diff --git a/go.mod b/go.mod index 6c786ef5a29a..f55974a7ced7 100644 --- a/go.mod +++ b/go.mod @@ -97,8 +97,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/sys/mount v0.3.0 // indirect - github.com/moby/sys/mountinfo v0.6.0 // indirect github.com/moby/sys/signal v0.6.0 // indirect github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -150,8 +148,8 @@ require ( ) replace ( - github.com/docker/cli => github.com/docker/cli v20.10.3-0.20220226190722-8667ccd1124c+incompatible - github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible + github.com/docker/cli => github.com/thaJeztah/cli v0.0.0-20220721161612-049811fef043 + github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220326171151-8941dcfcc5db+incompatible // master (v22.04-dev) k8s.io/api => k8s.io/api v0.22.4 k8s.io/apimachinery => k8s.io/apimachinery v0.22.4 k8s.io/client-go => k8s.io/client-go v0.22.4 diff --git a/go.sum b/go.sum index 332267f230ab..f85b144ac302 100644 --- a/go.sum +++ b/go.sum @@ -167,14 +167,12 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8 github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e h1:n81KvOMrLZa+VWHwST7dun9f0G98X3zREHS1ztYzZKU= github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e/go.mod h1:xpWTC2KnJMiDLkoawhsPQcXjvwATEBcbq0xevG2YR9M= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/cli v20.10.3-0.20220226190722-8667ccd1124c+incompatible h1:0Kr33P67t7g42iFMU3uzizk+bek+a5MThEqmt4bqVGM= -github.com/docker/cli v20.10.3-0.20220226190722-8667ccd1124c+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli-docs-tool v0.4.0 h1:MdfKoErGEbFqIxQ8an9BsZ+YzKUGd58RBVkV+Q82GPo= github.com/docker/cli-docs-tool v0.4.0/go.mod h1:rgW5KKdNpLMBIuH4WQ/1RNh38nH+/Ay5jgL4P0ZMPpY= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible h1:Ptj2To+ezU/mCBUKdYXBQ2r3/2EJojAlOZrsgprF+is= -github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.3-0.20220326171151-8941dcfcc5db+incompatible h1:5DYFLB020CbxyjsxBle60QaEUb4krFjr30O0eLXsNp0= +github.com/docker/docker v20.10.3-0.20220326171151-8941dcfcc5db+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= @@ -464,11 +462,8 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/sys/mount v0.3.0 h1:bXZYMmq7DBQPwHRxH/MG+u9+XF90ZOwoXpHTOznMGp0= -github.com/moby/sys/mount v0.3.0/go.mod h1:U2Z3ur2rXPFrFmy4q6WMwWrBOAQGYtYTRVM8BIvzbwk= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo= -github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/signal v0.6.0 h1:aDpY94H8VlhTGa9sNYUFCFsMZIUh5wm0B6XkIoJj/iY= github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= @@ -617,6 +612,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/thaJeztah/cli v0.0.0-20220721161612-049811fef043 h1:vpyr7pQLp+fQ/zflbmfuobm01kAlqLIpK72Q1Y/pA5g= +github.com/thaJeztah/cli v0.0.0-20220721161612-049811fef043/go.mod h1:PnmaRA7hP+mokt+80q1r6bxulIIvKxbaap8NOfsS7/Y= github.com/theupdateframework/notary v0.6.1 h1:7wshjstgS9x9F5LuB1L5mBI2xNMObWqjz+cjWoom6l0= github.com/theupdateframework/notary v0.6.1/go.mod h1:MOfgIfmox8s7/7fduvB2xyPPMJCrjRLRizA8OFwpnKY= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= diff --git a/vendor/github.com/docker/cli/AUTHORS b/vendor/github.com/docker/cli/AUTHORS index 8990f85b56e4..b7bf0532177c 100644 --- a/vendor/github.com/docker/cli/AUTHORS +++ b/vendor/github.com/docker/cli/AUTHORS @@ -3,7 +3,7 @@ Aanand Prasad Aaron L. Xu -Aaron Lehmann +Aaron Lehmann Aaron.L.Xu Abdur Rehman Abhinandan Prativadi @@ -28,18 +28,21 @@ Albin Kerouanton Aleksa Sarai Aleksander Piotrowski Alessandro Boch +Alex Couture-Beil Alex Mavrogiannis Alex Mayer Alexander Boyd Alexander Larsson -Alexander Morozov +Alexander Morozov Alexander Ryabov Alexandre González +Alexey Igrychev Alfred Landrum Alicia Lauerman Allen Sun Alvin Deng Amen Belayneh +Amey Shrivastava <72866602+AmeyShrivastava@users.noreply.github.com> Amir Goldstein Amit Krishnan Amit Shukla @@ -48,6 +51,8 @@ Anca Iordache Anda Xu Andrea Luzzardi Andreas Köhler +Andres G. Aragoneses +Andres Leon Rangel Andrew France Andrew Hsu Andrew Macpherson @@ -67,8 +72,9 @@ Antonis Kalipetis Anusha Ragunathan Ao Li Arash Deshmeh -Arko Dasgupta -Arnaud Porterie +Arko Dasgupta +Arnaud Porterie +Arnaud Rebillout Arthur Peka Ashwini Oruganti Azat Khuyiyakhmetov @@ -80,6 +86,8 @@ Ben Bonnefoy Ben Creasy Ben Firshman Benjamin Boudreau +Benjamin Böhmke +Benjamin Nater Benoit Sigoure Bhumika Bayani Bill Wang @@ -88,6 +96,7 @@ Bingshen Wang Boaz Shuster Bogdan Anton Boris Pruessmann +Brad Baker Bradley Cicenas Brandon Mitchell Brandon Philips @@ -114,15 +123,19 @@ Charles Chan Charles Law Charles Smith Charlie Drage +Charlotte Mach ChaYoung You +Chee Hau Lim Chen Chuanliang Chen Hanxiao Chen Mingjie Chen Qiu +Chris Couzens Chris Gavin Chris Gibson Chris McKinnel Chris Snow +Chris Vermilion Chris Weyl Christian Persson Christian Stefanescu @@ -131,6 +144,7 @@ Christophe Vidal Christopher Biscardi Christopher Crone Christopher Jones +Christopher Svensson Christy Norman Chun Chen Clinton Kitson @@ -139,8 +153,10 @@ Colin Hebert Collin Guarino Colm Hally Comical Derskeal <27731088+derskeal@users.noreply.github.com> +Conner Crosby Corey Farrell Corey Quon +Cory Bennet Craig Wilhite Cristian Staretu Daehyeok Mun @@ -170,6 +186,7 @@ Dattatraya Kumbhar Dave Goodchild Dave Henderson Dave Tucker +David Alvarez David Beitey David Calavera David Cramer @@ -186,7 +203,8 @@ Denis Defreyne Denis Gladkikh Denis Ollier Dennis Docter -Derek McGowan +Derek McGowan +Des Preston Deshi Xiao Dharmit Shah Dhawal Yogesh Bhanushali @@ -196,12 +214,14 @@ Dimitry Andric Ding Fei Diogo Monica Djordje Lukic +Dmitriy Fishman Dmitry Gusev Dmitry Smirnov Dmitry V. Krivenok Dominik Braun Don Kjer Dong Chen +DongGeon Lee Doug Davis Drew Erny Ed Costello @@ -211,12 +231,14 @@ Eli Uriegas Elias Faxö Elliot Luo <956941328@qq.com> Eric Curtin +Eric Engestrom Eric G. Noriega Eric Rosenberg Eric Sage Eric-Olivier Lamey Erica Windisch Erik Hollensbe +Erik Humphrey Erik St. Martin Essam A. Hassan Ethan Haynes @@ -231,6 +253,7 @@ Fabio Falci Fabrizio Soppelsa Felix Hupfeld Felix Rabe +fezzik1620 Filip Jareš Flavio Crisciani Florian Klein @@ -242,6 +265,7 @@ Frederic Hemberger Frederick F. Kautz IV Frederik Nordahl Jul Sabroe Frieder Bluemle +Gabriel Gore Gabriel Nicolas Avellaneda Gaetan de Villele Gang Qiao @@ -251,13 +275,17 @@ George MacRorie George Xie Gianluca Borello Gildas Cuisinier +Gleb Stsenov Goksu Toprak Gou Rao +Govind Rai Grant Reaber Greg Pflaum +Gsealy Guilhem Lettron Guillaume J. Charmes Guillaume Le Floch +Guillaume Tardif gwx296173 Günther Jungbluth Hakan Özler @@ -278,6 +306,7 @@ Hugo Gabriel Eyherabide huqun Huu Nguyen Hyzhou Zhy +Iain Samuel McLean Elder Ian Campbell Ian Philpot Ignacio Capurro @@ -287,6 +316,7 @@ Ilya Sotkov Ioan Eugen Stan Isabel Jimenez Ivan Grcic +Ivan Grund Ivan Markin Jacob Atzen Jacob Tomlinson @@ -305,12 +335,14 @@ Jasmine Hegman Jason Heiss Jason Plum Jay Kamat +Jean Lecordier Jean Rouge Jean-Christophe Sirot Jean-Pierre Huynh Jeff Lindsay Jeff Nickoloff Jeff Silberman +Jennings Zhang Jeremy Chambers Jeremy Unruh Jeremy Yallop @@ -322,6 +354,7 @@ Jian Zhang Jie Luo Jilles Oldenbeuving Jim Galasyn +Jim Lin Jimmy Leger Jimmy Song jimmyxian @@ -338,6 +371,7 @@ Johannes 'fish' Ziemke John Feminella John Harris John Howard +John Howard John Laswell John Maguire John Mulhausen @@ -347,13 +381,16 @@ John Tims John V. Martinez John Willis Jon Johnson +Jon Zeolla Jonatas Baldin Jonathan Boulle Jonathan Lee Jonathan Lomas Jonathan McCrohan +Jonathan Warriss-Simmons Jonh Wendell Jordan Jennings +Jorge Vallecillo Jose J. Escobar <53836904+jescobar-docker@users.noreply.github.com> Joseph Kern Josh Bodah @@ -383,9 +420,11 @@ Katie McLaughlin Ke Xu Kei Ohmura Keith Hudgins +Kelton Bassingthwaite Ken Cochrane Ken ICHIKAWA Kenfe-Mickaël Laventure +Kevin Alvarez Kevin Burke Kevin Feyrer Kevin Kern @@ -401,6 +440,7 @@ Krasi Georgiev Kris-Mikael Krister Kun Zhang Kunal Kushwaha +Kyle Mitofsky Lachlan Cooper Lai Jiangshan Lars Kellogg-Stedman @@ -410,6 +450,7 @@ Lee Gaines Lei Jitang Lennie Leo Gallucci +Leonid Skorospelov Lewis Daly Li Yi Li Yi @@ -445,6 +486,7 @@ Manjunath A Kumatagi Mansi Nahar mapk0y Marc Bihlmaier +Marc Cornellà Marco Mariani Marco Vedovati Marcus Martins @@ -467,11 +509,13 @@ Matthieu Hauglustaine Mauro Porras P Max Shytikov Maxime Petazzoni +Maximillian Fan Xavier Mei ChunTao +Metal <2466052+tedhexaflow@users.noreply.github.com> Micah Zoltu Michael A. Smith Michael Bridgen -Michael Crosby +Michael Crosby Michael Friis Michael Irwin Michael Käufl @@ -487,6 +531,7 @@ Mihai Borobocea Mihuleacc Sergiu Mike Brown Mike Casas +Mike Dalton Mike Danese Mike Dillon Mike Goelzer @@ -503,7 +548,9 @@ Mohini Anne Dsouza Moorthy RS Morgan Bauer Morten Hekkvang +Morten Linderud Moysés Borges +Mozi <29089388+pzhlkj6612@users.noreply.github.com> Mrunal Patel muicoder Muthukumar R @@ -535,6 +582,8 @@ Noah Treuhaft O.S. Tezer Odin Ugedal ohmystack +OKA Naoya +Oliver Pomeroy Olle Jonsson Olli Janatuinen Oscar Wieman @@ -550,9 +599,12 @@ Paul Lietar Paul Mulders Paul Weaver Pavel Pospisil +Paweł Gronowski +Paweł Pokrywka Paweł Szczekutowicz Peeyush Gupta Per Lundberg +Peter Dave Hello Peter Edge Peter Hsu Peter Jaffe @@ -560,11 +612,13 @@ Peter Kehl Peter Nagy Peter Salvatore Peter Waller -Phil Estes +Phil Estes Philip Alexander Etling Philipp Gillé Philipp Schmied +Phong Tran pidster +Pieter E Smit pixelistik Pratik Karki Prayag Verma @@ -574,6 +628,7 @@ Qiang Huang Qinglan Peng qudongfang Raghavendra K T +Rahul Kadyan Rahul Zoldyck Ravi Shekhar Jethani Ray Tsang @@ -582,6 +637,7 @@ Remy Suen Renaud Gaubert Ricardo N Feliciano Rich Moyse +Richard Chen Zheng <58443436+rchenzheng@users.noreply.github.com> Richard Mathie Richard Scothern Rick Wieman @@ -591,6 +647,7 @@ Rob Gulewich Robert Wallis Robin Naundorf Robin Speekenbrink +Roch Feuillade Rodolfo Ortiz Rogelio Canedo Rohan Verma @@ -614,6 +671,7 @@ Sambuddha Basu Sami Tabet Samuel Cochran Samuel Karp +Sandro Jäckel Santhosh Manohar Sargun Dhillon Saswat Bhattacharya @@ -654,6 +712,7 @@ Stephen Rust Steve Durrheimer Steve Richards Steven Burgess +Stoica-Marcu Floris-Andrei Subhajit Ghosh Sun Jianbo Sune Keller @@ -665,7 +724,10 @@ Sébastien HOUZÉ T K Sourabh TAGOMORI Satoshi taiji-tech +Takeshi Koenuma +Takuya Noguchi Taylor Jones +Teiva Harsanyi Tejaswini Duggaraju Tengfei Wang Teppei Fukuda @@ -696,6 +758,7 @@ Tom Fotherby Tom Klingenberg Tom Milligan Tom X. Tobin +Tomas Bäckman Tomas Tomecek Tomasz Kopczynski Tomáš Hrčka @@ -711,6 +774,7 @@ Ulrich Bareth Ulysses Souza Umesh Yadav Valentin Lorentz +Vardan Pogosian Venkateswara Reddy Bukkasamudram Veres Lajos Victor Vieux @@ -757,6 +821,7 @@ Yunxiang Huang Zachary Romero Zander Mackie zebrilee +Zeel B Patel Zhang Kun Zhang Wei Zhang Wentao @@ -768,4 +833,5 @@ Zhu Guihua Álex González Álvaro Lázaro Átila Camurça Alves +Александр Менщиков <__Singleton__@hackerdom.ru> 徐俊杰 diff --git a/vendor/github.com/docker/cli/cli-plugins/manager/cobra.go b/vendor/github.com/docker/cli/cli-plugins/manager/cobra.go index 0fcd73e7b658..71b6fe716d07 100644 --- a/vendor/github.com/docker/cli/cli-plugins/manager/cobra.go +++ b/vendor/github.com/docker/cli/cli-plugins/manager/cobra.go @@ -1,6 +1,9 @@ package manager import ( + "fmt" + "os" + "github.com/docker/cli/cli/command" "github.com/spf13/cobra" ) @@ -31,12 +34,13 @@ const ( // AddPluginCommandStubs adds a stub cobra.Commands for each valid and invalid // plugin. The command stubs will have several annotations added, see // `CommandAnnotationPlugin*`. -func AddPluginCommandStubs(dockerCli command.Cli, cmd *cobra.Command) error { - plugins, err := ListPlugins(dockerCli, cmd) +func AddPluginCommandStubs(dockerCli command.Cli, rootCmd *cobra.Command) error { + plugins, err := ListPlugins(dockerCli, rootCmd) if err != nil { return err } for _, p := range plugins { + p := p vendor := p.Vendor if vendor == "" { vendor = "unknown" @@ -49,11 +53,41 @@ func AddPluginCommandStubs(dockerCli command.Cli, cmd *cobra.Command) error { if p.Err != nil { annotations[CommandAnnotationPluginInvalid] = p.Err.Error() } - cmd.AddCommand(&cobra.Command{ - Use: p.Name, - Short: p.ShortDescription, - Run: func(_ *cobra.Command, _ []string) {}, - Annotations: annotations, + rootCmd.AddCommand(&cobra.Command{ + Use: p.Name, + Short: p.ShortDescription, + Run: func(_ *cobra.Command, _ []string) {}, + Annotations: annotations, + DisableFlagParsing: true, + RunE: func(cmd *cobra.Command, args []string) error { + flags := rootCmd.PersistentFlags() + flags.SetOutput(nil) + err := flags.Parse(args) + if err != nil { + return err + } + if flags.Changed("help") { + cmd.HelpFunc()(rootCmd, args) + return nil + } + return fmt.Errorf("docker: '%s' is not a docker command.\nSee 'docker --help'", cmd.Name()) + }, + ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + // Delegate completion to plugin + cargs := []string{p.Path, cobra.ShellCompRequestCmd, p.Name} + cargs = append(cargs, args...) + cargs = append(cargs, toComplete) + os.Args = cargs + runCommand, err := PluginRunCommand(dockerCli, p.Name, cmd) + if err != nil { + return nil, cobra.ShellCompDirectiveError + } + err = runCommand.Run() + if err == nil { + os.Exit(0) // plugin already rendered complete data + } + return nil, cobra.ShellCompDirectiveError + }, }) } return nil diff --git a/vendor/github.com/docker/cli/cli-plugins/manager/manager_unix.go b/vendor/github.com/docker/cli/cli-plugins/manager/manager_unix.go index f586acbd8da2..6aa5b9e5c4e6 100644 --- a/vendor/github.com/docker/cli/cli-plugins/manager/manager_unix.go +++ b/vendor/github.com/docker/cli/cli-plugins/manager/manager_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package manager diff --git a/vendor/github.com/docker/cli/cli-plugins/manager/plugin.go b/vendor/github.com/docker/cli/cli-plugins/manager/plugin.go index 4b32a4fde641..e501af722837 100644 --- a/vendor/github.com/docker/cli/cli-plugins/manager/plugin.go +++ b/vendor/github.com/docker/cli/cli-plugins/manager/plugin.go @@ -34,7 +34,7 @@ type Plugin struct { // returned with no error. An error is only returned due to a // non-recoverable error. // -// nolint: gocyclo +//nolint:gocyclo func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) { path := c.Path() if path == "" { diff --git a/vendor/github.com/docker/cli/cli-plugins/manager/suffix_unix.go b/vendor/github.com/docker/cli/cli-plugins/manager/suffix_unix.go index 14f0903f40b7..afaf0007f5ab 100644 --- a/vendor/github.com/docker/cli/cli-plugins/manager/suffix_unix.go +++ b/vendor/github.com/docker/cli/cli-plugins/manager/suffix_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package manager diff --git a/vendor/github.com/docker/cli/cli-plugins/plugin/plugin.go b/vendor/github.com/docker/cli/cli-plugins/plugin/plugin.go index 970e487e3c1d..3d98662220c3 100644 --- a/vendor/github.com/docker/cli/cli-plugins/plugin/plugin.go +++ b/vendor/github.com/docker/cli/cli-plugins/plugin/plugin.go @@ -125,6 +125,11 @@ func newPluginCommand(dockerCli *command.DockerCli, plugin *cobra.Command, meta }, TraverseChildren: true, DisableFlagsInUseLine: true, + CompletionOptions: cobra.CompletionOptions{ + DisableDefaultCmd: false, + HiddenDefaultCmd: true, + DisableDescriptions: true, + }, } opts, flags := cli.SetupPluginRootCommand(cmd) diff --git a/vendor/github.com/docker/cli/cli/cobra.go b/vendor/github.com/docker/cli/cli/cobra.go index d3ce7ff165c6..4b632c0ad3c8 100644 --- a/vendor/github.com/docker/cli/cli/cobra.go +++ b/vendor/github.com/docker/cli/cli/cobra.go @@ -3,12 +3,17 @@ package cli import ( "fmt" "os" + "path/filepath" + "sort" "strings" pluginmanager "github.com/docker/cli/cli-plugins/manager" "github.com/docker/cli/cli/command" - cliconfig "github.com/docker/cli/cli/config" + "github.com/docker/cli/cli/config" cliflags "github.com/docker/cli/cli/flags" + "github.com/docker/docker/pkg/homedir" + "github.com/docker/docker/registry" + "github.com/fvbommel/sortorder" "github.com/moby/term" "github.com/morikuni/aec" "github.com/pkg/errors" @@ -22,15 +27,21 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p opts := cliflags.NewClientOptions() flags := rootCmd.Flags() - flags.StringVar(&opts.ConfigDir, "config", cliconfig.Dir(), "Location of client config files") + flags.StringVar(&opts.ConfigDir, "config", config.Dir(), "Location of client config files") opts.Common.InstallFlags(flags) cobra.AddTemplateFunc("add", func(a, b int) int { return a + b }) + cobra.AddTemplateFunc("hasAliases", hasAliases) cobra.AddTemplateFunc("hasSubCommands", hasSubCommands) + cobra.AddTemplateFunc("hasTopCommands", hasTopCommands) cobra.AddTemplateFunc("hasManagementSubCommands", hasManagementSubCommands) + cobra.AddTemplateFunc("hasSwarmSubCommands", hasSwarmSubCommands) cobra.AddTemplateFunc("hasInvalidPlugins", hasInvalidPlugins) + cobra.AddTemplateFunc("topCommands", topCommands) + cobra.AddTemplateFunc("commandAliases", commandAliases) cobra.AddTemplateFunc("operationSubCommands", operationSubCommands) cobra.AddTemplateFunc("managementSubCommands", managementSubCommands) + cobra.AddTemplateFunc("orchestratorSubCommands", orchestratorSubCommands) cobra.AddTemplateFunc("invalidPlugins", invalidPlugins) cobra.AddTemplateFunc("wrappedFlagUsages", wrappedFlagUsages) cobra.AddTemplateFunc("vendorAndVersion", vendorAndVersion) @@ -52,6 +63,13 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p rootCmd.Annotations = map[string]string{"additionalHelp": "To get more help with docker, check out our guides at https://docs.docker.com/go/guides/"} + // Configure registry.CertsDir() when running in rootless-mode + if os.Getenv("ROOTLESSKIT_STATE_DIR") != "" { + if configHome, err := homedir.GetConfigHome(); err == nil { + registry.SetCertsDir(filepath.Join(configHome, "docker/certs.d")) + } + } + return opts, flags, helpCommand } @@ -222,6 +240,10 @@ func isPlugin(cmd *cobra.Command) bool { return cmd.Annotations[pluginmanager.CommandAnnotationPlugin] == "true" } +func hasAliases(cmd *cobra.Command) bool { + return len(cmd.Aliases) > 0 || cmd.Annotations["aliases"] != "" +} + func hasSubCommands(cmd *cobra.Command) bool { return len(operationSubCommands(cmd)) > 0 } @@ -230,16 +252,69 @@ func hasManagementSubCommands(cmd *cobra.Command) bool { return len(managementSubCommands(cmd)) > 0 } +func hasSwarmSubCommands(cmd *cobra.Command) bool { + return len(orchestratorSubCommands(cmd)) > 0 +} + func hasInvalidPlugins(cmd *cobra.Command) bool { return len(invalidPlugins(cmd)) > 0 } +func hasTopCommands(cmd *cobra.Command) bool { + return len(topCommands(cmd)) > 0 +} + +// commandAliases is a templating function to return aliases for the command, +// formatted as the full command as they're called (contrary to the default +// Aliases function, which only returns the subcommand). +func commandAliases(cmd *cobra.Command) string { + if cmd.Annotations["aliases"] != "" { + return cmd.Annotations["aliases"] + } + var parentPath string + if cmd.HasParent() { + parentPath = cmd.Parent().CommandPath() + " " + } + aliases := cmd.CommandPath() + for _, alias := range cmd.Aliases { + aliases += ", " + parentPath + alias + } + return aliases +} + +func topCommands(cmd *cobra.Command) []*cobra.Command { + cmds := []*cobra.Command{} + if cmd.Parent() != nil { + // for now, only use top-commands for the root-command, and skip + // for sub-commands + return cmds + } + for _, sub := range cmd.Commands() { + if isPlugin(sub) || !sub.IsAvailableCommand() { + continue + } + if _, ok := sub.Annotations["category-top"]; ok { + cmds = append(cmds, sub) + } + } + sort.SliceStable(cmds, func(i, j int) bool { + return sortorder.NaturalLess(cmds[i].Annotations["category-top"], cmds[j].Annotations["category-top"]) + }) + return cmds +} + func operationSubCommands(cmd *cobra.Command) []*cobra.Command { cmds := []*cobra.Command{} for _, sub := range cmd.Commands() { if isPlugin(sub) { continue } + if _, ok := sub.Annotations["category-top"]; ok { + if cmd.Parent() == nil { + // for now, only use top-commands for the root-command + continue + } + } if sub.IsAvailableCommand() && !sub.HasSubCommands() { cmds = append(cmds, sub) } @@ -275,6 +350,27 @@ func vendorAndVersion(cmd *cobra.Command) string { } func managementSubCommands(cmd *cobra.Command) []*cobra.Command { + cmds := []*cobra.Command{} + for _, sub := range allManagementSubCommands(cmd) { + if _, ok := sub.Annotations["swarm"]; ok { + continue + } + cmds = append(cmds, sub) + } + return cmds +} + +func orchestratorSubCommands(cmd *cobra.Command) []*cobra.Command { + cmds := []*cobra.Command{} + for _, sub := range allManagementSubCommands(cmd) { + if _, ok := sub.Annotations["swarm"]; ok { + cmds = append(cmds, sub) + } + } + return cmds +} + +func allManagementSubCommands(cmd *cobra.Command) []*cobra.Command { cmds := []*cobra.Command{} for _, sub := range cmd.Commands() { if isPlugin(sub) { @@ -323,10 +419,10 @@ EXPERIMENTAL: https://docs.docker.com/go/experimental/ {{- end}} -{{- if gt .Aliases 0}} +{{- if hasAliases . }} Aliases: - {{.NameAndAliases}} + {{ commandAliases . }} {{- end}} {{- if .HasExample}} @@ -335,11 +431,20 @@ Examples: {{ .Example }} {{- end}} +{{- if .HasParent}} {{- if .HasAvailableFlags}} Options: {{ wrappedFlagUsages . | trimRightSpace}} +{{- end}} +{{- end}} +{{- if hasTopCommands .}} + +Common Commands: +{{- range topCommands .}} + {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}} +{{- end}} {{- end}} {{- if hasManagementSubCommands . }} @@ -349,6 +454,15 @@ Management Commands: {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}{{ if isPlugin .}} {{vendorAndVersion .}}{{ end}} {{- end}} +{{- end}} +{{- if hasSwarmSubCommands . }} + +Swarm Commands: + +{{- range orchestratorSubCommands . }} + {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}{{ if isPlugin .}} {{vendorAndVersion .}}{{ end}} +{{- end}} + {{- end}} {{- if hasSubCommands .}} @@ -367,6 +481,14 @@ Invalid Plugins: {{rpad .Name .NamePadding }} {{invalidPluginReason .}} {{- end}} +{{- end}} +{{- if not .HasParent}} +{{- if .HasAvailableFlags}} + +Global Options: +{{ wrappedFlagUsages . | trimRightSpace}} + +{{- end}} {{- end}} {{- if .HasSubCommands }} diff --git a/vendor/github.com/docker/cli/cli/command/cli.go b/vendor/github.com/docker/cli/cli/command/cli.go index 7e9ed3c8f54b..ab89bef8b352 100644 --- a/vendor/github.com/docker/cli/cli/command/cli.go +++ b/vendor/github.com/docker/cli/cli/command/cli.go @@ -11,7 +11,6 @@ import ( "time" "github.com/docker/cli/cli/config" - cliconfig "github.com/docker/cli/cli/config" "github.com/docker/cli/cli/config/configfile" dcontext "github.com/docker/cli/cli/context" "github.com/docker/cli/cli/context/docker" @@ -26,7 +25,8 @@ import ( dopts "github.com/docker/cli/opts" "github.com/docker/docker/api" "github.com/docker/docker/api/types" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/swarm" "github.com/docker/docker/client" "github.com/docker/go-connections/tlsconfig" "github.com/moby/term" @@ -52,7 +52,6 @@ type Cli interface { Apply(ops ...DockerCliOption) error ConfigFile() *configfile.ConfigFile ServerInfo() ServerInfo - ClientInfo() ClientInfo NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error) DefaultVersion() string ManifestStore() manifeststore.Store @@ -73,7 +72,6 @@ type DockerCli struct { err io.Writer client client.APIClient serverInfo ServerInfo - clientInfo *ClientInfo contentTrust bool contextStore store.Store currentContext string @@ -81,9 +79,9 @@ type DockerCli struct { contextStoreConfig store.Config } -// DefaultVersion returns api.defaultVersion or DOCKER_API_VERSION if specified. +// DefaultVersion returns api.defaultVersion. func (cli *DockerCli) DefaultVersion() string { - return cli.ClientInfo().DefaultVersion + return api.DefaultVersion } // Client returns the APIClient @@ -129,39 +127,16 @@ func (cli *DockerCli) ConfigFile() *configfile.ConfigFile { } func (cli *DockerCli) loadConfigFile() { - cli.configFile = cliconfig.LoadDefaultConfigFile(cli.err) + cli.configFile = config.LoadDefaultConfigFile(cli.err) } // ServerInfo returns the server version details for the host this client is // connected to func (cli *DockerCli) ServerInfo() ServerInfo { + // TODO(thaJeztah) make ServerInfo() lazily load the info (ping only when needed) return cli.serverInfo } -// ClientInfo returns the client details for the cli -func (cli *DockerCli) ClientInfo() ClientInfo { - if cli.clientInfo == nil { - if err := cli.loadClientInfo(); err != nil { - panic(err) - } - } - return *cli.clientInfo -} - -func (cli *DockerCli) loadClientInfo() error { - var v string - if cli.client != nil { - v = cli.client.ClientVersion() - } else { - v = api.DefaultVersion - } - cli.clientInfo = &ClientInfo{ - DefaultVersion: v, - HasExperimental: true, - } - return nil -} - // ContentTrustEnabled returns whether content trust has been enabled by an // environment variable. func (cli *DockerCli) ContentTrustEnabled() bool { @@ -197,7 +172,7 @@ func (cli *DockerCli) ManifestStore() manifeststore.Store { // RegistryClient returns a client for communicating with a Docker distribution // registry func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient { - resolver := func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig { + resolver := func(ctx context.Context, index *registry.IndexInfo) types.AuthConfig { return ResolveAuthConfig(ctx, cli, index) } return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure) @@ -228,7 +203,7 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize cliflags.SetLogLevel(opts.Common.LogLevel) if opts.ConfigDir != "" { - cliconfig.SetDir(opts.ConfigDir) + config.SetDir(opts.ConfigDir) } if opts.Common.Debug { @@ -237,11 +212,11 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize cli.loadConfigFile() - baseContextStore := store.New(cliconfig.ContextStoreDir(), cli.contextStoreConfig) + baseContextStore := store.New(config.ContextStoreDir(), cli.contextStoreConfig) cli.contextStore = &ContextStoreWithDefault{ Store: baseContextStore, Resolver: func() (*DefaultContext, error) { - return ResolveDefaultContext(opts.Common, cli.ConfigFile(), cli.contextStoreConfig, cli.Err()) + return ResolveDefaultContext(opts.Common, cli.contextStoreConfig) }, } cli.currentContext, err = resolveContextName(opts.Common, cli.configFile, cli.contextStore) @@ -260,28 +235,23 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize } } cli.initializeFromClient() - - if err := cli.loadClientInfo(); err != nil { - return err - } - return nil } // NewAPIClientFromFlags creates a new APIClient from command line flags func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.ConfigFile) (client.APIClient, error) { storeConfig := DefaultContextStoreConfig() - store := &ContextStoreWithDefault{ - Store: store.New(cliconfig.ContextStoreDir(), storeConfig), + contextStore := &ContextStoreWithDefault{ + Store: store.New(config.ContextStoreDir(), storeConfig), Resolver: func() (*DefaultContext, error) { - return ResolveDefaultContext(opts, configFile, storeConfig, io.Discard) + return ResolveDefaultContext(opts, storeConfig) }, } - contextName, err := resolveContextName(opts, configFile, store) + contextName, err := resolveContextName(opts, configFile, contextStore) if err != nil { return nil, err } - endpoint, err := resolveDockerEndpoint(store, contextName) + endpoint, err := resolveDockerEndpoint(contextStore, contextName) if err != nil { return nil, errors.Wrap(err, "unable to resolve docker endpoint") } @@ -368,6 +338,7 @@ func (cli *DockerCli) initializeFromClient() { HasExperimental: ping.Experimental, OSType: ping.OSType, BuildkitVersion: ping.BuilderVersion, + SwarmStatus: ping.SwarmStatus, } cli.client.NegotiateAPIVersionPing(ping) } @@ -408,26 +379,28 @@ type ServerInfo struct { HasExperimental bool OSType string BuildkitVersion types.BuilderVersion -} -// ClientInfo stores details about the supported features of the client -type ClientInfo struct { - // Deprecated: experimental CLI features always enabled. This field is kept - // for backward-compatibility, and is always "true". - HasExperimental bool - DefaultVersion string + // SwarmStatus provides information about the current swarm status of the + // engine, obtained from the "Swarm" header in the API response. + // + // It can be a nil struct if the API version does not provide this header + // in the ping response, or if an error occurred, in which case the client + // should use other ways to get the current swarm status, such as the /swarm + // endpoint. + SwarmStatus *swarm.Status } // NewDockerCli returns a DockerCli instance with all operators applied on it. // It applies by default the standard streams, and the content trust from // environment. func NewDockerCli(ops ...DockerCliOption) (*DockerCli, error) { - cli := &DockerCli{} defaultOps := []DockerCliOption{ WithContentTrustFromEnv(), + WithDefaultContextStoreConfig(), } - cli.contextStoreConfig = DefaultContextStoreConfig() ops = append(defaultOps, ops...) + + cli := &DockerCli{} if err := cli.Apply(ops...); err != nil { return nil, err } @@ -450,7 +423,7 @@ func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (string, error var host string switch len(hosts) { case 0: - host = os.Getenv("DOCKER_HOST") + host = os.Getenv(client.EnvOverrideHost) case 1: host = hosts[0] default: @@ -468,7 +441,7 @@ func UserAgent() string { // resolveContextName resolves the current context name with the following rules: // - setting both --context and --host flags is ambiguous // - if --context is set, use this value -// - if --host flag or DOCKER_HOST is set, fallbacks to use the same logic as before context-store was added +// - if --host flag or DOCKER_HOST (client.EnvOverrideHost) is set, fallbacks to use the same logic as before context-store was added // for backward compatibility with existing scripts // - if DOCKER_CONTEXT is set, use this value // - if Config file has a globally set "CurrentContext", use this value @@ -483,7 +456,7 @@ func resolveContextName(opts *cliflags.CommonOptions, config *configfile.ConfigF if len(opts.Hosts) > 0 { return DefaultContextName, nil } - if _, present := os.LookupEnv("DOCKER_HOST"); present { + if _, present := os.LookupEnv(client.EnvOverrideHost); present { return DefaultContextName, nil } if ctxName, ok := os.LookupEnv("DOCKER_CONTEXT"); ok { diff --git a/vendor/github.com/docker/cli/cli/command/cli_options.go b/vendor/github.com/docker/cli/cli/command/cli_options.go index 290cae45c35e..535a6d5338d4 100644 --- a/vendor/github.com/docker/cli/cli/command/cli_options.go +++ b/vendor/github.com/docker/cli/cli/command/cli_options.go @@ -1,13 +1,10 @@ package command import ( - "fmt" "io" "os" "strconv" - "github.com/docker/cli/cli/context/docker" - "github.com/docker/cli/cli/context/store" "github.com/docker/cli/cli/streams" "github.com/moby/term" ) @@ -82,15 +79,10 @@ func WithContentTrust(enabled bool) DockerCliOption { } } -// WithContextEndpointType add support for an additional typed endpoint in the context store -// Plugins should use this to store additional endpoints configuration in the context store -func WithContextEndpointType(endpointName string, endpointType store.TypeGetter) DockerCliOption { +// WithDefaultContextStoreConfig configures the cli to use the default context store configuration. +func WithDefaultContextStoreConfig() DockerCliOption { return func(cli *DockerCli) error { - switch endpointName { - case docker.DockerEndpoint: - return fmt.Errorf("cannot change %q endpoint type", endpointName) - } - cli.contextStoreConfig.SetEndpoint(endpointName, endpointType) + cli.contextStoreConfig = DefaultContextStoreConfig() return nil } } diff --git a/vendor/github.com/docker/cli/cli/command/defaultcontextstore.go b/vendor/github.com/docker/cli/cli/command/defaultcontextstore.go index 4f8e2ef52360..a0dd1b18653b 100644 --- a/vendor/github.com/docker/cli/cli/command/defaultcontextstore.go +++ b/vendor/github.com/docker/cli/cli/command/defaultcontextstore.go @@ -2,9 +2,7 @@ package command import ( "fmt" - "io" - "github.com/docker/cli/cli/config/configfile" "github.com/docker/cli/cli/context/docker" "github.com/docker/cli/cli/context/store" cliflags "github.com/docker/cli/cli/flags" @@ -45,7 +43,7 @@ type EndpointDefaultResolver interface { } // ResolveDefaultContext creates a Metadata for the current CLI invocation parameters -func ResolveDefaultContext(opts *cliflags.CommonOptions, config *configfile.ConfigFile, storeconfig store.Config, stderr io.Writer) (*DefaultContext, error) { +func ResolveDefaultContext(opts *cliflags.CommonOptions, config store.Config) (*DefaultContext, error) { contextTLSData := store.ContextTLSData{ Endpoints: make(map[string]store.EndpointTLSData), } @@ -66,7 +64,7 @@ func ResolveDefaultContext(opts *cliflags.CommonOptions, config *configfile.Conf contextTLSData.Endpoints[docker.DockerEndpoint] = *dockerEP.TLSData.ToStoreTLSData() } - if err := storeconfig.ForeachEndpointType(func(n string, get store.TypeGetter) error { + if err := config.ForeachEndpointType(func(n string, get store.TypeGetter) error { if n == docker.DockerEndpoint { // handled above return nil } diff --git a/vendor/github.com/docker/cli/cli/command/registry.go b/vendor/github.com/docker/cli/cli/command/registry.go index 68e3dd36ed71..e3f98faf5cd4 100644 --- a/vendor/github.com/docker/cli/cli/command/registry.go +++ b/vendor/github.com/docker/cli/cli/command/registry.go @@ -12,7 +12,6 @@ import ( "strings" configtypes "github.com/docker/cli/cli/config/types" - "github.com/docker/cli/cli/debug" "github.com/docker/cli/cli/streams" "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" @@ -22,28 +21,10 @@ import ( "github.com/pkg/errors" ) -// ElectAuthServer returns the default registry to use (by asking the daemon) -func ElectAuthServer(ctx context.Context, cli Cli) string { - // The daemon `/info` endpoint informs us of the default registry being - // used. This is essential in cross-platforms environment, where for - // example a Linux client might be interacting with a Windows daemon, hence - // the default registry URL might be Windows specific. - info, err := cli.Client().Info(ctx) - if err != nil { - // Daemon is not responding so use system default. - if debug.IsEnabled() { - // Only report the warning if we're in debug mode to prevent nagging during engine initialization workflows - fmt.Fprintf(cli.Err(), "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, registry.IndexServer) - } - return registry.IndexServer - } - if info.IndexServerAddress == "" { - if debug.IsEnabled() { - fmt.Fprintf(cli.Err(), "Warning: Empty registry endpoint from daemon. Using system default: %s\n", registry.IndexServer) - } - return registry.IndexServer - } - return info.IndexServerAddress +// ElectAuthServer returns the default registry to use +// Deprecated: use registry.IndexServer instead +func ElectAuthServer(_ context.Context, _ Cli) string { + return registry.IndexServer } // EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload @@ -61,7 +42,7 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf return func() (string, error) { fmt.Fprintf(cli.Out(), "\nPlease login prior to %s:\n", cmdName) indexServer := registry.GetAuthConfigKey(index) - isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli) + isDefaultRegistry := indexServer == registry.IndexServer authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry) if err != nil { fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err) @@ -77,10 +58,10 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf // ResolveAuthConfig is like registry.ResolveAuthConfig, but if using the // default index, it uses the default index name for the daemon's platform, // not the client's platform. -func ResolveAuthConfig(ctx context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig { +func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig { configKey := index.Name if index.Official { - configKey = ElectAuthServer(ctx, cli) + configKey = registry.IndexServer } a, _ := cli.ConfigFile().GetAuthConfig(configKey) diff --git a/vendor/github.com/docker/cli/cli/command/utils.go b/vendor/github.com/docker/cli/cli/command/utils.go index dff881f49ed3..0bfac723ff05 100644 --- a/vendor/github.com/docker/cli/cli/command/utils.go +++ b/vendor/github.com/docker/cli/cli/command/utils.go @@ -19,7 +19,7 @@ import ( // CopyToFile writes the content of the reader to the specified file func CopyToFile(outfile string, r io.Reader) error { // We use sequential file access here to avoid depleting the standby list - // on Windows. On Linux, this is a call directly to ioutil.TempFile + // on Windows. On Linux, this is a call directly to os.CreateTemp tmpFile, err := system.TempFileSequential(filepath.Dir(outfile), ".docker_temp_") if err != nil { return err diff --git a/vendor/github.com/docker/cli/cli/config/config.go b/vendor/github.com/docker/cli/cli/config/config.go index 31ad117d4159..b7c05c3f860f 100644 --- a/vendor/github.com/docker/cli/cli/config/config.go +++ b/vendor/github.com/docker/cli/cli/config/config.go @@ -19,7 +19,7 @@ const ( // ConfigFileName is the name of config file ConfigFileName = "config.json" configFileDir = ".docker" - oldConfigfile = ".dockercfg" + oldConfigfile = ".dockercfg" // Deprecated: remove once we stop printing deprecation warning contextsDir = "contexts" ) @@ -84,16 +84,6 @@ func Path(p ...string) (string, error) { return path, nil } -// LegacyLoadFromReader is a convenience function that creates a ConfigFile object from -// a non-nested reader -func LegacyLoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) { - configFile := configfile.ConfigFile{ - AuthConfigs: make(map[string]types.AuthConfig), - } - err := configFile.LegacyLoadFromReader(configData) - return &configFile, err -} - // LoadFromReader is a convenience function that creates a ConfigFile object from // a reader func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) { @@ -140,12 +130,8 @@ func load(configDir string) (*configfile.ConfigFile, bool, error) { // Can't find latest config file so check for the old one filename = filepath.Join(getHomeDir(), oldConfigfile) - if file, err := os.Open(filename); err == nil { + if _, err := os.Stat(filename); err == nil { printLegacyFileWarning = true - defer file.Close() - if err := configFile.LegacyLoadFromReader(file); err != nil { - return configFile, printLegacyFileWarning, errors.Wrap(err, filename) - } } return configFile, printLegacyFileWarning, nil } @@ -158,7 +144,7 @@ func LoadDefaultConfigFile(stderr io.Writer) *configfile.ConfigFile { fmt.Fprintf(stderr, "WARNING: Error loading config file: %v\n", err) } if printLegacyFileWarning { - _, _ = fmt.Fprintln(stderr, "WARNING: Support for the legacy ~/.dockercfg configuration file and file-format is deprecated and will be removed in an upcoming release") + _, _ = fmt.Fprintln(stderr, "WARNING: Support for the legacy ~/.dockercfg configuration file and file-format has been removed and the configuration file will be ignored") } if !configFile.ContainsAuth() { configFile.CredentialsStore = credentials.DetectDefaultStore(configFile.CredentialsStore) diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go index 1ef85cdc98e4..4496059839d0 100644 --- a/vendor/github.com/docker/cli/cli/config/configfile/file.go +++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go @@ -14,13 +14,6 @@ import ( "github.com/sirupsen/logrus" ) -const ( - // This constant is only used for really old config files when the - // URL wasn't saved as part of the config file and it was just - // assumed to be this value. - defaultIndexServer = "https://index.docker.io/v1/" -) - // ConfigFile ~/.docker/config.json file info type ConfigFile struct { AuthConfigs map[string]types.AuthConfig `json:"auths"` @@ -71,44 +64,6 @@ func New(fn string) *ConfigFile { } } -// LegacyLoadFromReader reads the non-nested configuration data given and sets up the -// auth config information with given directory and populates the receiver object -func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error { - b, err := io.ReadAll(configData) - if err != nil { - return err - } - - if err := json.Unmarshal(b, &configFile.AuthConfigs); err != nil { - arr := strings.Split(string(b), "\n") - if len(arr) < 2 { - return errors.Errorf("The Auth config file is empty") - } - authConfig := types.AuthConfig{} - origAuth := strings.Split(arr[0], " = ") - if len(origAuth) != 2 { - return errors.Errorf("Invalid Auth config file") - } - authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1]) - if err != nil { - return err - } - authConfig.ServerAddress = defaultIndexServer - configFile.AuthConfigs[defaultIndexServer] = authConfig - } else { - for k, authConfig := range configFile.AuthConfigs { - authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth) - if err != nil { - return err - } - authConfig.Auth = "" - authConfig.ServerAddress = k - configFile.AuthConfigs[k] = authConfig - } - } - return nil -} - // LoadFromReader reads the configuration data given and sets up the auth config // information with given directory and populates the receiver object func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error { diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go index 3ca65c6140d6..6af67181268a 100644 --- a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go +++ b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package configfile diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go index 3028168ac240..c9630ea51bad 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go @@ -1,3 +1,4 @@ +//go:build !windows && !darwin && !linux // +build !windows,!darwin,!linux package credentials diff --git a/vendor/github.com/docker/cli/cli/config/credentials/native_store.go b/vendor/github.com/docker/cli/cli/config/credentials/native_store.go index afe542cc3ce9..f9619b0381c8 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/native_store.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/native_store.go @@ -7,7 +7,7 @@ import ( ) const ( - remoteCredentialsPrefix = "docker-credential-" + remoteCredentialsPrefix = "docker-credential-" //nolint:gosec // ignore G101: Potential hardcoded credentials tokenUsername = "" ) diff --git a/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go b/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go index 128da447b5f6..b9c8ae5f4070 100644 --- a/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go +++ b/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go @@ -4,13 +4,13 @@ // For example, to provide an http.Client that can connect to a Docker daemon // running in a Docker container ("DIND"): // -// httpClient := &http.Client{ -// Transport: &http.Transport{ -// DialContext: func(ctx context.Context, _network, _addr string) (net.Conn, error) { -// return commandconn.New(ctx, "docker", "exec", "-it", containerID, "docker", "system", "dial-stdio") -// }, -// }, -// } +// httpClient := &http.Client{ +// Transport: &http.Transport{ +// DialContext: func(ctx context.Context, _network, _addr string) (net.Conn, error) { +// return commandconn.New(ctx, "docker", "exec", "-it", containerID, "docker", "system", "dial-stdio") +// }, +// }, +// } package commandconn import ( diff --git a/vendor/github.com/docker/cli/cli/connhelper/commandconn/pdeathsig_nolinux.go b/vendor/github.com/docker/cli/cli/connhelper/commandconn/pdeathsig_nolinux.go index ab07166724f0..2adcf0816085 100644 --- a/vendor/github.com/docker/cli/cli/connhelper/commandconn/pdeathsig_nolinux.go +++ b/vendor/github.com/docker/cli/cli/connhelper/commandconn/pdeathsig_nolinux.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package commandconn diff --git a/vendor/github.com/docker/cli/cli/connhelper/commandconn/session_unix.go b/vendor/github.com/docker/cli/cli/connhelper/commandconn/session_unix.go index 6448500d6392..57bdecec03f2 100644 --- a/vendor/github.com/docker/cli/cli/connhelper/commandconn/session_unix.go +++ b/vendor/github.com/docker/cli/cli/connhelper/commandconn/session_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package commandconn diff --git a/vendor/github.com/docker/cli/cli/context/docker/load.go b/vendor/github.com/docker/cli/cli/context/docker/load.go index 5b181a70b9b4..09ec40505ae1 100644 --- a/vendor/github.com/docker/cli/cli/context/docker/load.go +++ b/vendor/github.com/docker/cli/cli/context/docker/load.go @@ -6,7 +6,6 @@ import ( "encoding/pem" "net" "net/http" - "os" "time" "github.com/docker/cli/cli/connhelper" @@ -68,7 +67,7 @@ func (c *Endpoint) tlsConfig() (*tls.Config, error) { if pemBlock == nil { return nil, errors.New("no valid private key found") } - if x509.IsEncryptedPEMBlock(pemBlock) { //nolint: staticcheck // SA1019: x509.IsEncryptedPEMBlock is deprecated, and insecure by design + if x509.IsEncryptedPEMBlock(pemBlock) { //nolint:staticcheck // SA1019: x509.IsEncryptedPEMBlock is deprecated, and insecure by design return nil, errors.New("private key is encrypted - support for encrypted private keys has been removed, see https://docs.docker.com/go/deprecated/") } @@ -122,12 +121,7 @@ func (c *Endpoint) ClientOpts() ([]client.Opt, error) { } } - version := os.Getenv("DOCKER_API_VERSION") - if version != "" { - result = append(result, client.WithVersion(version)) - } else { - result = append(result, client.WithAPIVersionNegotiation()) - } + result = append(result, client.WithVersionFromEnv(), client.WithAPIVersionNegotiation()) return result, nil } diff --git a/vendor/github.com/docker/cli/cli/context/store/doc.go b/vendor/github.com/docker/cli/cli/context/store/doc.go index f84c02383939..705982ae4112 100644 --- a/vendor/github.com/docker/cli/cli/context/store/doc.go +++ b/vendor/github.com/docker/cli/cli/context/store/doc.go @@ -1,20 +1,32 @@ -// Package store provides a generic way to store credentials to connect to virtually any kind of remote system. -// The term `context` comes from the similar feature in Kubernetes kubectl config files. +// Package store provides a generic way to store credentials to connect to +// virtually any kind of remote system. +// The term `context` comes from the similar feature in Kubernetes kubectl +// config files. // -// Conceptually, a context is a set of metadata and TLS data, that can be used to connect to various endpoints -// of a remote system. TLS data and metadata are stored separately, so that in the future, we will be able to store sensitive -// information in a more secure way, depending on the os we are running on (e.g.: on Windows we could use the user Certificate Store, on Mac OS the user Keychain...). +// Conceptually, a context is a set of metadata and TLS data, that can be used +// to connect to various endpoints of a remote system. TLS data and metadata +// are stored separately, so that in the future, we will be able to store +// sensitive information in a more secure way, depending on the os we are running +// on (e.g.: on Windows we could use the user Certificate Store, on macOS the +// user Keychain...). // // Current implementation is purely file based with the following structure: -// ${CONTEXT_ROOT} -// - meta/ -// - /meta.json: contains context medata (key/value pairs) as well as a list of endpoints (themselves containing key/value pair metadata) -// - tls/ -// - /endpoint1/: directory containing TLS data for the endpoint1 in the corresponding context // -// The context store itself has absolutely no knowledge about what a docker endpoint should contain in term of metadata or TLS config. -// Client code is responsible for generating and parsing endpoint metadata and TLS files. -// The multi-endpoints approach of this package allows to combine many different endpoints in the same "context". +// ${CONTEXT_ROOT} +// meta/ +// /meta.json: contains context medata (key/value pairs) as +// well as a list of endpoints (themselves containing +// key/value pair metadata). +// tls/ +// /endpoint1/: directory containing TLS data for the endpoint1 +// in the corresponding context. // -// Context IDs are actually SHA256 hashes of the context name, and are there only to avoid dealing with special characters in context names. +// The context store itself has absolutely no knowledge about what a docker +// endpoint should contain in term of metadata or TLS config. Client code is +// responsible for generating and parsing endpoint metadata and TLS files. The +// multi-endpoints approach of this package allows to combine many different +// endpoints in the same "context". +// +// Context IDs are actually SHA256 hashes of the context name, and are there +// only to avoid dealing with special characters in context names. package store diff --git a/vendor/github.com/docker/cli/cli/context/store/store.go b/vendor/github.com/docker/cli/cli/context/store/store.go index ff7049e82766..19ad980a475d 100644 --- a/vendor/github.com/docker/cli/cli/context/store/store.go +++ b/vendor/github.com/docker/cli/cli/context/store/store.go @@ -16,7 +16,7 @@ import ( "strings" "github.com/docker/docker/errdefs" - digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest" "github.com/pkg/errors" ) @@ -118,6 +118,19 @@ func (s *store) List() ([]Metadata, error) { return s.meta.list() } +// Names return Metadata names for a Lister +func Names(s Lister) ([]string, error) { + list, err := s.List() + if err != nil { + return nil, err + } + var names []string + for _, item := range list { + names = append(names, item.Name) + } + return names, nil +} + func (s *store) CreateOrUpdate(meta Metadata) error { return s.meta.createOrUpdate(meta) } diff --git a/vendor/github.com/docker/cli/cli/context/store/tlsstore.go b/vendor/github.com/docker/cli/cli/context/store/tlsstore.go index 4a8dc7f4ffff..797fbaf51f88 100644 --- a/vendor/github.com/docker/cli/cli/context/store/tlsstore.go +++ b/vendor/github.com/docker/cli/cli/context/store/tlsstore.go @@ -43,7 +43,7 @@ func (s *tlsStore) getData(contextID contextdir, endpointName, filename string) return data, nil } -func (s *tlsStore) remove(contextID contextdir, endpointName, filename string) error { // nolint:unused +func (s *tlsStore) remove(contextID contextdir, endpointName, filename string) error { //nolint:unused err := os.Remove(s.filePath(contextID, endpointName, filename)) if os.IsNotExist(err) { return nil diff --git a/vendor/github.com/docker/cli/cli/flags/common.go b/vendor/github.com/docker/cli/cli/flags/common.go index a3bbf2957135..fbe686c5d247 100644 --- a/vendor/github.com/docker/cli/cli/flags/common.go +++ b/vendor/github.com/docker/cli/cli/flags/common.go @@ -5,8 +5,9 @@ import ( "os" "path/filepath" - cliconfig "github.com/docker/cli/cli/config" + "github.com/docker/cli/cli/config" "github.com/docker/cli/opts" + "github.com/docker/docker/client" "github.com/docker/go-connections/tlsconfig" "github.com/sirupsen/logrus" "github.com/spf13/pflag" @@ -21,12 +22,25 @@ const ( DefaultCertFile = "cert.pem" // FlagTLSVerify is the flag name for the TLS verification option FlagTLSVerify = "tlsverify" + // FormatHelp describes the --format flag behavior for list commands + FormatHelp = `Format output using a custom template: +'table': Print output in table format with column headers (default) +'table TEMPLATE': Print output in table format using the given Go template +'json': Print in JSON format +'TEMPLATE': Print output using the given Go template. +Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates` + // InspectFormatHelp describes the --format flag behavior for inspect commands + InspectFormatHelp = `Format output using a custom template: +'json': Print in JSON format +'TEMPLATE': Print output using the given Go template. +Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates` ) var ( - dockerCertPath = os.Getenv("DOCKER_CERT_PATH") - dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != "" - dockerTLS = os.Getenv("DOCKER_TLS") != "" + dockerCertPath = os.Getenv(client.EnvOverrideCertPath) + dockerTLSVerify = os.Getenv(client.EnvTLSVerify) != "" + // TODO(thaJeztah) the 'DOCKER_TLS' environment variable is not documented, and does not have a const. + dockerTLS = os.Getenv("DOCKER_TLS") != "" ) // CommonOptions are options common to both the client and the daemon. @@ -48,7 +62,7 @@ func NewCommonOptions() *CommonOptions { // InstallFlags adds flags for the common options on the FlagSet func (commonOpts *CommonOptions) InstallFlags(flags *pflag.FlagSet) { if dockerCertPath == "" { - dockerCertPath = cliconfig.Dir() + dockerCertPath = config.Dir() } flags.BoolVarP(&commonOpts.Debug, "debug", "D", false, "Enable debug mode") @@ -72,7 +86,7 @@ func (commonOpts *CommonOptions) InstallFlags(flags *pflag.FlagSet) { hostOpt := opts.NewNamedListOptsRef("hosts", &commonOpts.Hosts, nil) flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to") flags.StringVarP(&commonOpts.Context, "context", "c", "", - `Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")`) + `Name of the context to use to connect to the daemon (overrides `+client.EnvOverrideHost+` env var and default context set with "docker context use")`) } // SetDefaultOptions sets default values for options after flag parsing is diff --git a/vendor/github.com/docker/cli/cli/manifest/store/store.go b/vendor/github.com/docker/cli/cli/manifest/store/store.go index dd0c86e5262d..e4a725deff93 100644 --- a/vendor/github.com/docker/cli/cli/manifest/store/store.go +++ b/vendor/github.com/docker/cli/cli/manifest/store/store.go @@ -10,7 +10,7 @@ import ( "github.com/docker/cli/cli/manifest/types" "github.com/docker/distribution/manifest/manifestlist" "github.com/docker/distribution/reference" - digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" ) diff --git a/vendor/github.com/docker/cli/cli/registry/client/client.go b/vendor/github.com/docker/cli/cli/registry/client/client.go index 3ed139840d8c..ba76a34fc888 100644 --- a/vendor/github.com/docker/cli/cli/registry/client/client.go +++ b/vendor/github.com/docker/cli/cli/registry/client/client.go @@ -7,7 +7,6 @@ import ( "strings" manifesttypes "github.com/docker/cli/cli/manifest/types" - "github.com/docker/cli/cli/trust" "github.com/docker/distribution" "github.com/docker/distribution/reference" distributionclient "github.com/docker/distribution/registry/client" @@ -25,7 +24,6 @@ type RegistryClient interface { GetManifestList(ctx context.Context, ref reference.Named) ([]manifesttypes.ImageManifest, error) MountBlob(ctx context.Context, source reference.Canonical, target reference.Named) error PutManifest(ctx context.Context, ref reference.Named, manifest distribution.Manifest) (digest.Digest, error) - GetTags(ctx context.Context, ref reference.Named) ([]string, error) } // NewRegistryClient returns a new RegistryClient with a resolver @@ -124,19 +122,6 @@ func (c *client) PutManifest(ctx context.Context, ref reference.Named, manifest return dgst, errors.Wrapf(err, "failed to put manifest %s", ref) } -func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, error) { - repoEndpoint, err := newDefaultRepositoryEndpoint(ref, c.insecureRegistry) - if err != nil { - return nil, err - } - - repo, err := c.getRepositoryForReference(ctx, ref, repoEndpoint) - if err != nil { - return nil, err - } - return repo.Tags(ctx).All(ctx) -} - func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) { repoName, err := reference.WithName(repoEndpoint.Name()) if err != nil { @@ -207,16 +192,3 @@ func getManifestOptionsFromReference(ref reference.Named) (digest.Digest, []dist } return "", nil, errors.Errorf("%s no tag or digest", ref) } - -// GetRegistryAuth returns the auth config given an input image -func GetRegistryAuth(ctx context.Context, resolver AuthConfigResolver, imageName string) (*types.AuthConfig, error) { - distributionRef, err := reference.ParseNormalizedNamed(imageName) - if err != nil { - return nil, fmt.Errorf("Failed to parse image name: %s: %s", imageName, err) - } - imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, resolver, distributionRef.String()) - if err != nil { - return nil, fmt.Errorf("Failed to get imgRefAndAuth: %s", err) - } - return imgRefAndAuth.AuthConfig(), nil -} diff --git a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go index 678ea2649ef2..ef8011d1fb39 100644 --- a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go +++ b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go @@ -3,7 +3,6 @@ package client import ( "context" "encoding/json" - "fmt" "github.com/docker/cli/cli/manifest/types" "github.com/docker/distribution" @@ -14,7 +13,7 @@ import ( v2 "github.com/docker/distribution/registry/api/v2" distclient "github.com/docker/distribution/registry/client" "github.com/docker/docker/registry" - digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -128,7 +127,7 @@ func validateManifestDigest(ref reference.Named, mfst distribution.Manifest) (oc // If pull by digest, then verify the manifest digest. if digested, isDigested := ref.(reference.Canonical); isDigested { if digested.Digest() != desc.Digest { - err := fmt.Errorf("manifest verification failed for digest %s", digested.Digest()) + err := errors.Errorf("manifest verification failed for digest %s", digested.Digest()) return ocispec.Descriptor{}, err } } @@ -156,7 +155,7 @@ func pullManifestList(ctx context.Context, ref reference.Named, repo distributio } v, ok := manifest.(*schema2.DeserializedManifest) if !ok { - return nil, fmt.Errorf("unsupported manifest format: %v", v) + return nil, errors.Errorf("unsupported manifest format: %v", v) } manifestRef, err := reference.WithDigest(ref, manifestDescriptor.Digest) @@ -278,27 +277,17 @@ func allEndpoints(namedRef reference.Named, insecure bool) ([]registry.APIEndpoi return endpoints, err } -type notFoundError struct { - object string +func newNotFoundError(ref string) *notFoundError { + return ¬FoundError{err: errors.New("no such manifest: " + ref)} } -func newNotFoundError(ref string) *notFoundError { - return ¬FoundError{object: ref} +type notFoundError struct { + err error } func (n *notFoundError) Error() string { - return fmt.Sprintf("no such manifest: %s", n.object) + return n.err.Error() } -// NotFound interface +// NotFound satisfies interface github.com/docker/docker/errdefs.ErrNotFound func (n *notFoundError) NotFound() {} - -// IsNotFound returns true if the error is a not found error -func IsNotFound(err error) bool { - _, ok := err.(notFound) - return ok -} - -type notFound interface { - NotFound() -} diff --git a/vendor/github.com/docker/cli/cli/required.go b/vendor/github.com/docker/cli/cli/required.go index cce81c86ab9f..454e24761359 100644 --- a/vendor/github.com/docker/cli/cli/required.go +++ b/vendor/github.com/docker/cli/cli/required.go @@ -99,7 +99,7 @@ func ExactArgs(number int) cobra.PositionalArgs { } } -//nolint: unparam +//nolint:unparam func pluralize(word string, number int) string { if number == 1 { return word diff --git a/vendor/github.com/docker/cli/cli/trust/trust.go b/vendor/github.com/docker/cli/cli/trust/trust.go index df11227e9341..0b2059730700 100644 --- a/vendor/github.com/docker/cli/cli/trust/trust.go +++ b/vendor/github.com/docker/cli/cli/trust/trust.go @@ -12,7 +12,7 @@ import ( "path/filepath" "time" - cliconfig "github.com/docker/cli/cli/config" + "github.com/docker/cli/cli/config" "github.com/docker/distribution/reference" "github.com/docker/distribution/registry/client/auth" "github.com/docker/distribution/registry/client/auth/challenge" @@ -21,7 +21,7 @@ import ( registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/registry" "github.com/docker/go-connections/tlsconfig" - digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/theupdateframework/notary" @@ -47,7 +47,7 @@ var ( // GetTrustDirectory returns the base trust directory name func GetTrustDirectory() string { - return filepath.Join(cliconfig.Dir(), "trust") + return filepath.Join(config.Dir(), "trust") } // certificateDirectory returns the directory containing @@ -59,7 +59,7 @@ func certificateDirectory(server string) (string, error) { return "", err } - return filepath.Join(cliconfig.Dir(), "tls", u.Host), nil + return filepath.Join(config.Dir(), "tls", u.Host), nil } // Server returns the base URL for the trust server. diff --git a/vendor/github.com/docker/cli/opts/envfile.go b/vendor/github.com/docker/cli/opts/envfile.go index 69d3ca6f60ce..26aa3c3a9094 100644 --- a/vendor/github.com/docker/cli/opts/envfile.go +++ b/vendor/github.com/docker/cli/opts/envfile.go @@ -6,12 +6,12 @@ import ( // ParseEnvFile reads a file with environment variables enumerated by lines // -// ``Environment variable names used by the utilities in the Shell and +// “Environment variable names used by the utilities in the Shell and // Utilities volume of IEEE Std 1003.1-2001 consist solely of uppercase // letters, digits, and the '_' (underscore) from the characters defined in // Portable Character Set and do not begin with a digit. *But*, other // characters may be permitted by an implementation; applications shall -// tolerate the presence of such names.'' +// tolerate the presence of such names.” // -- http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html // // As of #16585, it's up to application inside docker to validate or not diff --git a/vendor/github.com/docker/cli/opts/gpus.go b/vendor/github.com/docker/cli/opts/gpus.go index e110a4771e51..8796a805d47f 100644 --- a/vendor/github.com/docker/cli/opts/gpus.go +++ b/vendor/github.com/docker/cli/opts/gpus.go @@ -24,7 +24,8 @@ func parseCount(s string) (int, error) { } // Set a new mount value -// nolint: gocyclo +// +//nolint:gocyclo func (o *GpuOpts) Set(value string) error { csvReader := csv.NewReader(strings.NewReader(value)) fields, err := csvReader.Read() diff --git a/vendor/github.com/docker/cli/opts/hosts_unix.go b/vendor/github.com/docker/cli/opts/hosts_unix.go index 344b6c2e1be5..206834d4dd89 100644 --- a/vendor/github.com/docker/cli/opts/hosts_unix.go +++ b/vendor/github.com/docker/cli/opts/hosts_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package opts diff --git a/vendor/github.com/docker/cli/opts/hosts_windows.go b/vendor/github.com/docker/cli/opts/hosts_windows.go index 97c6d857c2a8..1e42a2d776bc 100644 --- a/vendor/github.com/docker/cli/opts/hosts_windows.go +++ b/vendor/github.com/docker/cli/opts/hosts_windows.go @@ -1,5 +1,3 @@ -// +build windows - package opts // defaultHost constant defines the default host string used by docker on Windows diff --git a/vendor/github.com/docker/cli/opts/mount.go b/vendor/github.com/docker/cli/opts/mount.go index ef661dd51b75..7ffc3acc93b7 100644 --- a/vendor/github.com/docker/cli/opts/mount.go +++ b/vendor/github.com/docker/cli/opts/mount.go @@ -4,6 +4,7 @@ import ( "encoding/csv" "fmt" "os" + "path/filepath" "strconv" "strings" @@ -17,7 +18,8 @@ type MountOpt struct { } // Set a new mount value -// nolint: gocyclo +// +//nolint:gocyclo func (m *MountOpt) Set(value string) error { csvReader := csv.NewReader(strings.NewReader(value)) fields, err := csvReader.Read() @@ -92,6 +94,11 @@ func (m *MountOpt) Set(value string) error { mount.Type = mounttypes.Type(strings.ToLower(value)) case "source", "src": mount.Source = value + if strings.HasPrefix(value, "."+string(filepath.Separator)) || value == "." { + if abs, err := filepath.Abs(value); err == nil { + mount.Source = abs + } + } case "target", "dst", "destination": mount.Target = value case "readonly", "ro": diff --git a/vendor/github.com/docker/cli/opts/parse.go b/vendor/github.com/docker/cli/opts/parse.go index 327c2775f6b4..4012c461fbaa 100644 --- a/vendor/github.com/docker/cli/opts/parse.go +++ b/vendor/github.com/docker/cli/opts/parse.go @@ -55,7 +55,9 @@ func ConvertKVStringsToMap(values []string) map[string]string { // ConvertKVStringsToMapWithNil converts ["key=value"] to {"key":"value"} // but set unset keys to nil - meaning the ones with no "=" in them. // We use this in cases where we need to distinguish between -// FOO= and FOO +// +// FOO= and FOO +// // where the latter case just means FOO was mentioned but not given a value func ConvertKVStringsToMapWithNil(values []string) map[string]*string { result := make(map[string]*string, len(values)) diff --git a/vendor/github.com/docker/cli/opts/port.go b/vendor/github.com/docker/cli/opts/port.go index e0c538993016..c0814dbd9aa2 100644 --- a/vendor/github.com/docker/cli/opts/port.go +++ b/vendor/github.com/docker/cli/opts/port.go @@ -26,7 +26,8 @@ type PortOpt struct { } // Set a new port value -// nolint: gocyclo +// +//nolint:gocyclo func (p *PortOpt) Set(value string) error { longSyntax, err := regexp.MatchString(`\w+=\w+(,\w+=\w+)*`, value) if err != nil { diff --git a/vendor/github.com/docker/cli/opts/quotedstring.go b/vendor/github.com/docker/cli/opts/quotedstring.go index 09c68a526149..741f450b14cd 100644 --- a/vendor/github.com/docker/cli/opts/quotedstring.go +++ b/vendor/github.com/docker/cli/opts/quotedstring.go @@ -22,6 +22,9 @@ func (s *QuotedString) String() string { } func trimQuotes(value string) string { + if len(value) < 2 { + return value + } lastIndex := len(value) - 1 for _, char := range []byte{'\'', '"'} { if value[0] == char && value[lastIndex] == char { diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml index 49dda1376903..f0e463bd169a 100644 --- a/vendor/github.com/docker/docker/api/swagger.yaml +++ b/vendor/github.com/docker/docker/api/swagger.yaml @@ -202,24 +202,72 @@ definitions: MountPoint: type: "object" - description: "A mount point inside a container" + description: | + MountPoint represents a mount point configuration inside the container. + This is used for reporting the mountpoints in use by a container. properties: Type: + description: | + The mount type: + + - `bind` a mount of a file or directory from the host into the container. + - `volume` a docker volume with the given `Name`. + - `tmpfs` a `tmpfs`. + - `npipe` a named pipe from the host into the container. type: "string" + enum: + - "bind" + - "volume" + - "tmpfs" + - "npipe" + example: "volume" Name: + description: | + Name is the name reference to the underlying data defined by `Source` + e.g., the volume name. type: "string" + example: "myvolume" Source: + description: | + Source location of the mount. + + For volumes, this contains the storage location of the volume (within + `/var/lib/docker/volumes/`). For bind-mounts, and `npipe`, this contains + the source (host) part of the bind-mount. For `tmpfs` mount points, this + field is empty. type: "string" + example: "/var/lib/docker/volumes/myvolume/_data" Destination: + description: | + Destination is the path relative to the container root (`/`) where + the `Source` is mounted inside the container. type: "string" + example: "/usr/share/nginx/html/" Driver: + description: | + Driver is the volume driver used to create the volume (if it is a volume). type: "string" + example: "local" Mode: + description: | + Mode is a comma separated list of options supplied by the user when + creating the bind/volume mount. + + The default is platform-specific (`"z"` on Linux, empty on Windows). type: "string" + example: "z" RW: + description: | + Whether the mount is mounted writable (read-write). type: "boolean" + example: true Propagation: + description: | + Propagation describes how mounts are propagated from the host into the + mount point, and vice-versa. Refer to the [Linux kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) + for details. This field is not used on Windows. type: "string" + example: "" DeviceMapping: type: "object" @@ -529,19 +577,13 @@ definitions: type: "array" items: $ref: "#/definitions/DeviceRequest" - KernelMemory: + KernelMemoryTCP: description: | - Kernel memory limit in bytes. - -


+ Hard limit for kernel TCP buffer memory (in bytes). Depending on the + OCI runtime in use, this option may be ignored. It is no longer supported + by the default (runc) runtime. - > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated - > `kmem.limit_in_bytes`. - type: "integer" - format: "int64" - example: 209715200 - KernelMemoryTCP: - description: "Hard limit for kernel TCP buffer memory (in bytes)." + This field is omitted when empty. type: "integer" format: "int64" MemoryReservation: @@ -1027,8 +1069,9 @@ definitions: description: "Mount the container's root filesystem as read only." SecurityOpt: type: "array" - description: "A list of string values to customize labels for MLS - systems, such as SELinux." + description: | + A list of string values to customize labels for MLS systems, such + as SELinux. items: type: "string" StorageOpt: @@ -1109,14 +1152,18 @@ definitions: type: "string" ContainerConfig: - description: "Configuration for a container that is portable between hosts" + description: | + Configuration for a container that is portable between hosts. type: "object" properties: Hostname: - description: "The hostname to use for the container, as a valid RFC 1123 hostname." + description: | + The hostname to use for the container, as a valid RFC 1123 hostname. type: "string" + example: "439f4e91bd1d" Domainname: - description: "The domain name to use for the container." + description: | + The domain name to use for the container. type: "string" User: description: "The user that commands are run as inside the container." @@ -1139,11 +1186,16 @@ definitions: `{"/": {}}` type: "object" + x-nullable: true additionalProperties: type: "object" enum: - {} default: {} + example: { + "80/tcp": {}, + "443/tcp": {} + } Tty: description: | Attach standard streams to a TTY, including `stdin` if it is not closed. @@ -1165,21 +1217,29 @@ definitions: type: "array" items: type: "string" + example: + - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" Cmd: description: | Command to run specified as a string or an array of strings. type: "array" items: type: "string" + example: ["/bin/sh"] Healthcheck: $ref: "#/definitions/HealthConfig" ArgsEscaped: description: "Command is already escaped (Windows only)" type: "boolean" + default: false + example: false + x-nullable: true Image: description: | - The name of the image to use when creating the container/ + The name (or reference) of the image to use when creating the container, + or which was used when the container was created. type: "string" + example: "example-image:1.0" Volumes: description: | An object mapping mount point paths inside the container to empty @@ -1193,6 +1253,7 @@ definitions: WorkingDir: description: "The working directory for commands to run in." type: "string" + example: "/public/" Entrypoint: description: | The entry point for the container as a string or an array of strings. @@ -1203,38 +1264,50 @@ definitions: type: "array" items: type: "string" + example: [] NetworkDisabled: description: "Disable networking for the container." type: "boolean" + x-nullable: true MacAddress: description: "MAC address of the container." type: "string" + x-nullable: true OnBuild: description: | `ONBUILD` metadata that were defined in the image's `Dockerfile`. type: "array" + x-nullable: true items: type: "string" + example: [] Labels: description: "User-defined key/value metadata." type: "object" additionalProperties: type: "string" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" StopSignal: description: | Signal to stop a container as a string or unsigned integer. type: "string" - default: "SIGTERM" + example: "SIGTERM" + x-nullable: true StopTimeout: description: "Timeout to stop a container in seconds." type: "integer" default: 10 + x-nullable: true Shell: description: | Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell. type: "array" + x-nullable: true items: type: "string" + example: ["/bin/sh", "-c"] NetworkingConfig: description: | @@ -1491,107 +1564,215 @@ definitions: example: "4443" GraphDriverData: - description: "Information about a container's graph driver." + description: | + Information about the storage driver used to store the container's and + image's filesystem. type: "object" required: [Name, Data] properties: Name: + description: "Name of the storage driver." type: "string" x-nullable: false + example: "overlay2" Data: + description: | + Low-level storage metadata, provided as key/value pairs. + + This information is driver-specific, and depends on the storage-driver + in use, and should be used for informational purposes only. type: "object" x-nullable: false additionalProperties: type: "string" + example: { + "MergedDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/merged", + "UpperDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/diff", + "WorkDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/work" + } - Image: + ImageInspect: + description: | + Information about an image in the local image cache. type: "object" - required: - - Id - - Parent - - Comment - - Created - - Container - - DockerVersion - - Author - - Architecture - - Os - - Size - - VirtualSize - - GraphDriver - - RootFS properties: Id: + description: | + ID is the content-addressable ID of an image. + + This identified is a content-addressable digest calculated from the + image's configuration (which includes the digests of layers used by + the image). + + Note that this digest differs from the `RepoDigests` below, which + holds digests of image manifests that reference the image. type: "string" x-nullable: false + example: "sha256:ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710" RepoTags: + description: | + List of image names/tags in the local image cache that reference this + image. + + Multiple image tags can refer to the same imagem and this list may be + empty if no tags reference the image, in which case the image is + "untagged", in which case it can still be referenced by its ID. type: "array" items: type: "string" + example: + - "example:1.0" + - "example:latest" + - "example:stable" + - "internal.registry.example.com:5000/example:1.0" RepoDigests: + description: | + List of content-addressable digests of locally available image manifests + that the image is referenced from. Multiple manifests can refer to the + same image. + + These digests are usually only available if the image was either pulled + from a registry, or if the image was pushed to a registry, which is when + the manifest is generated and its digest calculated. type: "array" items: type: "string" + example: + - "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb" + - "internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578" Parent: + description: | + ID of the parent image. + + Depending on how the image was created, this field may be empty and + is only set for images that were built/created locally. This field + is empty if the image was pulled from an image registry. type: "string" x-nullable: false + example: "" Comment: + description: | + Optional message that was set when committing or importing the image. type: "string" x-nullable: false + example: "" Created: + description: | + Date and time at which the image was created, formatted in + [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds. type: "string" x-nullable: false + example: "2022-02-04T21:20:12.497794809Z" Container: + description: | + The ID of the container that was used to create the image. + + Depending on how the image was created, this field may be empty. type: "string" x-nullable: false + example: "65974bc86f1770ae4bff79f651ebdbce166ae9aada632ee3fa9af3a264911735" ContainerConfig: $ref: "#/definitions/ContainerConfig" DockerVersion: + description: | + The version of Docker that was used to build the image. + + Depending on how the image was created, this field may be empty. type: "string" x-nullable: false + example: "20.10.7" Author: + description: | + Name of the author that was specified when committing the image, or as + specified through MAINTAINER (deprecated) in the Dockerfile. type: "string" x-nullable: false + example: "" Config: $ref: "#/definitions/ContainerConfig" Architecture: + description: | + Hardware CPU architecture that the image runs on. type: "string" x-nullable: false + example: "arm" + Variant: + description: | + CPU architecture variant (presently ARM-only). + type: "string" + x-nullable: true + example: "v7" Os: + description: | + Operating System the image is built to run on. type: "string" x-nullable: false + example: "linux" OsVersion: + description: | + Operating System version the image is built to run on (especially + for Windows). type: "string" + example: "" + x-nullable: true Size: + description: | + Total size of the image including all layers it is composed of. type: "integer" format: "int64" x-nullable: false + example: 1239828 VirtualSize: + description: | + Total size of the image including all layers it is composed of. + + In versions of Docker before v1.10, this field was calculated from + the image itself and all of its parent images. Docker v1.10 and up + store images self-contained, and no longer use a parent-chain, making + this field an equivalent of the Size field. + + This field is kept for backward compatibility, but may be removed in + a future version of the API. type: "integer" format: "int64" x-nullable: false + example: 1239828 GraphDriver: $ref: "#/definitions/GraphDriverData" RootFS: + description: | + Information about the image's RootFS, including the layer IDs. type: "object" required: [Type] properties: Type: type: "string" x-nullable: false + example: "layers" Layers: type: "array" items: type: "string" - BaseLayer: - type: "string" + example: + - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6" + - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" Metadata: + description: | + Additional metadata of the image in the local cache. This information + is local to the daemon, and not part of the image itself. type: "object" properties: LastTagTime: + description: | + Date and time at which the image was last tagged in + [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds. + + This information is only available if the image was tagged locally, + and omitted otherwise. type: "string" format: "dateTime" - + example: "2022-02-28T14:40:02.623929178Z" + x-nullable: true ImageSummary: type: "object" required: @@ -1683,18 +1864,22 @@ definitions: type: "string" description: "Name of the volume." x-nullable: false + example: "tardis" Driver: type: "string" description: "Name of the volume driver used by the volume." x-nullable: false + example: "custom" Mountpoint: type: "string" description: "Mount path of the volume on the host." x-nullable: false + example: "/var/lib/docker/volumes/tardis" CreatedAt: type: "string" format: "dateTime" description: "Date/Time the volume was created." + example: "2016-06-07T20:31:11.853781916Z" Status: type: "object" description: | @@ -1706,12 +1891,17 @@ definitions: does not support this feature. additionalProperties: type: "object" + example: + hello: "world" Labels: type: "object" description: "User-defined key/value metadata." x-nullable: false additionalProperties: type: "string" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" Scope: type: "string" description: | @@ -1720,12 +1910,17 @@ definitions: default: "local" x-nullable: false enum: ["local", "global"] + example: "local" Options: type: "object" description: | The driver specific options used when creating the volume. additionalProperties: type: "string" + example: + device: "tmpfs" + o: "size=100m,uid=1000" + type: "tmpfs" UsageData: type: "object" x-nullable: true @@ -1751,17 +1946,43 @@ definitions: is set to `-1` if the reference-count is not available. x-nullable: false - example: - Name: "tardis" - Driver: "custom" - Mountpoint: "/var/lib/docker/volumes/tardis" - Status: - hello: "world" + VolumeCreateOptions: + description: "Volume configuration" + type: "object" + title: "VolumeConfig" + x-go-name: "VolumeCreateBody" + properties: + Name: + description: | + The new volume's name. If not specified, Docker generates a name. + type: "string" + x-nullable: false + example: "tardis" + Driver: + description: "Name of the volume driver to use." + type: "string" + default: "local" + x-nullable: false + example: "custom" + DriverOpts: + description: | + A mapping of driver options and values. These options are + passed directly to the driver and are driver specific. + type: "object" + additionalProperties: + type: "string" + example: + device: "tmpfs" + o: "size=100m,uid=1000" + type: "tmpfs" Labels: - com.example.some-label: "some-value" - com.example.some-other-label: "some-other-value" - Scope: "local" - CreatedAt: "2016-06-07T20:31:11.853781916Z" + description: "User-defined key/value metadata." + type: "object" + additionalProperties: + type: "string" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" Network: type: "object" @@ -1849,15 +2070,27 @@ definitions: ``` type: "array" items: - type: "object" - additionalProperties: - type: "string" + $ref: "#/definitions/IPAMConfig" Options: description: "Driver-specific options, specified as a map." type: "object" additionalProperties: type: "string" + IPAMConfig: + type: "object" + properties: + Subnet: + type: "string" + IPRange: + type: "string" + Gateway: + type: "string" + AuxiliaryAddresses: + type: "object" + additionalProperties: + type: "string" + NetworkContainer: type: "object" properties: @@ -3641,6 +3874,7 @@ definitions: ServiceSpec: description: "User modifiable configuration for a service." + type: object properties: Name: description: "Name of the service." @@ -4096,7 +4330,7 @@ definitions: Mounts: type: "array" items: - $ref: "#/definitions/Mount" + $ref: "#/definitions/MountPoint" Driver: description: "Driver represents a driver (network, logging, secrets)." @@ -4278,6 +4512,29 @@ definitions: Health: $ref: "#/definitions/Health" + ContainerWaitResponse: + description: "OK response to ContainerWait operation" + type: "object" + x-go-name: "ContainerWaitOKBody" + title: "ContainerWaitResponse" + required: [StatusCode, Error] + properties: + StatusCode: + description: "Exit code of the container" + type: "integer" + x-nullable: false + Error: + $ref: "#/definitions/ContainerWaitExitError" + + ContainerWaitExitError: + description: "container waiting error, if any" + type: "object" + x-go-name: "ContainerWaitOKBodyError" + properties: + Message: + description: "Details of an error" + type: "string" + SystemVersion: type: "object" description: | @@ -4458,14 +4715,13 @@ definitions: description: "Indicates if the host has memory swap limit support enabled." type: "boolean" example: true - KernelMemory: + KernelMemoryTCP: description: | - Indicates if the host has kernel memory limit support enabled. - -


+ Indicates if the host has kernel memory TCP limit support enabled. This + field is omitted if not supported. - > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated - > `kmem.limit_in_bytes`. + Kernel memory TCP limits are not supported when using cgroups v2, which + does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup. type: "boolean" example: true CpuCfsPeriod: @@ -5175,6 +5431,7 @@ definitions: PeerNode: description: "Represents a peer-node in the swarm" + type: "object" properties: NodeID: description: "Unique identifier of for this node in the swarm." @@ -5284,22 +5541,22 @@ definitions: type: "integer" format: "int64" example: 3987495 - # TODO Not yet including these fields for now, as they are nil / omitted in our response. - # urls: - # description: | - # List of URLs from which this object MAY be downloaded. - # type: "array" - # items: - # type: "string" - # format: "uri" - # annotations: - # description: | - # Arbitrary metadata relating to the targeted content. - # type: "object" - # additionalProperties: - # type: "string" - # platform: - # $ref: "#/definitions/OCIPlatform" + # TODO Not yet including these fields for now, as they are nil / omitted in our response. + # urls: + # description: | + # List of URLs from which this object MAY be downloaded. + # type: "array" + # items: + # type: "string" + # format: "uri" + # annotations: + # description: | + # Arbitrary metadata relating to the targeted content. + # type: "object" + # additionalProperties: + # type: "string" + # platform: + # $ref: "#/definitions/OCIPlatform" OCIPlatform: type: "object" @@ -5626,7 +5883,6 @@ paths: Memory: 0 MemorySwap: 0 MemoryReservation: 0 - KernelMemory: 0 NanoCpus: 500000 CpuPercent: 80 CpuShares: 512 @@ -5918,7 +6174,6 @@ paths: Memory: 0 MemorySwap: 0 MemoryReservation: 0 - KernelMemory: 0 OomKillDisable: false OomScoreAdj: 500 NetworkMode: "bridge" @@ -6663,7 +6918,6 @@ paths: Memory: 314572800 MemorySwap: 514288000 MemoryReservation: 209715200 - KernelMemory: 52428800 RestartPolicy: MaximumRetryCount: 4 Name: "on-failure" @@ -7002,22 +7256,7 @@ paths: 200: description: "The container has exit." schema: - type: "object" - title: "ContainerWaitResponse" - description: "OK response to ContainerWait operation" - required: [StatusCode] - properties: - StatusCode: - description: "Exit code of the container" - type: "integer" - x-nullable: false - Error: - description: "container waiting error, if any" - type: "object" - properties: - Message: - description: "Details of an error" - type: "string" + $ref: "#/definitions/ContainerWaitResponse" 400: description: "bad parameter" schema: @@ -7125,17 +7364,7 @@ paths: 400: description: "Bad parameter" schema: - allOf: - - $ref: "#/definitions/ErrorResponse" - - type: "object" - properties: - message: - description: | - The error message. Either "must specify path parameter" - (path cannot be empty) or "not a directory" (path was - asserted to be a directory but exists as a file). - type: "string" - x-nullable: false + $ref: "#/definitions/ErrorResponse" 404: description: "Container or path does not exist" schema: @@ -7170,17 +7399,7 @@ paths: 400: description: "Bad parameter" schema: - allOf: - - $ref: "#/definitions/ErrorResponse" - - type: "object" - properties: - message: - description: | - The error message. Either "must specify path parameter" - (path cannot be empty) or "not a directory" (path was - asserted to be a directory but exists as a file). - type: "string" - x-nullable: false + $ref: "#/definitions/ErrorResponse" 404: description: "Container or path does not exist" schema: @@ -7206,7 +7425,10 @@ paths: tags: ["Container"] put: summary: "Extract an archive of files or folders to a directory in a container" - description: "Upload a tar archive to be extracted to a path in the filesystem of container id." + description: | + Upload a tar archive to be extracted to a path in the filesystem of container id. + `path` parameter is asserted to be a directory. If it exists as a file, 400 error + will be returned with message "not a directory". operationId: "PutContainerArchive" consumes: ["application/x-tar", "application/octet-stream"] responses: @@ -7216,6 +7438,9 @@ paths: description: "Bad parameter" schema: $ref: "#/definitions/ErrorResponse" + examples: + application/json: + message: "not a directory" 403: description: "Permission denied, the volume or container rootfs is marked as read-only." schema: @@ -7717,84 +7942,7 @@ paths: 200: description: "No error" schema: - $ref: "#/definitions/Image" - examples: - application/json: - Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c" - Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a" - Comment: "" - Os: "linux" - Architecture: "amd64" - Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c" - ContainerConfig: - Tty: false - Hostname: "e611e15f9c9d" - Domainname: "" - AttachStdout: false - PublishService: "" - AttachStdin: false - OpenStdin: false - StdinOnce: false - NetworkDisabled: false - OnBuild: [] - Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c" - User: "" - WorkingDir: "" - MacAddress: "" - AttachStderr: false - Labels: - com.example.license: "GPL" - com.example.version: "1.0" - com.example.vendor: "Acme" - Env: - - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - Cmd: - - "/bin/sh" - - "-c" - - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0" - DockerVersion: "1.9.0-dev" - VirtualSize: 188359297 - Size: 0 - Author: "" - Created: "2015-09-10T08:30:53.26995814Z" - GraphDriver: - Name: "aufs" - Data: {} - RepoDigests: - - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf" - RepoTags: - - "example:1.0" - - "example:latest" - - "example:stable" - Config: - Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c" - NetworkDisabled: false - OnBuild: [] - StdinOnce: false - PublishService: "" - AttachStdin: false - OpenStdin: false - Domainname: "" - AttachStdout: false - Tty: false - Hostname: "e611e15f9c9d" - Cmd: - - "/bin/bash" - Env: - - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - Labels: - com.example.vendor: "Acme" - com.example.version: "1.0" - com.example.license: "GPL" - MacAddress: "" - AttachStderr: false - WorkingDir: "" - User: "" - RootFS: - Type: "layers" - Layers: - - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6" - - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + $ref: "#/definitions/ImageInspect" 404: description: "No such image" schema: @@ -8229,6 +8377,13 @@ paths: Docker-Experimental: type: "boolean" description: "If the server is running with experimental mode enabled" + Swarm: + type: "string" + enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"] + description: | + Contains information about Swarm status of the daemon, + and if the daemon is acting as a manager or worker node. + default: "inactive" Cache-Control: type: "string" default: "no-cache, no-store, must-revalidate" @@ -8268,6 +8423,13 @@ paths: Docker-Experimental: type: "boolean" description: "If the server is running with experimental mode enabled" + Swarm: + type: "string" + enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"] + description: | + Contains information about Swarm status of the daemon, + and if the daemon is acting as a manager or worker node. + default: "inactive" Cache-Control: type: "string" default: "no-cache, no-store, must-revalidate" @@ -8934,23 +9096,6 @@ paths: Warnings that occurred when fetching the list of volumes. items: type: "string" - - examples: - application/json: - Volumes: - - CreatedAt: "2017-07-19T12:00:26Z" - Name: "tardis" - Driver: "local" - Mountpoint: "/var/lib/docker/volumes/tardis" - Labels: - com.example.some-label: "some-value" - com.example.some-other-label: "some-other-value" - Scope: "local" - Options: - device: "tmpfs" - o: "size=100m,uid=1000" - type: "tmpfs" - Warnings: [] 500: description: "Server error" schema: @@ -8995,38 +9140,7 @@ paths: required: true description: "Volume configuration" schema: - type: "object" - description: "Volume configuration" - title: "VolumeConfig" - properties: - Name: - description: | - The new volume's name. If not specified, Docker generates a name. - type: "string" - x-nullable: false - Driver: - description: "Name of the volume driver to use." - type: "string" - default: "local" - x-nullable: false - DriverOpts: - description: | - A mapping of driver options and values. These options are - passed directly to the driver and are driver specific. - type: "object" - additionalProperties: - type: "string" - Labels: - description: "User-defined key/value metadata." - type: "object" - additionalProperties: - type: "string" - example: - Name: "tardis" - Labels: - com.example.some-label: "some-value" - com.example.some-other-label: "some-other-value" - Driver: "custom" + $ref: "#/definitions/VolumeCreateOptions" tags: ["Volume"] /volumes/{name}: diff --git a/vendor/github.com/docker/docker/api/types/container/container_wait.go b/vendor/github.com/docker/docker/api/types/container/container_wait.go deleted file mode 100644 index 49e05ae66944..000000000000 --- a/vendor/github.com/docker/docker/api/types/container/container_wait.go +++ /dev/null @@ -1,28 +0,0 @@ -package container // import "github.com/docker/docker/api/types/container" - -// ---------------------------------------------------------------------------- -// Code generated by `swagger generate operation`. DO NOT EDIT. -// -// See hack/generate-swagger-api.sh -// ---------------------------------------------------------------------------- - -// ContainerWaitOKBodyError container waiting error, if any -// swagger:model ContainerWaitOKBodyError -type ContainerWaitOKBodyError struct { - - // Details of an error - Message string `json:"Message,omitempty"` -} - -// ContainerWaitOKBody OK response to ContainerWait operation -// swagger:model ContainerWaitOKBody -type ContainerWaitOKBody struct { - - // error - // Required: true - Error *ContainerWaitOKBodyError `json:"Error"` - - // Exit code of the container - // Required: true - StatusCode int64 `json:"StatusCode"` -} diff --git a/vendor/github.com/docker/docker/api/types/container/container_wait_o_k_body.go b/vendor/github.com/docker/docker/api/types/container/container_wait_o_k_body.go new file mode 100644 index 000000000000..3219207fbbdb --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/container/container_wait_o_k_body.go @@ -0,0 +1,19 @@ +package container + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +// ContainerWaitOKBody ContainerWaitResponse +// +// OK response to ContainerWait operation +// swagger:model ContainerWaitOKBody +type ContainerWaitOKBody struct { + + // error + // Required: true + Error *ContainerWaitOKBodyError `json:"Error"` + + // Exit code of the container + // Required: true + StatusCode int64 `json:"StatusCode"` +} diff --git a/vendor/github.com/docker/docker/api/types/container/container_wait_o_k_body_error.go b/vendor/github.com/docker/docker/api/types/container/container_wait_o_k_body_error.go new file mode 100644 index 000000000000..ee598973ec5f --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/container/container_wait_o_k_body_error.go @@ -0,0 +1,12 @@ +package container + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +// ContainerWaitOKBodyError container waiting error, if any +// swagger:model ContainerWaitOKBodyError +type ContainerWaitOKBodyError struct { + + // Details of an error + Message string `json:"Message,omitempty"` +} diff --git a/vendor/github.com/docker/docker/api/types/container/host_config.go b/vendor/github.com/docker/docker/api/types/container/host_config.go index dcea6c8a5ae6..9a5aa28f9ac3 100644 --- a/vendor/github.com/docker/docker/api/types/container/host_config.go +++ b/vendor/github.com/docker/docker/api/types/container/host_config.go @@ -376,14 +376,17 @@ type Resources struct { Devices []DeviceMapping // List of devices to map inside the container DeviceCgroupRules []string // List of rule to be added to the device cgroup DeviceRequests []DeviceRequest // List of device requests for device drivers - KernelMemory int64 // Kernel memory limit (in bytes), Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes - KernelMemoryTCP int64 // Hard limit for kernel TCP buffer memory (in bytes) - MemoryReservation int64 // Memory soft limit (in bytes) - MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap - MemorySwappiness *int64 // Tuning container memory swappiness behaviour - OomKillDisable *bool // Whether to disable OOM Killer or not - PidsLimit *int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change. - Ulimits []*units.Ulimit // List of ulimits to be set in the container + + // KernelMemory specifies the kernel memory limit (in bytes) for the container. + // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes. + KernelMemory int64 `json:",omitempty"` + KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) + MemoryReservation int64 // Memory soft limit (in bytes) + MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap + MemorySwappiness *int64 // Tuning container memory swappiness behaviour + OomKillDisable *bool // Whether to disable OOM Killer or not + PidsLimit *int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change. + Ulimits []*units.Ulimit // List of ulimits to be set in the container // Applicable to Windows CPUCount int64 `json:"CpuCount"` // CPU count diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go index 4bc91cffd6e5..6a2139adb3aa 100644 --- a/vendor/github.com/docker/docker/api/types/filters/parse.go +++ b/vendor/github.com/docker/docker/api/types/filters/parse.go @@ -9,6 +9,7 @@ import ( "strings" "github.com/docker/docker/api/types/versions" + "github.com/pkg/errors" ) // Args stores a mapping of keys to a set of multiple values. @@ -97,7 +98,7 @@ func FromJSON(p string) (Args, error) { // Fallback to parsing arguments in the legacy slice format deprecated := map[string][]string{} if legacyErr := json.Unmarshal(raw, &deprecated); legacyErr != nil { - return args, err + return args, invalidFilter{errors.Wrap(err, "invalid filter")} } args.fields = deprecatedArgs(deprecated) @@ -247,10 +248,10 @@ func (args Args) Contains(field string) bool { return ok } -type invalidFilter string +type invalidFilter struct{ error } func (e invalidFilter) Error() string { - return "Invalid filter '" + string(e) + "'" + return e.error.Error() } func (invalidFilter) InvalidParameter() {} @@ -260,7 +261,7 @@ func (invalidFilter) InvalidParameter() {} func (args Args) Validate(accepted map[string]bool) error { for name := range args.fields { if !accepted[name] { - return invalidFilter(name) + return invalidFilter{errors.New("invalid filter '" + name + "'")} } } return nil diff --git a/vendor/github.com/docker/docker/api/types/graph_driver_data.go b/vendor/github.com/docker/docker/api/types/graph_driver_data.go index 4d9bf1c62c89..ce3deb331c51 100644 --- a/vendor/github.com/docker/docker/api/types/graph_driver_data.go +++ b/vendor/github.com/docker/docker/api/types/graph_driver_data.go @@ -3,15 +3,21 @@ package types // This file was generated by the swagger tool. // Editing this file might prove futile when you re-run the swagger generate command -// GraphDriverData Information about a container's graph driver. +// GraphDriverData Information about the storage driver used to store the container's and +// image's filesystem. +// // swagger:model GraphDriverData type GraphDriverData struct { - // data + // Low-level storage metadata, provided as key/value pairs. + // + // This information is driver-specific, and depends on the storage-driver + // in use, and should be used for informational purposes only. + // // Required: true Data map[string]string `json:"Data"` - // name + // Name of the storage driver. // Required: true Name string `json:"Name"` } diff --git a/vendor/github.com/docker/docker/api/types/swarm/swarm.go b/vendor/github.com/docker/docker/api/types/swarm/swarm.go index b25f9996462e..3eae4b9b297d 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/swarm.go +++ b/vendor/github.com/docker/docker/api/types/swarm/swarm.go @@ -213,6 +213,16 @@ type Info struct { Warnings []string `json:",omitempty"` } +// Status provides information about the current swarm status and role, +// obtained from the "Swarm" header in the API response. +type Status struct { + // NodeState represents the state of the node. + NodeState LocalNodeState + + // ControlAvailable indicates if the node is a swarm manager. + ControlAvailable bool +} + // Peer represents a peer. type Peer struct { NodeID string diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go index a186550d7242..ee52f46212ce 100644 --- a/vendor/github.com/docker/docker/api/types/types.go +++ b/vendor/github.com/docker/docker/api/types/types.go @@ -19,38 +19,119 @@ import ( // RootFS returns Image's RootFS description including the layer IDs. type RootFS struct { - Type string - Layers []string `json:",omitempty"` - BaseLayer string `json:",omitempty"` + Type string `json:",omitempty"` + Layers []string `json:",omitempty"` } // ImageInspect contains response of Engine API: // GET "/images/{name:.*}/json" type ImageInspect struct { - ID string `json:"Id"` - RepoTags []string - RepoDigests []string - Parent string - Comment string - Created string - Container string + // ID is the content-addressable ID of an image. + // + // This identified is a content-addressable digest calculated from the + // image's configuration (which includes the digests of layers used by + // the image). + // + // Note that this digest differs from the `RepoDigests` below, which + // holds digests of image manifests that reference the image. + ID string `json:"Id"` + + // RepoTags is a list of image names/tags in the local image cache that + // reference this image. + // + // Multiple image tags can refer to the same imagem and this list may be + // empty if no tags reference the image, in which case the image is + // "untagged", in which case it can still be referenced by its ID. + RepoTags []string + + // RepoDigests is a list of content-addressable digests of locally available + // image manifests that the image is referenced from. Multiple manifests can + // refer to the same image. + // + // These digests are usually only available if the image was either pulled + // from a registry, or if the image was pushed to a registry, which is when + // the manifest is generated and its digest calculated. + RepoDigests []string + + // Parent is the ID of the parent image. + // + // Depending on how the image was created, this field may be empty and + // is only set for images that were built/created locally. This field + // is empty if the image was pulled from an image registry. + Parent string + + // Comment is an optional message that can be set when committing or + // importing the image. + Comment string + + // Created is the date and time at which the image was created, formatted in + // RFC 3339 nano-seconds (time.RFC3339Nano). + Created string + + // Container is the ID of the container that was used to create the image. + // + // Depending on how the image was created, this field may be empty. + Container string + + // ContainerConfig is the configuration of the container that was committed + // into the image. ContainerConfig *container.Config - DockerVersion string - Author string - Config *container.Config - Architecture string - Variant string `json:",omitempty"` - Os string - OsVersion string `json:",omitempty"` - Size int64 - VirtualSize int64 - GraphDriver GraphDriverData - RootFS RootFS - Metadata ImageMetadata + + // DockerVersion is the version of Docker that was used to build the image. + // + // Depending on how the image was created, this field may be empty. + DockerVersion string + + // Author is the name of the author that was specified when committing the + // image, or as specified through MAINTAINER (deprecated) in the Dockerfile. + Author string + Config *container.Config + + // Architecture is the hardware CPU architecture that the image runs on. + Architecture string + + // Variant is the CPU architecture variant (presently ARM-only). + Variant string `json:",omitempty"` + + // OS is the Operating System the image is built to run on. + Os string + + // OsVersion is the version of the Operating System the image is built to + // run on (especially for Windows). + OsVersion string `json:",omitempty"` + + // Size is the total size of the image including all layers it is composed of. + Size int64 + + // VirtualSize is the total size of the image including all layers it is + // composed of. + // + // In versions of Docker before v1.10, this field was calculated from + // the image itself and all of its parent images. Docker v1.10 and up + // store images self-contained, and no longer use a parent-chain, making + // this field an equivalent of the Size field. + // + // This field is kept for backward compatibility, but may be removed in + // a future version of the API. + VirtualSize int64 // TODO(thaJeztah): deprecate this field + + // GraphDriver holds information about the storage driver used to store the + // container's and image's filesystem. + GraphDriver GraphDriverData + + // RootFS contains information about the image's RootFS, including the + // layer IDs. + RootFS RootFS + + // Metadata of the image in the local cache. + // + // This information is local to the daemon, and not part of the image itself. + Metadata ImageMetadata } // ImageMetadata contains engine-local data about the image type ImageMetadata struct { + // LastTagTime is the date and time at which the image was last tagged. LastTagTime time.Time `json:",omitempty"` } @@ -107,6 +188,15 @@ type Ping struct { OSType string Experimental bool BuilderVersion BuilderVersion + + // SwarmStatus provides information about the current swarm status of the + // engine, obtained from the "Swarm" header in the API response. + // + // It can be a nil struct if the API version does not provide this header + // in the ping response, or if an error occurred, in which case the client + // should use other ways to get the current swarm status, such as the /swarm + // endpoint. + SwarmStatus *swarm.Status } // ComponentVersion describes the version information for a specific component. @@ -158,8 +248,8 @@ type Info struct { Plugins PluginsInfo MemoryLimit bool SwapLimit bool - KernelMemory bool // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes - KernelMemoryTCP bool + KernelMemory bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes + KernelMemoryTCP bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2. CPUCfsPeriod bool `json:"CpuCfsPeriod"` CPUCfsQuota bool `json:"CpuCfsQuota"` CPUShares bool @@ -421,13 +511,44 @@ type DefaultNetworkSettings struct { // MountPoint represents a mount point configuration inside the container. // This is used for reporting the mountpoints in use by a container. type MountPoint struct { - Type mount.Type `json:",omitempty"` - Name string `json:",omitempty"` - Source string + // Type is the type of mount, see `Type` definitions in + // github.com/docker/docker/api/types/mount.Type + Type mount.Type `json:",omitempty"` + + // Name is the name reference to the underlying data defined by `Source` + // e.g., the volume name. + Name string `json:",omitempty"` + + // Source is the source location of the mount. + // + // For volumes, this contains the storage location of the volume (within + // `/var/lib/docker/volumes/`). For bind-mounts, and `npipe`, this contains + // the source (host) part of the bind-mount. For `tmpfs` mount points, this + // field is empty. + Source string + + // Destination is the path relative to the container root (`/`) where the + // Source is mounted inside the container. Destination string - Driver string `json:",omitempty"` - Mode string - RW bool + + // Driver is the volume driver used to create the volume (if it is a volume). + Driver string `json:",omitempty"` + + // Mode is a comma separated list of options supplied by the user when + // creating the bind/volume mount. + // + // The default is platform-specific (`"z"` on Linux, empty on Windows). + Mode string + + // RW indicates whether the mount is mounted writable (read-write). + RW bool + + // Propagation describes how mounts are propagated from the host into the + // mount point, and vice-versa. Refer to the Linux kernel documentation + // for details: + // https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt + // + // This field is not used on Windows. Propagation mount.Propagation } diff --git a/vendor/github.com/docker/docker/api/types/volume/volume_create.go b/vendor/github.com/docker/docker/api/types/volume/volume_create.go deleted file mode 100644 index 8538078dd663..000000000000 --- a/vendor/github.com/docker/docker/api/types/volume/volume_create.go +++ /dev/null @@ -1,31 +0,0 @@ -package volume // import "github.com/docker/docker/api/types/volume" - -// ---------------------------------------------------------------------------- -// Code generated by `swagger generate operation`. DO NOT EDIT. -// -// See hack/generate-swagger-api.sh -// ---------------------------------------------------------------------------- - -// VolumeCreateBody Volume configuration -// swagger:model VolumeCreateBody -type VolumeCreateBody struct { - - // Name of the volume driver to use. - // Required: true - Driver string `json:"Driver"` - - // A mapping of driver options and values. These options are - // passed directly to the driver and are driver specific. - // - // Required: true - DriverOpts map[string]string `json:"DriverOpts"` - - // User-defined key/value metadata. - // Required: true - Labels map[string]string `json:"Labels"` - - // The new volume's name. If not specified, Docker generates a name. - // - // Required: true - Name string `json:"Name"` -} diff --git a/vendor/github.com/docker/docker/api/types/volume/volume_create_body.go b/vendor/github.com/docker/docker/api/types/volume/volume_create_body.go new file mode 100644 index 000000000000..f40fe1377f5d --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/volume/volume_create_body.go @@ -0,0 +1,26 @@ +package volume + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +// VolumeCreateBody VolumeConfig +// +// Volume configuration +// swagger:model VolumeCreateBody +type VolumeCreateBody struct { + + // Name of the volume driver to use. + Driver string `json:"Driver,omitempty"` + + // A mapping of driver options and values. These options are + // passed directly to the driver and are driver specific. + // + DriverOpts map[string]string `json:"DriverOpts,omitempty"` + + // User-defined key/value metadata. + Labels map[string]string `json:"Labels,omitempty"` + + // The new volume's name. If not specified, Docker generates a name. + // + Name string `json:"Name,omitempty"` +} diff --git a/vendor/github.com/docker/docker/client/checkpoint_list.go b/vendor/github.com/docker/docker/client/checkpoint_list.go index 66d46dd161ba..39cfb959ff5e 100644 --- a/vendor/github.com/docker/docker/client/checkpoint_list.go +++ b/vendor/github.com/docker/docker/client/checkpoint_list.go @@ -20,7 +20,7 @@ func (cli *Client) CheckpointList(ctx context.Context, container string, options resp, err := cli.get(ctx, "/containers/"+container+"/checkpoints", query, nil) defer ensureReaderClosed(resp) if err != nil { - return checkpoints, wrapResponseError(err, resp, "container", container) + return checkpoints, err } err = json.NewDecoder(resp.body).Decode(&checkpoints) diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go index 6a8b4d4feaeb..1412377eab29 100644 --- a/vendor/github.com/docker/docker/client/client.go +++ b/vendor/github.com/docker/docker/client/client.go @@ -43,7 +43,6 @@ package client // import "github.com/docker/docker/client" import ( "context" - "fmt" "net" "net/http" "net/url" @@ -93,15 +92,18 @@ type Client struct { } // CheckRedirect specifies the policy for dealing with redirect responses: -// If the request is non-GET return `ErrRedirect`. Otherwise use the last response. +// If the request is non-GET return ErrRedirect, otherwise use the last response. // -// Go 1.8 changes behavior for HTTP redirects (specifically 301, 307, and 308) in the client . -// The Docker client (and by extension docker API client) can be made to send a request -// like POST /containers//start where what would normally be in the name section of the URL is empty. -// This triggers an HTTP 301 from the daemon. -// In go 1.8 this 301 will be converted to a GET request, and ends up getting a 404 from the daemon. -// This behavior change manifests in the client in that before the 301 was not followed and -// the client did not generate an error, but now results in a message like Error response from daemon: page not found. +// Go 1.8 changes behavior for HTTP redirects (specifically 301, 307, and 308) +// in the client. The Docker client (and by extension docker API client) can be +// made to send a request like POST /containers//start where what would normally +// be in the name section of the URL is empty. This triggers an HTTP 301 from +// the daemon. +// +// In go 1.8 this 301 will be converted to a GET request, and ends up getting +// a 404 from the daemon. This behavior change manifests in the client in that +// before, the 301 was not followed and the client did not generate an error, +// but now results in a message like Error response from daemon: page not found. func CheckRedirect(req *http.Request, via []*http.Request) error { if via[0].Method == http.MethodGet { return http.ErrUseLastResponse @@ -109,13 +111,22 @@ func CheckRedirect(req *http.Request, via []*http.Request) error { return ErrRedirect } -// NewClientWithOpts initializes a new API client with default values. It takes functors -// to modify values when creating it, like `NewClientWithOpts(WithVersion(…))` -// It also initializes the custom http headers to add to each request. +// NewClientWithOpts initializes a new API client with a default HTTPClient, and +// default API host and version. It also initializes the custom HTTP headers to +// add to each request. +// +// It takes an optional list of Opt functional arguments, which are applied in +// the order they're provided, which allows modifying the defaults when creating +// the client. For example, the following initializes a client that configures +// itself with values from environment variables (client.FromEnv), and has +// automatic API version negotiation enabled (client.WithAPIVersionNegotiation()). +// +// +// cli, err := client.NewClientWithOpts( +// client.FromEnv, +// client.WithAPIVersionNegotiation(), +// ) // -// It won't send any version information if the version number is empty. It is -// highly recommended that you set a version or your client may break if the -// server is upgraded. func NewClientWithOpts(ops ...Opt) (*Client, error) { client, err := defaultHTTPClient(DefaultDockerHost) if err != nil { @@ -153,12 +164,12 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) { } func defaultHTTPClient(host string) (*http.Client, error) { - url, err := ParseHostURL(host) + hostURL, err := ParseHostURL(host) if err != nil { return nil, err } - transport := new(http.Transport) - sockets.ConfigureTransport(transport, url.Scheme, url.Host) + transport := &http.Transport{} + _ = sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host) return &http.Client{ Transport: transport, CheckRedirect: CheckRedirect, @@ -194,11 +205,21 @@ func (cli *Client) ClientVersion() string { return cli.version } -// NegotiateAPIVersion queries the API and updates the version to match the -// API version. Any errors are silently ignored. If a manual override is in place, -// either through the `DOCKER_API_VERSION` environment variable, or if the client -// was initialized with a fixed version (`opts.WithVersion(xx)`), no negotiation -// will be performed. +// NegotiateAPIVersion queries the API and updates the version to match the API +// version. NegotiateAPIVersion downgrades the client's API version to match the +// APIVersion if the ping version is lower than the default version. If the API +// version reported by the server is higher than the maximum version supported +// by the client, it uses the client's maximum version. +// +// If a manual override is in place, either through the "DOCKER_API_VERSION" +// (EnvOverrideAPIVersion) environment variable, or if the client is initialized +// with a fixed version (WithVersion(xx)), no negotiation is performed. +// +// If the API server's ping response does not contain an API version, or if the +// client did not get a successful ping response, it assumes it is connected with +// an old daemon that does not support API version negotiation, in which case it +// downgrades to the latest version of the API before version negotiation was +// added (1.24). func (cli *Client) NegotiateAPIVersion(ctx context.Context) { if !cli.manualOverride { ping, _ := cli.Ping(ctx) @@ -206,23 +227,31 @@ func (cli *Client) NegotiateAPIVersion(ctx context.Context) { } } -// NegotiateAPIVersionPing updates the client version to match the Ping.APIVersion -// if the ping version is less than the default version. If a manual override is -// in place, either through the `DOCKER_API_VERSION` environment variable, or if -// the client was initialized with a fixed version (`opts.WithVersion(xx)`), no -// negotiation is performed. -func (cli *Client) NegotiateAPIVersionPing(p types.Ping) { +// NegotiateAPIVersionPing downgrades the client's API version to match the +// APIVersion in the ping response. If the API version in pingResponse is higher +// than the maximum version supported by the client, it uses the client's maximum +// version. +// +// If a manual override is in place, either through the "DOCKER_API_VERSION" +// (EnvOverrideAPIVersion) environment variable, or if the client is initialized +// with a fixed version (WithVersion(xx)), no negotiation is performed. +// +// If the API server's ping response does not contain an API version, we assume +// we are connected with an old daemon without API version negotiation support, +// and downgrade to the latest version of the API before version negotiation was +// added (1.24). +func (cli *Client) NegotiateAPIVersionPing(pingResponse types.Ping) { if !cli.manualOverride { - cli.negotiateAPIVersionPing(p) + cli.negotiateAPIVersionPing(pingResponse) } } // negotiateAPIVersionPing queries the API and updates the version to match the -// API version. Any errors are silently ignored. -func (cli *Client) negotiateAPIVersionPing(p types.Ping) { - // try the latest version before versioning headers existed - if p.APIVersion == "" { - p.APIVersion = "1.24" +// API version from the ping response. +func (cli *Client) negotiateAPIVersionPing(pingResponse types.Ping) { + // default to the latest version before versioning headers existed + if pingResponse.APIVersion == "" { + pingResponse.APIVersion = "1.24" } // if the client is not initialized with a version, start with the latest supported version @@ -231,8 +260,8 @@ func (cli *Client) negotiateAPIVersionPing(p types.Ping) { } // if server version is lower than the client version, downgrade - if versions.LessThan(p.APIVersion, cli.version) { - cli.version = p.APIVersion + if versions.LessThan(pingResponse.APIVersion, cli.version) { + cli.version = pingResponse.APIVersion } // Store the results, so that automatic API version negotiation (if enabled) @@ -258,7 +287,7 @@ func (cli *Client) HTTPClient() *http.Client { func ParseHostURL(host string) (*url.URL, error) { protoAddrParts := strings.SplitN(host, "://", 2) if len(protoAddrParts) == 1 { - return nil, fmt.Errorf("unable to parse docker host `%s`", host) + return nil, errors.Errorf("unable to parse docker host `%s`", host) } var basePath string @@ -278,7 +307,9 @@ func ParseHostURL(host string) (*url.URL, error) { }, nil } -// Dialer returns a dialer for a raw stream connection, with HTTP/1.1 header, that can be used for proxying the daemon connection. +// Dialer returns a dialer for a raw stream connection, with an HTTP/1.1 header, +// that can be used for proxying the daemon connection. +// // Used by `docker dial-stdio` (docker/cli#889). func (cli *Client) Dialer() func(context.Context) (net.Conn, error) { return func(ctx context.Context) (net.Conn, error) { diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/docker/docker/client/client_unix.go index 5846f888fea2..f0783f708581 100644 --- a/vendor/github.com/docker/docker/client/client_unix.go +++ b/vendor/github.com/docker/docker/client/client_unix.go @@ -3,7 +3,8 @@ package client // import "github.com/docker/docker/client" -// DefaultDockerHost defines os specific default if DOCKER_HOST is unset +// DefaultDockerHost defines OS-specific default host if the DOCKER_HOST +// (EnvOverrideHost) environment variable is unset or empty. const DefaultDockerHost = "unix:///var/run/docker.sock" const defaultProto = "unix" diff --git a/vendor/github.com/docker/docker/client/client_windows.go b/vendor/github.com/docker/docker/client/client_windows.go index c649e54412ce..5abe60457d53 100644 --- a/vendor/github.com/docker/docker/client/client_windows.go +++ b/vendor/github.com/docker/docker/client/client_windows.go @@ -1,6 +1,7 @@ package client // import "github.com/docker/docker/client" -// DefaultDockerHost defines os specific default if DOCKER_HOST is unset +// DefaultDockerHost defines OS-specific default host if the DOCKER_HOST +// (EnvOverrideHost) environment variable is unset or empty. const DefaultDockerHost = "npipe:////./pipe/docker_engine" const defaultProto = "npipe" diff --git a/vendor/github.com/docker/docker/client/config_inspect.go b/vendor/github.com/docker/docker/client/config_inspect.go index f1b0d7f7536c..9be7882c3d7d 100644 --- a/vendor/github.com/docker/docker/client/config_inspect.go +++ b/vendor/github.com/docker/docker/client/config_inspect.go @@ -20,7 +20,7 @@ func (cli *Client) ConfigInspectWithRaw(ctx context.Context, id string) (swarm.C resp, err := cli.get(ctx, "/configs/"+id, nil, nil) defer ensureReaderClosed(resp) if err != nil { - return swarm.Config{}, nil, wrapResponseError(err, resp, "config", id) + return swarm.Config{}, nil, err } body, err := io.ReadAll(resp.body) diff --git a/vendor/github.com/docker/docker/client/config_remove.go b/vendor/github.com/docker/docker/client/config_remove.go index 93de0d8445b5..24b94e9c18b0 100644 --- a/vendor/github.com/docker/docker/client/config_remove.go +++ b/vendor/github.com/docker/docker/client/config_remove.go @@ -9,5 +9,5 @@ func (cli *Client) ConfigRemove(ctx context.Context, id string) error { } resp, err := cli.delete(ctx, "/configs/"+id, nil, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "config", id) + return err } diff --git a/vendor/github.com/docker/docker/client/container_copy.go b/vendor/github.com/docker/docker/client/container_copy.go index c0a47c14e31b..d8b7bb6b9142 100644 --- a/vendor/github.com/docker/docker/client/container_copy.go +++ b/vendor/github.com/docker/docker/client/container_copy.go @@ -23,7 +23,7 @@ func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path stri response, err := cli.head(ctx, urlStr, query, nil) defer ensureReaderClosed(response) if err != nil { - return types.ContainerPathStat{}, wrapResponseError(err, response, "container:path", containerID+":"+path) + return types.ContainerPathStat{}, err } return getContainerPathStatFromHeader(response.header) } @@ -47,7 +47,7 @@ func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath str response, err := cli.putRaw(ctx, apiPath, query, content, nil) defer ensureReaderClosed(response) if err != nil { - return wrapResponseError(err, response, "container:path", containerID+":"+dstPath) + return err } // TODO this code converts non-error status-codes (e.g., "204 No Content") into an error; verify if this is the desired behavior @@ -67,7 +67,7 @@ func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath s apiPath := "/containers/" + containerID + "/archive" response, err := cli.get(ctx, apiPath, query, nil) if err != nil { - return nil, types.ContainerPathStat{}, wrapResponseError(err, response, "container:path", containerID+":"+srcPath) + return nil, types.ContainerPathStat{}, err } // TODO this code converts non-error status-codes (e.g., "204 No Content") into an error; verify if this is the desired behavior diff --git a/vendor/github.com/docker/docker/client/container_inspect.go b/vendor/github.com/docker/docker/client/container_inspect.go index 43db32bd973a..d48f0d3a6856 100644 --- a/vendor/github.com/docker/docker/client/container_inspect.go +++ b/vendor/github.com/docker/docker/client/container_inspect.go @@ -18,7 +18,7 @@ func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (ty serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", nil, nil) defer ensureReaderClosed(serverResp) if err != nil { - return types.ContainerJSON{}, wrapResponseError(err, serverResp, "container", containerID) + return types.ContainerJSON{}, err } var response types.ContainerJSON @@ -38,7 +38,7 @@ func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID stri serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil) defer ensureReaderClosed(serverResp) if err != nil { - return types.ContainerJSON{}, nil, wrapResponseError(err, serverResp, "container", containerID) + return types.ContainerJSON{}, nil, err } body, err := io.ReadAll(serverResp.body) diff --git a/vendor/github.com/docker/docker/client/container_logs.go b/vendor/github.com/docker/docker/client/container_logs.go index 5b6541f03596..e9ae2f680fd5 100644 --- a/vendor/github.com/docker/docker/client/container_logs.go +++ b/vendor/github.com/docker/docker/client/container_logs.go @@ -74,7 +74,7 @@ func (cli *Client) ContainerLogs(ctx context.Context, container string, options resp, err := cli.get(ctx, "/containers/"+container+"/logs", query, nil) if err != nil { - return nil, wrapResponseError(err, resp, "container", container) + return nil, err } return resp.body, nil } diff --git a/vendor/github.com/docker/docker/client/container_remove.go b/vendor/github.com/docker/docker/client/container_remove.go index df81461b889c..c21de609b0b7 100644 --- a/vendor/github.com/docker/docker/client/container_remove.go +++ b/vendor/github.com/docker/docker/client/container_remove.go @@ -23,5 +23,5 @@ func (cli *Client) ContainerRemove(ctx context.Context, containerID string, opti resp, err := cli.delete(ctx, "/containers/"+containerID, query, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "container", containerID) + return err } diff --git a/vendor/github.com/docker/docker/client/envvars.go b/vendor/github.com/docker/docker/client/envvars.go new file mode 100644 index 000000000000..61dd45c1d721 --- /dev/null +++ b/vendor/github.com/docker/docker/client/envvars.go @@ -0,0 +1,90 @@ +package client // import "github.com/docker/docker/client" + +const ( + // EnvOverrideHost is the name of the environment variable that can be used + // to override the default host to connect to (DefaultDockerHost). + // + // This env-var is read by FromEnv and WithHostFromEnv and when set to a + // non-empty value, takes precedence over the default host (which is platform + // specific), or any host already set. + EnvOverrideHost = "DOCKER_HOST" + + // EnvOverrideAPIVersion is the name of the environment variable that can + // be used to override the API version to use. Value should be + // formatted as MAJOR.MINOR, for example, "1.19". + // + // This env-var is read by FromEnv and WithVersionFromEnv and when set to a + // non-empty value, takes precedence over API version negotiation. + // + // This environment variable should be used for debugging purposes only, as + // it can set the client to use an incompatible (or invalid) API version. + EnvOverrideAPIVersion = "DOCKER_API_VERSION" + + // EnvOverrideCertPath is the name of the environment variable that can be + // used to specify the directory from which to load the TLS certificates + // (ca.pem, cert.pem, key.pem) from. These certificates are used to configure + // the Client for a TCP connection protected by TLS client authentication. + // + // TLS certificate verification is enabled by default if the Client is configured + // to use a TLS connection. Refer to EnvTLSVerify below to learn how to + // disable verification for testing purposes. + // + // WARNING: Access to the remote API is equivalent to root access to the + // host where the daemon runs. Do not expose the API without protection, + // and only if needed. Make sure you are familiar with the "daemon attack + // surface" (https://docs.docker.com/go/attack-surface/). + // + // For local access to the API, it is recommended to connect with the daemon + // using the default local socket connection (on Linux), or the named pipe + // (on Windows). + // + // If you need to access the API of a remote daemon, consider using an SSH + // (ssh://) connection, which is easier to set up, and requires no additional + // configuration if the host is accessible using ssh. + // + // If you cannot use the alternatives above, and you must expose the API over + // a TCP connection, refer to https://docs.docker.com/engine/security/protect-access/ + // to learn how to configure the daemon and client to use a TCP connection + // with TLS client authentication. Make sure you know the differences between + // a regular TLS connection and a TLS connection protected by TLS client + // authentication, and verify that the API cannot be accessed by other clients. + EnvOverrideCertPath = "DOCKER_CERT_PATH" + + // EnvTLSVerify is the name of the environment variable that can be used to + // enable or disable TLS certificate verification. When set to a non-empty + // value, TLS certificate verification is enabled, and the client is configured + // to use a TLS connection, using certificates from the default directories + // (within `~/.docker`); refer to EnvOverrideCertPath above for additional + // details. + // + // WARNING: Access to the remote API is equivalent to root access to the + // host where the daemon runs. Do not expose the API without protection, + // and only if needed. Make sure you are familiar with the "daemon attack + // surface" (https://docs.docker.com/go/attack-surface/). + // + // Before setting up your client and daemon to use a TCP connection with TLS + // client authentication, consider using one of the alternatives mentioned + // in EnvOverrideCertPath above. + // + // Disabling TLS certificate verification (for testing purposes) + // + // TLS certificate verification is enabled by default if the Client is configured + // to use a TLS connection, and it is highly recommended to keep verification + // enabled to prevent machine-in-the-middle attacks. Refer to the documentation + // at https://docs.docker.com/engine/security/protect-access/ and pages linked + // from that page to learn how to configure the daemon and client to use a + // TCP connection with TLS client authentication enabled. + // + // Set the "DOCKER_TLS_VERIFY" environment to an empty string ("") to + // disable TLS certificate verification. Disabling verification is insecure, + // so should only be done for testing purposes. From the Go documentation + // (https://pkg.go.dev/crypto/tls#Config): + // + // InsecureSkipVerify controls whether a client verifies the server's + // certificate chain and host name. If InsecureSkipVerify is true, crypto/tls + // accepts any certificate presented by the server and any host name in that + // certificate. In this mode, TLS is susceptible to machine-in-the-middle + // attacks unless custom verification is used. This should be used only for + // testing or in combination with VerifyConnection or VerifyPeerCertificate. + EnvTLSVerify = "DOCKER_TLS_VERIFY" +) diff --git a/vendor/github.com/docker/docker/client/errors.go b/vendor/github.com/docker/docker/client/errors.go index 041bc8d49c44..257921cebbd1 100644 --- a/vendor/github.com/docker/docker/client/errors.go +++ b/vendor/github.com/docker/docker/client/errors.go @@ -2,7 +2,6 @@ package client // import "github.com/docker/docker/client" import ( "fmt" - "net/http" "github.com/docker/docker/api/types/versions" "github.com/docker/docker/errdefs" @@ -59,19 +58,6 @@ func (e objectNotFoundError) Error() string { return fmt.Sprintf("Error: No such %s: %s", e.object, e.id) } -func wrapResponseError(err error, resp serverResponse, object, id string) error { - switch { - case err == nil: - return nil - case resp.statusCode == http.StatusNotFound: - return objectNotFoundError{object: object, id: id} - case resp.statusCode == http.StatusNotImplemented: - return errdefs.NotImplemented(err) - default: - return err - } -} - // unauthorizedError represents an authorization error in a remote registry. type unauthorizedError struct { cause error diff --git a/vendor/github.com/docker/docker/client/image_inspect.go b/vendor/github.com/docker/docker/client/image_inspect.go index 03aa12d8b4cd..1de10e5a0802 100644 --- a/vendor/github.com/docker/docker/client/image_inspect.go +++ b/vendor/github.com/docker/docker/client/image_inspect.go @@ -17,7 +17,7 @@ func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (typ serverResp, err := cli.get(ctx, "/images/"+imageID+"/json", nil, nil) defer ensureReaderClosed(serverResp) if err != nil { - return types.ImageInspect{}, nil, wrapResponseError(err, serverResp, "image", imageID) + return types.ImageInspect{}, nil, err } body, err := io.ReadAll(serverResp.body) diff --git a/vendor/github.com/docker/docker/client/image_remove.go b/vendor/github.com/docker/docker/client/image_remove.go index 84a41af0f2ca..6a9fb3f41f53 100644 --- a/vendor/github.com/docker/docker/client/image_remove.go +++ b/vendor/github.com/docker/docker/client/image_remove.go @@ -23,7 +23,7 @@ func (cli *Client) ImageRemove(ctx context.Context, imageID string, options type resp, err := cli.delete(ctx, "/images/"+imageID, query, nil) defer ensureReaderClosed(resp) if err != nil { - return dels, wrapResponseError(err, resp, "image", imageID) + return dels, err } err = json.NewDecoder(resp.body).Decode(&dels) diff --git a/vendor/github.com/docker/docker/client/image_search.go b/vendor/github.com/docker/docker/client/image_search.go index 5f40a22a964c..e69fa372258b 100644 --- a/vendor/github.com/docker/docker/client/image_search.go +++ b/vendor/github.com/docker/docker/client/image_search.go @@ -3,8 +3,8 @@ package client // import "github.com/docker/docker/client" import ( "context" "encoding/json" - "fmt" "net/url" + "strconv" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" @@ -18,7 +18,9 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I var results []registry.SearchResult query := url.Values{} query.Set("term", term) - query.Set("limit", fmt.Sprintf("%d", options.Limit)) + if options.Limit > 0 { + query.Set("limit", strconv.Itoa(options.Limit)) + } if options.Filters.Len() > 0 { filterJSON, err := filters.ToJSON(options.Filters) diff --git a/vendor/github.com/docker/docker/client/network_inspect.go b/vendor/github.com/docker/docker/client/network_inspect.go index ecf20ceb6e46..0f90e2bb9028 100644 --- a/vendor/github.com/docker/docker/client/network_inspect.go +++ b/vendor/github.com/docker/docker/client/network_inspect.go @@ -36,7 +36,7 @@ func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, resp, err = cli.get(ctx, "/networks/"+networkID, query, nil) defer ensureReaderClosed(resp) if err != nil { - return networkResource, nil, wrapResponseError(err, resp, "network", networkID) + return networkResource, nil, err } body, err := io.ReadAll(resp.body) diff --git a/vendor/github.com/docker/docker/client/network_remove.go b/vendor/github.com/docker/docker/client/network_remove.go index e71b16d86929..9d6c6cef0781 100644 --- a/vendor/github.com/docker/docker/client/network_remove.go +++ b/vendor/github.com/docker/docker/client/network_remove.go @@ -6,5 +6,5 @@ import "context" func (cli *Client) NetworkRemove(ctx context.Context, networkID string) error { resp, err := cli.delete(ctx, "/networks/"+networkID, nil, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "network", networkID) + return err } diff --git a/vendor/github.com/docker/docker/client/node_inspect.go b/vendor/github.com/docker/docker/client/node_inspect.go index b58db528567b..95ab9b1be061 100644 --- a/vendor/github.com/docker/docker/client/node_inspect.go +++ b/vendor/github.com/docker/docker/client/node_inspect.go @@ -17,7 +17,7 @@ func (cli *Client) NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm serverResp, err := cli.get(ctx, "/nodes/"+nodeID, nil, nil) defer ensureReaderClosed(serverResp) if err != nil { - return swarm.Node{}, nil, wrapResponseError(err, serverResp, "node", nodeID) + return swarm.Node{}, nil, err } body, err := io.ReadAll(serverResp.body) diff --git a/vendor/github.com/docker/docker/client/node_remove.go b/vendor/github.com/docker/docker/client/node_remove.go index 03ab87809741..e44436debc3f 100644 --- a/vendor/github.com/docker/docker/client/node_remove.go +++ b/vendor/github.com/docker/docker/client/node_remove.go @@ -16,5 +16,5 @@ func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options types. resp, err := cli.delete(ctx, "/nodes/"+nodeID, query, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "node", nodeID) + return err } diff --git a/vendor/github.com/docker/docker/client/options.go b/vendor/github.com/docker/docker/client/options.go index 77a9abc14198..98d96f792e99 100644 --- a/vendor/github.com/docker/docker/client/options.go +++ b/vendor/github.com/docker/docker/client/options.go @@ -18,11 +18,18 @@ type Opt func(*Client) error // FromEnv configures the client with values from environment variables. // -// Supported environment variables: -// DOCKER_HOST to set the url to the docker server. -// DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest. -// DOCKER_CERT_PATH to load the TLS certificates from. -// DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default. +// FromEnv uses the following environment variables: +// +// DOCKER_HOST (EnvOverrideHost) to set the URL to the docker server. +// +// DOCKER_API_VERSION (EnvOverrideAPIVersion) to set the version of the API to +// use, leave empty for latest. +// +// DOCKER_CERT_PATH (EnvOverrideCertPath) to specify the directory from which to +// load the TLS certificates (ca.pem, cert.pem, key.pem). +// +// DOCKER_TLS_VERIFY (EnvTLSVerify) to enable or disable TLS verification (off by +// default). func FromEnv(c *Client) error { ops := []Opt{ WithTLSClientConfigFromEnv(), @@ -75,11 +82,11 @@ func WithHost(host string) Opt { } // WithHostFromEnv overrides the client host with the host specified in the -// DOCKER_HOST environment variable. If DOCKER_HOST is not set, the host is -// not modified. +// DOCKER_HOST (EnvOverrideHost) environment variable. If DOCKER_HOST is not set, +// or set to an empty value, the host is not modified. func WithHostFromEnv() Opt { return func(c *Client) error { - if host := os.Getenv("DOCKER_HOST"); host != "" { + if host := os.Getenv(EnvOverrideHost); host != "" { return WithHost(host)(c) } return nil @@ -145,12 +152,16 @@ func WithTLSClientConfig(cacertPath, certPath, keyPath string) Opt { // settings in the DOCKER_CERT_PATH and DOCKER_TLS_VERIFY environment variables. // If DOCKER_CERT_PATH is not set or empty, TLS configuration is not modified. // -// Supported environment variables: -// DOCKER_CERT_PATH directory to load the TLS certificates (ca.pem, cert.pem, key.pem) from. -// DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default. +// WithTLSClientConfigFromEnv uses the following environment variables: +// +// DOCKER_CERT_PATH (EnvOverrideCertPath) to specify the directory from which to +// load the TLS certificates (ca.pem, cert.pem, key.pem). +// +// DOCKER_TLS_VERIFY (EnvTLSVerify) to enable or disable TLS verification (off by +// default). func WithTLSClientConfigFromEnv() Opt { return func(c *Client) error { - dockerCertPath := os.Getenv("DOCKER_CERT_PATH") + dockerCertPath := os.Getenv(EnvOverrideCertPath) if dockerCertPath == "" { return nil } @@ -158,7 +169,7 @@ func WithTLSClientConfigFromEnv() Opt { CAFile: filepath.Join(dockerCertPath, "ca.pem"), CertFile: filepath.Join(dockerCertPath, "cert.pem"), KeyFile: filepath.Join(dockerCertPath, "key.pem"), - InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "", + InsecureSkipVerify: os.Getenv(EnvTLSVerify) == "", } tlsc, err := tlsconfig.Client(options) if err != nil { @@ -190,10 +201,7 @@ func WithVersion(version string) Opt { // the version is not modified. func WithVersionFromEnv() Opt { return func(c *Client) error { - if version := os.Getenv("DOCKER_API_VERSION"); version != "" { - return WithVersion(version)(c) - } - return nil + return WithVersion(os.Getenv(EnvOverrideAPIVersion))(c) } } diff --git a/vendor/github.com/docker/docker/client/ping.go b/vendor/github.com/docker/docker/client/ping.go index a9af001ef46b..27e8695cb547 100644 --- a/vendor/github.com/docker/docker/client/ping.go +++ b/vendor/github.com/docker/docker/client/ping.go @@ -4,8 +4,10 @@ import ( "context" "net/http" "path" + "strings" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/swarm" "github.com/docker/docker/errdefs" ) @@ -61,6 +63,13 @@ func parsePingResponse(cli *Client, resp serverResponse) (types.Ping, error) { if bv := resp.header.Get("Builder-Version"); bv != "" { ping.BuilderVersion = types.BuilderVersion(bv) } + if si := resp.header.Get("Swarm"); si != "" { + parts := strings.SplitN(si, "/", 2) + ping.SwarmStatus = &swarm.Status{ + NodeState: swarm.LocalNodeState(parts[0]), + ControlAvailable: len(parts) == 2 && parts[1] == "manager", + } + } err := cli.checkResponseErr(resp) return ping, errdefs.FromStatusCode(err, resp.statusCode) } diff --git a/vendor/github.com/docker/docker/client/plugin_inspect.go b/vendor/github.com/docker/docker/client/plugin_inspect.go index 4a90bec51a0c..f09e460660b0 100644 --- a/vendor/github.com/docker/docker/client/plugin_inspect.go +++ b/vendor/github.com/docker/docker/client/plugin_inspect.go @@ -17,7 +17,7 @@ func (cli *Client) PluginInspectWithRaw(ctx context.Context, name string) (*type resp, err := cli.get(ctx, "/plugins/"+name+"/json", nil, nil) defer ensureReaderClosed(resp) if err != nil { - return nil, nil, wrapResponseError(err, resp, "plugin", name) + return nil, nil, err } body, err := io.ReadAll(resp.body) diff --git a/vendor/github.com/docker/docker/client/plugin_list.go b/vendor/github.com/docker/docker/client/plugin_list.go index cf1935e2f5ee..2091a054d6ac 100644 --- a/vendor/github.com/docker/docker/client/plugin_list.go +++ b/vendor/github.com/docker/docker/client/plugin_list.go @@ -25,7 +25,7 @@ func (cli *Client) PluginList(ctx context.Context, filter filters.Args) (types.P resp, err := cli.get(ctx, "/plugins", query, nil) defer ensureReaderClosed(resp) if err != nil { - return plugins, wrapResponseError(err, resp, "plugin", "") + return plugins, err } err = json.NewDecoder(resp.body).Decode(&plugins) diff --git a/vendor/github.com/docker/docker/client/plugin_remove.go b/vendor/github.com/docker/docker/client/plugin_remove.go index 51ca1040d6d2..4cd66958c3fe 100644 --- a/vendor/github.com/docker/docker/client/plugin_remove.go +++ b/vendor/github.com/docker/docker/client/plugin_remove.go @@ -16,5 +16,5 @@ func (cli *Client) PluginRemove(ctx context.Context, name string, options types. resp, err := cli.delete(ctx, "/plugins/"+name, query, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "plugin", name) + return err } diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go index f0fd4e77afd7..3e4911e57f71 100644 --- a/vendor/github.com/docker/docker/client/request.go +++ b/vendor/github.com/docker/docker/client/request.go @@ -238,14 +238,14 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request // Add CLI Config's HTTP Headers BEFORE we set the Docker headers // then the user can't change OUR headers for k, v := range cli.customHTTPHeaders { - if versions.LessThan(cli.version, "1.25") && k == "User-Agent" { + if versions.LessThan(cli.version, "1.25") && http.CanonicalHeaderKey(k) == "User-Agent" { continue } req.Header.Set(k, v) } for k, v := range headers { - req.Header[k] = v + req.Header[http.CanonicalHeaderKey(k)] = v } return req } diff --git a/vendor/github.com/docker/docker/client/secret_inspect.go b/vendor/github.com/docker/docker/client/secret_inspect.go index c07c9550d448..5906874b15d2 100644 --- a/vendor/github.com/docker/docker/client/secret_inspect.go +++ b/vendor/github.com/docker/docker/client/secret_inspect.go @@ -20,7 +20,7 @@ func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.S resp, err := cli.get(ctx, "/secrets/"+id, nil, nil) defer ensureReaderClosed(resp) if err != nil { - return swarm.Secret{}, nil, wrapResponseError(err, resp, "secret", id) + return swarm.Secret{}, nil, err } body, err := io.ReadAll(resp.body) diff --git a/vendor/github.com/docker/docker/client/secret_remove.go b/vendor/github.com/docker/docker/client/secret_remove.go index f6c69e57f850..f47f68b6e0c9 100644 --- a/vendor/github.com/docker/docker/client/secret_remove.go +++ b/vendor/github.com/docker/docker/client/secret_remove.go @@ -9,5 +9,5 @@ func (cli *Client) SecretRemove(ctx context.Context, id string) error { } resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "secret", id) + return err } diff --git a/vendor/github.com/docker/docker/client/service_create.go b/vendor/github.com/docker/docker/client/service_create.go index a07315f71fe2..23024d0f8fbb 100644 --- a/vendor/github.com/docker/docker/client/service_create.go +++ b/vendor/github.com/docker/docker/client/service_create.go @@ -9,7 +9,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/swarm" - digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest" "github.com/pkg/errors" ) diff --git a/vendor/github.com/docker/docker/client/service_inspect.go b/vendor/github.com/docker/docker/client/service_inspect.go index c5368bab1e3c..cee020c98bc5 100644 --- a/vendor/github.com/docker/docker/client/service_inspect.go +++ b/vendor/github.com/docker/docker/client/service_inspect.go @@ -22,7 +22,7 @@ func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string, serverResp, err := cli.get(ctx, "/services/"+serviceID, query, nil) defer ensureReaderClosed(serverResp) if err != nil { - return swarm.Service{}, nil, wrapResponseError(err, serverResp, "service", serviceID) + return swarm.Service{}, nil, err } body, err := io.ReadAll(serverResp.body) diff --git a/vendor/github.com/docker/docker/client/service_remove.go b/vendor/github.com/docker/docker/client/service_remove.go index 953a2adf5aec..2c46326ebcf3 100644 --- a/vendor/github.com/docker/docker/client/service_remove.go +++ b/vendor/github.com/docker/docker/client/service_remove.go @@ -6,5 +6,5 @@ import "context" func (cli *Client) ServiceRemove(ctx context.Context, serviceID string) error { resp, err := cli.delete(ctx, "/services/"+serviceID, nil, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "service", serviceID) + return err } diff --git a/vendor/github.com/docker/docker/client/task_inspect.go b/vendor/github.com/docker/docker/client/task_inspect.go index 410fc526e268..dde1f6c59d32 100644 --- a/vendor/github.com/docker/docker/client/task_inspect.go +++ b/vendor/github.com/docker/docker/client/task_inspect.go @@ -17,7 +17,7 @@ func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm serverResp, err := cli.get(ctx, "/tasks/"+taskID, nil, nil) defer ensureReaderClosed(serverResp) if err != nil { - return swarm.Task{}, nil, wrapResponseError(err, serverResp, "task", taskID) + return swarm.Task{}, nil, err } body, err := io.ReadAll(serverResp.body) diff --git a/vendor/github.com/docker/docker/client/volume_inspect.go b/vendor/github.com/docker/docker/client/volume_inspect.go index 5c5b3f905c54..070209b35e17 100644 --- a/vendor/github.com/docker/docker/client/volume_inspect.go +++ b/vendor/github.com/docker/docker/client/volume_inspect.go @@ -25,7 +25,7 @@ func (cli *Client) VolumeInspectWithRaw(ctx context.Context, volumeID string) (t resp, err := cli.get(ctx, "/volumes/"+volumeID, nil, nil) defer ensureReaderClosed(resp) if err != nil { - return volume, nil, wrapResponseError(err, resp, "volume", volumeID) + return volume, nil, err } body, err := io.ReadAll(resp.body) diff --git a/vendor/github.com/docker/docker/client/volume_remove.go b/vendor/github.com/docker/docker/client/volume_remove.go index 79decdafab88..1f264383606e 100644 --- a/vendor/github.com/docker/docker/client/volume_remove.go +++ b/vendor/github.com/docker/docker/client/volume_remove.go @@ -17,5 +17,5 @@ func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool } resp, err := cli.delete(ctx, "/volumes/"+volumeID, query, nil) defer ensureReaderClosed(resp) - return wrapResponseError(err, resp, "volume", volumeID) + return err } diff --git a/vendor/github.com/docker/docker/errdefs/http_helpers.go b/vendor/github.com/docker/docker/errdefs/http_helpers.go index 73576f1c6e44..5afe486779db 100644 --- a/vendor/github.com/docker/docker/errdefs/http_helpers.go +++ b/vendor/github.com/docker/docker/errdefs/http_helpers.go @@ -1,78 +1,11 @@ package errdefs // import "github.com/docker/docker/errdefs" import ( - "fmt" "net/http" - containerderrors "github.com/containerd/containerd/errdefs" - "github.com/docker/distribution/registry/api/errcode" "github.com/sirupsen/logrus" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) -// GetHTTPErrorStatusCode retrieves status code from error message. -func GetHTTPErrorStatusCode(err error) int { - if err == nil { - logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling") - return http.StatusInternalServerError - } - - var statusCode int - - // Stop right there - // Are you sure you should be adding a new error class here? Do one of the existing ones work? - - // Note that the below functions are already checking the error causal chain for matches. - switch { - case IsNotFound(err): - statusCode = http.StatusNotFound - case IsInvalidParameter(err): - statusCode = http.StatusBadRequest - case IsConflict(err): - statusCode = http.StatusConflict - case IsUnauthorized(err): - statusCode = http.StatusUnauthorized - case IsUnavailable(err): - statusCode = http.StatusServiceUnavailable - case IsForbidden(err): - statusCode = http.StatusForbidden - case IsNotModified(err): - statusCode = http.StatusNotModified - case IsNotImplemented(err): - statusCode = http.StatusNotImplemented - case IsSystem(err) || IsUnknown(err) || IsDataLoss(err) || IsDeadline(err) || IsCancelled(err): - statusCode = http.StatusInternalServerError - default: - statusCode = statusCodeFromGRPCError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - statusCode = statusCodeFromContainerdError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - statusCode = statusCodeFromDistributionError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - if e, ok := err.(causer); ok { - return GetHTTPErrorStatusCode(e.Cause()) - } - - logrus.WithFields(logrus.Fields{ - "module": "api", - "error_type": fmt.Sprintf("%T", err), - }).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err) - } - - if statusCode == 0 { - statusCode = http.StatusInternalServerError - } - - return statusCode -} - // FromStatusCode creates an errdef error, based on the provided HTTP status-code func FromStatusCode(err error, statusCode int) error { if err == nil { @@ -118,74 +51,3 @@ func FromStatusCode(err error, statusCode int) error { } return err } - -// statusCodeFromGRPCError returns status code according to gRPC error -func statusCodeFromGRPCError(err error) int { - switch status.Code(err) { - case codes.InvalidArgument: // code 3 - return http.StatusBadRequest - case codes.NotFound: // code 5 - return http.StatusNotFound - case codes.AlreadyExists: // code 6 - return http.StatusConflict - case codes.PermissionDenied: // code 7 - return http.StatusForbidden - case codes.FailedPrecondition: // code 9 - return http.StatusBadRequest - case codes.Unauthenticated: // code 16 - return http.StatusUnauthorized - case codes.OutOfRange: // code 11 - return http.StatusBadRequest - case codes.Unimplemented: // code 12 - return http.StatusNotImplemented - case codes.Unavailable: // code 14 - return http.StatusServiceUnavailable - default: - // codes.Canceled(1) - // codes.Unknown(2) - // codes.DeadlineExceeded(4) - // codes.ResourceExhausted(8) - // codes.Aborted(10) - // codes.Internal(13) - // codes.DataLoss(15) - return http.StatusInternalServerError - } -} - -// statusCodeFromDistributionError returns status code according to registry errcode -// code is loosely based on errcode.ServeJSON() in docker/distribution -func statusCodeFromDistributionError(err error) int { - switch errs := err.(type) { - case errcode.Errors: - if len(errs) < 1 { - return http.StatusInternalServerError - } - if _, ok := errs[0].(errcode.ErrorCoder); ok { - return statusCodeFromDistributionError(errs[0]) - } - case errcode.ErrorCoder: - return errs.ErrorCode().Descriptor().HTTPStatusCode - } - return http.StatusInternalServerError -} - -// statusCodeFromContainerdError returns status code for containerd errors when -// consumed directly (not through gRPC) -func statusCodeFromContainerdError(err error) int { - switch { - case containerderrors.IsInvalidArgument(err): - return http.StatusBadRequest - case containerderrors.IsNotFound(err): - return http.StatusNotFound - case containerderrors.IsAlreadyExists(err): - return http.StatusConflict - case containerderrors.IsFailedPrecondition(err): - return http.StatusPreconditionFailed - case containerderrors.IsUnavailable(err): - return http.StatusServiceUnavailable - case containerderrors.IsNotImplemented(err): - return http.StatusNotImplemented - default: - return http.StatusInternalServerError - } -} diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go index a9fd1e955205..986f01449168 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive.go @@ -40,8 +40,7 @@ type ( ExcludePatterns []string Compression Compression NoLchown bool - UIDMaps []idtools.IDMap - GIDMaps []idtools.IDMap + IDMap idtools.IdentityMapping ChownOpts *idtools.Identity IncludeSourceDir bool // WhiteoutFormat is the expected on disk format for whiteout files. @@ -63,12 +62,12 @@ type ( // mappings for untar, an Archiver can be created with maps which will then be passed to Untar operations. type Archiver struct { Untar func(io.Reader, string, *TarOptions) error - IDMapping *idtools.IdentityMapping + IDMapping idtools.IdentityMapping } // NewDefaultArchiver returns a new Archiver without any IdentityMapping func NewDefaultArchiver() *Archiver { - return &Archiver{Untar: Untar, IDMapping: &idtools.IdentityMapping{}} + return &Archiver{Untar: Untar} } // breakoutError is used to differentiate errors related to breaking out @@ -534,7 +533,7 @@ type tarAppender struct { // for hardlink mapping SeenFiles map[uint64]string - IdentityMapping *idtools.IdentityMapping + IdentityMapping idtools.IdentityMapping ChownOpts *idtools.Identity // For packing and unpacking whiteout files in the @@ -544,7 +543,7 @@ type tarAppender struct { WhiteoutConverter tarWhiteoutConverter } -func newTarAppender(idMapping *idtools.IdentityMapping, writer io.Writer, chownOpts *idtools.Identity) *tarAppender { +func newTarAppender(idMapping idtools.IdentityMapping, writer io.Writer, chownOpts *idtools.Identity) *tarAppender { return &tarAppender{ SeenFiles: make(map[uint64]string), TarWriter: tar.NewWriter(writer), @@ -860,7 +859,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error) go func() { ta := newTarAppender( - idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps), + options.IDMap, compressWriter, options.ChownOpts, ) @@ -1044,8 +1043,7 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err defer pools.BufioReader32KPool.Put(trBuf) var dirs []*tar.Header - idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) - rootIDs := idMapping.RootPair() + rootIDs := options.IDMap.RootPair() whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS) if err != nil { return err @@ -1134,7 +1132,7 @@ loop: } trBuf.Reset(tr) - if err := remapIDs(idMapping, hdr); err != nil { + if err := remapIDs(options.IDMap, hdr); err != nil { return err } @@ -1221,8 +1219,7 @@ func (archiver *Archiver) TarUntar(src, dst string) error { } defer archive.Close() options := &TarOptions{ - UIDMaps: archiver.IDMapping.UIDs(), - GIDMaps: archiver.IDMapping.GIDs(), + IDMap: archiver.IDMapping, } return archiver.Untar(archive, dst, options) } @@ -1235,8 +1232,7 @@ func (archiver *Archiver) UntarPath(src, dst string) error { } defer archive.Close() options := &TarOptions{ - UIDMaps: archiver.IDMapping.UIDs(), - GIDMaps: archiver.IDMapping.GIDs(), + IDMap: archiver.IDMapping, } return archiver.Untar(archive, dst, options) } @@ -1343,11 +1339,11 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { } // IdentityMapping returns the IdentityMapping of the archiver. -func (archiver *Archiver) IdentityMapping() *idtools.IdentityMapping { +func (archiver *Archiver) IdentityMapping() idtools.IdentityMapping { return archiver.IDMapping } -func remapIDs(idMapping *idtools.IdentityMapping, hdr *tar.Header) error { +func remapIDs(idMapping idtools.IdentityMapping, hdr *tar.Header) error { ids, err := idMapping.ToHost(idtools.Identity{UID: hdr.Uid, GID: hdr.Gid}) hdr.Uid, hdr.Gid = ids.UID, ids.GID return err diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go index a0f25942c14f..9ad7d7efb8d2 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes.go @@ -394,10 +394,10 @@ func ChangesSize(newDir string, changes []Change) int64 { } // ExportChanges produces an Archive from the provided changes, relative to dir. -func ExportChanges(dir string, changes []Change, uidMaps, gidMaps []idtools.IDMap) (io.ReadCloser, error) { +func ExportChanges(dir string, changes []Change, idMap idtools.IdentityMapping) (io.ReadCloser, error) { reader, writer := io.Pipe() go func() { - ta := newTarAppender(idtools.NewIDMappingsFromMaps(uidMaps, gidMaps), writer, nil) + ta := newTarAppender(idMap, writer, nil) // this buffer is needed for the duration of this piped stream defer pools.BufioWriter32KPool.Put(ta.Buffer) diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go index 6174bc2af43a..f83d126fafe6 100644 --- a/vendor/github.com/docker/docker/pkg/archive/diff.go +++ b/vendor/github.com/docker/docker/pkg/archive/diff.go @@ -9,7 +9,6 @@ import ( "runtime" "strings" - "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/pools" "github.com/docker/docker/pkg/system" "github.com/sirupsen/logrus" @@ -32,7 +31,6 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, if options.ExcludePatterns == nil { options.ExcludePatterns = []string{} } - idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) aufsTempdir := "" aufsHardlinks := make(map[string]*tar.Header) @@ -192,7 +190,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, srcData = tmpFile } - if err := remapIDs(idMapping, srcHdr); err != nil { + if err := remapIDs(options.IDMap, srcHdr); err != nil { return 0, err } diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go index 25a57b231e01..1e0a89004a98 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools.go @@ -108,70 +108,72 @@ type Identity struct { SID string } -// IdentityMapping contains a mappings of UIDs and GIDs -type IdentityMapping struct { - uids []IDMap - gids []IDMap +// Chown changes the numeric uid and gid of the named file to id.UID and id.GID. +func (id Identity) Chown(name string) error { + return os.Chown(name, id.UID, id.GID) } -// NewIDMappingsFromMaps creates a new mapping from two slices -// Deprecated: this is a temporary shim while transitioning to IDMapping -func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping { - return &IdentityMapping{uids: uids, gids: gids} +// IdentityMapping contains a mappings of UIDs and GIDs. +// The zero value represents an empty mapping. +type IdentityMapping struct { + UIDMaps []IDMap `json:"UIDMaps"` + GIDMaps []IDMap `json:"GIDMaps"` } // RootPair returns a uid and gid pair for the root user. The error is ignored // because a root user always exists, and the defaults are correct when the uid // and gid maps are empty. -func (i *IdentityMapping) RootPair() Identity { - uid, gid, _ := GetRootUIDGID(i.uids, i.gids) +func (i IdentityMapping) RootPair() Identity { + uid, gid, _ := GetRootUIDGID(i.UIDMaps, i.GIDMaps) return Identity{UID: uid, GID: gid} } // ToHost returns the host UID and GID for the container uid, gid. // Remapping is only performed if the ids aren't already the remapped root ids -func (i *IdentityMapping) ToHost(pair Identity) (Identity, error) { +func (i IdentityMapping) ToHost(pair Identity) (Identity, error) { var err error target := i.RootPair() if pair.UID != target.UID { - target.UID, err = toHost(pair.UID, i.uids) + target.UID, err = toHost(pair.UID, i.UIDMaps) if err != nil { return target, err } } if pair.GID != target.GID { - target.GID, err = toHost(pair.GID, i.gids) + target.GID, err = toHost(pair.GID, i.GIDMaps) } return target, err } // ToContainer returns the container UID and GID for the host uid and gid -func (i *IdentityMapping) ToContainer(pair Identity) (int, int, error) { - uid, err := toContainer(pair.UID, i.uids) +func (i IdentityMapping) ToContainer(pair Identity) (int, int, error) { + uid, err := toContainer(pair.UID, i.UIDMaps) if err != nil { return -1, -1, err } - gid, err := toContainer(pair.GID, i.gids) + gid, err := toContainer(pair.GID, i.GIDMaps) return uid, gid, err } // Empty returns true if there are no id mappings -func (i *IdentityMapping) Empty() bool { - return len(i.uids) == 0 && len(i.gids) == 0 +func (i IdentityMapping) Empty() bool { + return len(i.UIDMaps) == 0 && len(i.GIDMaps) == 0 } -// UIDs return the UID mapping -// TODO: remove this once everything has been refactored to use pairs -func (i *IdentityMapping) UIDs() []IDMap { - return i.uids +// UIDs returns the mapping for UID. +// +// Deprecated: reference the UIDMaps field directly. +func (i IdentityMapping) UIDs() []IDMap { + return i.UIDMaps } -// GIDs return the UID mapping -// TODO: remove this once everything has been refactored to use pairs -func (i *IdentityMapping) GIDs() []IDMap { - return i.gids +// GIDs returns the mapping for GID. +// +// Deprecated: reference the GIDMaps field directly. +func (i IdentityMapping) GIDs() []IDMap { + return i.GIDMaps } func createIDMap(subidRanges ranges) []IDMap { diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go index ceec0339b567..7a7ccc3e42c5 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go @@ -240,24 +240,37 @@ func setPermissions(p string, mode os.FileMode, uid, gid int, stat *system.StatT // NewIdentityMapping takes a requested username and // using the data from /etc/sub{uid,gid} ranges, creates the // proper uid and gid remapping ranges for that user/group pair +// +// Deprecated: Use LoadIdentityMapping. func NewIdentityMapping(name string) (*IdentityMapping, error) { + m, err := LoadIdentityMapping(name) + if err != nil { + return nil, err + } + return &m, err +} + +// LoadIdentityMapping takes a requested username and +// using the data from /etc/sub{uid,gid} ranges, creates the +// proper uid and gid remapping ranges for that user/group pair +func LoadIdentityMapping(name string) (IdentityMapping, error) { usr, err := LookupUser(name) if err != nil { - return nil, fmt.Errorf("Could not get user for username %s: %v", name, err) + return IdentityMapping{}, fmt.Errorf("Could not get user for username %s: %v", name, err) } subuidRanges, err := lookupSubUIDRanges(usr) if err != nil { - return nil, err + return IdentityMapping{}, err } subgidRanges, err := lookupSubGIDRanges(usr) if err != nil { - return nil, err + return IdentityMapping{}, err } - return &IdentityMapping{ - uids: subuidRanges, - gids: subgidRanges, + return IdentityMapping{ + UIDMaps: subuidRanges, + GIDMaps: subgidRanges, }, nil } diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go index cd060eff24de..d40773985868 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go @@ -6,8 +6,6 @@ import ( "os" "strconv" "strings" - - units "github.com/docker/go-units" ) // ReadMemInfo retrieves memory statistics of the host system and returns a @@ -42,7 +40,8 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) { if err != nil { continue } - bytes := int64(size) * units.KiB + // Convert to KiB + bytes := int64(size) * 1024 switch parts[0] { case "MemTotal:": diff --git a/vendor/github.com/docker/docker/pkg/system/rm.go b/vendor/github.com/docker/docker/pkg/system/rm.go deleted file mode 100644 index f2d81597c9dc..000000000000 --- a/vendor/github.com/docker/docker/pkg/system/rm.go +++ /dev/null @@ -1,79 +0,0 @@ -//go:build !darwin && !windows -// +build !darwin,!windows - -package system // import "github.com/docker/docker/pkg/system" - -import ( - "os" - "syscall" - "time" - - "github.com/moby/sys/mount" - "github.com/pkg/errors" -) - -// EnsureRemoveAll wraps `os.RemoveAll` to check for specific errors that can -// often be remedied. -// Only use `EnsureRemoveAll` if you really want to make every effort to remove -// a directory. -// -// Because of the way `os.Remove` (and by extension `os.RemoveAll`) works, there -// can be a race between reading directory entries and then actually attempting -// to remove everything in the directory. -// These types of errors do not need to be returned since it's ok for the dir to -// be gone we can just retry the remove operation. -// -// This should not return a `os.ErrNotExist` kind of error under any circumstances -func EnsureRemoveAll(dir string) error { - notExistErr := make(map[string]bool) - - // track retries - exitOnErr := make(map[string]int) - maxRetry := 50 - - // Attempt to unmount anything beneath this dir first - mount.RecursiveUnmount(dir) - - for { - err := os.RemoveAll(dir) - if err == nil { - return nil - } - - pe, ok := err.(*os.PathError) - if !ok { - return err - } - - if os.IsNotExist(err) { - if notExistErr[pe.Path] { - return err - } - notExistErr[pe.Path] = true - - // There is a race where some subdir can be removed but after the parent - // dir entries have been read. - // So the path could be from `os.Remove(subdir)` - // If the reported non-existent path is not the passed in `dir` we - // should just retry, but otherwise return with no error. - if pe.Path == dir { - return nil - } - continue - } - - if pe.Err != syscall.EBUSY { - return err - } - - if e := mount.Unmount(pe.Path); e != nil { - return errors.Wrapf(e, "error while removing %s", dir) - } - - if exitOnErr[pe.Path] == maxRetry { - return err - } - exitOnErr[pe.Path]++ - time.Sleep(100 * time.Millisecond) - } -} diff --git a/vendor/github.com/docker/docker/pkg/system/rm_windows.go b/vendor/github.com/docker/docker/pkg/system/rm_windows.go deleted file mode 100644 index ed9c5dcb8ae9..000000000000 --- a/vendor/github.com/docker/docker/pkg/system/rm_windows.go +++ /dev/null @@ -1,6 +0,0 @@ -package system - -import "os" - -// EnsureRemoveAll is an alias to os.RemoveAll on Windows -var EnsureRemoveAll = os.RemoveAll diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go deleted file mode 100644 index ef782d7ac813..000000000000 --- a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go +++ /dev/null @@ -1,23 +0,0 @@ -package system // import "github.com/docker/docker/pkg/system" - -import "golang.org/x/sys/windows" - -const ( - // Deprecated: use github.com/docker/pkg/idtools.SeTakeOwnershipPrivilege - SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege" - // Deprecated: use github.com/docker/pkg/idtools.ContainerAdministratorSidString - ContainerAdministratorSidString = "S-1-5-93-2-1" - // Deprecated: use github.com/docker/pkg/idtools.ContainerUserSidString - ContainerUserSidString = "S-1-5-93-2-2" -) - -// VER_NT_WORKSTATION, see https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa -const verNTWorkstation = 0x00000001 // VER_NT_WORKSTATION - -// IsWindowsClient returns true if the SKU is client. It returns false on -// Windows server, or if an error occurred when making the GetVersionExW -// syscall. -func IsWindowsClient() bool { - ver := windows.RtlGetVersion() - return ver != nil && ver.ProductType == verNTWorkstation -} diff --git a/vendor/github.com/docker/docker/registry/auth.go b/vendor/github.com/docker/docker/registry/auth.go index 81533d269fbd..38f41db22168 100644 --- a/vendor/github.com/docker/docker/registry/auth.go +++ b/vendor/github.com/docker/docker/registry/auth.go @@ -10,15 +10,13 @@ import ( "github.com/docker/distribution/registry/client/auth/challenge" "github.com/docker/distribution/registry/client/transport" "github.com/docker/docker/api/types" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) -const ( - // AuthClientID is used the ClientID used for the token server - AuthClientID = "docker" -) +// AuthClientID is used the ClientID used for the token server +const AuthClientID = "docker" type loginCredentialStore struct { authConfig *types.AuthConfig @@ -65,14 +63,6 @@ func (scs staticCredentialStore) RefreshToken(*url.URL, string) string { func (scs staticCredentialStore) SetRefreshToken(*url.URL, string, string) { } -type fallbackError struct { - err error -} - -func (err fallbackError) Error() string { - return err.err.Error() -} - // loginV2 tries to login to the v2 registry server. The given registry // endpoint will be pinged to get authorization challenges. These challenges // will be used to authenticate against the registry to validate credentials. @@ -80,7 +70,7 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin var ( endpointStr = strings.TrimRight(endpoint.URL.String(), "/") + "/v2/" modifiers = Headers(userAgent, nil) - authTransport = transport.NewTransport(NewTransport(endpoint.TLSConfig), modifiers...) + authTransport = transport.NewTransport(newTransport(endpoint.TLSConfig), modifiers...) credentialAuthConfig = *authConfig creds = loginCredentialStore{authConfig: &credentialAuthConfig} ) @@ -109,8 +99,7 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin } // TODO(dmcgowan): Attempt to further interpret result, status code and error code string - err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode)) - return "", "", err + return "", "", errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode)) } func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, error) { @@ -129,10 +118,9 @@ func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifi tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions) basicHandler := auth.NewBasicHandler(creds) modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) - tr := transport.NewTransport(authTransport, modifiers...) return &http.Client{ - Transport: tr, + Transport: transport.NewTransport(authTransport, modifiers...), Timeout: 15 * time.Second, }, nil } @@ -146,14 +134,11 @@ func ConvertToHostname(url string) string { } else if strings.HasPrefix(url, "https://") { stripped = strings.TrimPrefix(url, "https://") } - - nameParts := strings.SplitN(stripped, "/", 2) - - return nameParts[0] + return strings.SplitN(stripped, "/", 2)[0] } // ResolveAuthConfig matches an auth configuration to a server address or a URL -func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *registrytypes.IndexInfo) types.AuthConfig { +func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *registry.IndexInfo) types.AuthConfig { configKey := GetAuthConfigKey(index) // First try the happy case if c, found := authConfigs[configKey]; found || index.Official { diff --git a/vendor/github.com/docker/docker/registry/config.go b/vendor/github.com/docker/docker/registry/config.go index cfb87f0d0d9b..2766306ac209 100644 --- a/vendor/github.com/docker/docker/registry/config.go +++ b/vendor/github.com/docker/docker/registry/config.go @@ -1,7 +1,6 @@ package registry // import "github.com/docker/docker/registry" import ( - "fmt" "net" "net/url" "regexp" @@ -9,8 +8,7 @@ import ( "strings" "github.com/docker/distribution/reference" - registrytypes "github.com/docker/docker/api/types/registry" - "github.com/pkg/errors" + "github.com/docker/docker/api/types/registry" "github.com/sirupsen/logrus" ) @@ -22,14 +20,26 @@ type ServiceOptions struct { } // serviceConfig holds daemon configuration for the registry service. -type serviceConfig struct { - registrytypes.ServiceConfig -} - +type serviceConfig registry.ServiceConfig + +// TODO(thaJeztah) both the "index.docker.io" and "registry-1.docker.io" domains +// are here for historic reasons and backward-compatibility. These domains +// are still supported by Docker Hub (and will continue to be supported), but +// there are new domains already in use, and plans to consolidate all legacy +// domains to new "canonical" domains. Once those domains are decided on, we +// should update these consts (but making sure to preserve compatibility with +// existing installs, clients, and user configuration). const ( // DefaultNamespace is the default namespace DefaultNamespace = "docker.io" - // IndexHostname is the index hostname + // DefaultRegistryHost is the hostname for the default (Docker Hub) registry + // used for pushing and pulling images. This hostname is hard-coded to handle + // the conversion from image references without registry name (e.g. "ubuntu", + // or "ubuntu:latest"), as well as references using the "docker.io" domain + // name, which is used as canonical reference for images on Docker Hub, but + // does not match the domain-name of Docker Hub's registry. + DefaultRegistryHost = "registry-1.docker.io" + // IndexHostname is the index hostname, used for authentication and image search. IndexHostname = "index.docker.io" // IndexServer is used for user auth and image search IndexServer = "https://" + IndexHostname + "/v1/" @@ -38,76 +48,98 @@ const ( ) var ( - // DefaultV2Registry is the URI of the default v2 registry + // DefaultV2Registry is the URI of the default (Docker Hub) registry. DefaultV2Registry = &url.URL{ Scheme: "https", - Host: "registry-1.docker.io", + Host: DefaultRegistryHost, } - // ErrInvalidRepositoryName is an error returned if the repository name did - // not have the correct form - ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")") - emptyServiceConfig, _ = newServiceConfig(ServiceOptions{}) validHostPortRegex = regexp.MustCompile(`^` + reference.DomainRegexp.String() + `$`) // for mocking in unit tests lookupIP = net.LookupIP + + // certsDir is used to override defaultCertsDir. + certsDir string ) +// SetCertsDir allows the default certs directory to be changed. This function +// is used at daemon startup to set the correct location when running in +// rootless mode. +func SetCertsDir(path string) { + certsDir = path +} + +// CertsDir is the directory where certificates are stored. +func CertsDir() string { + if certsDir != "" { + return certsDir + } + return defaultCertsDir +} + // newServiceConfig returns a new instance of ServiceConfig func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { - config := &serviceConfig{ - ServiceConfig: registrytypes.ServiceConfig{ - InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0), - IndexConfigs: make(map[string]*registrytypes.IndexInfo), - // Hack: Bypass setting the mirrors to IndexConfigs since they are going away - // and Mirrors are only for the official registry anyways. - }, - } - if err := config.LoadAllowNondistributableArtifacts(options.AllowNondistributableArtifacts); err != nil { + config := &serviceConfig{} + if err := config.loadAllowNondistributableArtifacts(options.AllowNondistributableArtifacts); err != nil { return nil, err } - if err := config.LoadMirrors(options.Mirrors); err != nil { + if err := config.loadMirrors(options.Mirrors); err != nil { return nil, err } - if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil { + if err := config.loadInsecureRegistries(options.InsecureRegistries); err != nil { return nil, err } return config, nil } -// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. -func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error { - cidrs := map[string]*registrytypes.NetIPNet{} +// copy constructs a new ServiceConfig with a copy of the configuration in config. +func (config *serviceConfig) copy() *registry.ServiceConfig { + ic := make(map[string]*registry.IndexInfo) + for key, value := range config.IndexConfigs { + ic[key] = value + } + return ®istry.ServiceConfig{ + AllowNondistributableArtifactsCIDRs: append([]*registry.NetIPNet(nil), config.AllowNondistributableArtifactsCIDRs...), + AllowNondistributableArtifactsHostnames: append([]string(nil), config.AllowNondistributableArtifactsHostnames...), + InsecureRegistryCIDRs: append([]*registry.NetIPNet(nil), config.InsecureRegistryCIDRs...), + IndexConfigs: ic, + Mirrors: append([]string(nil), config.Mirrors...), + } +} + +// loadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. +func (config *serviceConfig) loadAllowNondistributableArtifacts(registries []string) error { + cidrs := map[string]*registry.NetIPNet{} hostnames := map[string]bool{} for _, r := range registries { if _, err := ValidateIndexName(r); err != nil { return err } - if validateNoScheme(r) != nil { - return fmt.Errorf("allow-nondistributable-artifacts registry %s should not contain '://'", r) + if hasScheme(r) { + return invalidParamf("allow-nondistributable-artifacts registry %s should not contain '://'", r) } if _, ipnet, err := net.ParseCIDR(r); err == nil { // Valid CIDR. - cidrs[ipnet.String()] = (*registrytypes.NetIPNet)(ipnet) - } else if err := validateHostPort(r); err == nil { + cidrs[ipnet.String()] = (*registry.NetIPNet)(ipnet) + } else if err = validateHostPort(r); err == nil { // Must be `host:port` if not CIDR. hostnames[r] = true } else { - return fmt.Errorf("allow-nondistributable-artifacts registry %s is not valid: %v", r, err) + return invalidParamWrapf(err, "allow-nondistributable-artifacts registry %s is not valid", r) } } - config.AllowNondistributableArtifactsCIDRs = make([]*(registrytypes.NetIPNet), 0) + config.AllowNondistributableArtifactsCIDRs = make([]*registry.NetIPNet, 0, len(cidrs)) for _, c := range cidrs { config.AllowNondistributableArtifactsCIDRs = append(config.AllowNondistributableArtifactsCIDRs, c) } - config.AllowNondistributableArtifactsHostnames = make([]string, 0) + config.AllowNondistributableArtifactsHostnames = make([]string, 0, len(hostnames)) for h := range hostnames { config.AllowNondistributableArtifactsHostnames = append(config.AllowNondistributableArtifactsHostnames, h) } @@ -115,9 +147,9 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str return nil } -// LoadMirrors loads mirrors to config, after removing duplicates. +// loadMirrors loads mirrors to config, after removing duplicates. // Returns an error if mirrors contains an invalid mirror. -func (config *serviceConfig) LoadMirrors(mirrors []string) error { +func (config *serviceConfig) loadMirrors(mirrors []string) error { mMap := map[string]struct{}{} unique := []string{} @@ -135,40 +167,33 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { config.Mirrors = unique // Configure public registry since mirrors may have changed. - config.IndexConfigs[IndexName] = ®istrytypes.IndexInfo{ - Name: IndexName, - Mirrors: config.Mirrors, - Secure: true, - Official: true, + config.IndexConfigs = map[string]*registry.IndexInfo{ + IndexName: { + Name: IndexName, + Mirrors: unique, + Secure: true, + Official: true, + }, } return nil } -// LoadInsecureRegistries loads insecure registries to config -func (config *serviceConfig) LoadInsecureRegistries(registries []string) error { - // Localhost is by default considered as an insecure registry - // This is a stop-gap for people who are running a private registry on localhost (especially on Boot2docker). - // - // TODO: should we deprecate this once it is easier for people to set up a TLS registry or change - // daemon flags on boot2docker? +// loadInsecureRegistries loads insecure registries to config +func (config *serviceConfig) loadInsecureRegistries(registries []string) error { + // Localhost is by default considered as an insecure registry. This is a + // stop-gap for people who are running a private registry on localhost. registries = append(registries, "127.0.0.0/8") - // Store original InsecureRegistryCIDRs and IndexConfigs - // Clean InsecureRegistryCIDRs and IndexConfigs in config, as passed registries has all insecure registry info. - originalCIDRs := config.ServiceConfig.InsecureRegistryCIDRs - originalIndexInfos := config.ServiceConfig.IndexConfigs - - config.ServiceConfig.InsecureRegistryCIDRs = make([]*registrytypes.NetIPNet, 0) - config.ServiceConfig.IndexConfigs = make(map[string]*registrytypes.IndexInfo) + var ( + insecureRegistryCIDRs = make([]*registry.NetIPNet, 0) + indexConfigs = make(map[string]*registry.IndexInfo) + ) skip: for _, r := range registries { // validate insecure registry if _, err := ValidateIndexName(r); err != nil { - // before returning err, roll back to original data - config.ServiceConfig.InsecureRegistryCIDRs = originalCIDRs - config.ServiceConfig.IndexConfigs = originalIndexInfos return err } if strings.HasPrefix(strings.ToLower(r), "http://") { @@ -177,35 +202,27 @@ skip: } else if strings.HasPrefix(strings.ToLower(r), "https://") { logrus.Warnf("insecure registry %s should not contain 'https://' and 'https://' has been removed from the insecure registry config", r) r = r[8:] - } else if validateNoScheme(r) != nil { - // Insecure registry should not contain '://' - // before returning err, roll back to original data - config.ServiceConfig.InsecureRegistryCIDRs = originalCIDRs - config.ServiceConfig.IndexConfigs = originalIndexInfos - return fmt.Errorf("insecure registry %s should not contain '://'", r) + } else if hasScheme(r) { + return invalidParamf("insecure registry %s should not contain '://'", r) } // Check if CIDR was passed to --insecure-registry _, ipnet, err := net.ParseCIDR(r) if err == nil { // Valid CIDR. If ipnet is already in config.InsecureRegistryCIDRs, skip. - data := (*registrytypes.NetIPNet)(ipnet) - for _, value := range config.InsecureRegistryCIDRs { + data := (*registry.NetIPNet)(ipnet) + for _, value := range insecureRegistryCIDRs { if value.IP.String() == data.IP.String() && value.Mask.String() == data.Mask.String() { continue skip } } // ipnet is not found, add it in config.InsecureRegistryCIDRs - config.InsecureRegistryCIDRs = append(config.InsecureRegistryCIDRs, data) - + insecureRegistryCIDRs = append(insecureRegistryCIDRs, data) } else { if err := validateHostPort(r); err != nil { - config.ServiceConfig.InsecureRegistryCIDRs = originalCIDRs - config.ServiceConfig.IndexConfigs = originalIndexInfos - return fmt.Errorf("insecure registry %s is not valid: %v", r, err) - + return invalidParamWrapf(err, "insecure registry %s is not valid", r) } // Assume `host:port` if not CIDR. - config.IndexConfigs[r] = ®istrytypes.IndexInfo{ + indexConfigs[r] = ®istry.IndexInfo{ Name: r, Mirrors: make([]string, 0), Secure: false, @@ -215,12 +232,14 @@ skip: } // Configure public registry. - config.IndexConfigs[IndexName] = ®istrytypes.IndexInfo{ + indexConfigs[IndexName] = ®istry.IndexInfo{ Name: IndexName, Mirrors: config.Mirrors, Secure: true, Official: true, } + config.InsecureRegistryCIDRs = insecureRegistryCIDRs + config.IndexConfigs = indexConfigs return nil } @@ -234,7 +253,7 @@ skip: // hostname should be a URL.Host (`host:port` or `host`) where the `host` part can be either a domain name // or an IP address. If it is a domain name, then it will be resolved to IP addresses for matching. If // resolution fails, CIDR matching is not performed. -func allowNondistributableArtifacts(config *serviceConfig, hostname string) bool { +func (config *serviceConfig) allowNondistributableArtifacts(hostname string) bool { for _, h := range config.AllowNondistributableArtifactsHostnames { if h == hostname { return true @@ -255,7 +274,7 @@ func allowNondistributableArtifacts(config *serviceConfig, hostname string) bool // or an IP address. If it is a domain name, then it will be resolved in order to check if the IP is contained // in a subnet. If the resolving is not successful, isSecureIndex will only try to match hostname to any element // of insecureRegistries. -func isSecureIndex(config *serviceConfig, indexName string) bool { +func (config *serviceConfig) isSecureIndex(indexName string) bool { // Check for configured index, first. This is needed in case isSecureIndex // is called from anything besides newIndexInfo, in order to honor per-index configurations. if index, ok := config.IndexConfigs[indexName]; ok { @@ -268,7 +287,7 @@ func isSecureIndex(config *serviceConfig, indexName string) bool { // isCIDRMatch returns true if URLHost matches an element of cidrs. URLHost is a URL.Host (`host:port` or `host`) // where the `host` part can be either a domain name or an IP address. If it is a domain name, then it will be // resolved to IP addresses for matching. If resolution fails, false is returned. -func isCIDRMatch(cidrs []*registrytypes.NetIPNet, URLHost string) bool { +func isCIDRMatch(cidrs []*registry.NetIPNet, URLHost string) bool { host, _, err := net.SplitHostPort(URLHost) if err != nil { // Assume URLHost is of the form `host` without the port and go on. @@ -304,18 +323,18 @@ func isCIDRMatch(cidrs []*registrytypes.NetIPNet, URLHost string) bool { func ValidateMirror(val string) (string, error) { uri, err := url.Parse(val) if err != nil { - return "", fmt.Errorf("invalid mirror: %q is not a valid URI", val) + return "", invalidParamWrapf(err, "invalid mirror: %q is not a valid URI", val) } if uri.Scheme != "http" && uri.Scheme != "https" { - return "", fmt.Errorf("invalid mirror: unsupported scheme %q in %q", uri.Scheme, uri) + return "", invalidParamf("invalid mirror: unsupported scheme %q in %q", uri.Scheme, uri) } if (uri.Path != "" && uri.Path != "/") || uri.RawQuery != "" || uri.Fragment != "" { - return "", fmt.Errorf("invalid mirror: path, query, or fragment at end of the URI %q", uri) + return "", invalidParamf("invalid mirror: path, query, or fragment at end of the URI %q", uri) } if uri.User != nil { // strip password from output uri.User = url.UserPassword(uri.User.Username(), "xxxxx") - return "", fmt.Errorf("invalid mirror: username/password not allowed in URI %q", uri) + return "", invalidParamf("invalid mirror: username/password not allowed in URI %q", uri) } return strings.TrimSuffix(val, "/") + "/", nil } @@ -327,17 +346,13 @@ func ValidateIndexName(val string) (string, error) { val = "docker.io" } if strings.HasPrefix(val, "-") || strings.HasSuffix(val, "-") { - return "", fmt.Errorf("invalid index name (%s). Cannot begin or end with a hyphen", val) + return "", invalidParamf("invalid index name (%s). Cannot begin or end with a hyphen", val) } return val, nil } -func validateNoScheme(reposName string) error { - if strings.Contains(reposName, "://") { - // It cannot contain a scheme! - return ErrInvalidRepositoryName - } - return nil +func hasScheme(reposName string) bool { + return strings.Contains(reposName, "://") } func validateHostPort(s string) error { @@ -350,7 +365,7 @@ func validateHostPort(s string) error { // If match against the `host:port` pattern fails, // it might be `IPv6:port`, which will be captured by net.ParseIP(host) if !validHostPortRegex.MatchString(s) && net.ParseIP(host) == nil { - return fmt.Errorf("invalid host %q", host) + return invalidParamf("invalid host %q", host) } if port != "" { v, err := strconv.Atoi(port) @@ -358,14 +373,14 @@ func validateHostPort(s string) error { return err } if v < 0 || v > 65535 { - return fmt.Errorf("invalid port %q", port) + return invalidParamf("invalid port %q", port) } } return nil } // newIndexInfo returns IndexInfo configuration from indexName -func newIndexInfo(config *serviceConfig, indexName string) (*registrytypes.IndexInfo, error) { +func newIndexInfo(config *serviceConfig, indexName string) (*registry.IndexInfo, error) { var err error indexName, err = ValidateIndexName(indexName) if err != nil { @@ -378,18 +393,17 @@ func newIndexInfo(config *serviceConfig, indexName string) (*registrytypes.Index } // Construct a non-configured index info. - index := ®istrytypes.IndexInfo{ + return ®istry.IndexInfo{ Name: indexName, Mirrors: make([]string, 0), + Secure: config.isSecureIndex(indexName), Official: false, - } - index.Secure = isSecureIndex(config, indexName) - return index, nil + }, nil } // GetAuthConfigKey special-cases using the full index address of the official // index as the AuthConfig key, and uses the (host)name[:port] for private indexes. -func GetAuthConfigKey(index *registrytypes.IndexInfo) string { +func GetAuthConfigKey(index *registry.IndexInfo) string { if index.Official { return IndexServer } @@ -418,7 +432,12 @@ func ParseRepositoryInfo(reposName reference.Named) (*RepositoryInfo, error) { } // ParseSearchIndexInfo will use repository name to get back an indexInfo. -func ParseSearchIndexInfo(reposName string) (*registrytypes.IndexInfo, error) { +// +// TODO(thaJeztah) this function is only used by the CLI, and used to get +// information of the registry (to provide credentials if needed). We should +// move this function (or equivalent) to the CLI, as it's doing too much just +// for that. +func ParseSearchIndexInfo(reposName string) (*registry.IndexInfo, error) { indexName, _ := splitReposSearchTerm(reposName) indexInfo, err := newIndexInfo(emptyServiceConfig, indexName) diff --git a/vendor/github.com/docker/docker/registry/config_unix.go b/vendor/github.com/docker/docker/registry/config_unix.go index b5bb31cfa659..898c6b8a5bfb 100644 --- a/vendor/github.com/docker/docker/registry/config_unix.go +++ b/vendor/github.com/docker/docker/registry/config_unix.go @@ -3,25 +3,10 @@ package registry // import "github.com/docker/docker/registry" -import ( - "path/filepath" - - "github.com/docker/docker/pkg/homedir" - "github.com/docker/docker/rootless" -) - -// CertsDir is the directory where certificates are stored -func CertsDir() string { - d := "/etc/docker/certs.d" - - if rootless.RunningWithRootlessKit() { - configHome, err := homedir.GetConfigHome() - if err == nil { - d = filepath.Join(configHome, "docker/certs.d") - } - } - return d -} +// defaultCertsDir is the platform-specific default directory where certificates +// are stored. On Linux, it may be overridden through certsDir, for example, when +// running in rootless mode. +const defaultCertsDir = "/etc/docker/certs.d" // cleanPath is used to ensure that a directory name is valid on the target // platform. It will be passed in something *similar* to a URL such as diff --git a/vendor/github.com/docker/docker/registry/config_windows.go b/vendor/github.com/docker/docker/registry/config_windows.go index 4ae1e07abfd4..96f1769c6942 100644 --- a/vendor/github.com/docker/docker/registry/config_windows.go +++ b/vendor/github.com/docker/docker/registry/config_windows.go @@ -6,10 +6,10 @@ import ( "strings" ) -// CertsDir is the directory where certificates are stored -func CertsDir() string { - return os.Getenv("programdata") + `\docker\certs.d` -} +// defaultCertsDir is the platform-specific default directory where certificates +// are stored. On Linux, it may be overridden through certsDir, for example, when +// running in rootless mode. +var defaultCertsDir = os.Getenv("programdata") + `\docker\certs.d` // cleanPath is used to ensure that a directory name is valid on the target // platform. It will be passed in something *similar* to a URL such as diff --git a/vendor/github.com/docker/docker/registry/endpoint_v1.go b/vendor/github.com/docker/docker/registry/endpoint_v1.go index 684c330dc305..c7e930c8ad91 100644 --- a/vendor/github.com/docker/docker/registry/endpoint_v1.go +++ b/vendor/github.com/docker/docker/registry/endpoint_v1.go @@ -3,27 +3,39 @@ package registry // import "github.com/docker/docker/registry" import ( "crypto/tls" "encoding/json" - "fmt" "io" "net/http" "net/url" "strings" "github.com/docker/distribution/registry/client/transport" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" "github.com/sirupsen/logrus" ) -// V1Endpoint stores basic information about a V1 registry endpoint. -type V1Endpoint struct { +// v1PingResult contains the information returned when pinging a registry. It +// indicates the registry's version and whether the registry claims to be a +// standalone registry. +type v1PingResult struct { + // Version is the registry version supplied by the registry in an HTTP + // header + Version string `json:"version"` + // Standalone is set to true if the registry indicates it is a + // standalone registry in the X-Docker-Registry-Standalone + // header + Standalone bool `json:"standalone"` +} + +// v1Endpoint stores basic information about a V1 registry endpoint. +type v1Endpoint struct { client *http.Client URL *url.URL IsSecure bool } -// NewV1Endpoint parses the given address to return a registry endpoint. +// newV1Endpoint parses the given address to return a registry endpoint. // TODO: remove. This is only used by search. -func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) { +func newV1Endpoint(index *registry.IndexInfo, userAgent string, metaHeaders http.Header) (*v1Endpoint, error) { tlsConfig, err := newTLSConfig(index.Name, index.Secure) if err != nil { return nil, err @@ -42,28 +54,28 @@ func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders return endpoint, nil } -func validateEndpoint(endpoint *V1Endpoint) error { +func validateEndpoint(endpoint *v1Endpoint) error { logrus.Debugf("pinging registry endpoint %s", endpoint) // Try HTTPS ping to registry endpoint.URL.Scheme = "https" - if _, err := endpoint.Ping(); err != nil { + if _, err := endpoint.ping(); err != nil { if endpoint.IsSecure { // If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry` // in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP. - return fmt.Errorf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) + return invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) } // If registry is insecure and HTTPS failed, fallback to HTTP. - logrus.Debugf("Error from registry %q marked as insecure: %v. Insecurely falling back to HTTP", endpoint, err) + logrus.WithError(err).Debugf("error from registry %q marked as insecure - insecurely falling back to HTTP", endpoint) endpoint.URL.Scheme = "http" var err2 error - if _, err2 = endpoint.Ping(); err2 == nil { + if _, err2 = endpoint.ping(); err2 == nil { return nil } - return fmt.Errorf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2) + return invalidParamf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2) } return nil @@ -72,28 +84,23 @@ func validateEndpoint(endpoint *V1Endpoint) error { // trimV1Address trims the version off the address and returns the // trimmed address or an error if there is a non-V1 version. func trimV1Address(address string) (string, error) { - var ( - chunks []string - apiVersionStr string - ) - address = strings.TrimSuffix(address, "/") - chunks = strings.Split(address, "/") - apiVersionStr = chunks[len(chunks)-1] + chunks := strings.Split(address, "/") + apiVersionStr := chunks[len(chunks)-1] if apiVersionStr == "v1" { return strings.Join(chunks[:len(chunks)-1], "/"), nil } for k, v := range apiVersions { if k != APIVersion1 && apiVersionStr == v { - return "", fmt.Errorf("unsupported V1 version path %s", apiVersionStr) + return "", invalidParamf("unsupported V1 version path %s", apiVersionStr) } } return address, nil } -func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) { +func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*v1Endpoint, error) { if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") { address = "https://" + address } @@ -105,69 +112,64 @@ func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent strin uri, err := url.Parse(address) if err != nil { - return nil, err + return nil, invalidParam(err) } // TODO(tiborvass): make sure a ConnectTimeout transport is used - tr := NewTransport(tlsConfig) + tr := newTransport(tlsConfig) - return &V1Endpoint{ + return &v1Endpoint{ IsSecure: tlsConfig == nil || !tlsConfig.InsecureSkipVerify, URL: uri, - client: HTTPClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...)), + client: httpClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...)), }, nil } // Get the formatted URL for the root of this registry Endpoint -func (e *V1Endpoint) String() string { +func (e *v1Endpoint) String() string { return e.URL.String() + "/v1/" } -// Path returns a formatted string for the URL -// of this endpoint with the given path appended. -func (e *V1Endpoint) Path(path string) string { - return e.URL.String() + "/v1/" + path -} - -// Ping returns a PingResult which indicates whether the registry is standalone or not. -func (e *V1Endpoint) Ping() (PingResult, error) { +// ping returns a v1PingResult which indicates whether the registry is standalone or not. +func (e *v1Endpoint) ping() (v1PingResult, error) { if e.String() == IndexServer { // Skip the check, we know this one is valid // (and we never want to fallback to http in case of error) - return PingResult{}, nil + return v1PingResult{}, nil } logrus.Debugf("attempting v1 ping for registry endpoint %s", e) - req, err := http.NewRequest(http.MethodGet, e.Path("_ping"), nil) + pingURL := e.String() + "_ping" + req, err := http.NewRequest(http.MethodGet, pingURL, nil) if err != nil { - return PingResult{}, err + return v1PingResult{}, invalidParam(err) } resp, err := e.client.Do(req) if err != nil { - return PingResult{}, err + return v1PingResult{}, invalidParam(err) } defer resp.Body.Close() jsonString, err := io.ReadAll(resp.Body) if err != nil { - return PingResult{}, fmt.Errorf("error while reading the http response: %s", err) + return v1PingResult{}, invalidParamWrapf(err, "error while reading response from %s", pingURL) } // If the header is absent, we assume true for compatibility with earlier // versions of the registry. default to true - info := PingResult{ + info := v1PingResult{ Standalone: true, } if err := json.Unmarshal(jsonString, &info); err != nil { - logrus.Debugf("Error unmarshaling the _ping PingResult: %s", err) + logrus.WithError(err).Debug("error unmarshaling _ping response") // don't stop here. Just assume sane defaults } if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" { info.Version = hdr } - logrus.Debugf("PingResult.Version: %q", info.Version) + logrus.Debugf("v1PingResult.Version: %q", info.Version) standalone := resp.Header.Get("X-Docker-Registry-Standalone") @@ -178,6 +180,6 @@ func (e *V1Endpoint) Ping() (PingResult, error) { // there is a header set, and it is not "true" or "1", so assume fails info.Standalone = false } - logrus.Debugf("PingResult.Standalone: %t", info.Standalone) + logrus.Debugf("v1PingResult.Standalone: %t", info.Standalone) return info, nil } diff --git a/vendor/github.com/docker/docker/registry/errors.go b/vendor/github.com/docker/docker/registry/errors.go index 4906303efcf9..7dc20ad8ff4d 100644 --- a/vendor/github.com/docker/docker/registry/errors.go +++ b/vendor/github.com/docker/docker/registry/errors.go @@ -5,6 +5,7 @@ import ( "github.com/docker/distribution/registry/api/errcode" "github.com/docker/docker/errdefs" + "github.com/pkg/errors" ) func translateV2AuthError(err error) error { @@ -21,3 +22,15 @@ func translateV2AuthError(err error) error { return err } + +func invalidParam(err error) error { + return errdefs.InvalidParameter(err) +} + +func invalidParamf(format string, args ...interface{}) error { + return errdefs.InvalidParameter(errors.Errorf(format, args...)) +} + +func invalidParamWrapf(err error, format string, args ...interface{}) error { + return errdefs.InvalidParameter(errors.Wrapf(err, format, args...)) +} diff --git a/vendor/github.com/docker/docker/registry/registry.go b/vendor/github.com/docker/docker/registry/registry.go index 55fc117c8276..5ff39ce5e7ab 100644 --- a/vendor/github.com/docker/docker/registry/registry.go +++ b/vendor/github.com/docker/docker/registry/registry.go @@ -3,7 +3,6 @@ package registry // import "github.com/docker/docker/registry" import ( "crypto/tls" - "fmt" "net" "net/http" "os" @@ -16,15 +15,12 @@ import ( "github.com/sirupsen/logrus" ) -// HostCertsDir returns the config directory for a specific host -func HostCertsDir(hostname string) (string, error) { - certsDir := CertsDir() - - hostDir := filepath.Join(certsDir, cleanPath(hostname)) - - return hostDir, nil +// HostCertsDir returns the config directory for a specific host. +func HostCertsDir(hostname string) string { + return filepath.Join(CertsDir(), cleanPath(hostname)) } +// newTLSConfig constructs a client TLS configuration based on server defaults func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) { // PreferredServerCipherSuites should have no effect tlsConfig := tlsconfig.ServerDefault() @@ -32,11 +28,7 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) { tlsConfig.InsecureSkipVerify = !isSecure if isSecure && CertsDir() != "" { - hostDir, err := HostCertsDir(hostname) - if err != nil { - return nil, err - } - + hostDir := HostCertsDir(hostname) logrus.Debugf("hostDir: %s", hostDir) if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil { return nil, err @@ -61,7 +53,7 @@ func hasFile(files []os.DirEntry, name string) bool { func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { fs, err := os.ReadDir(directory) if err != nil && !os.IsNotExist(err) { - return err + return invalidParam(err) } for _, f := range fs { @@ -69,7 +61,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { if tlsConfig.RootCAs == nil { systemPool, err := tlsconfig.SystemCertPool() if err != nil { - return fmt.Errorf("unable to get system cert pool: %v", err) + return invalidParamWrapf(err, "unable to get system cert pool") } tlsConfig.RootCAs = systemPool } @@ -85,7 +77,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { keyName := certName[:len(certName)-5] + ".key" logrus.Debugf("cert: %s", filepath.Join(directory, f.Name())) if !hasFile(fs, keyName) { - return fmt.Errorf("missing key %s for client certificate %s. Note that CA certificates should use the extension .crt", keyName, certName) + return invalidParamf("missing key %s for client certificate %s. CA certificates must use the extension .crt", keyName, certName) } cert, err := tls.LoadX509KeyPair(filepath.Join(directory, certName), filepath.Join(directory, keyName)) if err != nil { @@ -98,7 +90,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { certName := keyName[:len(keyName)-4] + ".cert" logrus.Debugf("key: %s", filepath.Join(directory, f.Name())) if !hasFile(fs, certName) { - return fmt.Errorf("Missing client certificate %s for key %s", certName, keyName) + return invalidParamf("missing client certificate %s for key %s", certName, keyName) } } } @@ -120,9 +112,9 @@ func Headers(userAgent string, metaHeaders http.Header) []transport.RequestModif return modifiers } -// HTTPClient returns an HTTP client structure which uses the given transport +// httpClient returns an HTTP client structure which uses the given transport // and contains the necessary headers for redirected requests -func HTTPClient(transport http.RoundTripper) *http.Client { +func httpClient(transport http.RoundTripper) *http.Client { return &http.Client{ Transport: transport, CheckRedirect: addRequiredHeadersToRedirectedRequests, @@ -165,9 +157,9 @@ func addRequiredHeadersToRedirectedRequests(req *http.Request, via []*http.Reque return nil } -// NewTransport returns a new HTTP transport. If tlsConfig is nil, it uses the +// newTransport returns a new HTTP transport. If tlsConfig is nil, it uses the // default TLS configuration. -func NewTransport(tlsConfig *tls.Config) *http.Transport { +func newTransport(tlsConfig *tls.Config) *http.Transport { if tlsConfig == nil { tlsConfig = tlsconfig.ServerDefault() } @@ -175,10 +167,9 @@ func NewTransport(tlsConfig *tls.Config) *http.Transport { direct := &net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, - DualStack: true, } - base := &http.Transport{ + return &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: direct.DialContext, TLSHandshakeTimeout: 10 * time.Second, @@ -186,6 +177,4 @@ func NewTransport(tlsConfig *tls.Config) *http.Transport { // TODO(dmcgowan): Call close idle connections when complete and use keep alive DisableKeepAlives: true, } - - return base } diff --git a/vendor/github.com/docker/docker/registry/service.go b/vendor/github.com/docker/docker/registry/service.go index 276b04724ab2..25b116a279cf 100644 --- a/vendor/github.com/docker/docker/registry/service.go +++ b/vendor/github.com/docker/docker/registry/service.go @@ -11,102 +11,74 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/distribution/registry/client/auth" "github.com/docker/docker/api/types" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) -const ( - // DefaultSearchLimit is the default value for maximum number of returned search results. - DefaultSearchLimit = 25 -) - // Service is the interface defining what a registry service should implement. type Service interface { Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) ResolveRepository(name reference.Named) (*RepositoryInfo, error) - Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error) - ServiceConfig() *registrytypes.ServiceConfig - TLSConfig(hostname string) (*tls.Config, error) + Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registry.SearchResults, error) + ServiceConfig() *registry.ServiceConfig LoadAllowNondistributableArtifacts([]string) error LoadMirrors([]string) error LoadInsecureRegistries([]string) error } -// DefaultService is a registry service. It tracks configuration data such as a list +// defaultService is a registry service. It tracks configuration data such as a list // of mirrors. -type DefaultService struct { +type defaultService struct { config *serviceConfig - mu sync.Mutex + mu sync.RWMutex } -// NewService returns a new instance of DefaultService ready to be +// NewService returns a new instance of defaultService ready to be // installed into an engine. -func NewService(options ServiceOptions) (*DefaultService, error) { +func NewService(options ServiceOptions) (Service, error) { config, err := newServiceConfig(options) - return &DefaultService{config: config}, err + return &defaultService{config: config}, err } -// ServiceConfig returns the public registry service configuration. -func (s *DefaultService) ServiceConfig() *registrytypes.ServiceConfig { - s.mu.Lock() - defer s.mu.Unlock() - - servConfig := registrytypes.ServiceConfig{ - AllowNondistributableArtifactsCIDRs: make([]*(registrytypes.NetIPNet), 0), - AllowNondistributableArtifactsHostnames: make([]string, 0), - InsecureRegistryCIDRs: make([]*(registrytypes.NetIPNet), 0), - IndexConfigs: make(map[string]*(registrytypes.IndexInfo)), - Mirrors: make([]string, 0), - } - - // construct a new ServiceConfig which will not retrieve s.Config directly, - // and look up items in s.config with mu locked - servConfig.AllowNondistributableArtifactsCIDRs = append(servConfig.AllowNondistributableArtifactsCIDRs, s.config.ServiceConfig.AllowNondistributableArtifactsCIDRs...) - servConfig.AllowNondistributableArtifactsHostnames = append(servConfig.AllowNondistributableArtifactsHostnames, s.config.ServiceConfig.AllowNondistributableArtifactsHostnames...) - servConfig.InsecureRegistryCIDRs = append(servConfig.InsecureRegistryCIDRs, s.config.ServiceConfig.InsecureRegistryCIDRs...) - - for key, value := range s.config.ServiceConfig.IndexConfigs { - servConfig.IndexConfigs[key] = value - } - - servConfig.Mirrors = append(servConfig.Mirrors, s.config.ServiceConfig.Mirrors...) - - return &servConfig +// ServiceConfig returns a copy of the public registry service's configuration. +func (s *defaultService) ServiceConfig() *registry.ServiceConfig { + s.mu.RLock() + defer s.mu.RUnlock() + return s.config.copy() } // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries for Service. -func (s *DefaultService) LoadAllowNondistributableArtifacts(registries []string) error { +func (s *defaultService) LoadAllowNondistributableArtifacts(registries []string) error { s.mu.Lock() defer s.mu.Unlock() - return s.config.LoadAllowNondistributableArtifacts(registries) + return s.config.loadAllowNondistributableArtifacts(registries) } // LoadMirrors loads registry mirrors for Service -func (s *DefaultService) LoadMirrors(mirrors []string) error { +func (s *defaultService) LoadMirrors(mirrors []string) error { s.mu.Lock() defer s.mu.Unlock() - return s.config.LoadMirrors(mirrors) + return s.config.loadMirrors(mirrors) } // LoadInsecureRegistries loads insecure registries for Service -func (s *DefaultService) LoadInsecureRegistries(registries []string) error { +func (s *defaultService) LoadInsecureRegistries(registries []string) error { s.mu.Lock() defer s.mu.Unlock() - return s.config.LoadInsecureRegistries(registries) + return s.config.loadInsecureRegistries(registries) } // Auth contacts the public registry with the provided credentials, // and returns OK if authentication was successful. // It can be used to verify the validity of a client's credentials. -func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error) { +func (s *defaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error) { // TODO Use ctx when searching for repositories var registryHostName = IndexHostname @@ -117,7 +89,7 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, } u, err := url.Parse(serverAddress) if err != nil { - return "", "", errdefs.InvalidParameter(errors.Errorf("unable to parse server address: %v", err)) + return "", "", invalidParamWrapf(err, "unable to parse server address") } registryHostName = u.Host } @@ -127,7 +99,7 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, // to a mirror. endpoints, err := s.LookupPushEndpoints(registryHostName) if err != nil { - return "", "", errdefs.InvalidParameter(err) + return "", "", invalidParam(err) } for _, endpoint := range endpoints { @@ -159,25 +131,28 @@ func splitReposSearchTerm(reposName string) (string, string) { // Search queries the public registry for images matching the specified // search terms, and returns the results. -func (s *DefaultService) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error) { +func (s *defaultService) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registry.SearchResults, error) { // TODO Use ctx when searching for repositories - if err := validateNoScheme(term); err != nil { - return nil, err + if hasScheme(term) { + return nil, invalidParamf("invalid repository name: repository name (%s) should not have a scheme", term) } indexName, remoteName := splitReposSearchTerm(term) // Search is a long-running operation, just lock s.config to avoid block others. - s.mu.Lock() + s.mu.RLock() index, err := newIndexInfo(s.config, indexName) - s.mu.Unlock() + s.mu.RUnlock() if err != nil { return nil, err } + if index.Official { + // If pull "library/foo", it's stored locally under "foo" + remoteName = strings.TrimPrefix(remoteName, "library/") + } - // *TODO: Search multiple indexes. - endpoint, err := NewV1Endpoint(index, userAgent, headers) + endpoint, err := newV1Endpoint(index, userAgent, headers) if err != nil { return nil, err } @@ -195,43 +170,30 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut modifiers := Headers(userAgent, nil) v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes) if err != nil { - if fErr, ok := err.(fallbackError); ok { - logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err) - } else { - return nil, err - } - } else { - // Copy non transport http client features - v2Client.Timeout = endpoint.client.Timeout - v2Client.CheckRedirect = endpoint.client.CheckRedirect - v2Client.Jar = endpoint.client.Jar - - logrus.Debugf("using v2 client for search to %s", endpoint.URL) - client = v2Client + return nil, err } - } - - if client == nil { + // Copy non transport http client features + v2Client.Timeout = endpoint.client.Timeout + v2Client.CheckRedirect = endpoint.client.CheckRedirect + v2Client.Jar = endpoint.client.Jar + + logrus.Debugf("using v2 client for search to %s", endpoint.URL) + client = v2Client + } else { client = endpoint.client if err := authorizeClient(client, authConfig, endpoint); err != nil { return nil, err } } - r := newSession(client, authConfig, endpoint) - - if index.Official { - // If pull "library/foo", it's stored locally under "foo" - remoteName = strings.TrimPrefix(remoteName, "library/") - } - return r.SearchRepositories(remoteName, limit) + return newSession(client, endpoint).searchRepositories(remoteName, limit) } // ResolveRepository splits a repository name into its components // and configuration of the associated registry. -func (s *DefaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) { - s.mu.Lock() - defer s.mu.Unlock() +func (s *defaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) { + s.mu.RLock() + defer s.mu.RUnlock() return newRepositoryInfo(s.config, name) } @@ -246,33 +208,20 @@ type APIEndpoint struct { TLSConfig *tls.Config } -// TLSConfig constructs a client TLS configuration based on server defaults -func (s *DefaultService) TLSConfig(hostname string) (*tls.Config, error) { - s.mu.Lock() - defer s.mu.Unlock() - - return s.tlsConfig(hostname) -} - -// tlsConfig constructs a client TLS configuration based on server defaults -func (s *DefaultService) tlsConfig(hostname string) (*tls.Config, error) { - return newTLSConfig(hostname, isSecureIndex(s.config, hostname)) -} - // LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference. // It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP. -func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) { - s.mu.Lock() - defer s.mu.Unlock() +func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) { + s.mu.RLock() + defer s.mu.RUnlock() return s.lookupV2Endpoints(hostname) } // LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference. // It gives preference to HTTPS over plain HTTP. Mirrors are not included. -func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) { - s.mu.Lock() - defer s.mu.Unlock() +func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) { + s.mu.RLock() + defer s.mu.RUnlock() allEndpoints, err := s.lookupV2Endpoints(hostname) if err == nil { diff --git a/vendor/github.com/docker/docker/registry/service_v2.go b/vendor/github.com/docker/docker/registry/service_v2.go index 46f28ebccfdf..f147af0faaa7 100644 --- a/vendor/github.com/docker/docker/registry/service_v2.go +++ b/vendor/github.com/docker/docker/registry/service_v2.go @@ -7,8 +7,7 @@ import ( "github.com/docker/go-connections/tlsconfig" ) -func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { - tlsConfig := tlsconfig.ServerDefault() +func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { if hostname == DefaultNamespace || hostname == IndexHostname { for _, mirror := range s.config.Mirrors { if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") { @@ -16,9 +15,9 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp } mirrorURL, err := url.Parse(mirror) if err != nil { - return nil, err + return nil, invalidParam(err) } - mirrorTLSConfig, err := s.tlsConfig(mirrorURL.Host) + mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, s.config.isSecureIndex(mirrorURL.Host)) if err != nil { return nil, err } @@ -35,19 +34,18 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp Version: APIVersion2, Official: true, TrimHostname: true, - TLSConfig: tlsConfig, + TLSConfig: tlsconfig.ServerDefault(), }) return endpoints, nil } - ana := allowNondistributableArtifacts(s.config, hostname) - - tlsConfig, err = s.tlsConfig(hostname) + tlsConfig, err := newTLSConfig(hostname, s.config.isSecureIndex(hostname)) if err != nil { return nil, err } + ana := s.config.allowNondistributableArtifacts(hostname) endpoints = []APIEndpoint{ { URL: &url.URL{ diff --git a/vendor/github.com/docker/docker/registry/session.go b/vendor/github.com/docker/docker/registry/session.go index d34dc1e58ab4..fd193e1dd648 100644 --- a/vendor/github.com/docker/docker/registry/session.go +++ b/vendor/github.com/docker/docker/registry/session.go @@ -12,7 +12,7 @@ import ( "sync" "github.com/docker/docker/api/types" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" "github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/jsonmessage" @@ -21,13 +21,11 @@ import ( "github.com/sirupsen/logrus" ) -// A Session is used to communicate with a V1 registry -type Session struct { - indexEndpoint *V1Endpoint +// A session is used to communicate with a V1 registry +type session struct { + indexEndpoint *v1Endpoint client *http.Client - // TODO(tiborvass): remove authConfig - authConfig *types.AuthConfig - id string + id string } type authTransport struct { @@ -41,7 +39,7 @@ type authTransport struct { modReq map[*http.Request]*http.Request // original -> modified } -// AuthTransport handles the auth layer when communicating with a v1 registry (private or official) +// newAuthTransport handles the auth layer when communicating with a v1 registry (private or official) // // For private v1 registries, set alwaysSetBasicAuth to true. // @@ -54,7 +52,7 @@ type authTransport struct { // If the server sends a token without the client having requested it, it is ignored. // // This RoundTripper also has a CancelRequest method important for correct timeout handling. -func AuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) http.RoundTripper { +func newAuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) *authTransport { if base == nil { base = http.DefaultTransport } @@ -149,13 +147,13 @@ func (tr *authTransport) CancelRequest(req *http.Request) { } } -func authorizeClient(client *http.Client, authConfig *types.AuthConfig, endpoint *V1Endpoint) error { +func authorizeClient(client *http.Client, authConfig *types.AuthConfig, endpoint *v1Endpoint) error { var alwaysSetBasicAuth bool // If we're working with a standalone private registry over HTTPS, send Basic Auth headers // alongside all our requests. if endpoint.String() != IndexServer && endpoint.URL.Scheme == "https" { - info, err := endpoint.Ping() + info, err := endpoint.ping() if err != nil { return err } @@ -167,47 +165,42 @@ func authorizeClient(client *http.Client, authConfig *types.AuthConfig, endpoint // Annotate the transport unconditionally so that v2 can // properly fallback on v1 when an image is not found. - client.Transport = AuthTransport(client.Transport, authConfig, alwaysSetBasicAuth) + client.Transport = newAuthTransport(client.Transport, authConfig, alwaysSetBasicAuth) jar, err := cookiejar.New(nil) if err != nil { - return errors.New("cookiejar.New is not supposed to return an error") + return errdefs.System(errors.New("cookiejar.New is not supposed to return an error")) } client.Jar = jar return nil } -func newSession(client *http.Client, authConfig *types.AuthConfig, endpoint *V1Endpoint) *Session { - return &Session{ - authConfig: authConfig, +func newSession(client *http.Client, endpoint *v1Endpoint) *session { + return &session{ client: client, indexEndpoint: endpoint, id: stringid.GenerateRandomID(), } } -// NewSession creates a new session -// TODO(tiborvass): remove authConfig param once registry client v2 is vendored -func NewSession(client *http.Client, authConfig *types.AuthConfig, endpoint *V1Endpoint) (*Session, error) { - if err := authorizeClient(client, authConfig, endpoint); err != nil { - return nil, err - } +// defaultSearchLimit is the default value for maximum number of returned search results. +const defaultSearchLimit = 25 - return newSession(client, authConfig, endpoint), nil -} - -// SearchRepositories performs a search against the remote repository -func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.SearchResults, error) { +// searchRepositories performs a search against the remote repository +func (r *session) searchRepositories(term string, limit int) (*registry.SearchResults, error) { + if limit == 0 { + limit = defaultSearchLimit + } if limit < 1 || limit > 100 { - return nil, errdefs.InvalidParameter(errors.Errorf("Limit %d is outside the range of [1, 100]", limit)) + return nil, invalidParamf("limit %d is outside the range of [1, 100]", limit) } logrus.Debugf("Index server: %s", r.indexEndpoint) u := r.indexEndpoint.String() + "search?q=" + url.QueryEscape(term) + "&n=" + url.QueryEscape(fmt.Sprintf("%d", limit)) req, err := http.NewRequest(http.MethodGet, u, nil) if err != nil { - return nil, errors.Wrap(errdefs.InvalidParameter(err), "Error building request") + return nil, invalidParamWrapf(err, "error building request") } // Have the AuthTransport send authentication, when logged in. req.Header.Set("X-Docker-Token", "true") @@ -222,6 +215,6 @@ func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.Sea Code: res.StatusCode, } } - result := new(registrytypes.SearchResults) + result := new(registry.SearchResults) return result, errors.Wrap(json.NewDecoder(res.Body).Decode(result), "error decoding registry search results") } diff --git a/vendor/github.com/docker/docker/registry/types.go b/vendor/github.com/docker/docker/registry/types.go index 073e244ba8b1..37094737f226 100644 --- a/vendor/github.com/docker/docker/registry/types.go +++ b/vendor/github.com/docker/docker/registry/types.go @@ -2,39 +2,9 @@ package registry // import "github.com/docker/docker/registry" import ( "github.com/docker/distribution/reference" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" ) -// RepositoryData tracks the image list, list of endpoints for a repository -type RepositoryData struct { - // ImgList is a list of images in the repository - ImgList map[string]*ImgData - // Endpoints is a list of endpoints returned in X-Docker-Endpoints - Endpoints []string -} - -// ImgData is used to transfer image checksums to and from the registry -type ImgData struct { - // ID is an opaque string that identifies the image - ID string `json:"id"` - Checksum string `json:"checksum,omitempty"` - ChecksumPayload string `json:"-"` - Tag string `json:",omitempty"` -} - -// PingResult contains the information returned when pinging a registry. It -// indicates the registry's version and whether the registry claims to be a -// standalone registry. -type PingResult struct { - // Version is the registry version supplied by the registry in an HTTP - // header - Version string `json:"version"` - // Standalone is set to true if the registry indicates it is a - // standalone registry in the X-Docker-Registry-Standalone - // header - Standalone bool `json:"standalone"` -} - // APIVersion is an integral representation of an API version (presently // either 1 or 2) type APIVersion int @@ -58,7 +28,7 @@ var apiVersions = map[APIVersion]string{ type RepositoryInfo struct { Name reference.Named // Index points to registry information - Index *registrytypes.IndexInfo + Index *registry.IndexInfo // Official indicates whether the repository is considered official. // If the registry is official, and the normalized name does not // contain a '/' (e.g. "foo"), then it is considered an official repo. diff --git a/vendor/github.com/docker/docker/rootless/rootless.go b/vendor/github.com/docker/docker/rootless/rootless.go deleted file mode 100644 index 376d5263de9f..000000000000 --- a/vendor/github.com/docker/docker/rootless/rootless.go +++ /dev/null @@ -1,25 +0,0 @@ -package rootless // import "github.com/docker/docker/rootless" - -import ( - "os" - "sync" -) - -const ( - // RootlessKitDockerProxyBinary is the binary name of rootlesskit-docker-proxy - RootlessKitDockerProxyBinary = "rootlesskit-docker-proxy" -) - -var ( - runningWithRootlessKit bool - runningWithRootlessKitOnce sync.Once -) - -// RunningWithRootlessKit returns true if running under RootlessKit namespaces. -func RunningWithRootlessKit() bool { - runningWithRootlessKitOnce.Do(func() { - u := os.Getenv("ROOTLESSKIT_STATE_DIR") - runningWithRootlessKit = u != "" - }) - return runningWithRootlessKit -} diff --git a/vendor/github.com/moby/sys/mount/LICENSE b/vendor/github.com/moby/sys/mount/LICENSE deleted file mode 100644 index d64569567334..000000000000 --- a/vendor/github.com/moby/sys/mount/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/moby/sys/mount/doc.go b/vendor/github.com/moby/sys/mount/doc.go deleted file mode 100644 index 86c2e01bbd8c..000000000000 --- a/vendor/github.com/moby/sys/mount/doc.go +++ /dev/null @@ -1,4 +0,0 @@ -// Package mount provides a set of functions to mount and unmount mounts. -// -// Currently it supports Linux. For historical reasons, there is also some support for FreeBSD. -package mount diff --git a/vendor/github.com/moby/sys/mount/flags_bsd.go b/vendor/github.com/moby/sys/mount/flags_bsd.go deleted file mode 100644 index a7f8a71957cf..000000000000 --- a/vendor/github.com/moby/sys/mount/flags_bsd.go +++ /dev/null @@ -1,46 +0,0 @@ -//go:build freebsd || openbsd -// +build freebsd openbsd - -package mount - -import "golang.org/x/sys/unix" - -const ( - // RDONLY will mount the filesystem as read-only. - RDONLY = unix.MNT_RDONLY - - // NOSUID will not allow set-user-identifier or set-group-identifier bits to - // take effect. - NOSUID = unix.MNT_NOSUID - - // NOEXEC will not allow execution of any binaries on the mounted file system. - NOEXEC = unix.MNT_NOEXEC - - // SYNCHRONOUS will allow any I/O to the file system to be done synchronously. - SYNCHRONOUS = unix.MNT_SYNCHRONOUS - - // NOATIME will not update the file access time when reading from a file. - NOATIME = unix.MNT_NOATIME -) - -// These flags are unsupported. -const ( - BIND = 0 - DIRSYNC = 0 - MANDLOCK = 0 - NODEV = 0 - NODIRATIME = 0 - UNBINDABLE = 0 - RUNBINDABLE = 0 - PRIVATE = 0 - RPRIVATE = 0 - SHARED = 0 - RSHARED = 0 - SLAVE = 0 - RSLAVE = 0 - RBIND = 0 - RELATIME = 0 - REMOUNT = 0 - STRICTATIME = 0 - mntDetach = 0 -) diff --git a/vendor/github.com/moby/sys/mount/flags_linux.go b/vendor/github.com/moby/sys/mount/flags_linux.go deleted file mode 100644 index 0425d0dd633c..000000000000 --- a/vendor/github.com/moby/sys/mount/flags_linux.go +++ /dev/null @@ -1,87 +0,0 @@ -package mount - -import ( - "golang.org/x/sys/unix" -) - -const ( - // RDONLY will mount the file system read-only. - RDONLY = unix.MS_RDONLY - - // NOSUID will not allow set-user-identifier or set-group-identifier bits to - // take effect. - NOSUID = unix.MS_NOSUID - - // NODEV will not interpret character or block special devices on the file - // system. - NODEV = unix.MS_NODEV - - // NOEXEC will not allow execution of any binaries on the mounted file system. - NOEXEC = unix.MS_NOEXEC - - // SYNCHRONOUS will allow I/O to the file system to be done synchronously. - SYNCHRONOUS = unix.MS_SYNCHRONOUS - - // DIRSYNC will force all directory updates within the file system to be done - // synchronously. This affects the following system calls: create, link, - // unlink, symlink, mkdir, rmdir, mknod and rename. - DIRSYNC = unix.MS_DIRSYNC - - // REMOUNT will attempt to remount an already-mounted file system. This is - // commonly used to change the mount flags for a file system, especially to - // make a readonly file system writeable. It does not change device or mount - // point. - REMOUNT = unix.MS_REMOUNT - - // MANDLOCK will force mandatory locks on a filesystem. - MANDLOCK = unix.MS_MANDLOCK - - // NOATIME will not update the file access time when reading from a file. - NOATIME = unix.MS_NOATIME - - // NODIRATIME will not update the directory access time. - NODIRATIME = unix.MS_NODIRATIME - - // BIND remounts a subtree somewhere else. - BIND = unix.MS_BIND - - // RBIND remounts a subtree and all possible submounts somewhere else. - RBIND = unix.MS_BIND | unix.MS_REC - - // UNBINDABLE creates a mount which cannot be cloned through a bind operation. - UNBINDABLE = unix.MS_UNBINDABLE - - // RUNBINDABLE marks the entire mount tree as UNBINDABLE. - RUNBINDABLE = unix.MS_UNBINDABLE | unix.MS_REC - - // PRIVATE creates a mount which carries no propagation abilities. - PRIVATE = unix.MS_PRIVATE - - // RPRIVATE marks the entire mount tree as PRIVATE. - RPRIVATE = unix.MS_PRIVATE | unix.MS_REC - - // SLAVE creates a mount which receives propagation from its master, but not - // vice versa. - SLAVE = unix.MS_SLAVE - - // RSLAVE marks the entire mount tree as SLAVE. - RSLAVE = unix.MS_SLAVE | unix.MS_REC - - // SHARED creates a mount which provides the ability to create mirrors of - // that mount such that mounts and unmounts within any of the mirrors - // propagate to the other mirrors. - SHARED = unix.MS_SHARED - - // RSHARED marks the entire mount tree as SHARED. - RSHARED = unix.MS_SHARED | unix.MS_REC - - // RELATIME updates inode access times relative to modify or change time. - RELATIME = unix.MS_RELATIME - - // STRICTATIME allows to explicitly request full atime updates. This makes - // it possible for the kernel to default to relatime or noatime but still - // allow userspace to override it. - STRICTATIME = unix.MS_STRICTATIME - - mntDetach = unix.MNT_DETACH -) diff --git a/vendor/github.com/moby/sys/mount/flags_unix.go b/vendor/github.com/moby/sys/mount/flags_unix.go deleted file mode 100644 index 19fa61fccad7..000000000000 --- a/vendor/github.com/moby/sys/mount/flags_unix.go +++ /dev/null @@ -1,140 +0,0 @@ -//go:build !darwin && !windows -// +build !darwin,!windows - -package mount - -import ( - "fmt" - "strings" -) - -var flags = map[string]struct { - clear bool - flag int -}{ - "defaults": {false, 0}, - "ro": {false, RDONLY}, - "rw": {true, RDONLY}, - "suid": {true, NOSUID}, - "nosuid": {false, NOSUID}, - "dev": {true, NODEV}, - "nodev": {false, NODEV}, - "exec": {true, NOEXEC}, - "noexec": {false, NOEXEC}, - "sync": {false, SYNCHRONOUS}, - "async": {true, SYNCHRONOUS}, - "dirsync": {false, DIRSYNC}, - "remount": {false, REMOUNT}, - "mand": {false, MANDLOCK}, - "nomand": {true, MANDLOCK}, - "atime": {true, NOATIME}, - "noatime": {false, NOATIME}, - "diratime": {true, NODIRATIME}, - "nodiratime": {false, NODIRATIME}, - "bind": {false, BIND}, - "rbind": {false, RBIND}, - "unbindable": {false, UNBINDABLE}, - "runbindable": {false, RUNBINDABLE}, - "private": {false, PRIVATE}, - "rprivate": {false, RPRIVATE}, - "shared": {false, SHARED}, - "rshared": {false, RSHARED}, - "slave": {false, SLAVE}, - "rslave": {false, RSLAVE}, - "relatime": {false, RELATIME}, - "norelatime": {true, RELATIME}, - "strictatime": {false, STRICTATIME}, - "nostrictatime": {true, STRICTATIME}, -} - -var validFlags = map[string]bool{ - "": true, - "size": true, - "mode": true, - "uid": true, - "gid": true, - "nr_inodes": true, - "nr_blocks": true, - "mpol": true, -} - -var propagationFlags = map[string]bool{ - "bind": true, - "rbind": true, - "unbindable": true, - "runbindable": true, - "private": true, - "rprivate": true, - "shared": true, - "rshared": true, - "slave": true, - "rslave": true, -} - -// MergeTmpfsOptions merge mount options to make sure there is no duplicate. -func MergeTmpfsOptions(options []string) ([]string, error) { - // We use collisions maps to remove duplicates. - // For flag, the key is the flag value (the key for propagation flag is -1) - // For data=value, the key is the data - flagCollisions := map[int]bool{} - dataCollisions := map[string]bool{} - - var newOptions []string - // We process in reverse order - for i := len(options) - 1; i >= 0; i-- { - option := options[i] - if option == "defaults" { - continue - } - if f, ok := flags[option]; ok && f.flag != 0 { - // There is only one propagation mode - key := f.flag - if propagationFlags[option] { - key = -1 - } - // Check to see if there is collision for flag - if !flagCollisions[key] { - // We prepend the option and add to collision map - newOptions = append([]string{option}, newOptions...) - flagCollisions[key] = true - } - continue - } - opt := strings.SplitN(option, "=", 2) - if len(opt) != 2 || !validFlags[opt[0]] { - return nil, fmt.Errorf("invalid tmpfs option %q", opt) - } - if !dataCollisions[opt[0]] { - // We prepend the option and add to collision map - newOptions = append([]string{option}, newOptions...) - dataCollisions[opt[0]] = true - } - } - - return newOptions, nil -} - -// Parse fstab type mount options into mount() flags -// and device specific data -func parseOptions(options string) (int, string) { - var ( - flag int - data []string - ) - - for _, o := range strings.Split(options, ",") { - // If the option does not exist in the flags table or the flag - // is not supported on the platform, - // then it is a data value for a specific fs type - if f, exists := flags[o]; exists && f.flag != 0 { - if f.clear { - flag &= ^f.flag - } else { - flag |= f.flag - } - } else { - data = append(data, o) - } - } - return flag, strings.Join(data, ",") -} diff --git a/vendor/github.com/moby/sys/mount/mount_errors.go b/vendor/github.com/moby/sys/mount/mount_errors.go deleted file mode 100644 index 2bd1ef7f157a..000000000000 --- a/vendor/github.com/moby/sys/mount/mount_errors.go +++ /dev/null @@ -1,47 +0,0 @@ -//go:build !windows -// +build !windows - -package mount - -import "strconv" - -// mountError records an error from mount or unmount operation -type mountError struct { - op string - source, target string - flags uintptr - data string - err error -} - -func (e *mountError) Error() string { - out := e.op + " " - - if e.source != "" { - out += e.source + ":" + e.target - } else { - out += e.target - } - - if e.flags != uintptr(0) { - out += ", flags: 0x" + strconv.FormatUint(uint64(e.flags), 16) - } - if e.data != "" { - out += ", data: " + e.data - } - - out += ": " + e.err.Error() - return out -} - -// Cause returns the underlying cause of the error. -// This is a convention used in github.com/pkg/errors -func (e *mountError) Cause() error { - return e.err -} - -// Unwrap returns the underlying error. -// This is a convention used in golang 1.13+ -func (e *mountError) Unwrap() error { - return e.err -} diff --git a/vendor/github.com/moby/sys/mount/mount_unix.go b/vendor/github.com/moby/sys/mount/mount_unix.go deleted file mode 100644 index 4053fbbeb815..000000000000 --- a/vendor/github.com/moby/sys/mount/mount_unix.go +++ /dev/null @@ -1,88 +0,0 @@ -//go:build !darwin && !windows -// +build !darwin,!windows - -package mount - -import ( - "fmt" - "sort" - - "github.com/moby/sys/mountinfo" - "golang.org/x/sys/unix" -) - -// Mount will mount filesystem according to the specified configuration. -// Options must be specified like the mount or fstab unix commands: -// "opt1=val1,opt2=val2". See flags.go for supported option flags. -func Mount(device, target, mType, options string) error { - flag, data := parseOptions(options) - return mount(device, target, mType, uintptr(flag), data) -} - -// Unmount lazily unmounts a filesystem on supported platforms, otherwise does -// a normal unmount. If target is not a mount point, no error is returned. -func Unmount(target string) error { - err := unix.Unmount(target, mntDetach) - if err == nil || err == unix.EINVAL { //nolint:errorlint // unix errors are bare - // Ignore "not mounted" error here. Note the same error - // can be returned if flags are invalid, so this code - // assumes that the flags value is always correct. - return nil - } - - return &mountError{ - op: "umount", - target: target, - flags: uintptr(mntDetach), - err: err, - } -} - -// RecursiveUnmount unmounts the target and all mounts underneath, starting -// with the deepest mount first. The argument does not have to be a mount -// point itself. -func RecursiveUnmount(target string) error { - // Fast path, works if target is a mount point that can be unmounted. - // On Linux, mntDetach flag ensures a recursive unmount. For other - // platforms, if there are submounts, we'll get EBUSY (and fall back - // to the slow path). NOTE we do not ignore EINVAL here as target might - // not be a mount point itself (but there can be mounts underneath). - if err := unix.Unmount(target, mntDetach); err == nil { - return nil - } - - // Slow path: get all submounts, sort, unmount one by one. - mounts, err := mountinfo.GetMounts(mountinfo.PrefixFilter(target)) - if err != nil { - return err - } - - // Make the deepest mount be first - sort.Slice(mounts, func(i, j int) bool { - return len(mounts[i].Mountpoint) > len(mounts[j].Mountpoint) - }) - - var ( - suberr error - lastMount = len(mounts) - 1 - ) - for i, m := range mounts { - err = Unmount(m.Mountpoint) - if err != nil { - if i == lastMount { - if suberr != nil { - return fmt.Errorf("%w (possible cause: %s)", err, suberr) - } - return err - } - // This is a submount, we can ignore the error for now, - // the final unmount will fail if this is a real problem. - // With that in mind, the _first_ failed unmount error - // might be the real error cause, so let's keep it. - if suberr == nil { - suberr = err - } - } - } - return nil -} diff --git a/vendor/github.com/moby/sys/mount/mounter_freebsd.go b/vendor/github.com/moby/sys/mount/mounter_freebsd.go deleted file mode 100644 index 1fffb6901536..000000000000 --- a/vendor/github.com/moby/sys/mount/mounter_freebsd.go +++ /dev/null @@ -1,62 +0,0 @@ -//go:build freebsd && cgo -// +build freebsd,cgo - -package mount - -/* -#include -#include -#include -#include -#include -#include -*/ -import "C" - -import ( - "strings" - "syscall" - "unsafe" -) - -func allocateIOVecs(options []string) []C.struct_iovec { - out := make([]C.struct_iovec, len(options)) - for i, option := range options { - out[i].iov_base = unsafe.Pointer(C.CString(option)) - out[i].iov_len = C.size_t(len(option) + 1) - } - return out -} - -func mount(device, target, mType string, flag uintptr, data string) error { - isNullFS := false - - xs := strings.Split(data, ",") - for _, x := range xs { - if x == "bind" { - isNullFS = true - } - } - - options := []string{"fspath", target} - if isNullFS { - options = append(options, "fstype", "nullfs", "target", device) - } else { - options = append(options, "fstype", mType, "from", device) - } - rawOptions := allocateIOVecs(options) - for _, rawOption := range rawOptions { - defer C.free(rawOption.iov_base) - } - - if errno := C.nmount(&rawOptions[0], C.uint(len(options)), C.int(flag)); errno != 0 { - return &mountError{ - op: "mount", - source: device, - target: target, - flags: flag, - err: syscall.Errno(errno), - } - } - return nil -} diff --git a/vendor/github.com/moby/sys/mount/mounter_linux.go b/vendor/github.com/moby/sys/mount/mounter_linux.go deleted file mode 100644 index 4e18f4b6786c..000000000000 --- a/vendor/github.com/moby/sys/mount/mounter_linux.go +++ /dev/null @@ -1,72 +0,0 @@ -package mount - -import ( - "golang.org/x/sys/unix" -) - -const ( - // ptypes is the set propagation types. - ptypes = unix.MS_SHARED | unix.MS_PRIVATE | unix.MS_SLAVE | unix.MS_UNBINDABLE - - // pflags is the full set valid flags for a change propagation call. - pflags = ptypes | unix.MS_REC | unix.MS_SILENT - - // broflags is the combination of bind and read only - broflags = unix.MS_BIND | unix.MS_RDONLY -) - -// isremount returns true if either device name or flags identify a remount request, false otherwise. -func isremount(device string, flags uintptr) bool { - switch { - // We treat device "" and "none" as a remount request to provide compatibility with - // requests that don't explicitly set MS_REMOUNT such as those manipulating bind mounts. - case flags&unix.MS_REMOUNT != 0, device == "", device == "none": - return true - default: - return false - } -} - -func mount(device, target, mType string, flags uintptr, data string) error { - oflags := flags &^ ptypes - if !isremount(device, flags) || data != "" { - // Initial call applying all non-propagation flags for mount - // or remount with changed data - if err := unix.Mount(device, target, mType, oflags, data); err != nil { - return &mountError{ - op: "mount", - source: device, - target: target, - flags: oflags, - data: data, - err: err, - } - } - } - - if flags&ptypes != 0 { - // Change the propagation type. - if err := unix.Mount("", target, "", flags&pflags, ""); err != nil { - return &mountError{ - op: "remount", - target: target, - flags: flags & pflags, - err: err, - } - } - } - - if oflags&broflags == broflags { - // Remount the bind to apply read only. - if err := unix.Mount("", target, "", oflags|unix.MS_REMOUNT, ""); err != nil { - return &mountError{ - op: "remount-ro", - target: target, - flags: oflags | unix.MS_REMOUNT, - err: err, - } - } - } - - return nil -} diff --git a/vendor/github.com/moby/sys/mount/mounter_openbsd.go b/vendor/github.com/moby/sys/mount/mounter_openbsd.go deleted file mode 100644 index 3c0718b907de..000000000000 --- a/vendor/github.com/moby/sys/mount/mounter_openbsd.go +++ /dev/null @@ -1,78 +0,0 @@ -//go:build openbsd && cgo -// +build openbsd,cgo - -/* - Due to how OpenBSD mount(2) works, filesystem types need to be - supported explicitly since it uses separate structs to pass - filesystem-specific arguments. - - For now only UFS/FFS is supported as it's the default fs - on OpenBSD systems. - - See: https://man.openbsd.org/mount.2 -*/ - -package mount - -/* -#include -#include -*/ -import "C" - -import ( - "fmt" - "syscall" - "unsafe" -) - -func createExportInfo(readOnly bool) C.struct_export_args { - exportFlags := C.int(0) - if readOnly { - exportFlags = C.MNT_EXRDONLY - } - out := C.struct_export_args{ - ex_root: 0, - ex_flags: exportFlags, - } - return out -} - -func createUfsArgs(device string, readOnly bool) unsafe.Pointer { - out := &C.struct_ufs_args{ - fspec: C.CString(device), - export_info: createExportInfo(readOnly), - } - return unsafe.Pointer(out) -} - -func mount(device, target, mType string, flag uintptr, data string) error { - readOnly := flag&RDONLY != 0 - - var fsArgs unsafe.Pointer - - switch mType { - case "ffs": - fsArgs = createUfsArgs(device, readOnly) - default: - return &mountError{ - op: "mount", - source: device, - target: target, - flags: flag, - err: fmt.Errorf("unsupported file system type: %s", mType), - } - } - - if errno := C.mount(C.CString(mType), C.CString(target), C.int(flag), fsArgs); errno != 0 { - return &mountError{ - op: "mount", - source: device, - target: target, - flags: flag, - err: syscall.Errno(errno), - } - } - - return nil -} diff --git a/vendor/github.com/moby/sys/mount/mounter_unsupported.go b/vendor/github.com/moby/sys/mount/mounter_unsupported.go deleted file mode 100644 index 31fb7235b0d2..000000000000 --- a/vendor/github.com/moby/sys/mount/mounter_unsupported.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build (!linux && !freebsd && !openbsd && !windows) || (freebsd && !cgo) || (openbsd && !cgo) -// +build !linux,!freebsd,!openbsd,!windows freebsd,!cgo openbsd,!cgo - -package mount - -func mount(device, target, mType string, flag uintptr, data string) error { - panic("cgo required on freebsd and openbsd") -} diff --git a/vendor/github.com/moby/sys/mount/sharedsubtree_linux.go b/vendor/github.com/moby/sys/mount/sharedsubtree_linux.go deleted file mode 100644 index 948e6bacd8ae..000000000000 --- a/vendor/github.com/moby/sys/mount/sharedsubtree_linux.go +++ /dev/null @@ -1,73 +0,0 @@ -package mount - -import "github.com/moby/sys/mountinfo" - -// MakeShared ensures a mounted filesystem has the SHARED mount option enabled. -// See the supported options in flags.go for further reference. -func MakeShared(mountPoint string) error { - return ensureMountedAs(mountPoint, SHARED) -} - -// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled. -// See the supported options in flags.go for further reference. -func MakeRShared(mountPoint string) error { - return ensureMountedAs(mountPoint, RSHARED) -} - -// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled. -// See the supported options in flags.go for further reference. -func MakePrivate(mountPoint string) error { - return ensureMountedAs(mountPoint, PRIVATE) -} - -// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option -// enabled. See the supported options in flags.go for further reference. -func MakeRPrivate(mountPoint string) error { - return ensureMountedAs(mountPoint, RPRIVATE) -} - -// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled. -// See the supported options in flags.go for further reference. -func MakeSlave(mountPoint string) error { - return ensureMountedAs(mountPoint, SLAVE) -} - -// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled. -// See the supported options in flags.go for further reference. -func MakeRSlave(mountPoint string) error { - return ensureMountedAs(mountPoint, RSLAVE) -} - -// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option -// enabled. See the supported options in flags.go for further reference. -func MakeUnbindable(mountPoint string) error { - return ensureMountedAs(mountPoint, UNBINDABLE) -} - -// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount -// option enabled. See the supported options in flags.go for further reference. -func MakeRUnbindable(mountPoint string) error { - return ensureMountedAs(mountPoint, RUNBINDABLE) -} - -// MakeMount ensures that the file or directory given is a mount point, -// bind mounting it to itself it case it is not. -func MakeMount(mnt string) error { - mounted, err := mountinfo.Mounted(mnt) - if err != nil { - return err - } - if mounted { - return nil - } - - return mount(mnt, mnt, "none", uintptr(BIND), "") -} - -func ensureMountedAs(mnt string, flags int) error { - if err := MakeMount(mnt); err != nil { - return err - } - - return mount("", mnt, "none", uintptr(flags), "") -} diff --git a/vendor/github.com/moby/sys/mountinfo/LICENSE b/vendor/github.com/moby/sys/mountinfo/LICENSE deleted file mode 100644 index d64569567334..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/moby/sys/mountinfo/doc.go b/vendor/github.com/moby/sys/mountinfo/doc.go deleted file mode 100644 index b80e05efd056..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/doc.go +++ /dev/null @@ -1,44 +0,0 @@ -// Package mountinfo provides a set of functions to retrieve information about OS mounts. -// -// Currently it supports Linux. For historical reasons, there is also some support for FreeBSD and OpenBSD, -// and a shallow implementation for Windows, but in general this is Linux-only package, so -// the rest of the document only applies to Linux, unless explicitly specified otherwise. -// -// In Linux, information about mounts seen by the current process is available from -// /proc/self/mountinfo. Note that due to mount namespaces, different processes can -// see different mounts. A per-process mountinfo table is available from /proc//mountinfo, -// where is a numerical process identifier. -// -// In general, /proc is not a very efficient interface, and mountinfo is not an exception. -// For example, there is no way to get information about a specific mount point (i.e. it -// is all-or-nothing). This package tries to hide the /proc ineffectiveness by using -// parse filters while reading mountinfo. A filter can skip some entries, or stop -// processing the rest of the file once the needed information is found. -// -// For mountinfo filters that accept path as an argument, the path must be absolute, -// having all symlinks resolved, and being cleaned (i.e. no extra slashes or dots). -// One way to achieve all of the above is to employ filepath.Abs followed by -// filepath.EvalSymlinks (the latter calls filepath.Clean on the result so -// there is no need to explicitly call filepath.Clean). -// -// NOTE that in many cases there is no need to consult mountinfo at all. Here are some -// of the cases where mountinfo should not be parsed: -// -// 1. Before performing a mount. Usually, this is not needed, but if required (say to -// prevent over-mounts), to check whether a directory is mounted, call os.Lstat -// on it and its parent directory, and compare their st.Sys().(*syscall.Stat_t).Dev -// fields -- if they differ, then the directory is the mount point. NOTE this does -// not work for bind mounts. Optionally, the filesystem type can also be checked -// by calling unix.Statfs and checking the Type field (i.e. filesystem type). -// -// 2. After performing a mount. If there is no error returned, the mount succeeded; -// checking the mount table for a new mount is redundant and expensive. -// -// 3. Before performing an unmount. It is more efficient to do an unmount and ignore -// a specific error (EINVAL) which tells the directory is not mounted. -// -// 4. After performing an unmount. If there is no error returned, the unmount succeeded. -// -// 5. To find the mount point root of a specific directory. You can perform os.Stat() -// on the directory and traverse up until the Dev field of a parent directory differs. -package mountinfo diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go deleted file mode 100644 index bf221e687f17..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go +++ /dev/null @@ -1,101 +0,0 @@ -package mountinfo - -import ( - "os" - "path/filepath" - - "golang.org/x/sys/unix" -) - -// MountedFast is a method of detecting a mount point without reading -// mountinfo from procfs. A caller can only trust the result if no error -// and sure == true are returned. Otherwise, other methods (e.g. parsing -// /proc/mounts) have to be used. If unsure, use Mounted instead (which -// uses MountedFast, but falls back to parsing mountinfo if needed). -// -// If a non-existent path is specified, an appropriate error is returned. -// In case the caller is not interested in this particular error, it should -// be handled separately using e.g. errors.Is(err, os.ErrNotExist). -// -// This function is only available on Linux. When available (since kernel -// v5.6), openat2(2) syscall is used to reliably detect all mounts. Otherwise, -// the implementation falls back to using stat(2), which can reliably detect -// normal (but not bind) mounts. -func MountedFast(path string) (mounted, sure bool, err error) { - // Root is always mounted. - if path == string(os.PathSeparator) { - return true, true, nil - } - - path, err = normalizePath(path) - if err != nil { - return false, false, err - } - mounted, sure, err = mountedFast(path) - return -} - -// mountedByOpenat2 is a method of detecting a mount that works for all kinds -// of mounts (incl. bind mounts), but requires a recent (v5.6+) linux kernel. -func mountedByOpenat2(path string) (bool, error) { - dir, last := filepath.Split(path) - - dirfd, err := unix.Openat2(unix.AT_FDCWD, dir, &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_CLOEXEC, - }) - if err != nil { - return false, &os.PathError{Op: "openat2", Path: dir, Err: err} - } - fd, err := unix.Openat2(dirfd, last, &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_CLOEXEC | unix.O_NOFOLLOW, - Resolve: unix.RESOLVE_NO_XDEV, - }) - _ = unix.Close(dirfd) - switch err { //nolint:errorlint // unix errors are bare - case nil: // definitely not a mount - _ = unix.Close(fd) - return false, nil - case unix.EXDEV: // definitely a mount - return true, nil - } - // not sure - return false, &os.PathError{Op: "openat2", Path: path, Err: err} -} - -// mountedFast is similar to MountedFast, except it expects a normalized path. -func mountedFast(path string) (mounted, sure bool, err error) { - // Root is always mounted. - if path == string(os.PathSeparator) { - return true, true, nil - } - - // Try a fast path, using openat2() with RESOLVE_NO_XDEV. - mounted, err = mountedByOpenat2(path) - if err == nil { - return mounted, true, nil - } - - // Another fast path: compare st.st_dev fields. - mounted, err = mountedByStat(path) - // This does not work for bind mounts, so false negative - // is possible, therefore only trust if return is true. - if mounted && err == nil { - return true, true, nil - } - - return -} - -func mounted(path string) (bool, error) { - path, err := normalizePath(path) - if err != nil { - return false, err - } - mounted, sure, err := mountedFast(path) - if sure && err == nil { - return mounted, nil - } - - // Fallback to parsing mountinfo. - return mountedByMountinfo(path) -} diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go deleted file mode 100644 index 45ddad236f34..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go +++ /dev/null @@ -1,54 +0,0 @@ -//go:build linux || (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo) -// +build linux freebsd,cgo openbsd,cgo darwin,cgo - -package mountinfo - -import ( - "fmt" - "os" - "path/filepath" - - "golang.org/x/sys/unix" -) - -func mountedByStat(path string) (bool, error) { - var st unix.Stat_t - - if err := unix.Lstat(path, &st); err != nil { - return false, &os.PathError{Op: "stat", Path: path, Err: err} - } - dev := st.Dev - parent := filepath.Dir(path) - if err := unix.Lstat(parent, &st); err != nil { - return false, &os.PathError{Op: "stat", Path: parent, Err: err} - } - if dev != st.Dev { - // Device differs from that of parent, - // so definitely a mount point. - return true, nil - } - // NB: this does not detect bind mounts on Linux. - return false, nil -} - -func normalizePath(path string) (realPath string, err error) { - if realPath, err = filepath.Abs(path); err != nil { - return "", fmt.Errorf("unable to get absolute path for %q: %w", path, err) - } - if realPath, err = filepath.EvalSymlinks(realPath); err != nil { - return "", fmt.Errorf("failed to canonicalise path for %q: %w", path, err) - } - if _, err := os.Stat(realPath); err != nil { - return "", fmt.Errorf("failed to stat target of %q: %w", path, err) - } - return realPath, nil -} - -func mountedByMountinfo(path string) (bool, error) { - entries, err := GetMounts(SingleEntryFilter(path)) - if err != nil { - return false, err - } - - return len(entries) > 0, nil -} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo.go b/vendor/github.com/moby/sys/mountinfo/mountinfo.go deleted file mode 100644 index c7e5cb42aca3..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo.go +++ /dev/null @@ -1,67 +0,0 @@ -package mountinfo - -import ( - "os" -) - -// GetMounts retrieves a list of mounts for the current running process, -// with an optional filter applied (use nil for no filter). -func GetMounts(f FilterFunc) ([]*Info, error) { - return parseMountTable(f) -} - -// Mounted determines if a specified path is a mount point. In case of any -// error, false (and an error) is returned. -// -// If a non-existent path is specified, an appropriate error is returned. -// In case the caller is not interested in this particular error, it should -// be handled separately using e.g. errors.Is(err, os.ErrNotExist). -func Mounted(path string) (bool, error) { - // root is always mounted - if path == string(os.PathSeparator) { - return true, nil - } - return mounted(path) -} - -// Info reveals information about a particular mounted filesystem. This -// struct is populated from the content in the /proc//mountinfo file. -type Info struct { - // ID is a unique identifier of the mount (may be reused after umount). - ID int - - // Parent is the ID of the parent mount (or of self for the root - // of this mount namespace's mount tree). - Parent int - - // Major and Minor are the major and the minor components of the Dev - // field of unix.Stat_t structure returned by unix.*Stat calls for - // files on this filesystem. - Major, Minor int - - // Root is the pathname of the directory in the filesystem which forms - // the root of this mount. - Root string - - // Mountpoint is the pathname of the mount point relative to the - // process's root directory. - Mountpoint string - - // Options is a comma-separated list of mount options. - Options string - - // Optional are zero or more fields of the form "tag[:value]", - // separated by a space. Currently, the possible optional fields are - // "shared", "master", "propagate_from", and "unbindable". For more - // information, see mount_namespaces(7) Linux man page. - Optional string - - // FSType is the filesystem type in the form "type[.subtype]". - FSType string - - // Source is filesystem-specific information, or "none". - Source string - - // VFSOptions is a comma-separated list of superblock options. - VFSOptions string -} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go deleted file mode 100644 index d5513a26d2fa..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go +++ /dev/null @@ -1,72 +0,0 @@ -//go:build (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo) -// +build freebsd,cgo openbsd,cgo darwin,cgo - -package mountinfo - -/* -#include -#include -#include -*/ -import "C" - -import ( - "fmt" - "reflect" - "unsafe" -) - -// parseMountTable returns information about mounted filesystems -func parseMountTable(filter FilterFunc) ([]*Info, error) { - var rawEntries *C.struct_statfs - - count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT)) - if count == 0 { - return nil, fmt.Errorf("failed to call getmntinfo") - } - - var entries []C.struct_statfs - header := (*reflect.SliceHeader)(unsafe.Pointer(&entries)) - header.Cap = count - header.Len = count - header.Data = uintptr(unsafe.Pointer(rawEntries)) - - var out []*Info - for _, entry := range entries { - var mountinfo Info - var skip, stop bool - mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0]) - mountinfo.FSType = C.GoString(&entry.f_fstypename[0]) - mountinfo.Source = C.GoString(&entry.f_mntfromname[0]) - - if filter != nil { - // filter out entries we're not interested in - skip, stop = filter(&mountinfo) - if skip { - continue - } - } - - out = append(out, &mountinfo) - if stop { - break - } - } - return out, nil -} - -func mounted(path string) (bool, error) { - path, err := normalizePath(path) - if err != nil { - return false, err - } - // Fast path: compare st.st_dev fields. - // This should always work for FreeBSD and OpenBSD. - mounted, err := mountedByStat(path) - if err == nil { - return mounted, nil - } - - // Fallback to parsing mountinfo - return mountedByMountinfo(path) -} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go deleted file mode 100644 index 16079c3c541b..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go +++ /dev/null @@ -1,63 +0,0 @@ -package mountinfo - -import "strings" - -// FilterFunc is a type defining a callback function for GetMount(), -// used to filter out mountinfo entries we're not interested in, -// and/or stop further processing if we found what we wanted. -// -// It takes a pointer to the Info struct (fully populated with all available -// fields on the GOOS platform), and returns two booleans: -// -// skip: true if the entry should be skipped; -// -// stop: true if parsing should be stopped after the entry. -type FilterFunc func(*Info) (skip, stop bool) - -// PrefixFilter discards all entries whose mount points do not start with, or -// are equal to the path specified in prefix. The prefix path must be absolute, -// have all symlinks resolved, and cleaned (i.e. no extra slashes or dots). -// -// PrefixFilter treats prefix as a path, not a partial prefix, which means that -// given "/foo", "/foo/bar" and "/foobar" entries, PrefixFilter("/foo") returns -// "/foo" and "/foo/bar", and discards "/foobar". -func PrefixFilter(prefix string) FilterFunc { - return func(m *Info) (bool, bool) { - skip := !strings.HasPrefix(m.Mountpoint+"/", prefix+"/") - return skip, false - } -} - -// SingleEntryFilter looks for a specific entry. -func SingleEntryFilter(mp string) FilterFunc { - return func(m *Info) (bool, bool) { - if m.Mountpoint == mp { - return false, true // don't skip, stop now - } - return true, false // skip, keep going - } -} - -// ParentsFilter returns all entries whose mount points -// can be parents of a path specified, discarding others. -// -// For example, given /var/lib/docker/something, entries -// like /var/lib/docker, /var and / are returned. -func ParentsFilter(path string) FilterFunc { - return func(m *Info) (bool, bool) { - skip := !strings.HasPrefix(path, m.Mountpoint) - return skip, false - } -} - -// FSTypeFilter returns all entries that match provided fstype(s). -func FSTypeFilter(fstype ...string) FilterFunc { - return func(m *Info) (bool, bool) { - for _, t := range fstype { - if m.FSType == t { - return false, false // don't skip, keep going - } - } - return true, false // skip, keep going - } -} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go deleted file mode 100644 index 59332b07bf4b..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go +++ /dev/null @@ -1,214 +0,0 @@ -package mountinfo - -import ( - "bufio" - "fmt" - "io" - "os" - "strconv" - "strings" -) - -// GetMountsFromReader retrieves a list of mounts from the -// reader provided, with an optional filter applied (use nil -// for no filter). This can be useful in tests or benchmarks -// that provide fake mountinfo data, or when a source other -// than /proc/self/mountinfo needs to be read from. -// -// This function is Linux-specific. -func GetMountsFromReader(r io.Reader, filter FilterFunc) ([]*Info, error) { - s := bufio.NewScanner(r) - out := []*Info{} - for s.Scan() { - var err error - - /* - See http://man7.org/linux/man-pages/man5/proc.5.html - - 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue - (1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11) - - (1) mount ID: unique identifier of the mount (may be reused after umount) - (2) parent ID: ID of parent (or of self for the top of the mount tree) - (3) major:minor: value of st_dev for files on filesystem - (4) root: root of the mount within the filesystem - (5) mount point: mount point relative to the process's root - (6) mount options: per mount options - (7) optional fields: zero or more fields of the form "tag[:value]" - (8) separator: marks the end of the optional fields - (9) filesystem type: name of filesystem of the form "type[.subtype]" - (10) mount source: filesystem specific information or "none" - (11) super options: per super block options - - In other words, we have: - * 6 mandatory fields (1)..(6) - * 0 or more optional fields (7) - * a separator field (8) - * 3 mandatory fields (9)..(11) - */ - - text := s.Text() - fields := strings.Split(text, " ") - numFields := len(fields) - if numFields < 10 { - // should be at least 10 fields - return nil, fmt.Errorf("parsing '%s' failed: not enough fields (%d)", text, numFields) - } - - // separator field - sepIdx := numFields - 4 - // In Linux <= 3.9 mounting a cifs with spaces in a share - // name (like "//srv/My Docs") _may_ end up having a space - // in the last field of mountinfo (like "unc=//serv/My Docs"). - // Since kernel 3.10-rc1, cifs option "unc=" is ignored, - // so spaces should not appear. - // - // Check for a separator, and work around the spaces bug - for fields[sepIdx] != "-" { - sepIdx-- - if sepIdx == 5 { - return nil, fmt.Errorf("parsing '%s' failed: missing - separator", text) - } - } - - p := &Info{} - - p.Mountpoint, err = unescape(fields[4]) - if err != nil { - return nil, fmt.Errorf("parsing '%s' failed: mount point: %w", fields[4], err) - } - p.FSType, err = unescape(fields[sepIdx+1]) - if err != nil { - return nil, fmt.Errorf("parsing '%s' failed: fstype: %w", fields[sepIdx+1], err) - } - p.Source, err = unescape(fields[sepIdx+2]) - if err != nil { - return nil, fmt.Errorf("parsing '%s' failed: source: %w", fields[sepIdx+2], err) - } - p.VFSOptions = fields[sepIdx+3] - - // ignore any numbers parsing errors, as there should not be any - p.ID, _ = strconv.Atoi(fields[0]) - p.Parent, _ = strconv.Atoi(fields[1]) - mm := strings.SplitN(fields[2], ":", 3) - if len(mm) != 2 { - return nil, fmt.Errorf("parsing '%s' failed: unexpected major:minor pair %s", text, mm) - } - p.Major, _ = strconv.Atoi(mm[0]) - p.Minor, _ = strconv.Atoi(mm[1]) - - p.Root, err = unescape(fields[3]) - if err != nil { - return nil, fmt.Errorf("parsing '%s' failed: root: %w", fields[3], err) - } - - p.Options = fields[5] - - // zero or more optional fields - p.Optional = strings.Join(fields[6:sepIdx], " ") - - // Run the filter after parsing all fields. - var skip, stop bool - if filter != nil { - skip, stop = filter(p) - if skip { - continue - } - } - - out = append(out, p) - if stop { - break - } - } - if err := s.Err(); err != nil { - return nil, err - } - return out, nil -} - -func parseMountTable(filter FilterFunc) ([]*Info, error) { - f, err := os.Open("/proc/self/mountinfo") - if err != nil { - return nil, err - } - defer f.Close() - - return GetMountsFromReader(f, filter) -} - -// PidMountInfo retrieves the list of mounts from a given process' mount -// namespace. Unless there is a need to get mounts from a mount namespace -// different from that of a calling process, use GetMounts. -// -// This function is Linux-specific. -// -// Deprecated: this will be removed before v1; use GetMountsFromReader with -// opened /proc//mountinfo as an argument instead. -func PidMountInfo(pid int) ([]*Info, error) { - f, err := os.Open(fmt.Sprintf("/proc/%d/mountinfo", pid)) - if err != nil { - return nil, err - } - defer f.Close() - - return GetMountsFromReader(f, nil) -} - -// A few specific characters in mountinfo path entries (root and mountpoint) -// are escaped using a backslash followed by a character's ascii code in octal. -// -// space -- as \040 -// tab (aka \t) -- as \011 -// newline (aka \n) -- as \012 -// backslash (aka \\) -- as \134 -// -// This function converts path from mountinfo back, i.e. it unescapes the above sequences. -func unescape(path string) (string, error) { - // try to avoid copying - if strings.IndexByte(path, '\\') == -1 { - return path, nil - } - - // The following code is UTF-8 transparent as it only looks for some - // specific characters (backslash and 0..7) with values < utf8.RuneSelf, - // and everything else is passed through as is. - buf := make([]byte, len(path)) - bufLen := 0 - for i := 0; i < len(path); i++ { - if path[i] != '\\' { - buf[bufLen] = path[i] - bufLen++ - continue - } - s := path[i:] - if len(s) < 4 { - // too short - return "", fmt.Errorf("bad escape sequence %q: too short", s) - } - c := s[1] - switch c { - case '0', '1', '2', '3', '4', '5', '6', '7': - v := c - '0' - for j := 2; j < 4; j++ { // one digit already; two more - if s[j] < '0' || s[j] > '7' { - return "", fmt.Errorf("bad escape sequence %q: not a digit", s[:3]) - } - x := s[j] - '0' - v = (v << 3) | x - } - if v > 255 { - return "", fmt.Errorf("bad escape sequence %q: out of range" + s[:3]) - } - buf[bufLen] = v - bufLen++ - i += 3 - continue - default: - return "", fmt.Errorf("bad escape sequence %q: not a digit" + s[:3]) - - } - } - - return string(buf[:bufLen]), nil -} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go deleted file mode 100644 index 95769a76dadb..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go +++ /dev/null @@ -1,19 +0,0 @@ -//go:build (!windows && !linux && !freebsd && !openbsd && !darwin) || (freebsd && !cgo) || (openbsd && !cgo) || (darwin && !cgo) -// +build !windows,!linux,!freebsd,!openbsd,!darwin freebsd,!cgo openbsd,!cgo darwin,!cgo - -package mountinfo - -import ( - "fmt" - "runtime" -) - -var errNotImplemented = fmt.Errorf("not implemented on %s/%s", runtime.GOOS, runtime.GOARCH) - -func parseMountTable(_ FilterFunc) ([]*Info, error) { - return nil, errNotImplemented -} - -func mounted(path string) (bool, error) { - return false, errNotImplemented -} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go deleted file mode 100644 index 13fad165e5d3..000000000000 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go +++ /dev/null @@ -1,10 +0,0 @@ -package mountinfo - -func parseMountTable(_ FilterFunc) ([]*Info, error) { - // Do NOT return an error! - return nil, nil -} - -func mounted(_ string) (bool, error) { - return false, nil -} diff --git a/vendor/modules.txt b/vendor/modules.txt index e3f2555e109a..dcf07cb18e1c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,7 +98,7 @@ github.com/davecgh/go-spew/spew ## explicit; go 1.15 github.com/distribution/distribution/v3/digestset github.com/distribution/distribution/v3/reference -# github.com/docker/cli v20.10.14+incompatible => github.com/docker/cli v20.10.3-0.20220226190722-8667ccd1124c+incompatible +# github.com/docker/cli v20.10.14+incompatible => github.com/thaJeztah/cli v0.0.0-20220721161612-049811fef043 ## explicit github.com/docker/cli/cli github.com/docker/cli/cli-plugins/manager @@ -145,7 +145,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible +# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20220326171151-8941dcfcc5db+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types @@ -179,7 +179,6 @@ github.com/docker/docker/pkg/stringid github.com/docker/docker/pkg/system github.com/docker/docker/pkg/urlutil github.com/docker/docker/registry -github.com/docker/docker/rootless # github.com/docker/docker-credential-helpers v0.6.4 ## explicit; go 1.13 github.com/docker/docker-credential-helpers/client @@ -404,12 +403,6 @@ github.com/moby/locker ## explicit; go 1.13 github.com/moby/spdystream github.com/moby/spdystream/spdy -# github.com/moby/sys/mount v0.3.0 -## explicit; go 1.16 -github.com/moby/sys/mount -# github.com/moby/sys/mountinfo v0.6.0 -## explicit; go 1.16 -github.com/moby/sys/mountinfo # github.com/moby/sys/signal v0.6.0 ## explicit; go 1.16 github.com/moby/sys/signal @@ -992,8 +985,8 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.2.0 ## explicit; go 1.12 sigs.k8s.io/yaml -# github.com/docker/cli => github.com/docker/cli v20.10.3-0.20220226190722-8667ccd1124c+incompatible -# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible +# github.com/docker/cli => github.com/thaJeztah/cli v0.0.0-20220721161612-049811fef043 +# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220326171151-8941dcfcc5db+incompatible # k8s.io/api => k8s.io/api v0.22.4 # k8s.io/apimachinery => k8s.io/apimachinery v0.22.4 # k8s.io/client-go => k8s.io/client-go v0.22.4