2018-02-05 21:05:59 +00:00
|
|
|
package client // import "github.com/docker/docker/client"
|
2016-09-06 18:46:37 +00:00
|
|
|
|
|
|
|
import (
|
2018-04-19 22:30:59 +00:00
|
|
|
"context"
|
2016-09-06 18:46:37 +00:00
|
|
|
"encoding/json"
|
2016-12-12 23:05:53 +00:00
|
|
|
"io"
|
2023-07-10 14:44:59 +00:00
|
|
|
"net/http"
|
2016-09-06 18:46:37 +00:00
|
|
|
"net/url"
|
|
|
|
|
2023-08-30 16:31:46 +00:00
|
|
|
"github.com/distribution/reference"
|
2016-09-06 18:46:37 +00:00
|
|
|
"github.com/docker/docker/api/types"
|
2021-08-26 19:08:38 +00:00
|
|
|
"github.com/docker/docker/api/types/registry"
|
2019-02-09 18:19:22 +00:00
|
|
|
"github.com/docker/docker/errdefs"
|
2016-12-12 23:05:53 +00:00
|
|
|
"github.com/pkg/errors"
|
2016-09-06 18:46:37 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// PluginInstall installs a plugin
|
2016-12-12 23:05:53 +00:00
|
|
|
func (cli *Client) PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) {
|
2016-09-06 18:46:37 +00:00
|
|
|
query := url.Values{}
|
2017-01-26 00:54:18 +00:00
|
|
|
if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
|
2016-12-12 23:05:53 +00:00
|
|
|
return nil, errors.Wrap(err, "invalid remote reference")
|
|
|
|
}
|
|
|
|
query.Set("remote", options.RemoteRef)
|
|
|
|
|
2017-01-29 00:54:32 +00:00
|
|
|
privileges, err := cli.checkPluginPermissions(ctx, query, options)
|
2016-09-06 18:46:37 +00:00
|
|
|
if err != nil {
|
2016-12-12 23:05:53 +00:00
|
|
|
return nil, err
|
2016-09-06 18:46:37 +00:00
|
|
|
}
|
2016-11-08 01:43:11 +00:00
|
|
|
|
2016-12-12 23:05:53 +00:00
|
|
|
// set name for plugin pull, if empty should default to remote reference
|
|
|
|
query.Set("name", name)
|
|
|
|
|
2017-01-29 00:54:32 +00:00
|
|
|
resp, err := cli.tryPluginPull(ctx, query, privileges, options.RegistryAuth)
|
2016-11-24 01:29:21 +00:00
|
|
|
if err != nil {
|
2016-12-12 23:05:53 +00:00
|
|
|
return nil, err
|
2016-11-24 01:29:21 +00:00
|
|
|
}
|
|
|
|
|
2016-12-12 23:05:53 +00:00
|
|
|
name = resp.header.Get("Docker-Plugin-Name")
|
|
|
|
|
|
|
|
pr, pw := io.Pipe()
|
|
|
|
go func() { // todo: the client should probably be designed more around the actual api
|
|
|
|
_, err := io.Copy(pw, resp.body)
|
2016-11-24 01:29:21 +00:00
|
|
|
if err != nil {
|
2016-12-12 23:05:53 +00:00
|
|
|
pw.CloseWithError(err)
|
|
|
|
return
|
2016-11-24 01:29:21 +00:00
|
|
|
}
|
2016-12-12 23:05:53 +00:00
|
|
|
defer func() {
|
|
|
|
if err != nil {
|
|
|
|
delResp, _ := cli.delete(ctx, "/plugins/"+name, nil, nil)
|
|
|
|
ensureReaderClosed(delResp)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
if len(options.Args) > 0 {
|
|
|
|
if err := cli.PluginSet(ctx, name, options.Args); err != nil {
|
|
|
|
pw.CloseWithError(err)
|
|
|
|
return
|
|
|
|
}
|
2016-11-08 01:43:11 +00:00
|
|
|
}
|
|
|
|
|
2016-12-12 23:05:53 +00:00
|
|
|
if options.Disabled {
|
|
|
|
pw.Close()
|
|
|
|
return
|
|
|
|
}
|
2016-11-08 01:43:11 +00:00
|
|
|
|
2017-02-24 23:35:10 +00:00
|
|
|
enableErr := cli.PluginEnable(ctx, name, types.PluginEnableOptions{Timeout: 0})
|
|
|
|
pw.CloseWithError(enableErr)
|
2016-12-12 23:05:53 +00:00
|
|
|
}()
|
|
|
|
return pr, nil
|
2016-09-06 18:46:37 +00:00
|
|
|
}
|
|
|
|
|
2016-11-24 01:29:21 +00:00
|
|
|
func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
|
2023-07-10 14:44:59 +00:00
|
|
|
return cli.get(ctx, "/plugins/privileges", query, http.Header{
|
|
|
|
registry.AuthHeader: {registryAuth},
|
|
|
|
})
|
2016-11-24 01:29:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (serverResponse, error) {
|
2023-07-10 14:44:59 +00:00
|
|
|
return cli.post(ctx, "/plugins/pull", query, privileges, http.Header{
|
|
|
|
registry.AuthHeader: {registryAuth},
|
|
|
|
})
|
2016-09-06 18:46:37 +00:00
|
|
|
}
|
2017-01-29 00:54:32 +00:00
|
|
|
|
|
|
|
func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, options types.PluginInstallOptions) (types.PluginPrivileges, error) {
|
|
|
|
resp, err := cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
|
2019-02-09 18:19:22 +00:00
|
|
|
if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
|
2017-01-29 00:54:32 +00:00
|
|
|
// todo: do inspect before to check existing name before checking privileges
|
|
|
|
newAuthHeader, privilegeErr := options.PrivilegeFunc()
|
|
|
|
if privilegeErr != nil {
|
|
|
|
ensureReaderClosed(resp)
|
|
|
|
return nil, privilegeErr
|
|
|
|
}
|
|
|
|
options.RegistryAuth = newAuthHeader
|
|
|
|
resp, err = cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
ensureReaderClosed(resp)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var privileges types.PluginPrivileges
|
|
|
|
if err := json.NewDecoder(resp.body).Decode(&privileges); err != nil {
|
|
|
|
ensureReaderClosed(resp)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
ensureReaderClosed(resp)
|
|
|
|
|
|
|
|
if !options.AcceptAllPermissions && options.AcceptPermissionsFunc != nil && len(privileges) > 0 {
|
|
|
|
accept, err := options.AcceptPermissionsFunc(privileges)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if !accept {
|
2022-08-23 20:52:36 +00:00
|
|
|
return nil, errors.Errorf("permission denied while installing plugin %s", options.RemoteRef)
|
2017-01-29 00:54:32 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return privileges, nil
|
|
|
|
}
|