This fix tries to fix the issue in 30279 where `docker ps --format`
fails if `.Label` has args. For example:
```
docker ps --format '{{.ID}}\t{{.Names}}\t{{.Label "some.label"}}'
```
The reason for the failure is that during the preprocessing phase
to detect the existance of `.Size`, the `listOptionsProcessor`
does not has a method of `Label(name string) string`.
This results in the failure of
```
template: :1:24: executing "" at <.Label>: Label is not a method but has arguments
```
This fix fixes the issue by adding needed method of `Label(name string) string`.
This fix fixes 30279.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 2cd4ba1e56)
Signed-off-by: Victor Vieux <vieux@docker.com>
The top-level `docker inspect` command could return
an error if the nodes Swarm certificates were expired.
In situations where the user did not explicitly
ask for an object-type (`--type=foo`), we should
ignore these errors, and consider them equal to
"node is not a swarm manager".
This change makes `docker inspect` ignore these
errors if no type was specified.
As a further optimization, the "swarm status"
result is now stored in a variable, so that
other swarm-specific API calls can be skipped.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 66cf4cc7f7)
Signed-off-by: Victor Vieux <vieux@docker.com>
When Size was reverted to be equal to VirtualSize, the df command
formatter was not correctly updated to account for the change.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit dcc1b4baf6)
Signed-off-by: Victor Vieux <vieux@docker.com>
The prune PR changed the meaning of the file to mean "space on disk
only unique to this image", this PR revert this change.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit be20dc15af)
Signed-off-by: Victor Vieux <vieux@docker.com>
- default network is only created if needed
- it's possible to override default network configuration
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).
This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```
or
```
echo TEST | docker secret create --file - secret.name
```
Related docs has been updated.
An integration test has been added to cover the changes.
This fix fixes 28581.
This fix is related to 28927.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c6f0b7f448)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.
The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.
This fix is related to #28507, #28885, and #25983.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9155e14e77)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit abe32de6b4)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The current validation only checked for the
number of elements in the volume-spec, however,
did not validate if the elements were empty.
Because of this, an empty volume-spec (""),
or volume spec only containing separators ("::")
would not be invalidated.
This adds a simple check for empty elements in
the volume-spec, and returns an error if
the spec is invalid.
A unit-test is also added to verify the behavior.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
the `convertVolumeToMount()` function did not take
anonymous volumes into account when converting
volume specifications to bind-mounts.
this resulted in the conversion to try to
look up an empty "source" volume, which
lead to an error;
undefined volume:
this patch distinguishes "anonymous"
volumes from bind-mounts and named-volumes,
and skips further processing if no source
is defined (i.e. the volume is "anonymous").
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3d86b0c79b)
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3c7676a057)
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.
This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 8cb2229cd1)
This fix is a follow up for comment:
https://github.com/docker/docker/pull/29186/files#r91277345
While #29186 addresses the issue of `docker inspect <unknown object>`
on Windows, it actually makes `docker plugin inspect <unknown object>`
out `object not found` on Windows as well. This is actually misleading
as plugin is not supported on Windows.
This fix reverted the change in #29186 while at the same time,
checks `not supported` in `docker inspect <unknown object>` so that
- `docker plugin inspect <unknown object>` returns `not supported` on Windows
- `docker inspect <unknown object>` returns `not found` on Windows
This fix is related to #29186 and #29185.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0b3c10ac4d)
the "docker swarm leave" command description
mentioned that the command can only be used
for workers, however, the command can also
be used for managers (using the `-f` / `--force`
option).
this patch removes the "(workers only)" part
of the command description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f89eee5d9d)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to address the issue raised in 24352. Previously,
when `docker swarm update` has no flags, the output is
```
Swarm updated.
```
even though nothing was updated. This could be misleading for
users.
This fix tries to address the issue by adding a `PreRunE` function
in the command so that in case no flag is provided (`cmd.Flags().NFlag() == 0`),
the usage will be outputed instead.
An integration has been added to cover the changes.
This fix fixes 24352.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 5aa5a1cb00)
Signed-off-by: Victor Vieux <vieux@docker.com>
Implement notary-based digest lookup in the client when
DOCKER_CONTENT_TRUST=1.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d4d6f8c0d0)
Split these into cli/trust so that other commands can make use of them.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 4b8c79f25e)
This removes some very old vestigial code that really should have been
removed during the content addressability transition. It implements
something called "reference" but it behaves differently from the actual
reference package. This was only used by client-side content trust code,
and is relatively easy to extricate.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d91ed88365)
`--publish-add 8081:81 --publish-add 8082:82 --publish-rm 80
--publish-rm 81/tcp --publish-rm 82/tcp` would thus result in 81 and
82 to be published.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
- Display the ID column
- Do not append the task ID in the name column
- (NEW): Truncate task IDs, unless --no-trunc is specified
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit bbd2018ee1)
Signed-off-by: Victor Vieux <vieux@docker.com>
This reverts 26103. 26103 was trying to make it so that if someone did:
docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd. However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".
This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.
Closes#29084
Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit cdb8ea90b0)
Signed-off-by: Victor Vieux <vieux@docker.com>
Logging configuration was completely ignore when deploy a compose file
to swarm. This fixes it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 806cc1e0f8)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to address the issue in 28884 where
it is possible to mask the secret ID by name.
The reason was that searching a secret is based on name.
However, searching a secret should be done based on:
- Full ID
- Full Name
- Partial ID (prefix)
This fix addresses the issue by changing related implementation
in `getCliRequestedSecretIDs()`
An integration test has been added to cover the changes.
This fix fixes 28884
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3638ca4d14)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix convert DanglingOnly in ImagesPruneConfig to Filters,
so that it is possible to maintain API compatibility in the future.
Several integration tests have been added to cover changes.
This fix is related to 28497.
A follow up to this PR will be done once this PR is merged.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit a6be56b54e)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to address the proposal raised in 28946
to support plugins in `docker inspect`.
The command `docker inspect` already supports
"container", "image", "node", "network", "service", "volume", "task".
However, `--type plugin` is not supported yet at the moment.
This fix address this issue by adding the support of `--type plugin`
for `docker inspect`.
An additional integration test has been added to cover the changes.
This fix fixes 28946.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 90bb2cdb9f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
This fix tries to address the enhancement proposed in 28708 to display
ID field for the output of `docker plugin ls`.
This fix add `ID` field to the output of `docker plugin ls`
Related docs has been updated.
This fix fixes 28708.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 8a226ed643)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
This fix tries to address the issue raised in discussion of
PR 28735 where it was not possible to manage plugin based on
plugin ID. Previously it was not possible to invoke
`docker plugin inspect` with a plugin ID (or ID prefix).
This fix updates the implementation of `docker plugin inspect`
so that it is possbile to search based on a plugin name, or a
plugin ID. A short format of plugin ID (prefix) is also possible,
as long as there is no ambiguity.
Previously the check of `docker plugin inspect` was mostly done
on the client side. This could potentially cause inconsistency
between API and CMD. This fix move all the checks to daemon side
so that API and CMD will be consistent.
An integration test has been added to cover the changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0ce6e070f7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
This reverts commit 139fff2bf0.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit eb55d03f3c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
If the network is marked as external, don't use the namespace on
it. Otherwise, it's not found.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6fff845409)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
