Commit graph

564 commits

Author SHA1 Message Date
Sebastiaan van Stijn
0ba2d7c625
registry: remove TestSameAuthDataPostSave
This test was added in 0fc11699ab as
a regression test for saving credentials by the CLI.

However, the CLI code is no longer in this repository, so it was
no longer testing anything.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:40 +01:00
Sebastiaan van Stijn
32eaf4690a
registry: DefaultService.Auth(): skip parsing default registry
There's no need to parse or validate the default registry, as it's
a constant value.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:38 +01:00
Sebastiaan van Stijn
7782d04141
registry: remove v1 authentication
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:36 +01:00
Sebastiaan van Stijn
ab47fd2f72
registry: use consts for default registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:28 +01:00
Tonis Tiigi
fdb71e410c registry: fix mtls config dir passing
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-05-14 12:02:09 -07:00
Tonis Tiigi
0cdf6ba9c8 vendor: update buildkit to ae7ff174
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-04-14 08:26:07 -07:00
Sebastiaan van Stijn
e6281b1b3f
Revert "Don't die when daemon cannot read certs.d"
This reverts commit 2808762b27.

This exception was added for rootless mode, but superseded by the
follow-up commit f4fa98f583, which
uses a different path to look for the certs when running in rootless
mode

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-25 11:47:58 +01:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Sebastiaan van Stijn
6acfc42094
TestResumableRequestHeaderTooMuchFailures: prepare for Go 1.14 changes
Go 1.14 adds quotes around the invalid scheme in the error returned in
golang/go@64cfe9f

Go 1.13:

    Get I%27m%20not%20an%20url: unsupported protocol scheme ""

Go 1.14:

    Get "I%27m%20not%20an%20url": unsupported protocol scheme ""

This patch updates the test to detect both versions of the error

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 19:02:59 +01:00
Sebastiaan van Stijn
1c16572fe6
registry: fix goimports
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 16:01:02 +01:00
Brian Goff
b95fad8e51
Merge pull request #40263 from thaJeztah/normalize_comments
Normalize comment formatting
2019-12-12 12:06:22 -08:00
Sebastiaan van Stijn
b7f931e170
registry: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:45:23 +01:00
Dmitry Sharshakov
f4fa98f583 Use certs.d
from XDG_CONFIG_HOME
 when in rootless mode

Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
2019-11-25 13:12:54 +03:00
sh7dm
2808762b27 Don't die when daemon cannot read certs.d
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
2019-11-25 12:42:14 +03:00
lzhfromustc
49fbb9c985 registry: add a critical section to protect authTransport.modReq
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
2019-10-27 20:00:04 -04:00
Sebastiaan van Stijn
63e62d13a0
registry: use constants for http status codes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-13 19:11:18 +02:00
Sebastiaan van Stijn
441b031bda
registry: use constants for http methods
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-13 17:30:25 +02:00
HuanHuan Ye
a57fd5488d Fix base.Dial is deprecated: Use DialContext instead
1.Change base.Dial to base.DailContext.
2.Remove proxyDialer that was previously used to configure a
net.Dialer to route proxy.Dialer which will route the connections
through the proxy using the connections through a SOCKS proxy.
SOCKS proxies are now supported by configuring only http.Transport.Proxy,
and no longer require changing http.Transport.Dial.

Signed-off-by: HuanHuan Ye <logindaveye@gmail.com>
2019-09-20 10:42:13 +08:00
Kir Kolyshkin
5c11740abb
registry/newV1EndpointFromStr: rm dead code
> registry/endpoint_v1.go:127:9: nilness: impossible condition: nil != nil (govet)
> 	if err != nil {
>	       ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-09-18 12:57:28 +02:00
Sebastiaan van Stijn
07ff4f1de8
goimports: fix imports
Format the source according to latest goimports.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:56:54 +02:00
Tibor Vass
53dad9f027 Remove v1 manifest code
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-18 01:40:25 +00:00
Tibor Vass
f695e98cb7 Revert "Remove the rest of v1 manifest support"
This reverts commit 98fc09128b in order to
keep registry v2 schema1 handling and libtrust-key-based engine ID.

Because registry v2 schema1 was not officially deprecated and
registries are still relying on it, this patch puts its logic back.

However, registry v1 relics are not added back since v1 logic has been
removed a while ago.

This also fixes an engine upgrade issue in a swarm cluster. It was relying
on the Engine ID to be the same upon upgrade, but the mentioned commit
modified the logic to use UUID and from a different file.

Since the libtrust key is always needed to support v2 schema1 pushes,
that the old engine ID is based on the libtrust key, and that the engine ID
needs to be conserved across upgrades, adding a UUID-based engine ID logic
seems to add more complexity than it solves the problems.

Hence reverting the engine ID changes as well.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-18 00:36:01 +00:00
Aleksa Sarai
d283c7fa2b
*: remove interfacer linter from CI
It has been declared deprecated by the author, and has a knack for
false-positives (as well as giving bad advice when it comes to APIs --
which is quite clear when looking at "nolint: interfacer" comments).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2019-03-13 11:48:39 +11:00
Justin Cormack
98fc09128b Remove the rest of v1 manifest support
As people are using the UUID in `docker info` that was based on the v1 manifest signing key, replace
with a UUID instead.

Remove deprecated `--disable-legacy-registry` option that was scheduled to be removed in 18.03.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2019-03-02 10:46:37 -08:00
Iskander (Alex) Sharipov
a5c185b994 registry: use len(via)!=0 instead of via!=nil
This avoids the corner case where `via` is not nil, but has a length of 0,
so the updated code does not panic in that situation.

Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
2018-12-11 16:37:16 +03:00
Kir Kolyshkin
9b0097a699 Format code with gofmt -s from go-1.11beta1
This should eliminate a bunch of new (go-1.11 related) validation
errors telling that the code is not formatted with `gofmt -s`.

No functional change, just whitespace (i.e.
`git show --ignore-space-change` shows nothing).

Patch generated with:

> git ls-files | grep -v ^vendor/ | grep .go$ | xargs gofmt -s -w

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-09-06 15:24:16 -07:00
Vincent Demeester
3845728524
Update tests to use gotest.tools 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-13 09:04:30 +02:00
Sebastiaan van Stijn
f23c00d870
Various code-cleanup
remove unnescessary import aliases, brackets, and so on.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-23 17:50:54 +02:00
Kir Kolyshkin
7d62e40f7e Switch from x/net/context -> context
Since Go 1.7, context is a standard package. Since Go 1.9, everything
that is provided by "x/net/context" is a couple of type aliases to
types in "context".

Many vendored packages still use x/net/context, so vendor entry remains
for now.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-04-23 13:52:44 -07:00
Vincent Demeester
a7999aaa53
Skip some tests requires root uid when run as user
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-04-23 10:14:39 +02:00
Vincent Demeester
5433ceb12e
Migrate DockerTrustSuite to docker/cli e2e tests
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-03-19 09:26:35 +01:00
Daniel Nephin
6be0f70983 Automated migration using
gty-migrate-from-testify --ignore-build-tags

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-16 11:03:43 -04:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Brian Goff
d453fe35b9 Move api/errdefs to errdefs
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-01-11 21:21:43 -05:00
Brian Goff
87a12421a9 Add helpers to create errdef errors
Instead of having to create a bunch of custom error types that are doing
nothing but wrapping another error in sub-packages, use a common helper
to create errors of the requested type.

e.g. instead of re-implementing this over and over:

```go
type notFoundError struct {
  cause error
}

func(e notFoundError) Error() string {
  return e.cause.Error()
}

func(e notFoundError) NotFound() {}

func(e notFoundError) Cause() error {
  return e.cause
}
```

Packages can instead just do:

```
  errdefs.NotFound(err)
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-01-11 21:21:43 -05:00
Yong Tang
4785f1a7ab Remove solaris build tag and `contrib/mkimage/solaris
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-11-02 00:01:46 +00:00
Yong Tang
0e037717e0 Merge pull request #35294 from vdemeester/docker-function-name
Remove Docker from some functions
2017-10-25 08:25:26 -07:00
Vincent Demeester
de5c80b4f3
Remove Docker from some functions
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-25 14:39:51 +02:00
Michael Crosby
5a9b5f10cf Remove solaris files
For obvious reasons that it is not really supported now.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-10-24 15:39:34 -04:00
chchliang
0ddc903cec Add ValidateIndexName testcase
Signed-off-by: chchliang <chen.chuanliang@zte.com.cn>
2017-10-19 08:53:26 +08:00
Yong Tang
b075cd2d78 Merge pull request #34495 from ripcurld0/registry_mirror_json
Exit if service config is loaded unsuccessfully on startup
2017-09-18 21:59:14 -07:00
Boaz Shuster
5258297dac Exit if service config is loaded unsuccessfully on startup
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-09-17 18:50:16 +03:00
Daniel Nephin
f7f101d57e Add gosimple linter
Update gometalinter

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-12 12:09:59 -04:00
Yong Tang
cb952bf006 Merge pull request #34625 from dnephin/more-linters
Add interfacer and unconvert linters
2017-09-01 08:46:08 -07:00
Daniel Nephin
73ec0ff86b Remove command line flag install from registry package.
Settings flags is the responsibility of the application (cmd/) not a library

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-29 15:55:09 -04:00
Daniel Nephin
709bf8b7bc Add interfacer linter
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-24 15:08:26 -04:00
Daniel Nephin
372670b507 Add goimports to linters.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-21 18:15:08 -04:00
Daniel Nephin
9b47b7b151 Fix golint errors.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-18 14:23:44 -04:00
Brian Goff
ebcb7d6b40 Remove string checking in API error handling
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.

Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-08-15 16:01:11 -04:00
Derek McGowan
1009e6a40b
Update logrus to v1.0.1
Fixes case sensitivity issue

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-07-31 13:16:46 -07:00
Josh Soref
39bcaee47b
Spelling fixes
* additional
* ambiguous
* anonymous
* anything
* application
* because
* before
* building
* capabilities
* circumstances
* commit
* committer
* compresses
* concatenated
* config
* container
* container's
* current
* definition
* delimiter
* disassociates
* discovery
* distributed
* doesnotexist
* downloads
* duplicates
* either
* enhancing
* enumerate
* escapable
* exactly
* expect
* expectations
* expected
* explicitly
* false
* filesystem
* following
* forbidden
* git with
* healthcheck
* ignore
* independent
* inheritance
* investigating
* irrelevant
* it
* logging
* looking
* membership
* mimic
* minimum
* modify
* mountpoint
* multiline
* notifier
* outputting
* outside
* overridden
* override
* parsable
* plugins
* precedence
* propagation
* provided
* provides
* registries
* repositories
* returning
* settings
* should
* signals
* someone
* something
* specifically
* successfully
* synchronize
* they've
* thinking
* uninitialized
* unintentionally
* unmarshaling
* unnamed
* unreferenced
* verify

Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 13:13:09 -07:00
Sebastiaan van Stijn
128280013f
Disable legacy (v1) registries by default
Deprecation of interacting with v1 registries was
started in docker 1.8.3, which added a `--disable-legacy-registry`
flag.

This option was anounced to be the default starting
with docker 17.06, and v1 registries completely
removed in docker 17.12.

This patch updates the default, and disables
interaction with v1 registres by default.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-12 11:04:28 +02:00
root
02a759fa96 Remove dead code: GetAuthConfig
Signed-off-by: Shishir Mahajan <shishir.mahajan3@gmail.com>
2017-06-05 00:40:47 +00:00
Daniel Nephin
a6ac5495e1 Move an error helper to registry/session.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 16:10:40 -04:00
Daniel Nephin
65515af075 Move httputils/reasumablerequestreader to the single consumer.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 16:10:39 -04:00
Noah Treuhaft
67fdf574d5 Add daemon option to push foreign layers
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed.  (By default,
foreign layers are not pushed to registries.)

Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.

This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2017-05-16 14:36:36 -07:00
Yong Tang
e49589505a Validate insecure registry (--insecure-registry) values
This fix is based on:
https://github.com/docker/docker/issues/29936#issuecomment-277494885

Currently the insecure registry is only checked to see if it contains
scheme (`http(s)://`) or not. No fully validation is done and this
caused many confusions like in #29936.

This fix tries to address the issue.

This fix adds additional validation so that an insecure registry
is validated to make sure it is in `host:port` format where host
could be IPv4/IPv6 or a host name, and port could be an integer
between 0-65535.

Additional unit tests have been added.

This fix is related to #29936.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-02-14 13:13:23 -08:00
Derek McGowan
3a1279393f
Use distribution reference
Remove forked reference package. Use normalized named values
everywhere and familiar functions to convert back to familiar
strings for UX and storage compatibility.

Enforce that the source repository in the distribution metadata
is always a normalized string, ignore invalid values which are not.
Update distribution tests to use normalized values.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-02-07 11:08:37 -08:00
Derek McGowan
0421f5173d
Remove use of forked reference package for cli
Use resolving to repo info as the split point between the
legitimate reference package and forked reference package.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-19 16:04:50 -08:00
Sebastiaan van Stijn
af90d50647 Merge pull request #29988 from yongtang/29936-insecure-registries
Return error when insecure registry contains scheme
2017-01-19 21:49:06 +01:00
Yong Tang
8dadeaf8ea Return error when insecure registry contains scheme
While investigating 29936 I noticed one potential issue
in `LoadInsecureRegistries`.

The implementation of the func assumes that the format
of insecure registry should be `host:port` if not CIDR.
However, it is very common that user may incorrectly
provide a registry with a scheme (e.g, `http://myregistry.com:5000`)
Such a registry format with a scheme will cause docker pull to
always try https endpoint.

The reason is that the func of `isSecureIndex()` actually will
check for the map of the index server for `myregistry.com:5000`
while the insecure registry only has a record of `http://myregistry.com:5000`.
As a consequence, docker assumes that `myregistry.com:5000` is not
a insecure registry and will go ahead with https endpoint.

This fix addresses the issue by error out insecure registries with scheme.

A unit test has been added.

This fix is related to 29936.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-01-13 19:19:30 -08:00
Daehyeok Mun
6306019d0b Refactoring ineffectual assignments
This patch fixed below 4 types of code line
1. Remove unnecessary variable assignment
2. Use variables declaration instead of explicit initial zero value
3. Change variable name to underbar when variable not used
4. Add erro check and return for ignored error

Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
2017-01-13 00:27:01 -07:00
allencloud
5b9348c553 support registry mirror config reload
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-01-04 11:04:00 +08:00
yuexiao-wang
3ed06f9670 Remove unuse slice in registry
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-16 00:51:10 +08:00
Victor Vieux
c1a1b381f9 Merge pull request #28459 from dmcgowan/plugin-repository-pinning
Plugin repository pinning
2016-12-08 11:28:52 -08:00
Aaron Lehmann
d91ed88365 registry: Remove reference.go
This removes some very old vestigial code that really should have been
removed during the content addressability transition. It implements
something called "reference" but it behaves differently from the actual
reference package. This was only used by client-side content trust code,
and is relatively easy to extricate.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-12-06 15:53:21 -08:00
Derek McGowan
a12b466183
Add class to repository scope
Expose registry error translation for plugin distribution

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-21 22:18:50 -08:00
Felipe Oliveira
271b1f2756 fix infinite recursion
Signed-off-by: Felipe Oliveira <felipeweb.programador@gmail.com>
2016-11-18 10:57:50 -02:00
Noah Treuhaft
7ffb4ad81a
Disable v1 protocol for the default registry
All images in the default registry (AKA docker.io, index.docker.io, and
registry-1.docker.io) are available via the v2 protocol, so there's no
reason to use the v1 protocol.  Disabling it prevents useless fallbacks.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-11-11 00:23:25 -08:00
Derek McGowan
c85eb00841
Update for distribution vendor
Handle updates to reference package.
Updates for refactoring of challenge manager.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-10 17:34:12 -08:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Derek McGowan
66a5e34cc4
Use system ca pool from tlsconfig
Remove deprecated config from local pkg/tlsconfig.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-10-31 14:52:07 -07:00
allencloud
582803f00a support insecure registry in configuration reload
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-10-20 07:54:31 +08:00
Aaron Lehmann
19858ff1b1 registry: Remove unused method ResolveIndex
This does not appear to be used.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-10-18 12:04:10 -07:00
Michael Crosby
91e197d614 Add engine-api types to docker
This moves the types for the `engine-api` repo to the existing types
package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-07 11:05:58 -07:00
Antonio Murdaca
67d752ac55
support legacy registries in exernal stores
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-07 09:45:42 +02:00
Tonis Tiigi
7a8c7b47cf Fix govet for go1.7
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-09-02 19:07:54 -07:00
Daniel Nephin
14712f9ff0 Remove old cli framework.
Also consolidate the leftover packages under cli.
Remove pkg/mflag.
Make manpage generation work with new cobra layout.
Remove remaining mflag and fix tests after rebase with master.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-08-25 13:09:04 -04:00
Daniel Nephin
fb83394714 Convert dockerd to use cobra and pflag
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-08-25 13:09:03 -04:00
Stefan J. Wernli
adee28458c Fixing v2 registry restriction for non-linux platforms.
This fixes the hard coded restriction for non-linux platforms to v2 registries.  Previously, the check was above the flag parsing, which would overwrite the hard coded value and prevent correct operation.  This change also removes the related daemon flag from Windows to avoid confusion, as it has no meaning when the value is going to always be hard coded to true.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-07-20 16:14:40 -07:00
Sebastiaan van Stijn
64a8317a5a Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-16 01:58:01 +02:00
Derek McGowan
19d48f0b8b Allow v1 search to use v2 auth with identity token
Updates the v1 search endpoint to also support v2 auth when an identity token is given.
Only search v1 endpoint is supported since there is not v2 search currently defined to replace it.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-07-13 13:30:24 -07:00
Yong Tang
a72b45dbec Fix logrus formatting
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.

This fix fixes #23459.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-06-11 13:16:55 -07:00
Yong Tang
92f10fe228 Add --limit option to docker search
This fix tries to address the issue raised in #23055.
Currently `docker search` result caps at 25 and there is
no way to allow getting more results (if exist).

This fix adds the flag `--limit` so that it is possible
to return more results from the `docker search`.

Related documentation has been updated.

Additional tests have been added to cover the changes.

This fix fixes #23055.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-06-02 19:12:20 -07:00
allencloud
c1be45fa38 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-06-02 17:17:22 +08:00
Vincent Demeester
636c276f67
Add Unit test to daemon.SearchRegistryForImages…
… and refactor a little bit some daemon on the way.

- Move `SearchRegistryForImages` to a new file (`daemon/search.go`) as
  `daemon.go` is getting pretty big.
- `registry.Service` is now an interface (allowing us to decouple it a
  little bit and thus unit test easily).
- Add some unit test for `SearchRegistryForImages`.
- Use UniqueExactMatch for search filters
- And use empty restore id for now in client.ContainerStart.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-05-24 11:07:11 +02:00
Brett Higgins
207027087e Respect ALL_PROXY during registry operations
Use sockets.DialerFromEnvironment, as is done in other places,
to transparently support SOCKS proxy config from ALL_PROXY
environment variable.

Requires the *engine* have the ALL_PROXY env var set, which
doesn't seem ideal. Maybe it should be a CLI option somehow?

Only tested with push and a v2 registry so far. I'm happy to look
further into testing more broadly, but I wanted to get feedback on
the general idea first.

Signed-off-by: Brett Higgins <brhiggins@arbor.net>
2016-04-25 15:08:30 -04:00
Yong Tang
93973196f4 Add default serveraddress value in remote API /auth
This fix tries to address the issue in #22244 where the remote
API `/auth` will not set the default value of `serveraddress`
if not provided. This behavior happens after only in 1.11.0
and is a regression as in 1.10.3 `serveraddress` will be assigned
with `IndexServer` if no value is provided.

The default value `IndexServer` is assigned to `serveraddress` if
no value provided in this fix.

An integration test `TestAuthApi` has been added to cover this change

This fix fixes #22244.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-04-22 20:00:47 -07:00
Vincent Demeester
e6f2429e01 Merge pull request #21607 from allencloud/change-validateNoSchema-to-validateNoScheme
change validateNoSchema to validateNoScheme
2016-03-31 10:14:23 +02:00
allencloud
28d3c22e55 1.change validateNoSchema into validateNoScheme
2.change schema into scheme in docs and some annotations.

Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-31 12:29:15 +08:00
Aaron Lehmann
e42f85080b Correct login debug log message
I noticed the following message in a daemon log:

```
attempting v2 login to registry endpoint {%!s(bool=false) https://registry:5000 v2 %!s(bool=false) %!s(bool=true) %!s(*tls.Config=&{<nil> <nil> [] map[] <nil> 0xc82075c030 []  0 <nil> false [49196 49200 49195 49199 49162 49161 49172 49171 53 47] true false [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0] <nil> 769 0 [] {{0 0} 0} {{0 0} 0 0 0 0} []})}
```

loginV2 tries to log an APIEndpoint as a string, but this struct does
not have a String method. Log the actual URL that will be used as the
endpoint, instead.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-28 18:22:24 -07:00
David Calavera
b1e9a5eaf1 Merge pull request #21258 from runcom/res.body.leaks
*: fix response body leaks
2016-03-16 19:20:10 -07:00
Antonio Murdaca
f0d83c4cdb *: fix response body leaks
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-16 17:15:42 +01:00
Antonio Murdaca
137c8601a8 registry: endpoint_v1: fix outdated comment
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-16 12:53:11 +01:00
Antonio Murdaca
bb05c18892 daemon: update: check len inside public function
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-15 17:24:25 +01:00
Vincent Demeester
b9361f02da Merge pull request #20970 from dmcgowan/login-oauth
OAuth support for registries
2016-03-14 15:49:44 +01:00
David Calavera
12c67f42d8 Merge pull request #21100 from aaronlehmann/remove-windows-specific-registry
Remove Windows-specific default registry definitions
2016-03-11 09:31:55 -08:00
Aaron Lehmann
87535ca2e9 Remove Windows-specific default registry definitions
Going forward, Docker won't use a different default registry on Windows.
This changes Windows to use the standard Docker Hub registry as the
default registry.

There is a plan in place to migrate existing images from the Windows
registry to Hub's normal registry, in advance of the 1.11 release. In
the mean time, images on the Windows registry can be accessed by
prefixing them with `registry-win-tp3.docker.io/`.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-10 18:33:14 -08:00
Sebastiaan van Stijn
1d094255d5 Merge pull request #21045 from calavera/registry_config_options
Move registry service options to the daemon configuration.
2016-03-11 00:48:55 +01:00
David Calavera
59586d02b1 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-10 11:53:11 -05:00