Commit Graph

209 Commits

Author SHA1 Message Date
Sebastiaan van Stijn f19d27e7ef
Merge pull request #4657 from thaJeztah/improve_ValidateIPAddress
opts: ValidateIPAddress: improve error, godoc, and tests
2023-11-13 12:28:04 +01:00
Sebastiaan van Stijn f0816bf679
opts: remove unused IPOpt option
This option was created Moby [6d59a566759da5729d7eb89a8e1888fc612f03cf], and
used for the daemon config [353b7c8ec77b30fa83dac5ec0778193f6de8b437]. It was
migrated from the Moby repository in f34ca0a354,
but was never used by the CLI, and there are no external consumers.

If we would need an IP-address option, spf13/pflags now provides those, so
there's no need to implement this ourselves.

[6d59a566759da5729d7eb89a8e1888fc612f03cf]: 6d59a56675
[353b7c8ec77b30fa83dac5ec0778193f6de8b437]: 353b7c8ec7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-11 15:05:31 +01:00
Sebastiaan van Stijn b0ee27d653
opts: ValidateIPAddress: improve error, godoc, and tests
- document accepted values
- add test-coverage for the function's behavior (including whitespace handling),
  and use sub-tests.
- improve error-message to use uppercase for "IP", and to use a common prefix.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-11 14:50:28 +01:00
Sebastiaan van Stijn f65d4a4796
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
0b8c1f4e07...fa09c952e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 22:46:47 +01:00
Akihiro Suda fc6976db45
mount: add `bind-recursive=<bool|string>` and deprecate `bind-nonrecursive=<bool>`
See `opts/mount_test.go:TestMountOptSetBindRecursive()` for the behavior.

Documentation will be added separately after reaching consensus on the
design.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-01 02:58:17 +09:00
Albin Kerouanton 9e1b42e642
Add missing opts to --network advanced syntax
The new advanced --network syntax introduced in docker/cli#1767 is
lacking support for `link-local-ip` and `mac-address` fields. This
commit adds both.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-10 18:57:50 +02:00
Sebastiaan van Stijn d40fc1a0fa
vendor: github.com/docker/docker a65c948e7edf (v25.0.0-dev)
full diff: 4b19b2f4ba...a65c948e7e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 21:11:17 +02:00
Sebastiaan van Stijn 261c18f9ee
ParseRestartPolicy: validate for missing policy-names
Also make it slightly more clearer we're returning a default (empty)
policy if the input is empty.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 12:58:54 +02:00
Sebastiaan van Stijn 2ae223038c
remove pre-go1.17 build-tags
Removed pre-go1.17 build-tags with go fix;

    go mod init
    go fix -mod=readonly ./...
    rm go.mod

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 18:23:03 +02:00
Sebastiaan van Stijn f5fad186c0
opts: NormalizeCapability(): fix redefinition of the built-in function (revive)
opts/capabilities.go:25:2: redefines-builtin-id: redefinition of the built-in function cap (revive)
        cap = strings.ToUpper(strings.TrimSpace(cap))
        ^
    opts/capabilities.go:30:3: redefines-builtin-id: redefinition of the built-in function cap (revive)
            cap = "CAP_" + cap
            ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 17:05:31 +02:00
Albin Kerouanton 56051b84b0
Fix bad ThrottleDevice path
Fixes moby/moby#44904.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-02-03 11:39:51 +01:00
Sebastiaan van Stijn 6c39bc1f60
opts: use strings.Cut for handling key/value pairs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-29 15:14:15 +01:00
Sebastiaan van Stijn a473c5b38a
opts: rename logOptsValidator, fix unhandled errors in tests
This validator was not specific to "log options", so renaming it to make this
clearer; also updating values used in the tests to make it clear they're not
"actual" valid values, just for testing, and while updating, also fixed some
unhandled errors in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-29 15:14:14 +01:00
Sebastiaan van Stijn d84256132d
remove redundant conversions and braces
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-29 15:14:14 +01:00
Sebastiaan van Stijn 616124525e
format go with gofumpt (with -lang=1.19)
Looks like the linter uses an explicit -lang, which (for go1.19)
results in some additional formatting for octal values.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 19:14:36 +02:00
Sebastiaan van Stijn 1da95ff6aa
format code with gofumpt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:59:11 +02:00
Sebastiaan van Stijn 28b0aa9f1a
replace uses of deprecated env.Patch()
Also removing redundant defer for env.PatchAll(), which is now automatically
handled in t.Cleanup()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:28:07 +02:00
Sebastiaan van Stijn 75774356a9
Merge pull request #3769 from thaJeztah/opts_deadcode
opts: remove unused RuntimeOpt
2022-09-06 16:47:08 +02:00
Sebastiaan van Stijn b58731fa46
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.

    cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
                return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
                                                                                      ^
    cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
            return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
                                                                                  ^
    cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
                   ^
    cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
            return *target, fmt.Errorf("No tag specified")
                            ^
    cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
                   ^
    cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
                   ^
    cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
            return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
                          ^
    cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
            return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
                          ^
    opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", addr)
                       ^
    opts/hosts.go💯14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
                       ^
    opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
                       ^
    opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
                       ^
    opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
                       ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:42 +02:00
Sebastiaan van Stijn b508b0fc31
linting: ST1017: don't use Yoda conditions (stylecheck)
opts/envfile_test.go:157:5: ST1017: don't use Yoda conditions (stylecheck)
        if 1 != len(variables) {
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:40 +02:00
Sebastiaan van Stijn c645c99288
opts: remove unused RuntimeOpt
This type was copied from the daemone in 8b725e10e7,
but actually unused on the CLI side, so we can remove it here.

The original code is still present in the daemon at
7b9275c0da/opts/runtime.go

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 19:05:16 +02:00
Sebastiaan van Stijn 82427d1a07
format (GoDoc) comments with Go 1.19 to prepare for go updates
Older versions of Go do not format these comments, so we can already
reformat them ahead of time to prevent gofmt linting failing once
we update to Go 1.19 or up.

Result of:

    gofmt -s -w $(find . -type f -name '*.go' | grep -v "/vendor/")

With some manual adjusting.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-19 19:10:16 +02:00
Sebastiaan van Stijn a51ea675b2
opts: fix potential panic in trimQuotes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-09 08:00:33 +02:00
Sebastiaan van Stijn a0f0578299
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 20:21:00 +01:00
Djordje Lukic ab35e3fac3 Handle relative source mounts
With this change it is now possible to give a relative path to the --volume and
--mount flags.

$ docker run --mount type=bind,source=./,target=/test ...

$ docker run -v .:/test ...

Fixes #1203

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2022-03-14 15:18:48 +01:00
Sebastiaan van Stijn 38e62571fb
opts: remove deprecated io/ioutil and use t.Cleanup()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:42:23 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
Sebastiaan van Stijn 168173a3f1
Use net.JoinHostPort() to fix formatting with IPv6 addresses
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-20 11:05:24 +02:00
Sebastiaan van Stijn 5cd19d1fec
opts: fix potential integer overflow CWE-190, CWE-681
Caught by CodeQL:

> Incorrect conversion of an integer with architecture-dependent bit size
> from strconv.ParseUint to a lower bit size type uint16 without an upper
> bound check.

fixes https://github.com/docker/cli/security/code-scanning/2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-24 01:30:42 +02:00
Tibor Vass 7836597b3d
Merge pull request #2712 from thaJeztah/carry_2660_ulimits
Add ulimits support to docker service and docker stack deploy (carry 2660)
2020-09-10 15:40:25 -04:00
Sebastiaan van Stijn 866e4b10a1
opts/UlimitOpt: sort lists by name
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:56:27 +02:00
Sebastiaan van Stijn 23660be600
Service cap-add/cap-drop: add special "RESET" value
This implements a special "RESET" value that can be used to reset the
list of capabilities to add/drop when updating a service.

Given the following service;

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-drop RESET`, the "drop" list
is reset to its default:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service, and applying `--cap-drop RESET`, combined with
`--cap-add CAP_SOME_CAP` and `--cap-drop CAP_SOME_OTHER_CAP`:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_FOO_CAP    | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:14:38 +02:00
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
Sebastiaan van Stijn 83eda5313b
opts: simplify ValidateEnv to use os.LookupEnv
os.LookupEnv() was not available yet at the time this was
implemented, but now provides the functionality we need,
so replacing our custom handling.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 18:31:41 +02:00
Sebastiaan van Stijn 973713bc05
ReadKVEnvStrings/ReadKVStrings return nil if empty, and add tests
If no env-vars were loaded from "files", and "overrides" was nil,
the code returned an empty slice instead of a `nil` value.

Also add a test for this function, as no unit test was present yet.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-26 16:07:13 +02:00
Sebastiaan van Stijn f88ae74135
Add "host-gateway" to tests for extra_hosts / --add-host
67ebcd6dcf added an exception for
the "host-gateway" magic value to the validation rules, but didn't
add thise value to any of the tests.

This patch adds the magic value to tests, to verify the validation
is skipped for this magic value.

Note that validation on the client side is "optional" and mostly
done to provide a more user-friendly error message for regular
values (IP-addresses).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-15 09:52:55 +02:00
Sebastiaan van Stijn fa11032a33
opts: use constants instead of vars for defaults and un-export them
These options should never be changed, so using a const for them
instead of a var. Given that these are only used in the opt
package itself, they can be un-exported.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:22:21 +02:00
Arko Dasgupta 67ebcd6dcf
Skip IPAddr validation for "host-gateway" string
Relates to - moby/moby 40007
The above PR added support in moby, that detects if
a special string "host-gateway" is added to the IP
section of --add-host, and if true, replaces it with
a special IP value (value of --host-gateway-ip Daemon flag
which defaults to the IP of the default bridge).

This PR is needed to skip the validation for the above
feature

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-27 16:21:33 +01:00
Sebastiaan van Stijn 2c0e93063b
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-23 00:28:55 +01:00
Sebastiaan van Stijn 1d6445dc99
opts: fix formatting of comments
Comments should have a leading space unless the comment is
for special purposes (go:generate, nolint:)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-16 12:48:09 +01:00
Nick Adcock 3baa6d57fa Refactor config and secret tests to table-driven
Refactors the config and secret unit tests to be table driven to remove
duplication

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-09 13:38:19 +00:00
Nick Adcock 9698b7a374 Default config/secret target to source name
When using advanced syntax for setting config and secret values, default
the target value to the source value when the user does not specify a
target.

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-09 13:38:19 +00:00
Nick Adcock 4c2d7b7f70 Detect single value advanced config/secret syntax
Allow the use of the advanced source=x syntax for config and secret values when there is no comma

Before this change the following would fail with config not found:
	docker service create --name hello1 --config source=myconfig nginx:alpine
And the following would fail with secret not found:
	docker service create --name hello2 --secret source=mysecret nginx:alpine

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-09 13:38:19 +00:00
Silvin Lubecki 8547dfcff7
Merge pull request #1803 from thaJeztah/add_ip_address_to_advanced_options
Add ip address to advanced options
2019-12-04 15:16:15 +01:00
Sebastiaan van Stijn c2b069f4db
opts: Using the variable on range scope `tc` in function literal (scopelint)
```
opts/network_test.go:74:35: Using the variable on range scope `tc` in function literal (scopelint)
			assert.NilError(t, network.Set(tc.value))
			                               ^
opts/network_test.go:102:40: Using the variable on range scope `tc` in function literal (scopelint)
			assert.ErrorContains(t, network.Set(tc.value), tc.expectedError)
			                                    ^
opts/opts_test.go:270:30: Using the variable on range scope `tc` in function literal (scopelint)
			val, err := ValidateLabel(tc.value)
			                          ^
opts/opts_test.go:271:7: Using the variable on range scope `tc` in function literal (scopelint)
			if tc.expectedErr != "" {
			   ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:41 +01:00
Silvin Lubecki b3d4c6aac7
opts/ulimit_test.go:11:13: composites: `*github.com/docker/cli/vendor/github.com/docker/go-units.Ulimit` composite literal uses unkeyed fields (govet)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-10-31 19:22:15 +01:00
Silvin Lubecki 296297190c
opts/throttledevice.go:51:5: SA4003: unsigned values are never < 0 (staticcheck)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:21:55 +01:00
Sebastiaan van Stijn de1523d221
Adjust tests for changes in Go 1.12.8 / 1.11.13
For now, just verifying that an error is returned, but not checking the
error message itself, because those are not under our control, and may
change with different Go versions.

```
=== Failed
=== FAIL: opts TestParseDockerDaemonHost (0.00s)
    hosts_test.go:87: tcp tcp:a.b.c.d address expected error "Invalid bind address format: tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port \":a.b.c.d\" after host" and addr
    hosts_test.go:87: tcp tcp:a.b.c.d/path address expected error "Invalid bind address format: tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid port \":a.b.c.d\" after host" and addr

=== FAIL: opts TestParseTCP (0.00s)
    hosts_test.go:129: tcp tcp:a.b.c.d address expected error Invalid bind address format: tcp:a.b.c.d return, got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr
    hosts_test.go:129: tcp tcp:a.b.c.d/path address expected error Invalid bind address format: tcp:a.b.c.d/path return, got parse tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-14 10:04:43 +02:00
Sebastiaan van Stijn 70d8e0b867
Add ip and ip6 to advanced network syntax
This allows setting the ip/ipv6 address as an option in the
advanced `--network` syntax;

```
docker run --network name=mynetwork,ip=172.20.88.22,ip6=2001:db8::8822
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 17:03:34 +02:00
Sebastiaan van Stijn 5bc09639cc
Refactor network parsing, add preliminary support for multiple networks
This refactors the way networking options are parsed, and makes the
client able to pass options for multiple networks. Currently, the
daemon does not yet accept multiple networks when creating a container,
and will produce an error.

For backward-compatibility, the following global networking-related
options are associated with the first network (in case multiple
networks are set);

  - `--ip`
  - `--ip6`
  - `--link`
  - `--link-local-ip`
  - `--network-alias`

Not all of these options are supported yet in the advanced notation,
but for options that are supported, setting both the per-network option
and the global option will produce a "conflicting options" error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 16:42:57 +02:00