Merge pull request #34748 from dnephin/cleanup-client-deps

Cleanup client/ package dependencies

api/common.go

@@ -1,17 +1,5 @@
 package api
 
-import (
-	"encoding/json"
-	"encoding/pem"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libtrust"
-)
-
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
@@ -21,45 +9,3 @@ const (
 	// command to specify that no base image is to be used.
 	NoBaseImageSpecifier string = "scratch"
 )
-
-// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
-// otherwise generates a new one
-func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
-	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
-	if err != nil {
-		return nil, err
-	}
-	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
-	if err == libtrust.ErrKeyFileDoesNotExist {
-		trustKey, err = libtrust.GenerateECP256PrivateKey()
-		if err != nil {
-			return nil, fmt.Errorf("Error generating key: %s", err)
-		}
-		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
-		if err != nil {
-			return nil, fmt.Errorf("Error serializing key: %s", err)
-		}
-		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
-			return nil, fmt.Errorf("Error saving key file: %s", err)
-		}
-	} else if err != nil {
-		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
-	}
-	return trustKey, nil
-}
-
-func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
-	if ext == ".json" || ext == ".jwk" {
-		encoded, err = json.Marshal(key)
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
-		}
-	} else {
-		pemBlock, err := key.PEMBlock()
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
-		}
-		encoded = pem.EncodeToMemory(pemBlock)
-	}
-	return
-}

api/common_test.go

@@ -1,77 +0,0 @@
-package api
-
-import (
-	"io/ioutil"
-	"path/filepath"
-	"testing"
-
-	"os"
-)
-
-// LoadOrCreateTrustKey
-func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
-	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpKeyFolderPath)
-
-	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := LoadOrCreateTrustKey(tmpKeyFile.Name()); err == nil {
-		t.Fatal("expected an error, got nothing.")
-	}
-
-}
-
-func TestLoadOrCreateTrustKeyCreateKey(t *testing.T) {
-	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpKeyFolderPath)
-
-	// Without the need to create the folder hierarchy
-	tmpKeyFile := filepath.Join(tmpKeyFolderPath, "keyfile")
-
-	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
-		t.Fatalf("expected a new key file, got : %v and %v", err, key)
-	}
-
-	if _, err := os.Stat(tmpKeyFile); err != nil {
-		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
-	}
-
-	// With the need to create the folder hierarchy as tmpKeyFie is in a path
-	// where some folders do not exist.
-	tmpKeyFile = filepath.Join(tmpKeyFolderPath, "folder/hierarchy/keyfile")
-
-	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
-		t.Fatalf("expected a new key file, got : %v and %v", err, key)
-	}
-
-	if _, err := os.Stat(tmpKeyFile); err != nil {
-		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
-	}
-
-	// With no path at all
-	defer os.Remove("keyfile")
-	if key, err := LoadOrCreateTrustKey("keyfile"); err != nil || key == nil {
-		t.Fatalf("expected a new key file, got : %v and %v", err, key)
-	}
-
-	if _, err := os.Stat("keyfile"); err != nil {
-		t.Fatalf("Expected to find a file keyfile, got %v", err)
-	}
-}
-
-func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
-	tmpKeyFile := filepath.Join("fixtures", "keyfile")
-
-	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
-		t.Fatalf("expected a key file, got : %v and %v", err, key)
-	}
-}

client/hijack.go

@@ -12,7 +12,6 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/go-connections/sockets"
 	"github.com/pkg/errors"
 	"golang.org/x/net/context"
@@ -115,7 +114,7 @@ func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Con
 	// from the hostname we're connecting to.
 	if config.ServerName == "" {
 		// Make a copy to avoid polluting argument or default.
-		config = tlsconfig.Clone(config)
+		config = tlsConfigClone(config)
 		config.ServerName = hostname
 	}
 

client/tlsconfig_clone.go

@@ -0,0 +1,11 @@
+// +build go1.8
+
+package client
+
+import "crypto/tls"
+
+// tlsConfigClone returns a clone of tls.Config. This function is provided for
+// compatibility for go1.7 that doesn't include this method in stdlib.
+func tlsConfigClone(c *tls.Config) *tls.Config {
+	return c.Clone()
+}

pkg/tlsconfig/tlsconfig_clone_go17.go → client/tlsconfig_clone_go17.go

@@ -1,12 +1,12 @@
 // +build go1.7,!go1.8
 
-package tlsconfig
+package client
 
 import "crypto/tls"
 
-// Clone returns a clone of tls.Config. This function is provided for
+// tlsConfigClone returns a clone of tls.Config. This function is provided for
 // compatibility for go1.7 that doesn't include this method in stdlib.
-func Clone(c *tls.Config) *tls.Config {
+func tlsConfigClone(c *tls.Config) *tls.Config {
 	return &tls.Config{
 		Rand:                        c.Rand,
 		Time:                        c.Time,

daemon/checkpoint.go

@@ -7,13 +7,13 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/daemon/names"
 )
 
 var (
-	validCheckpointNameChars   = api.RestrictedNameChars
-	validCheckpointNamePattern = api.RestrictedNamePattern
+	validCheckpointNameChars   = names.RestrictedNameChars
+	validCheckpointNamePattern = names.RestrictedNamePattern
 )
 
 // getCheckpointDir verifies checkpoint directory for create,remove, list options and checks if checkpoint already exists

daemon/daemon.go

@@ -19,7 +19,6 @@ import (
 	"time"
 
 	containerd "github.com/containerd/containerd/api/grpc/types"
-	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/swarm"
@@ -713,7 +712,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe
 		return nil, err
 	}
 
-	trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
+	trustKey, err := loadOrCreateTrustKey(config.TrustKeyPath)
 	if err != nil {
 		return nil, err
 	}

daemon/names.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/api"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/names"
 	"github.com/docker/docker/pkg/namesgenerator"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/pkg/errors"
@@ -13,8 +13,8 @@ import (
 )
 
 var (
-	validContainerNameChars   = api.RestrictedNameChars
-	validContainerNamePattern = api.RestrictedNamePattern
+	validContainerNameChars   = names.RestrictedNameChars
+	validContainerNamePattern = names.RestrictedNamePattern
 )
 
 func (daemon *Daemon) registerName(container *container.Container) error {

api/names.go → daemon/names/names.go

@@ -1,4 +1,4 @@
-package api
+package names
 
 import "regexp"
 

daemon/trustkey.go

@@ -0,0 +1,57 @@
+package daemon
+
+import (
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/libtrust"
+)
+
+// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
+// otherwise generates a new one
+// TODO: this should use more of libtrust.LoadOrCreateTrustKey which may need
+// a refactor or this function to be moved into libtrust
+func loadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
+	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
+	if err != nil {
+		return nil, err
+	}
+	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
+	if err == libtrust.ErrKeyFileDoesNotExist {
+		trustKey, err = libtrust.GenerateECP256PrivateKey()
+		if err != nil {
+			return nil, fmt.Errorf("Error generating key: %s", err)
+		}
+		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
+		if err != nil {
+			return nil, fmt.Errorf("Error serializing key: %s", err)
+		}
+		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
+			return nil, fmt.Errorf("Error saving key file: %s", err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
+	}
+	return trustKey, nil
+}
+
+func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
+	if ext == ".json" || ext == ".jwk" {
+		encoded, err = json.Marshal(key)
+		if err != nil {
+			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
+		}
+	} else {
+		pemBlock, err := key.PEMBlock()
+		if err != nil {
+			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
+		}
+		encoded = pem.EncodeToMemory(pemBlock)
+	}
+	return
+}

daemon/trustkey_test.go

@@ -0,0 +1,72 @@
+package daemon
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/internal/testutil"
+	"github.com/gotestyourself/gotestyourself/fs"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// LoadOrCreateTrustKey
+func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
+	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
+	require.NoError(t, err)
+	defer os.RemoveAll(tmpKeyFolderPath)
+
+	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
+	require.NoError(t, err)
+
+	_, err = loadOrCreateTrustKey(tmpKeyFile.Name())
+	testutil.ErrorContains(t, err, "Error loading key file")
+}
+
+func TestLoadOrCreateTrustKeyCreateKeyWhenFileDoesNotExist(t *testing.T) {
+	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
+	defer tmpKeyFolderPath.Remove()
+
+	// Without the need to create the folder hierarchy
+	tmpKeyFile := tmpKeyFolderPath.Join("keyfile")
+
+	key, err := loadOrCreateTrustKey(tmpKeyFile)
+	require.NoError(t, err)
+	assert.NotNil(t, key)
+
+	_, err = os.Stat(tmpKeyFile)
+	require.NoError(t, err, "key file doesn't exist")
+}
+
+func TestLoadOrCreateTrustKeyCreateKeyWhenDirectoryDoesNotExist(t *testing.T) {
+	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
+	defer tmpKeyFolderPath.Remove()
+	tmpKeyFile := tmpKeyFolderPath.Join("folder/hierarchy/keyfile")
+
+	key, err := loadOrCreateTrustKey(tmpKeyFile)
+	require.NoError(t, err)
+	assert.NotNil(t, key)
+
+	_, err = os.Stat(tmpKeyFile)
+	require.NoError(t, err, "key file doesn't exist")
+}
+
+func TestLoadOrCreateTrustKeyCreateKeyNoPath(t *testing.T) {
+	defer os.Remove("keyfile")
+	key, err := loadOrCreateTrustKey("keyfile")
+	require.NoError(t, err)
+	assert.NotNil(t, key)
+
+	_, err = os.Stat("keyfile")
+	require.NoError(t, err, "key file doesn't exist")
+}
+
+func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
+	tmpKeyFile := filepath.Join("testdata", "keyfile")
+	key, err := loadOrCreateTrustKey(tmpKeyFile)
+	require.NoError(t, err)
+	expected := "AWX2:I27X:WQFX:IOMK:CNAK:O7PW:VYNB:ZLKC:CVAE:YJP2:SI4A:XXAY"
+	assert.Contains(t, key.String(), expected)
+}

pkg/tlsconfig/tlsconfig_clone.go

@@ -1,11 +0,0 @@
-// +build go1.8
-
-package tlsconfig
-
-import "crypto/tls"
-
-// Clone returns a clone of tls.Config. This function is provided for
-// compatibility for go1.7 that doesn't include this method in stdlib.
-func Clone(c *tls.Config) *tls.Config {
-	return c.Clone()
-}

volume/local/local.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/docker/api"
+	"github.com/docker/docker/daemon/names"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/volume"
@@ -35,7 +35,7 @@ var (
 	// volumeNameRegex ensures the name assigned for the volume is valid.
 	// This name is used to create the bind directory, so we need to avoid characters that
 	// would make the path to escape the root directory.
-	volumeNameRegex = api.RestrictedNamePattern
+	volumeNameRegex = names.RestrictedNamePattern
 )
 
 type activeMount struct {
@@ -298,7 +298,7 @@ func (r *Root) validateName(name string) error {
 		return validationError("volume name is too short, names should be at least two alphanumeric characters")
 	}
 	if !volumeNameRegex.MatchString(name) {
-		return validationError(fmt.Sprintf("%q includes invalid characters for a local volume name, only %q are allowed. If you intended to pass a host directory, use absolute path", name, api.RestrictedNameChars))
+		return validationError(fmt.Sprintf("%q includes invalid characters for a local volume name, only %q are allowed. If you intended to pass a host directory, use absolute path", name, names.RestrictedNameChars))
 	}
 	return nil
 }