Commit graph

534 commits

Author SHA1 Message Date
Sebastiaan van Stijn
49cea49cfa
Merge pull request #45905 from akerouanton/endpoint-specific-mac-address
api: Add a field MacAddress to EndpointSettings
2023-11-07 16:37:27 +01:00
Sebastiaan van Stijn
0ac748a340
Merge pull request #46628 from sgehrig/46621-container_wait
#46621 ensure that errors reading the response body are returned to the caller
2023-11-03 13:20:59 +01:00
Albin Kerouanton
ee9f0ed895
api: Deprecate ContainerConfig.MacAddress
Having a sandbox/container-wide MacAddress field makes little sense
since a container can be connected to multiple networks at the same
time. This field is an artefact of old times where a container could be
connected to a single network only.

As we now have a way to specify per-endpoint mac address, this field is
now deprecated.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 22:55:59 +02:00
Albin Kerouanton
052562ffd5
api: Add a field MacAddress to EndpointSettings
Prior to this commit, only container.Config had a MacAddress field and
it's used only for the first network the container connects to. It's a
relic of old times where custom networks were not supported.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-10-25 22:52:26 +02:00
Stefan Gehrig
0d27579fc7
Ensure that non-JSON-parsing errors are returned to the caller
Signed-off-by: Stefan Gehrig <stefan.gehrig.hn@googlemail.com>
Co-authored-by: Cory Snider <corhere@gmail.com>
2023-10-17 10:32:42 +02:00
Sebastiaan van Stijn
25fb4dd50d
switch to go.opentelemetry.io/otel/semconv/v1.17.0
While updating the docker/docker dependency in BuildKit, I noticed that the
dependency tree showed _two_ separate versions of the semconv package;
BuildKit and containerd were using the v1.17.0 version and docker/docker was
using v1.7.0.

This patch updates the version we use to align with BuildKit and containerd.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-16 10:28:54 +02:00
Sebastiaan van Stijn
ebef4efb88
api/types: move ContainerLogsOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:30:12 +02:00
Sebastiaan van Stijn
9670d9364d
api/types: move ContainerListOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:24 +02:00
Sebastiaan van Stijn
7bce33eb0f
api/types: move ContainerStartOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:24 +02:00
Sebastiaan van Stijn
0f77875220
api/types: move ContainerRemoveOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:23 +02:00
Sebastiaan van Stijn
9498d897ab
api/types: move ContainerCommitOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:23 +02:00
Sebastiaan van Stijn
30f09b4a1a
api/types: move ContainerAttachOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:23 +02:00
Sebastiaan van Stijn
95b92b1f97
api/types: move ResizeOptions to api/types/container
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:23 +02:00
Sebastiaan van Stijn
ec69501e94
api/types: move ServiceCreateResponse, and generate from swagger
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:23 +02:00
Sebastiaan van Stijn
5b3e6555a3
api/types: move ServiceUpdateResponse
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:22 +02:00
Sebastiaan van Stijn
48cacbca24
api/types: move image-types to api/types/image
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-12 11:29:20 +02:00
Sebastiaan van Stijn
e6907243af
client: negotiate api version before handling version-specific code
We try to perform API-version negotiation as lazy as possible (and only execute
when we are about to make an API request). However, some code requires API-version
dependent handling (to set options, or remove options based on the version of the
API we're using).

Currently this code depended on the caller code to perform API negotiation (or
to configure the API version) first, which may not happen, and because of that
we may be missing options (or set options that are not supported on older API
versions).

This patch:

- splits the code that triggered API-version negotiation to a separate
  Client.checkVersion() function.
- updates NewVersionError to accept a context
- updates NewVersionError to perform API-version negotiation (if enabled)
- updates various Client functions to manually trigger API-version negotiation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 15:23:27 +02:00
Albin Kerouanton
78479b1915
libnet: Make sure network names are unique
Fixes #18864, #20648, #33561, #40901.

[This GH comment][1] makes clear network name uniqueness has never been
enforced due to the eventually consistent nature of Classic Swarm
datastores:

> there is no guaranteed way to check for duplicates across a cluster of
> docker hosts.

And this is further confirmed by other comments made by @mrjana in that
same issue, eg. [this one][2]:

> we want to adopt a schema which can pave the way in the future for a
> completely decentralized cluster of docker hosts (if scalability is
> needed).

This decentralized model is what Classic Swarm was trying to be. It's
been superseded since then by Docker Swarm, which has a centralized
control plane.

To circumvent this drawback, the `NetworkCreate` endpoint accepts a
`CheckDuplicate` flag. However it's not perfectly reliable as it won't
catch concurrent requests.

Due to this design decision, API clients like Compose have to implement
workarounds to make sure names are really unique (eg.
docker/compose#9585). And the daemon itself has seen a string of issues
due to that decision, including some that aren't fixed to this day (for
instance moby/moby#40901):

> The problem is, that if you specify a network for a container using
> the ID, it will add that network to the container but it will then
> change it to reference the network by using the name.

To summarize, this "feature" is broken, has no practical use and is a
source of pain for Docker users and API consumers. So let's just remove
it for _all_ API versions.

[1]: https://github.com/moby/moby/issues/18864#issuecomment-167201414
[2]: https://github.com/moby/moby/issues/18864#issuecomment-167202589

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-12 10:40:13 +02:00
Brian Goff
642e9917ff Add otel support
This uses otel standard environment variables to configure tracing in
the daemon.
It also adds support for propagating trace contexts in the client and
reading those from the API server.

See
https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
for details on otel environment variables.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-07 18:38:19 +00:00
Sebastiaan van Stijn
1148a24e64
migrate to new github.com/distribution/reference module
The "reference" package was moved to a separate module, which was extracted
from b9b19409cf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 12:09:26 +02:00
Sebastiaan van Stijn
9c4e82435e
Merge pull request #46351 from thaJeztah/api_events_actions_enum
api/types/events: define "Action" type and consts
2023-09-05 11:11:42 +02:00
Sebastiaan van Stijn
c243efb0cd
client: TestImageTagInvalidSourceImageName remove invalid test-case
The test considered `Foo/bar` to be an invalid name, with the assumption
that it was `[docker.io]/Foo/bar`. However, this was incorrect, and the
test passed because the reference parsing had a bug; if the first element
(`Foo`) is not lowercase (so not a valid namespace /  "path element"), then
it *should* be considered a domain (as uppercase domain names are valid).

The reference parser did not account for this, and running the test with
a version of the parser with a fix caused the test to fail:

    === Failed
    === FAIL: client TestImageTagInvalidSourceImageName/invalidRepo/FOO/bar (0.00s)
        image_tag_test.go:54: assertion failed: expected error to contain "not a valid repository/tag", got "Error response from daemon: client should not have made an API call"
            Error response from daemon: client should not have made an API call

    === FAIL: client TestImageTagInvalidSourceImageName (0.00s)

This patch removes the faulty test-case.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-30 21:43:02 +02:00
Sebastiaan van Stijn
0f871f8cb7
api/types/events: define "Action" type and consts
Define consts for the Actions we use for events, instead of "ad-hoc" strings.
Having these consts makes it easier to find where specific events are triggered,
makes the events less error-prone, and allows documenting each Action (if needed).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 00:38:08 +02:00
Sebastiaan van Stijn
a65c948e7e
Merge pull request #46335 from thaJeztah/api_move_checkpoint_types
api/types: move checkpoint-types to api/types/checkpoint
2023-08-28 19:02:19 +02:00
Sebastiaan van Stijn
8309206160
Merge pull request #46350 from thaJeztah/strongtype_eventstype
api/types/events: make events.Type an actual type
2023-08-28 16:44:26 +02:00
Sebastiaan van Stijn
0161aad462
client: TestEvents: don't depend on deprecated fields
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 13:17:01 +02:00
Sebastiaan van Stijn
70ad5b818f
api/types/events: make events.Type an actual type
This type was added in 247f4796d2, and
at the time was added as an alias for string;

> api/types/events: add "Type" type for event-type enum
>
> Currently just an alias for string, but we can change it to be an
> actual type.

Now that all code uses the defined types, we should be able to make
this an actual type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 13:12:38 +02:00
msadiq058
f6b2e34268
Update example in README.md to close cli object
Signed-off-by: Mohd Sadiq <mohdsadiq058@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 19:55:45 +02:00
Sebastiaan van Stijn
b688af2226
api/types: move checkpoint-types to api/types/checkpoint
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 12:37:41 +02:00
Sebastiaan van Stijn
e0da5cb929
Merge pull request #46171 from thaJeztah/client_context
client: Client.buildRequest: use http.NewRequestWithContext
2023-08-10 21:00:13 +02:00
Sebastiaan van Stijn
3d3ce9812f
integration/tag: Move to client unit test
This test was testing the client-side validation, so might as well
move it there, and validate that the client invalidates before
trying to make an API call.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-10 10:37:04 +02:00
Sebastiaan van Stijn
4cc796ab93
client: Client.buildRequest: use http.NewRequestWithContext
Attach the context to the request while we're creating it, instead of
creating the context first, and adding the context later.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 20:30:25 +02:00
Sebastiaan van Stijn
58dc0fcd1e
client: Client.Ping: re-use request when falling back to GET
Re-use the request, and change the method to GET instead of building
a new request "from scratch".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 20:30:25 +02:00
Sebastiaan van Stijn
87fff769f4
client: Client.checkResponseErr: change errorMessage to an error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 20:30:25 +02:00
Sebastiaan van Stijn
fced566714
client: move resolveTLSConfig to a Client.tlsConfig()
This makes it slightly clearer what it does, as "resolve" may give the
impression it's doing more than just returning the TLS config configured
for the client.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 16:20:22 +02:00
Sebastiaan van Stijn
47af265234
client: Dialer: inline fallbackDial
fallbackDial was only used in a single place, and it was defined far away
from where it's used, so let's inline it, so that it's clear at a glance
what we're doing.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 16:20:18 +02:00
Sebastiaan van Stijn
74d9850bb9
client/buildkit: ClientOpts: update docs to use doc-links, and inline
inline the closures, and update the GoDoc to use doc-links to the related
buildkit function.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 16:19:36 +02:00
Bjorn Neergaard
427f95c4e6
Merge pull request #45978 from thaJeztah/client_docs_touch_up
client: touch-up docs, cleanup some tests, and minor refactoring
2023-07-26 05:55:46 -06:00
Sebastiaan van Stijn
e942499c66
Merge pull request #45991 from thaJeztah/client_cleanups
client: return explicit "nil" for no errors, and remove nil check
2023-07-19 12:17:32 +02:00
Sebastiaan van Stijn
2da589d454
client: return explicit "nil" for no errors, and remove nil check
- remove some intermediate variables
- explicitly return "nil" if there's no error
- remove redundant check for response-headers being nil

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 12:24:28 +02:00
Sebastiaan van Stijn
077049d0b9
client: WithTLSClientConfig: return early if no transport is set
tlsconfig.Client() does various things, including reading certs and
checking them. So we may as well return early if we're not gonna be
able to use the config.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:57 +02:00
Sebastiaan van Stijn
6846c63252
client: WithTLSClientConfig, WithTLSClientConfigFromEnv: inline vars
Remove intermediate variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:57 +02:00
Sebastiaan van Stijn
9d1e690751
client: TestGetAPIPath: don't use un-keyed structs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:56 +02:00
Sebastiaan van Stijn
6552441b46
client: TestClientRedirect: cleanup
- don't use un-keyed structs
- use http consts where possible
- use errors.As instead of manually checking the error-type

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:56 +02:00
Sebastiaan van Stijn
8d514f4e2e
client: touch-up docs, and user doc-links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:51 +02:00
Sebastiaan van Stijn
c219b09d4a
client: Client.postHijacked: use Client.buildRequest
Use Client.buildRequest instead of a local copy of the same logic so
that we're using the same logic, and there's less chance of diverging.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:39:08 +02:00
Sebastiaan van Stijn
e11555218b
client: Client.setupHijackConn: explicitly ignore errors
Just making my IDE and some linters slightly happier.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:37:03 +02:00
Sebastiaan van Stijn
92975f0c11
client: define a "dummy" hostname to use for local connections
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Before this patch (using go1.20.6):

    make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration
    === RUN   TestAttachWithTTY
        attach_test.go:46: assertion failed: error is not nil: http: invalid Host header
    --- FAIL: TestAttachWithTTY (0.11s)
    === RUN   TestAttachWithoutTTy
        attach_test.go:46: assertion failed: error is not nil: http: invalid Host header
    --- FAIL: TestAttachWithoutTTy (0.02s)
    FAIL

With this patch applied:

    make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration
    INFO: Testing against a local daemon
    === RUN   TestAttachWithTTY
    --- PASS: TestAttachWithTTY (0.12s)
    === RUN   TestAttachWithoutTTy
    --- PASS: TestAttachWithoutTTy (0.02s)
    PASS

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 18:57:53 +02:00
Sebastiaan van Stijn
2a59188760
client: TestSetHostHeader: don't use un-keyed literals
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 18:56:47 +02:00
Sebastiaan van Stijn
1370b3c679
client: minor test improvements for requests
- use assert.Check() where possible to not fail early
- improve checks for error-types
- rename "testURL" var to be more descriptive, and use a const

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-13 11:40:00 +02:00