Commit graph

74 commits

Author SHA1 Message Date
Sebastiaan van Stijn
786e6d80ba
integration: fix empty-lines (revive)
integration/config/config_test.go:106:31: empty-lines: extra empty line at the end of a block (revive)
    integration/secret/secret_test.go:106:31: empty-lines: extra empty line at the end of a block (revive)
    integration/network/service_test.go:58:50: empty-lines: extra empty line at the end of a block (revive)
    integration/network/service_test.go:401:58: empty-lines: extra empty line at the end of a block (revive)
    integration/system/event_test.go:30:38: empty-lines: extra empty line at the end of a block (revive)
    integration/plugin/logging/read_test.go:19:41: empty-lines: extra empty line at the end of a block (revive)
    integration/service/list_test.go:30:48: empty-lines: extra empty line at the end of a block (revive)
    integration/service/create_test.go:400:46: empty-lines: extra empty line at the start of a block (revive)
    integration/container/logs_test.go:156:42: empty-lines: extra empty line at the end of a block (revive)
    integration/container/daemon_linux_test.go:135:44: empty-lines: extra empty line at the end of a block (revive)
    integration/container/restart_test.go:160:62: empty-lines: extra empty line at the end of a block (revive)
    integration/container/wait_test.go:181:47: empty-lines: extra empty line at the end of a block (revive)
    integration/container/restart_test.go:116:30: empty-lines: extra empty line at the end of a block (revive)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-28 01:58:50 +02:00
Sebastiaan van Stijn
a4ac991d02
Merge pull request #43657 from thaJeztah/default_builder_version
api: set default "Builder-Version" to "2" (BuildKit) on Linux
2022-08-18 20:14:47 +02:00
Sebastiaan van Stijn
2b7416ef34
testutil, integration: use types/registry.AuthConfig
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-29 23:05:21 +02:00
Sebastiaan van Stijn
52c1a2fae8
gofmt GoDoc comments with go1.19
Older versions of Go don't format comments, so committing this as
a separate commit, so that we can already make these changes before
we upgrade to Go 1.19.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-08 19:56:23 +02:00
Sebastiaan van Stijn
7b153b9e28
api: set default "Builder-Version" to "2" (BuildKit) on Linux
Starting with the 22.06 release, buildx is the default client for
docker build, which uses BuildKit as builder.

This patch changes the default builder version as advertised by
the daemon to "2" (BuildKit), so that pre-22.06 CLIs with BuildKit
support (but no buildx installed) also default to using BuildKit
when interacting with a 22.06 (or up) daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-29 16:41:07 +02:00
Sebastiaan van Stijn
a3b1b66bb3
integration: TestPingSwarmHeader(): fix incorrect ping, and cleanup
I noticed I made a mistake in the first ping ("before swarm init"), which
was not specifying the daemon's socket path and because of that testing
against the main integration daemon (not the locally spun up daemon).

While fixing that, I wondered why the test didn't actually use the client
for the requests (to also verify the client converted the response), so
I rewrote the test to use `client.Ping()` and to verify the ping response
has the expected values set.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-29 15:17:37 +02:00
Sebastiaan van Stijn
64e96932bd
api: rename volume.VolumeCreateBody to volume.CreateOptions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-28 22:39:14 +02:00
Sebastiaan van Stijn
176f66df9c
api/types: replace uses of deprecated types.Volume with volume.Volume
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-21 19:50:59 +02:00
Sebastiaan van Stijn
adf4bf772d
API: add "Swarm" header to _ping endpoint
This adds an additional "Swarm" header to the _ping endpoint response,
which allows a client to detect if Swarm is enabled on the daemon, without
having to call additional endpoints.

This change is not versioned in the API, and will be returned irregardless
of the API version that is used. Clients should fall back to using other
endpoints to get this information if the header is not present.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-25 23:54:14 +01:00
Sebastiaan van Stijn
7d70d95d8e
registry: add DefaultRegistryHost const, and improve documentation
This is more in line with other consts that are used for defaults, and makes it
slightly easier to consume than DefaultV2Registry, e.g. see:
https://github.com/oras-project/oras-go/blob/v1.1.0/pkg/auth/docker/resolver.go#L81-L84

Note that both the "index.docker.io" and "registry-1.docker.io" domains
are here for historic reasons and backward-compatibility. These domains
are still supported by Docker Hub (and will continue to be supported), but
there are new domains already in use, and plans to consolidate all legacy
domains to new "canonical" domains. Once those domains are decided on, we
should update these consts (but making sure to preserve compatibility with
existing installs, clients, and user configuration).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-27 13:48:27 +01:00
Sebastiaan van Stijn
65b92a730a
integration(-cli): remove discovery related tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-06 18:28:13 +01:00
Sebastiaan van Stijn
686be57d0a
Update to Go 1.17.0, and gofmt with Go 1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-24 23:33:27 +02:00
Roman Volosatovs
47ad2f3dd6
API,daemon: support type URL parameter to /system/df
Let clients choose object types to compute disk usage of.

Signed-off-by: Roman Volosatovs <roman.volosatovs@docker.com>
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-27 12:17:45 +02:00
Sebastiaan van Stijn
e5ae83e503
volumes: only send "create" event when actually creating volume
The VolumesService did not have information wether or not a volume
was _created_ or if a volume already existed in the driver, and
the existing volume was used.

As a result, multiple "create" events could be generated for the
same volume. For example:

1. Run `docker events` in a shell to start listening for events
2. Create a volume:

    docker volume create myvolume

3. Start a container that uses that volume:

    docker run -dit -v myvolume:/foo busybox

4. Check the events that were generated:

    2021-02-15T18:49:55.874621004+01:00 volume create myvolume (driver=local)
    2021-02-15T18:50:11.442759052+01:00 volume create myvolume (driver=local)
    2021-02-15T18:50:11.487104176+01:00 container create 45112157c8b1382626bf5e01ef18445a4c680f3846c5e32d01775dddee8ca6d1 (image=busybox, name=gracious_hypatia)
    2021-02-15T18:50:11.519288102+01:00 network connect a19f6bb8d44ff84d478670fa4e34c5bf5305f42786294d3d90e790ac74b6d3e0 (container=45112157c8b1382626bf5e01ef18445a4c680f3846c5e32d01775dddee8ca6d1, name=bridge, type=bridge)
    2021-02-15T18:50:11.526407799+01:00 volume mount myvolume (container=45112157c8b1382626bf5e01ef18445a4c680f3846c5e32d01775dddee8ca6d1, destination=/foo, driver=local, propagation=, read/write=true)
    2021-02-15T18:50:11.864134043+01:00 container start 45112157c8b1382626bf5e01ef18445a4c680f3846c5e32d01775dddee8ca6d1 (image=busybox, name=gracious_hypatia)

5. Notice that a "volume create" event is created twice;

    - once when `docker volume create` was ran
    - once when `docker run ...` was ran

This patch moves the generation of (most) events to the volume _store_, and only
generates an event if the volume did not yet exist.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-05 16:02:22 +02:00
Sebastiaan van Stijn
97a5b797b6
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as domain.com, registry.com, mytest.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 14:06:27 +02:00
Akihiro Suda
5e1b246b9a test-integration: support more rootless tests
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-16 17:37:38 +09:00
Akihiro Suda
3fbc41fe36 TestCgroupDriverSystemdMemoryLimit: fix failure
The test was failing:

  --- FAIL: TestCgroupDriverSystemdMemoryLimit (1.76s)
      cgroupdriver_systemd_test.go:54: assertion failed: 67108864 (s.HostConfig.Memory int64) != 67108864 (mem int)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-03 11:30:55 +09:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Sebastiaan van Stijn
e55bff541e
TestLoginFailsWithBadCredentials: prepare for Go 1.14 changes
Go 1.14 adds quotes around the url in the error returned:

    === FAIL: arm64.integration.system TestLoginFailsWithBadCredentials (0.27s)
        TestLoginFailsWithBadCredentials: login_test.go:27: assertion failed: expected error "Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password", got "Error response from daemon: Get \"https://registry-1.docker.io/v2/\": unauthorized: incorrect username or password"
            Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 19:05:12 +01:00
vikrambirsingh
83783af08e Disable tests missed by PR 40155
The tests starts a new daemon, but attempts to run it with overlay2,
and using a unix:// socket, which doesn't really work on Windows.

40155 tried to disable such tests but missed two of them.
They are being disabled with this change.

Signed-off-by: vikrambirsingh <vikrambir.singh@docker.com>
2019-11-11 18:54:21 +00:00
Sebastiaan van Stijn
a0a5ec4c6d
Integration: skip TestInfoDebug on Windows
The test starts a new daemon, but attempts to run it with overlay2,
and using a unix:// socket, which doesn't really work on Windows.

```
00:14:14.623  --- FAIL: TestInfoDebug (0.01s)
00:14:14.623      info_test.go:75: [dbe75bf7729f3] failed to start daemon with arguments [--containerd /var/run/docker/containerd/containerd.sock --data-root D:\gopath\src\github.com\docker\docker\bundles\tmp\TestInfoDebug\dbe75bf7729f3\root --exec-root C:\windows\TEMP\dxr\dbe75bf7729f3 --pidfile D:\gopath\src\github.com\docker\docker\bundles\tmp\TestInfoDebug\dbe75bf7729f3\docker.pid --userland-proxy=true --containerd-namespace dbe75bf7729f3 --containerd-plugins-namespace dbe75bf7729f3p --host unix://C:\windows\TEMP\docker-integration\dbe75bf7729f3.sock --storage-driver overlay2 --debug] : protocol not available
00:14:14.623  === RUN   TestInfoInsecureRegistries
00:14:14.623  --- FAIL: TestInfoInsecureRegistries (0.00s)
00:14:14.623      info_test.go💯 [d3c745c16a39c] failed to start daemon with arguments [--containerd /var/run/docker/containerd/containerd.sock --data-root D:\gopath\src\github.com\docker\docker\bundles\tmp\TestInfoInsecureRegistries\d3c745c16a39c\root --exec-root C:\windows\TEMP\dxr\d3c745c16a39c --pidfile D:\gopath\src\github.com\docker\docker\bundles\tmp\TestInfoInsecureRegistries\d3c745c16a39c\docker.pid --userland-proxy=true --containerd-namespace d3c745c16a39c --containerd-plugins-namespace d3c745c16a39cp --host unix://C:\windows\TEMP\docker-integration\d3c745c16a39c.sock --debug --storage-driver overlay2 --insecure-registry=192.168.1.0/24 --insecure-registry=insecurehost.com:5000] : protocol not available
00:14:14.623  === RUN   TestInfoRegistryMirrors
00:14:14.623  --- FAIL: TestInfoRegistryMirrors (0.01s)
00:14:14.623      info_test.go:124: [d277126ad0515] failed to start daemon with arguments [--containerd /var/run/docker/containerd/containerd.sock --data-root D:\gopath\src\github.com\docker\docker\bundles\tmp\TestInfoRegistryMirrors\d277126ad0515\root --exec-root C:\windows\TEMP\dxr\d277126ad0515 --pidfile D:\gopath\src\github.com\docker\docker\bundles\tmp\TestInfoRegistryMirrors\d277126ad0515\docker.pid --userland-proxy=true --containerd-namespace d277126ad0515 --containerd-plugins-namespace d277126ad0515p --host unix://C:\windows\TEMP\docker-integration\d277126ad0515.sock --debug --storage-driver overlay2 --registry-mirror=https://192.168.1.2 --registry-mirror=http://registry.mirror.com:5000] : protocol not available
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-30 17:42:52 +01:00
Sebastiaan van Stijn
ec4a34ae2f
integration-cli: migrate some "info" tests to integration
- Updated TestInfoSecurityOptions to not rely on CLI output. Note that this
  test should be migrated to the integration suite, but that suite does not yet
  have checks for "Seccomp" and "AppArmor"
- TestInfoAPIWarnings: don't start with busybox because we're not running containers in this test
- Migrate TestInfoDebug to integration suite
- Migrate TestInsecureRegistries to integration suite (renamed to TestInfoInsecureRegistries)
- Migrate TestRegistryMirrors to integration suite (renamed to TestInfoRegistryMirrors)
- Migrate TestInfoDiscoveryBackend to integration suite
- Migrate TestInfoDiscoveryInvalidAdvertise to integration suite
- Migrate TestInfoDiscoveryAdvertiseInterfaceName to integration suite
- Remove TestInfoFormat, which is testing the CLI functionality, and there is an
  existing test in docker/cli (TestFormatInfo) covering this

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-22 00:11:52 +02:00
Sam Whited
b37c214e3c testutil: make testing packages public
This was done with something along the lines of:

```
mv internal/test testutil
pushd testutil/; grep -IRl "package test" | xargs -I '{}' sed -i -e 's|package test|package testutil|g' {}; popd
mv internal/testutil/*.go testutil/ && rm -rf internal/
grep -IRl "github.com\/docker\/docker\/internal\/test" | xargs -I '{}' sed -i -e 's|github.com/docker/docker/internal/test|github.com/docker/docker/test|g' {}
goimports .
```

I also modified the basic plugin path in testutil/fixtures/plugin.

Signed-off-by: Sam Whited <sam@samwhited.com>
2019-09-11 07:47:23 -05:00
Tibor Vass
f23a51a860 Revert "Remove Schema1 integration test suite"
This reverts commit 13b7d11be1.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-18 00:23:04 +00:00
Sebastiaan van Stijn
9f9b4290b9
integration: change container.Run signature to fix linting
Line 59: warning: context.Context should be the first parameter of a function (golint)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-07 13:05:26 +02:00
Sebastiaan van Stijn
b4c46b0dac
integration: change container.Create signature to fix linting
```
Line 25: warning: context.Context should be the first parameter of a function (golint)
Line 44: warning: context.Context should be the first parameter of a function (golint)
Line 52: warning: context.Context should be the first parameter of a function (golint)
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-07 13:04:44 +02:00
Sebastiaan van Stijn
05bd9958f2
Skip TestUUIDGeneration on API < v1.40
Older versions did not use an UUID as ID

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-24 17:52:13 -07:00
Sebastiaan van Stijn
d080a866cc
Skip TestPingCacheHeaders on API < v1.40
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-24 17:52:10 -07:00
Tibor Vass
5b6771345a
Merge pull request #38875 from thaJeztah/revert_38518-docker_info_builder_version
Revert "Adding builder version"
2019-03-14 10:55:44 -07:00
Sebastiaan van Stijn
f73dd5fdad
Revert "Adding builder version"
This reverts commit f821f002e5.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-14 00:18:46 +01:00
Justin Cormack
c435551ccc
Switch to google/uuid
pborman/uuid and google/uuid used to be different versions of
the same package, but now pborman/uuid is a compatibility wrapper
around google/uuid, maintained by the same person.

Clean up some of the usage as the functions differ slightly.

Not yet removed some uses of pborman/uuid in vendored code but
I have PRs in process for these.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2019-03-13 14:13:58 +00:00
Brian Goff
13b7d11be1 Remove Schema1 integration test suite
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-03-02 10:46:37 -08:00
Yong Tang
87903f2fb5
Merge pull request #38609 from kwojcicki/enhancement/38518-docker_info_builder_version
Adding builder version
2019-02-01 07:04:11 +08:00
Sebastiaan van Stijn
7e7e100be0
Add HEAD support for /_ping endpoint
Monitoring systems and load balancers are usually configured to use HEAD
requests for health monitoring. The /_ping endpoint currently does not
support this type of request, which means that those systems have fallback
to GET requests.

This patch adds support for HEAD requests on the /_ping endpoint.

Although optional, this patch also returns `Content-Type` and `Content-Length`
headers in case of a HEAD request; Refering to RFC 7231, section 4.3.2:

    The HEAD method is identical to GET except that the server MUST NOT
    send a message body in the response (i.e., the response terminates at
    the end of the header section).  The server SHOULD send the same
    header fields in response to a HEAD request as it would have sent if
    the request had been a GET, except that the payload header fields
    (Section 3.3) MAY be omitted.  This method can be used for obtaining
    metadata about the selected representation without transferring the
    representation data and is often used for testing hypertext links for
    validity, accessibility, and recent modification.

    A payload within a HEAD request message has no defined semantics;
    sending a payload body on a HEAD request might cause some existing
    implementations to reject the request.

    The response to a HEAD request is cacheable; a cache MAY use it to
    satisfy subsequent HEAD requests unless otherwise indicated by the
    Cache-Control header field (Section 5.2 of [RFC7234]).  A HEAD
    response might also have an effect on previously cached responses to
    GET; see Section 4.3.5 of [RFC7234].

With this patch applied, either `GET` or `HEAD` requests work; the only
difference is that the body is empty in case of a `HEAD` request;

    curl -i --unix-socket /var/run/docker.sock http://localhost/_ping
    HTTP/1.1 200 OK
    Api-Version: 1.40
    Cache-Control: no-cache, no-store, must-revalidate
    Docker-Experimental: false
    Ostype: linux
    Pragma: no-cache
    Server: Docker/dev (linux)
    Date: Mon, 14 Jan 2019 12:35:16 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8

    OK

    curl --head -i --unix-socket /var/run/docker.sock http://localhost/_ping
    HTTP/1.1 200 OK
    Api-Version: 1.40
    Cache-Control: no-cache, no-store, must-revalidate
    Content-Length: 0
    Content-Type: text/plain; charset=utf-8
    Docker-Experimental: false
    Ostype: linux
    Pragma: no-cache
    Server: Docker/dev (linux)
    Date: Mon, 14 Jan 2019 12:34:15 GMT

The client is also updated to use `HEAD` by default, but fallback to `GET`
if the daemon does not support this method.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-31 18:18:24 +01:00
Yong Tang
393838ca5e
Merge pull request #38569 from thaJeztah/forget_about_it
Add Cache-Control headers to disable caching /_ping endpoint
2019-01-31 23:59:11 +08:00
Krystian Wojcicki
f821f002e5 Adding builder version
Signed-off-by: Krystian Wojcicki <kwojcicki@sympatico.ca>
2019-01-21 19:02:16 -05:00
Vincent Demeester
b5be9f63eb
Merge pull request #38567 from thaJeztah/use_the_skip
TestCgroupDriverSystemdMemoryLimit: use skip.If()
2019-01-15 09:10:57 +01:00
Sebastiaan van Stijn
5f788fbf56
Add Cache-Control headers to disable caching /_ping endpoint
The result of this endpoint should not be cached, so it's better to
explicitly disable caching.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-14 22:03:23 +01:00
Sebastiaan van Stijn
c11be31710
TestCgroupDriverSystemdMemoryLimit: use skip.If()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-14 17:11:36 +01:00
Yong Tang
32f6aeee8a Replace t.Fatal(err) with assert.NilError(err)
so that they are consistent with other places

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2019-01-13 21:36:25 +00:00
Yong Tang
b958b430aa
Merge pull request #38417 from thaJeztah/replace_newclient
Test: Replace NewClient() with NewClientT()
2019-01-04 23:37:00 -08:00
Sebastiaan van Stijn
0de62d9bbc
Integration: use testenv.APIClient()
A client is already created in testenv.New(), so we can just
as well use that one, instead of creating a new client.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-03 11:53:41 +01:00
Sebastiaan van Stijn
056840c2a6
Skip TestInfoAPIWarnings on remote daemons
This test starts a new daemon, which will fail when testing
against a remote daemon;

    --- FAIL: TestInfoAPIWarnings (0.00s)
        info_test.go:53: failed to start daemon with arguments [-H=0.0.0.0:23756 -H=unix:///tmp/docker-integration/d5153ebcf89ef.sock] : [d5153ebcf89ef] could not find docker binary in $PATH: exec: "dockerd": executable file not found in $PATH

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-29 20:46:33 +01:00
Sebastiaan van Stijn
2cb7b73a1b
Test: Replace NewClient() with NewClientT()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-22 15:53:02 +01:00
Sebastiaan van Stijn
1434204647
Fix double "unix://" scheme in TestInfoAPIWarnings
`d.Sock()` already returns the socket-path including the
`unix://` scheme.

Also removed `--iptables=false`, as it didn't really seem
nescessary for this test.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-31 14:10:22 +01:00
Sebastiaan van Stijn
5d82d77a6d
Merge pull request #37715 from salah-khan/windows-enable-integration
Windows: Start of enabling tests under integration
2018-10-10 21:23:24 +02:00
Sebastiaan van Stijn
750130d748
Remove unneeded check for binary-commits
This check was not important anymore; we're only interested if
the API returns a matching commit for each binary.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-10 12:21:20 +02:00
Salahuddin Khan
4c8b1fd5a2 Enabling Windows integration tests
Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-09-26 15:57:40 -07:00
Vincent Demeester
d3cc071bb9 Windows: Start of enabling tests under integration/
- Add windows CI entrypoint script.

Signed-off-by: John Howard <jhoward@microsoft.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-09-26 12:28:22 -07:00
Sebastiaan van Stijn
547b993e07
Add warning if REST API is accessible through an insecure connection
The remote API allows full privilege escalation and is equivalent to
having root access on the host. Because of this, the API should never
be accessible through an insecure connection (TCP without TLS, or TCP
without TLS  verification).

Although a warning is already logged on startup if the daemon uses an
insecure configuration, this warning is not very visible (unless someone
decides to read the logs).

This patch attempts to make insecure configuration more visible by sending
back warnings through the API (which will be printed when using `docker info`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 22:03:24 +02:00