Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.
The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].
This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674
(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.
Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
Upstream-commit: 75c353f0ad73bd83ed18e92857dd99a103bb47e3
Component: engine
Because I like the name `system` better than `local` :)
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 867f432985d6b4a46c2f66225d70a4ffdb28d8a3
Component: engine
It actually adds nothing to queuing requests.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: ca5795cef810c85f101eb0aa3efe3ec8d756490b
Component: engine
This will prevent the api from trying to serve network requests in
systems where libnetwork is not enabled, returning 404 responses in any
case.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: eb982e7c00192c8306f9c420fb469f087c7b161d
Component: engine
We should not check if the mux framework internals work as expected in every handler.
The missing parameter error doesn't make sense from the user point of view.
This change initializes a proper vars context if the mux fails to do so and delegates
specific parameter error checks to the handlers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 389ce0aae6a303660e591ef80272322ac82854e2
Component: engine
Now we're start to serve early, but all Accept calls are intercepted by
listenbuffer or systemd socket.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 281a48d092fa84500c63b984ad45c59a06f301c4
Component: engine
* Moving Network Remote APIs out of experimental
* --net can now accept user created networks using network drivers/plugins
* Removed the experimental services concept and --default-network option
* Neccessary backend changes to accomodate multiple networks per container
* Integration Tests
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 2ab94e11a2a8499088a72ab27fd09e897d8c810a
Component: engine
W/o this PR the logs would show:
```
ERRO[0000] API listen on [::]:2375
ERRO[0000] API listen on /var/run/docker.sock
```
which is misleading since these aren't "errors" they're just informational.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: cc833c5e2bee651ee55378fbaa8302df60571400
Component: engine
It prevents occupying of those resources (ports, unix-sockets) by
containers.
Also fixed false-positive test for that case.
Fix#15912
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 5eda566f937dddef9d4267dd8b8b1d8c3e47b290
Component: engine
Implement basic interfaces to write custom routers that can be plugged
to the server. Remove server coupling with the daemon.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: da982cf5511814b6897244ecaa9c016f8800340a
Component: engine
This patch removes the internal context package and uses golang's
package instead.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 94e3b0f4288cdff767817b751e9a318e665ea7ac
Component: engine
Although having a request ID available throughout the codebase is very
valuable, the impact of requiring a Context as an argument to every
function in the codepath of an API request, is too significant and was
not properly understood at the time of the review.
Furthermore, mixing API-layer code with non-API-layer code makes the
latter usable only by API-layer code (one that has a notion of Context).
This reverts commit de4164043546d2b9ee3bf323dbc41f4979c84480, reversing
changes made to 7daeecd42d7bb112bfe01532c8c9a962bb0c7967.
Signed-off-by: Tibor Vass <tibor@docker.com>
Conflicts:
api/server/container.go
builder/internals.go
daemon/container_unix.go
daemon/create.go
Upstream-commit: b08f071e18043abe8ce15f56826d38dd26bedb78
Component: engine
This reverts commit ff92f45be49146cd7ac7716c36d89de989cb262e, reversing
changes made to 80e31df3b6fdf6c1fbd6a5d0aceb0a148066508c.
Reverting to make the next revert easier.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 79c31f4b13d331d4011b2975a96dcdeab2036865
Component: engine
Avoid creating a global context object that will be used while the daemon is running.
Not only this object won't ever be garbage collected, but it won't ever be used for anything else than creating other contexts in each request. I think it's a bad practive to have something like this sprawling aroud the code.
This change removes that global object and initializes a context in the cases we don't have already one, like shutting down the server.
This also removes a bunch of context arguments from functions that did nothing with it.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 27c76522dea91ec585f0b5f0ae1fec8c255b7b22
Component: engine
This PR adds a "request ID" to each event generated, the 'docker events'
stream now looks like this:
```
2015-09-10T15:02:50.000000000-07:00 [reqid: c01e3534ddca] de7c5d4ca927253cf4e978ee9c4545161e406e9b5a14617efb52c658b249174a: (from ubuntu) create
```
Note the `[reqID: c01e3534ddca]` part, that's new.
Each HTTP request will generate its own unique ID. So, if you do a
`docker build` you'll see a series of events all with the same reqID.
This allow for log processing tools to determine which events are all related
to the same http request.
I didn't propigate the context to all possible funcs in the daemon,
I decided to just do the ones that needed it in order to get the reqID
into the events. I'd like to have people review this direction first, and
if we're ok with it then I'll make sure we're consistent about when
we pass around the context - IOW, make sure that all funcs at the same level
have a context passed in even if they don't call the log funcs - this will
ensure we're consistent w/o passing it around for all calls unnecessarily.
ping @icecrime @calavera @crosbymichael
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 26b1064967d9fcefd4c35f60e96bf6d7c9a3b5f8
Component: engine
It defines global middlewares for every request.
This makes the server slightly more composable.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 0fea04d27ee91d7b57e0a77b110db1c861768c74
Component: engine
This is the first step in converting out static strings into well-defined
error types. This shows just a few examples of it to get a feel for how things
will look. Once we agree on the basic outline we can then work on converting
the rest of the code over.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 628b9a41b09fde3ce1493f7d4f1495b9afaa506c
Component: engine
This defines a 'context' object that is passed to each API handler.
Right now the context just has a unique 'requestID' for each API call.
The next steps would be:
- use this 'requestID' in our logging.
- determine the best way to format the logging to include this info.
In particular for log events that generate multiple entries in the log
we can use the requestID to help correlate the log entries.
Adding the requestID to the logging will be a challenge since it could mean
changing every single logrus.XXX() call to pass in the 'context' object.
But first step is to agree on a format, which we can discus in a subsequent
PR, but my initial thoughts are to add it right after the timestamp:
current format:
INFO[0039] POST /v1.21/build?buildargs=%7B%22foo%22%3A%22xxx%22%7D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=&ulimits=null
proposed format:
INFO[0039-83dea1222191] POST /v1.21/build?buildargs=%7B%22foo%22%3A%22xxx%22%7D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=&ulimits=null
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 8b454dd79e6a11c3c881f8a755423713c0491287
Component: engine
This route was deprecated more than two years ago in the linked
commit[1]. It's not referenced anywhere in the documentation and it's
time to stop maintaning it.
[1]: 4f9443927e
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: b5cc077864665290456c5ec724427c1f0d7bc96b
Component: engine
Add HEAD to Access-Control-Allow-Methods.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 354a2e105d26a310501891e6c097eacfd037d8c6
Component: engine
Expand the godoc documentation for the graph package.
Centralize DefaultTag in the graphs/tag package instead of defining it
twice.
Remove some unnecessary "config" structs that are only used to pass
a few parameters to a function.
Simplify the GetParentsSize function - there's no reason for it to take
an accumulator argument.
Unexport some functions that aren't needed outside the package.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: d4836cd7ec1c085c5a5caa7eb7f5eda4ace10eb6
Component: engine
Return an error when the container is stopped only in api versions
equal or greater than 1.20 (docker 1.8).
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 621e3d8587bbee86b4e36d0b7822662bfbedd76c
Component: engine
/images/search was replying with Content-Type text/plain instead
of application/json.
Fix#14846
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Upstream-commit: 1a5d6a94c9e4c099354d9125ea857f6277eca0b7
Component: engine
Implement new reader interface on jsonfile.
Moves jsonlog decoding from daemon to jsonfile logger.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: c0391bf5545afef5e675138556c39e4c0e9bf91b
Component: engine
Keep old hashes around for old api version calls.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 1c3cb2d31ea722e2c174bf78eda62fec6949fb8b
Component: engine
Adds http handlers for new API endpoints:
GET ContainersArchivePath
Return a Tar Archive of the contents at the specified location in a
container. Deprecates POST ContainersCopy. Use a HEAD request to stat
the resource.
PUT ContainersExtractToDir
Extract the Tar Archive from the request body to the directory at the
specified location inside a container.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: db9cc91a9ef7dea4c8d85f64578889cec3dd99b2
Component: engine
