 16:35:07 +02:00
Paweł Gronowski a20eb45b26
image/save: Add `--platform`
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-10 16:35:03 +02:00
Sebastiaan van Stijn 6a78e9231a
Merge pull request #5524 from Stavrospanakakis/compose-ports-validation
cli/compose: implement the ports validation method
2024-10-10 14:34:09 +02:00
Stavros Panakakis 0319795d4f cli/compose: implement the ports validation method
This commit implements a validation
method for the port mappings.

Also, it removes the ports validation
method from the expose property
since they do not accept the
same type of values.

Signed-off-by: Stavros Panakakis <stavrospanakakis@gmail.com>
2024-10-10 11:50:11 +03:00
Sebastiaan van Stijn 305985c1b1
Merge pull request #5417 from DilepDev/5416-brokenLinks
Update broken links in CONTRIBUTING.md
2024-10-09 00:34:17 +02:00
Sebastiaan van Stijn 2d47c9b222
Merge pull request #5521 from thaJeztah/fix_test_args
cli/command/images: set cmd.Args to prevent test-failures
2024-10-08 20:49:28 +02:00
Sebastiaan van Stijn 839dbbcf27
cli/command/images: set cmd.Args to prevent test-failures
When running tests from my IDE, it compiles the tests before running,
then executes the compiled binary to run the tests. Cobra doesn't like that,
because in that situation os.Args is taken as argument for the command that's
executed. The command that's tested now sees the `test-` flags as arguments
(`-test.v -test.run ..`), which causes various tests to fail ("Command XYZ
does not accept arguments").

    # compile the tests:
    go test -c -o foo.test

    # execute the test:
    ./foo.test -test.v -test.run TestFoo
    === RUN   TestFoo
    Error: "foo" accepts no arguments.

Set arguments to an empty slice to make sure it doesn't inherit arguments
from the test-binary.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-08 20:26:15 +02:00
Sebastiaan van Stijn b64f265d0f
Merge pull request #5520 from thaJeztah/fix_TestNewSaveCommandSuccess
cli/command/image: fix TestNewSaveCommandSuccess to actually test
2024-10-08 19:57:11 +02:00
Sebastiaan van Stijn 19eeb10155
cli/command/image: fix TestNewSaveCommandSuccess to actually test
This test was added in [moby@b2551c6] as part of a larger PR that implemented
unit tests in various packages. In this specific test, it looks like the
`imageSaveFunc` that's defined in the test-table was forgotten to be wired
up, causing all tests to effectively be skipped.

This patch wires up the function so that it's used in the test.

[moby@b2551c6]: b2551c619d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-08 19:41:05 +02:00
Sebastiaan van Stijn 185622986e
Merge pull request #5506 from Stavrospanakakis/cli-container-testing
command: add tests for container kill, commit, and pause
2024-10-08 16:15:26 +02:00
Sebastiaan van Stijn eb53046ad2
Merge pull request #5516 from thaJeztah/complete_platforms
add shell-completion for --platform flags
2024-10-08 15:26:49 +02:00
Sebastiaan van Stijn d42cf96e15
cli/command/image: add shell completion for --platform flags
With this patch, completion is provided for `--platform` flags:

    docker pull --platform<TAB>
    linux           linux/amd64     linux/arm/v5    linux/arm/v7    linux/arm64/v8  linux/riscv64   wasip1          windows
    linux/386       linux/arm       linux/arm/v6    linux/arm64     linux/ppc64le   linux/s390x     wasip1/wasm     windows/amd64

Note that `docker buildx build` (with BuildKit) does not yet provide completion;
it's provided through buildx, and uses a different format (accepting multiple
comma-separated platforms). Interestingly, tab-completion for `docker build`
currently uses completion for non-buildkit, and has some other issues that may
have to be looked into.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-08 13:15:28 +02:00
Sebastiaan van Stijn 8c7f713db6
cli/command/container: add shell completion for --platform flags
With this patch, completion is provided for `--platform` flags:

    docker run --platform<TAB>
    linux           linux/amd64     linux/arm/v5    linux/arm/v7    linux/arm64/v8  linux/riscv64   wasip1          windows
    linux/386       linux/arm       linux/arm/v6    linux/arm64     linux/ppc64le   linux/s390x     wasip1/wasm     windows/amd64

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-08 13:14:45 +02:00
Sebastiaan van Stijn ce1aebcc30
cli/command/completion: add Platforms
Add a utility for completing platform strings.

Platforms offers completion for platform-strings. It provides a non-exhaustive
list of platforms to be used for completion. Platform-strings are based on
[runtime.GOOS] and [runtime.GOARCH], but with (optional) variants added. A
list of recognised os/arch combinations from the Go runtime can be obtained
through "go tool dist list".

Some noteworthy exclusions from this list:

  - arm64 images ("windows/arm64", "windows/arm64/v8") do not yet exist for windows.
  - we don't (yet) include `os-variant` for completion (as can be used for Windows images)
  - we don't (yet) include platforms for which we don't build binaries, such as
    BSD platforms (freebsd, netbsd, openbsd), android, macOS (darwin).
  - we currently exclude architectures that may have unofficial builds,
    but don't have wide adoption (and no support), such as loong64, mipsXXX,
    ppc64 (non-le) to prevent confusion.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-08 13:12:31 +02:00
Sebastiaan van Stijn 55ae7d7113
Merge pull request #5504 from austinvazquez/update-golang-1.22.8
ci: update to go1.22.8
2024-10-07 20:27:44 +02:00
Sebastiaan van Stijn fc7e779c57
Merge pull request #5508 from dvdksn/fix-unless-stopped-desc
docs: fix inaccurate description of --restart=unless-stopped
2024-10-07 16:34:22 +02:00
David Karlsson 2f2b16a966 docs: fix inaccurate description of --restart=unless-stopped
`unless-stopped` containers are not restart after a daemon restart

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-10-07 13:07:33 +02:00
Paul Rogalski c70b2165a9 docs: Link supported Go duration strings
Signed-off-by: Paul Rogalski <mail@paul-rogalski.de>
2024-10-07 10:37:00 +02:00
Stavros Panakakis 442c38636f command: add tests for container kill, commit, and pause
This commit adds tests for the commands
docker kill, docker commit, and docker
pause. Also, it creates the mock methods
of the docker client ContainerCommit and
ContainerPause so they can
be used in the tests.

For docker kill, it covers the
cases that:
 - the command runs successfully
 - the client returns an error

For docker commit, it covers
the cases that:
 - the command runs successfully
 - the client returns an error

For docker pause, it covers
the cases that:
 - the command runs successfully
 - the client returns an error

Signed-off-by: Stavros Panakakis <stavrospanakakis@gmail.com>
2024-10-06 20:00:49 +03:00
Austin Vazquez a6ab65948e
ci: update to go1.22.8
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-10-04 20:20:16 +00:00
Sebastiaan van Stijn 7908982543
Merge pull request #5467 from Stavrospanakakis/cli-container-tests
command: add tests for container diff and rename
2024-10-04 13:49:32 +02:00
Sebastiaan van Stijn ff3f94a542
Merge pull request #5502 from thaJeztah/separate_kvfile
move parsing key-value files to a separate package
2024-10-04 13:46:08 +02:00
Sebastiaan van Stijn 9025c932b9
Merge pull request #5469 from dvdksn/docs-use-important-callout-legacy-build
docs: use important callout for buildkit vs legacy builder
2024-10-04 13:05:52 +02:00