api/server: drop unused Config struct
The Server.cfg field is never referenced by any code in package "./api/server". "./api/server".Config struct values are used by DaemonCli code, but only to pass around configuration copied out of the daemon config within the "./cmd/dockerd" package. Delete the "./api/server".Config struct definition and refactor the "./cmd/dockerd" package to pull configuration directly from cli.Config. Signed-off-by: Cory Snider <csnider@mirantis.com>
This commit is contained in:
Cory Snider
parent
0021339b92
commit
0a6a726d26
3 changed files with 18 additions and 51 deletions
|
|
@ -2,7 +2,6 @@ package server // import "github.com/docker/docker/api/server"
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
|
@ -22,32 +21,13 @@ import (
|
|||
// when a request is about to be served.
|
||||
const versionMatcher = "/v{version:[0-9.]+}"
|
||||
|
||||
// Config provides the configuration for the API server
|
||||
type Config struct {
|
||||
CorsHeaders string
|
||||
Version string
|
||||
SocketGroup string
|
||||
TLSConfig *tls.Config
|
||||
// Hosts is a list of addresses for the API to listen on.
|
||||
Hosts []string
|
||||
}
|
||||
|
||||
// Server contains instance details for the server
|
||||
type Server struct {
|
||||
cfg *Config
|
||||
servers []*HTTPServer
|
||||
routers []router.Router
|
||||
middlewares []middleware.Middleware
|
||||
}
|
||||
|
||||
// New returns a new instance of the server based on the specified configuration.
|
||||
// It allocates resources which will be needed for ServeAPI(ports, unix-sockets).
|
||||
func New(cfg *Config) *Server {
|
||||
return &Server{
|
||||
cfg: cfg,
|
||||
}
|
||||
}
|
||||
|
||||
// UseMiddleware appends a new middleware to the request chain.
|
||||
// This needs to be called before the API routes are configured.
|
||||
func (s *Server) UseMiddleware(m middleware.Middleware) {
|
||||
|
|
|
|||
|
|
@ -13,12 +13,7 @@ import (
|
|||
)
|
||||
|
||||
func TestMiddlewares(t *testing.T) {
|
||||
cfg := &Config{
|
||||
Version: "0.1omega2",
|
||||
}
|
||||
srv := &Server{
|
||||
cfg: cfg,
|
||||
}
|
||||
srv := &Server{}
|
||||
|
||||
srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, api.MinVersion))
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ type DaemonCli struct {
|
|||
configFile *string
|
||||
flags *pflag.FlagSet
|
||||
|
||||
api *apiserver.Server
|
||||
api apiserver.Server
|
||||
d *daemon.Daemon
|
||||
authzMiddleware *authorization.Middleware // authzMiddleware enables to dynamically reload the authorization plugins
|
||||
}
|
||||
|
|
@ -80,7 +80,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
serverConfig, err := newAPIServerConfig(cli.Config)
|
||||
tlsConfig, err := newAPIServerTLSConfig(cli.Config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -161,9 +161,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
|
|||
}
|
||||
}
|
||||
|
||||
cli.api = apiserver.New(serverConfig)
|
||||
|
||||
hosts, err := loadListeners(cli, serverConfig)
|
||||
hosts, err := loadListeners(cli, tlsConfig)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to load listeners")
|
||||
}
|
||||
|
|
@ -192,7 +190,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
|
|||
|
||||
pluginStore := plugin.NewStore()
|
||||
|
||||
if err := cli.initMiddlewares(cli.api, serverConfig, pluginStore); err != nil {
|
||||
if err := cli.initMiddlewares(&cli.api, pluginStore); err != nil {
|
||||
logrus.Fatalf("Error creating middlewares: %v", err)
|
||||
}
|
||||
|
||||
|
|
@ -230,7 +228,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
routerOptions.api = cli.api
|
||||
routerOptions.api = &cli.api
|
||||
routerOptions.cluster = c
|
||||
|
||||
initRouter(routerOptions)
|
||||
|
|
@ -546,8 +544,8 @@ func initRouter(opts routerOptions) {
|
|||
}
|
||||
|
||||
// TODO: remove this from cli and return the authzMiddleware
|
||||
func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config, pluginStore plugingetter.PluginGetter) error {
|
||||
v := cfg.Version
|
||||
func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, pluginStore plugingetter.PluginGetter) error {
|
||||
v := dockerversion.Version
|
||||
|
||||
exp := middleware.NewExperimentalMiddleware(cli.Config.Experimental)
|
||||
s.UseMiddleware(exp)
|
||||
|
|
@ -555,8 +553,8 @@ func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config
|
|||
vm := middleware.NewVersionMiddleware(v, api.DefaultVersion, api.MinVersion)
|
||||
s.UseMiddleware(vm)
|
||||
|
||||
if cfg.CorsHeaders != "" {
|
||||
c := middleware.NewCORSMiddleware(cfg.CorsHeaders)
|
||||
if cli.Config.CorsHeaders != "" {
|
||||
c := middleware.NewCORSMiddleware(cli.Config.CorsHeaders)
|
||||
s.UseMiddleware(c)
|
||||
}
|
||||
|
||||
|
|
@ -597,7 +595,7 @@ func (cli *DaemonCli) getContainerdDaemonOpts() ([]supervisor.DaemonOpt, error)
|
|||
return opts, nil
|
||||
}
|
||||
|
||||
func newAPIServerConfig(config *config.Config) (*apiserver.Config, error) {
|
||||
func newAPIServerTLSConfig(config *config.Config) (*tls.Config, error) {
|
||||
var tlsConfig *tls.Config
|
||||
if config.TLS != nil && *config.TLS {
|
||||
var (
|
||||
|
|
@ -620,13 +618,7 @@ func newAPIServerConfig(config *config.Config) (*apiserver.Config, error) {
|
|||
}
|
||||
}
|
||||
|
||||
return &apiserver.Config{
|
||||
SocketGroup: config.SocketGroup,
|
||||
Version: dockerversion.Version,
|
||||
CorsHeaders: config.CorsHeaders,
|
||||
TLSConfig: tlsConfig,
|
||||
Hosts: config.Hosts,
|
||||
}, nil
|
||||
return tlsConfig, nil
|
||||
}
|
||||
|
||||
// checkTLSAuthOK checks basically for an explicitly disabled TLS/TLSVerify
|
||||
|
|
@ -654,21 +646,21 @@ func checkTLSAuthOK(c *config.Config) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, error) {
|
||||
if len(serverConfig.Hosts) == 0 {
|
||||
func loadListeners(cli *DaemonCli, tlsConfig *tls.Config) ([]string, error) {
|
||||
if len(cli.Config.Hosts) == 0 {
|
||||
return nil, errors.New("no hosts configured")
|
||||
}
|
||||
var hosts []string
|
||||
|
||||
for i := 0; i < len(serverConfig.Hosts); i++ {
|
||||
protoAddr := serverConfig.Hosts[i]
|
||||
for i := 0; i < len(cli.Config.Hosts); i++ {
|
||||
protoAddr := cli.Config.Hosts[i]
|
||||
proto, addr, ok := strings.Cut(protoAddr, "://")
|
||||
if !ok || addr == "" {
|
||||
return nil, fmt.Errorf("bad format %s, expected PROTO://ADDR", protoAddr)
|
||||
}
|
||||
|
||||
// It's a bad idea to bind to TCP without tlsverify.
|
||||
authEnabled := serverConfig.TLSConfig != nil && serverConfig.TLSConfig.ClientAuth == tls.RequireAndVerifyClientCert
|
||||
authEnabled := tlsConfig != nil && tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert
|
||||
if proto == "tcp" && !authEnabled {
|
||||
logrus.WithField("host", protoAddr).Warn("Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone who has access to your network.")
|
||||
logrus.WithField("host", protoAddr).Warn("Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe out there!")
|
||||
|
|
@ -712,7 +704,7 @@ func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, er
|
|||
return nil, err
|
||||
}
|
||||
}
|
||||
ls, err := listeners.Init(proto, addr, serverConfig.SocketGroup, serverConfig.TLSConfig)
|
||||
ls, err := listeners.Init(proto, addr, cli.Config.SocketGroup, tlsConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue