Commit graph

518 commits

Author SHA1 Message Date
Sebastiaan van Stijn
e6907243af
client: negotiate api version before handling version-specific code
We try to perform API-version negotiation as lazy as possible (and only execute
when we are about to make an API request). However, some code requires API-version
dependent handling (to set options, or remove options based on the version of the
API we're using).

Currently this code depended on the caller code to perform API negotiation (or
to configure the API version) first, which may not happen, and because of that
we may be missing options (or set options that are not supported on older API
versions).

This patch:

- splits the code that triggered API-version negotiation to a separate
  Client.checkVersion() function.
- updates NewVersionError to accept a context
- updates NewVersionError to perform API-version negotiation (if enabled)
- updates various Client functions to manually trigger API-version negotiation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 15:23:27 +02:00
Albin Kerouanton
78479b1915
libnet: Make sure network names are unique
Fixes #18864, #20648, #33561, #40901.

[This GH comment][1] makes clear network name uniqueness has never been
enforced due to the eventually consistent nature of Classic Swarm
datastores:

> there is no guaranteed way to check for duplicates across a cluster of
> docker hosts.

And this is further confirmed by other comments made by @mrjana in that
same issue, eg. [this one][2]:

> we want to adopt a schema which can pave the way in the future for a
> completely decentralized cluster of docker hosts (if scalability is
> needed).

This decentralized model is what Classic Swarm was trying to be. It's
been superseded since then by Docker Swarm, which has a centralized
control plane.

To circumvent this drawback, the `NetworkCreate` endpoint accepts a
`CheckDuplicate` flag. However it's not perfectly reliable as it won't
catch concurrent requests.

Due to this design decision, API clients like Compose have to implement
workarounds to make sure names are really unique (eg.
docker/compose#9585). And the daemon itself has seen a string of issues
due to that decision, including some that aren't fixed to this day (for
instance moby/moby#40901):

> The problem is, that if you specify a network for a container using
> the ID, it will add that network to the container but it will then
> change it to reference the network by using the name.

To summarize, this "feature" is broken, has no practical use and is a
source of pain for Docker users and API consumers. So let's just remove
it for _all_ API versions.

[1]: https://github.com/moby/moby/issues/18864#issuecomment-167201414
[2]: https://github.com/moby/moby/issues/18864#issuecomment-167202589

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-12 10:40:13 +02:00
Brian Goff
642e9917ff Add otel support
This uses otel standard environment variables to configure tracing in
the daemon.
It also adds support for propagating trace contexts in the client and
reading those from the API server.

See
https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
for details on otel environment variables.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-07 18:38:19 +00:00
Sebastiaan van Stijn
1148a24e64
migrate to new github.com/distribution/reference module
The "reference" package was moved to a separate module, which was extracted
from b9b19409cf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 12:09:26 +02:00
Sebastiaan van Stijn
9c4e82435e
Merge pull request #46351 from thaJeztah/api_events_actions_enum
api/types/events: define "Action" type and consts
2023-09-05 11:11:42 +02:00
Sebastiaan van Stijn
c243efb0cd
client: TestImageTagInvalidSourceImageName remove invalid test-case
The test considered `Foo/bar` to be an invalid name, with the assumption
that it was `[docker.io]/Foo/bar`. However, this was incorrect, and the
test passed because the reference parsing had a bug; if the first element
(`Foo`) is not lowercase (so not a valid namespace /  "path element"), then
it *should* be considered a domain (as uppercase domain names are valid).

The reference parser did not account for this, and running the test with
a version of the parser with a fix caused the test to fail:

    === Failed
    === FAIL: client TestImageTagInvalidSourceImageName/invalidRepo/FOO/bar (0.00s)
        image_tag_test.go:54: assertion failed: expected error to contain "not a valid repository/tag", got "Error response from daemon: client should not have made an API call"
            Error response from daemon: client should not have made an API call

    === FAIL: client TestImageTagInvalidSourceImageName (0.00s)

This patch removes the faulty test-case.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-30 21:43:02 +02:00
Sebastiaan van Stijn
0f871f8cb7
api/types/events: define "Action" type and consts
Define consts for the Actions we use for events, instead of "ad-hoc" strings.
Having these consts makes it easier to find where specific events are triggered,
makes the events less error-prone, and allows documenting each Action (if needed).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 00:38:08 +02:00
Sebastiaan van Stijn
a65c948e7e
Merge pull request #46335 from thaJeztah/api_move_checkpoint_types
api/types: move checkpoint-types to api/types/checkpoint
2023-08-28 19:02:19 +02:00
Sebastiaan van Stijn
8309206160
Merge pull request #46350 from thaJeztah/strongtype_eventstype
api/types/events: make events.Type an actual type
2023-08-28 16:44:26 +02:00
Sebastiaan van Stijn
0161aad462
client: TestEvents: don't depend on deprecated fields
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 13:17:01 +02:00
Sebastiaan van Stijn
70ad5b818f
api/types/events: make events.Type an actual type
This type was added in 247f4796d2, and
at the time was added as an alias for string;

> api/types/events: add "Type" type for event-type enum
>
> Currently just an alias for string, but we can change it to be an
> actual type.

Now that all code uses the defined types, we should be able to make
this an actual type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 13:12:38 +02:00
msadiq058
f6b2e34268
Update example in README.md to close cli object
Signed-off-by: Mohd Sadiq <mohdsadiq058@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 19:55:45 +02:00
Sebastiaan van Stijn
b688af2226
api/types: move checkpoint-types to api/types/checkpoint
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 12:37:41 +02:00
Sebastiaan van Stijn
e0da5cb929
Merge pull request #46171 from thaJeztah/client_context
client: Client.buildRequest: use http.NewRequestWithContext
2023-08-10 21:00:13 +02:00
Sebastiaan van Stijn
3d3ce9812f
integration/tag: Move to client unit test
This test was testing the client-side validation, so might as well
move it there, and validate that the client invalidates before
trying to make an API call.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-10 10:37:04 +02:00
Sebastiaan van Stijn
4cc796ab93
client: Client.buildRequest: use http.NewRequestWithContext
Attach the context to the request while we're creating it, instead of
creating the context first, and adding the context later.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 20:30:25 +02:00
Sebastiaan van Stijn
58dc0fcd1e
client: Client.Ping: re-use request when falling back to GET
Re-use the request, and change the method to GET instead of building
a new request "from scratch".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 20:30:25 +02:00
Sebastiaan van Stijn
87fff769f4
client: Client.checkResponseErr: change errorMessage to an error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 20:30:25 +02:00
Sebastiaan van Stijn
fced566714
client: move resolveTLSConfig to a Client.tlsConfig()
This makes it slightly clearer what it does, as "resolve" may give the
impression it's doing more than just returning the TLS config configured
for the client.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 16:20:22 +02:00
Sebastiaan van Stijn
47af265234
client: Dialer: inline fallbackDial
fallbackDial was only used in a single place, and it was defined far away
from where it's used, so let's inline it, so that it's clear at a glance
what we're doing.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 16:20:18 +02:00
Sebastiaan van Stijn
74d9850bb9
client/buildkit: ClientOpts: update docs to use doc-links, and inline
inline the closures, and update the GoDoc to use doc-links to the related
buildkit function.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 16:19:36 +02:00
Bjorn Neergaard
427f95c4e6
Merge pull request #45978 from thaJeztah/client_docs_touch_up
client: touch-up docs, cleanup some tests, and minor refactoring
2023-07-26 05:55:46 -06:00
Sebastiaan van Stijn
e942499c66
Merge pull request #45991 from thaJeztah/client_cleanups
client: return explicit "nil" for no errors, and remove nil check
2023-07-19 12:17:32 +02:00
Sebastiaan van Stijn
2da589d454
client: return explicit "nil" for no errors, and remove nil check
- remove some intermediate variables
- explicitly return "nil" if there's no error
- remove redundant check for response-headers being nil

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 12:24:28 +02:00
Sebastiaan van Stijn
077049d0b9
client: WithTLSClientConfig: return early if no transport is set
tlsconfig.Client() does various things, including reading certs and
checking them. So we may as well return early if we're not gonna be
able to use the config.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:57 +02:00
Sebastiaan van Stijn
6846c63252
client: WithTLSClientConfig, WithTLSClientConfigFromEnv: inline vars
Remove intermediate variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:57 +02:00
Sebastiaan van Stijn
9d1e690751
client: TestGetAPIPath: don't use un-keyed structs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:56 +02:00
Sebastiaan van Stijn
6552441b46
client: TestClientRedirect: cleanup
- don't use un-keyed structs
- use http consts where possible
- use errors.As instead of manually checking the error-type

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:56 +02:00
Sebastiaan van Stijn
8d514f4e2e
client: touch-up docs, and user doc-links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 18:31:51 +02:00
Sebastiaan van Stijn
c219b09d4a
client: Client.postHijacked: use Client.buildRequest
Use Client.buildRequest instead of a local copy of the same logic so
that we're using the same logic, and there's less chance of diverging.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:39:08 +02:00
Sebastiaan van Stijn
e11555218b
client: Client.setupHijackConn: explicitly ignore errors
Just making my IDE and some linters slightly happier.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:37:03 +02:00
Sebastiaan van Stijn
92975f0c11
client: define a "dummy" hostname to use for local connections
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Before this patch (using go1.20.6):

    make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration
    === RUN   TestAttachWithTTY
        attach_test.go:46: assertion failed: error is not nil: http: invalid Host header
    --- FAIL: TestAttachWithTTY (0.11s)
    === RUN   TestAttachWithoutTTy
        attach_test.go:46: assertion failed: error is not nil: http: invalid Host header
    --- FAIL: TestAttachWithoutTTy (0.02s)
    FAIL

With this patch applied:

    make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration
    INFO: Testing against a local daemon
    === RUN   TestAttachWithTTY
    --- PASS: TestAttachWithTTY (0.12s)
    === RUN   TestAttachWithoutTTy
    --- PASS: TestAttachWithoutTTy (0.02s)
    PASS

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 18:57:53 +02:00
Sebastiaan van Stijn
2a59188760
client: TestSetHostHeader: don't use un-keyed literals
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 18:56:47 +02:00
Sebastiaan van Stijn
1370b3c679
client: minor test improvements for requests
- use assert.Check() where possible to not fail early
- improve checks for error-types
- rename "testURL" var to be more descriptive, and use a const

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-13 11:40:00 +02:00
Sebastiaan van Stijn
f7f0a17ea2
client: TestSetHostHeader: use sub-tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-13 11:28:13 +02:00
Sebastiaan van Stijn
83477ce8d0
client: remove custom "headers" type, and use "http.Header" instead
Use http.Header, which is more descriptive on intent, and we're already
importing the package in the client. Removing the "header" type also fixes
various locations where the type was shadowed by local variables named
"headers".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-11 13:14:28 +02:00
Sebastiaan van Stijn
e4ce676d3d
client: ServiceCreate, ServiceUpdate: omit "version" header on API >= 1.30
The "version" header was added in c0afd9c873,
but used the wrong information to get the API version.

This issue was fixed in a9d20916c3, which switched
the API handler code to get the API version from the context. That change is part
of Docker Engine 20.10 (API v1.30 and up)

This patch updates the code to only set the header on APi v1.29 and older, as it's
not used by newer API versions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-11 13:00:00 +02:00
Sebastiaan van Stijn
c90229ed9a
api/types: move system info types to api/types/system
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 13:01:36 +02:00
Brian Goff
2216d3ca8d Add health start interval
This adds an additional interval to be used by healthchecks during the
start period.
Typically when a container is just starting you want to check if it is
ready more quickly than a typical healthcheck might run. Without this
users have to balance between running healthchecks to frequently vs
taking a very long time to mark a container as healthy for the first
time.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-05 23:44:17 +00:00
Sebastiaan van Stijn
4e69e16fde
client: use string-literals for easier grep'ing
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-05 12:27:01 +02:00
Sebastiaan van Stijn
0af6d9e291
client: format code with gofumpt
Formatting the code with https://github.com/mvdan/gofumpt

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-29 00:25:21 +02:00
Sebastiaan van Stijn
a6048fc792
client: add WithUserAgent() option
When constructing the client, and setting the User-Agent, care must be
taken to apply the header in the right location, as custom headers can
be set in the CLI configuration, and merging these custom headers should
not override the User-Agent header.

This patch adds a dedicated `WithUserAgent()` option, which stores the
user-agent separate from other headers, centralizing the merging of
other headers, so that other parts of the (CLI) code don't have to be
concerned with merging them in the right order.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-09 09:59:29 +02:00
Sebastiaan van Stijn
ab35df454d
remove pre-go1.17 build-tags
Removed pre-go1.17 build-tags with go fix;

    go mod init
    go fix -mod=readonly ./...
    rm go.mod

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 20:38:51 +02:00
Sebastiaan van Stijn
1b3c2743cc
Merge pull request #45550 from corhere/fix-empty-container-decode
Allow empty body in `POST /commit` again
2023-05-18 21:46:00 +02:00
Cory Snider
3ceb3810d7 client: don't marshal typed nils in request body
The internal Client request methods which accept an object as a body use
nil to signal that the request should not have a body. But it is easy to
accidentally pass a typed-nil value as the object, e.g. if the object
comes from a function argument or struct field of a concrete type. The
result is that these requests will, surprisingly, have a JSON body of
`null`. Treat typed-nil pointers the same as untyped nils for the
purposes of determining whether or not the request should include a
body.

Stop assuming that POST requests should always have a body. POST /commit
does not require a body, for example.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-05-17 14:58:12 -04:00
Sebastiaan van Stijn
66ff1e063e
client: update error-assertions in tests
- use is.ErrorType
- replace uses of client.IsErrNotFound for errdefs.IsNotFound, as
  the client no longer returns the old error-type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-10 22:13:38 +02:00
Sebastiaan van Stijn
685b3d820a
client: make IsErrNotFound an alias for errdefs.IsNotFound
None of the client will return the old error-types, so there's no need
to keep the compatibility code. We can consider deprecating this function
in favor of the errdefs equivalent this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-10 21:52:43 +02:00
Jeyanthinath Muthuram
307b09e7eb
fixing consistent aliases for OCI spec imports
Signed-off-by: Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
2023-05-08 15:27:52 +05:30
Sebastiaan van Stijn
8a4b095a94
Merge pull request #45353 from thaJeztah/api_container_change_type
api/types/container: create type for changes endpoint
2023-05-04 19:48:40 +02:00
Sebastiaan van Stijn
66cf0e3f55
client: slightly improve ContainerDiff tests
- use gotest.tools for asserting
- check result returned

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 21:25:07 +02:00