This fix tries to fix the issue in 30279 where `docker ps --format`
fails if `.Label` has args. For example:
```
docker ps --format '{{.ID}}\t{{.Names}}\t{{.Label "some.label"}}'
```
The reason for the failure is that during the preprocessing phase
to detect the existance of `.Size`, the `listOptionsProcessor`
does not has a method of `Label(name string) string`.
This results in the failure of
```
template: :1:24: executing "" at <.Label>: Label is not a method but has arguments
```
This fix fixes the issue by adding needed method of `Label(name string) string`.
This fix fixes 30279.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 2cd4ba1e56)
Signed-off-by: Victor Vieux <vieux@docker.com>
The top-level `docker inspect` command could return
an error if the nodes Swarm certificates were expired.
In situations where the user did not explicitly
ask for an object-type (`--type=foo`), we should
ignore these errors, and consider them equal to
"node is not a swarm manager".
This change makes `docker inspect` ignore these
errors if no type was specified.
As a further optimization, the "swarm status"
result is now stored in a variable, so that
other swarm-specific API calls can be skipped.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 66cf4cc7f7)
Signed-off-by: Victor Vieux <vieux@docker.com>
When Size was reverted to be equal to VirtualSize, the df command
formatter was not correctly updated to account for the change.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit dcc1b4baf6)
Signed-off-by: Victor Vieux <vieux@docker.com>
The prune PR changed the meaning of the file to mean "space on disk
only unique to this image", this PR revert this change.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit be20dc15af)
Signed-off-by: Victor Vieux <vieux@docker.com>
- default network is only created if needed
- it's possible to override default network configuration
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).
This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```
or
```
echo TEST | docker secret create --file - secret.name
```
Related docs has been updated.
An integration test has been added to cover the changes.
This fix fixes 28581.
This fix is related to 28927.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c6f0b7f448)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.
The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.
This fix is related to #28507, #28885, and #25983.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9155e14e77)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit abe32de6b4)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The current validation only checked for the
number of elements in the volume-spec, however,
did not validate if the elements were empty.
Because of this, an empty volume-spec (""),
or volume spec only containing separators ("::")
would not be invalidated.
This adds a simple check for empty elements in
the volume-spec, and returns an error if
the spec is invalid.
A unit-test is also added to verify the behavior.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
the `convertVolumeToMount()` function did not take
anonymous volumes into account when converting
volume specifications to bind-mounts.
this resulted in the conversion to try to
look up an empty "source" volume, which
lead to an error;
undefined volume:
this patch distinguishes "anonymous"
volumes from bind-mounts and named-volumes,
and skips further processing if no source
is defined (i.e. the volume is "anonymous").
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3d86b0c79b)
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3c7676a057)
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.
This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 8cb2229cd1)
This fix is a follow up for comment:
https://github.com/docker/docker/pull/29186/files#r91277345
While #29186 addresses the issue of `docker inspect <unknown object>`
on Windows, it actually makes `docker plugin inspect <unknown object>`
out `object not found` on Windows as well. This is actually misleading
as plugin is not supported on Windows.
This fix reverted the change in #29186 while at the same time,
checks `not supported` in `docker inspect <unknown object>` so that
- `docker plugin inspect <unknown object>` returns `not supported` on Windows
- `docker inspect <unknown object>` returns `not found` on Windows
This fix is related to #29186 and #29185.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0b3c10ac4d)
the "docker swarm leave" command description
mentioned that the command can only be used
for workers, however, the command can also
be used for managers (using the `-f` / `--force`
option).
this patch removes the "(workers only)" part
of the command description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f89eee5d9d)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to address the issue raised in 24352. Previously,
when `docker swarm update` has no flags, the output is
```
Swarm updated.
```
even though nothing was updated. This could be misleading for
users.
This fix tries to address the issue by adding a `PreRunE` function
in the command so that in case no flag is provided (`cmd.Flags().NFlag() == 0`),
the usage will be outputed instead.
An integration has been added to cover the changes.
This fix fixes 24352.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 5aa5a1cb00)
Signed-off-by: Victor Vieux <vieux@docker.com>
Implement notary-based digest lookup in the client when
DOCKER_CONTENT_TRUST=1.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d4d6f8c0d0)
Split these into cli/trust so that other commands can make use of them.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 4b8c79f25e)
This removes some very old vestigial code that really should have been
removed during the content addressability transition. It implements
something called "reference" but it behaves differently from the actual
reference package. This was only used by client-side content trust code,
and is relatively easy to extricate.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d91ed88365)
`--publish-add 8081:81 --publish-add 8082:82 --publish-rm 80
--publish-rm 81/tcp --publish-rm 82/tcp` would thus result in 81 and
82 to be published.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
