We can return early without executing the regular expression or evaluating
the template for `--format=json` or `--format='{{json .}}'`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Same functionality, but implemented with atomicwriter. There's a slight
difference in error-messages produced (but can be adjusted if we want).
Before:
docker container export -o ./no/such/foo mycontainer
failed to export container: invalid output path: directory "no/such" does not exist
docker container export -o /no/permissions mycontainer
failed to export container: stat /no/permissions: permission denied
After:
docker container export -o ./no/such/foo mycontainer
failed to export container: invalid file path: stat no/such: no such file or directory
docker container export -o /no/permissions mycontainer
failed to export container: failed to stat output path: lstat /no/permissions: permission denied
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Same functionality, but implemented with atomicwriter. There's a slight
difference in error-messages produced (but can be adjusted if we want).
Before:
docker image save -o ./no/such/foo busybox:latest
failed to save image: invalid output path: directory "no/such" does not exist
docker image save -o /no/permissions busybox:latest
failed to save image: stat /no/permissions: permission denied
After:
docker image save -o ./no/such/foo busybox:latest
failed to save image: invalid file path: stat no/such: no such file or directory
docker image save -o /no/permissions busybox:latest
failed to save image: failed to stat output path: lstat /no/permissions: permission denied
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gotest.tools' fs package only provides very minimal benefits here;
use stdlib functions to make things slightly more transparent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Assert that the write succeeded; also changing `Fprintf` to `Fprint`,
because we were not using templating (we should check why no linter
complained about this).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test verifies the default behavior, but when running the test
in an environment that already has a ~/.docker/config.json present,
it may fail.
This patch updates the test to configure the config-directory to
point to an empty directory, making sure it's not affected by
state.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In most situations, the CLI is created through the `NewDockerCli` constructor,
however, it's possible to construct a CLI manually (`&DockerCli{}`). We
should probably prevent this (and un-export the `DockerCli` implementation),
but currently have some code-paths that depend on the type being exported.
When constructing the CLI with this approach, the CLI would not be fully
initialized and not have the context-store configuration set up.
Using the default context store without a config set will result in Endpoints
from contexts not being type-mapped correctly, and used as a generic
`map[string]any`, instead of a [docker.EndpointMeta].
When looking up the API endpoint (using [EndpointFromContext]), no endpoint
will be found, and a default, empty endpoint will be used instead which in
its turn, causes [newAPIClientFromEndpoint] to be initialized with the default
config instead of settings for the current context (which may mean; connecting
with the wrong endpoint and/or TLS Config to be missing).
I'm not sure if this situation could happen in practice, but it caused some
of our unit-tests ([TestInitializeFromClient] among others) to fail when
running outside of the dev-container on a host that used Docker Desktop's
"desktop-linux" context. In that situation, the test would produce the wrong
"Ping" results (using defaults, instead of the results produced in the test).
This patch:
- updates the contextStoreConfig field to be a pointer, so that we are
able to detect if a config was already set.
- updates the `Initialize` function to set the default context-store config
if no config was found (technically the field is mostly immutable, and
can only set through `WithDefaultContextStoreConfig`, so this may be
slightly redundant).
We should update this code to be less error-prone to use; the combination
of an exported type (`DockerCli`), a constructor `NewDockerCli` and a
`Initialize` function (as well as some internal contructors to allow
lazy initialization) make constructing the "CLI" hard to use, and there's
various codepaths where it can be in a partially initialized state. The
same applies to the default context store, which also requires too much
"domain" knowledge to use properly.
I'm leaving improvements around that for a follow-up.
[EndpointFromContext]: 33494921b8/cli/context/docker/load.go (L139-L149)
[docker.EndpointMeta]: 33494921b8/cli/context/docker/load.go (L19-L21)
[newAPIClientFromEndpoint]: 33494921b8/cli/command/cli.go (L295-L305)
[TestInitializeFromClient]: 33494921b8/cli/command/cli_test.go (L157-L205)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing whether we could load a legacy config-file that
contained the "experimental" (experimental CLI) option. Experimental cli
options are disabled since 977d3ae046 (20.10),
and now enabled by default, but we should not fail to start the cli if the
config-file contains the option.
Move the test to the config package, as it doesn't need the cli for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This looks like a copy/paste from other tests, because this test
does not test anything related to docker content trust.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported in 812f113685
for use in other parts of the CLI, but it's now only used locally.
Make it internal again, as it was never designed to be exported. There
are no known external consumers of this function, but deprecating it
first, in case there are.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported in e43c7920ea
for use of "docker app", which is now deprecated. The signature of this
function also depended on a non-exported type, so it could not be used
externally.
Make it internal again, as it was never designed to be exported. There
are no known external consumers of this function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported in e43c7920ea
for use of "docker app", which is now deprecated. The signature of this
function also depended on a non-exported type so it could not be used
externally.
Make it internal again, as it was never designed to be exported. There
are no known external consumers of this function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's only used internally, and has no external consumers. Un-export
it, rename it to something more descriptive, and move it to a separate
file to align with other packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was introduced in 79141ce5eb, which
was reverted in f596202125, and re-applied
in the previous commit.
Before this patch, saving credentials worked correctly;
docker login -u thajeztah
Password:
Login Succeeded
cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "REDACTED"
}
}
}
But when resolving the credentials, the credentials stored would not be found;
docker pull -q thajeztah/private-test-image
Error response from daemon: pull access denied for thajeztah/private-test-image, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
With this patch applied:
docker pull -q thajeztah/private-test-image
docker.io/thajeztah/private-test-image:latest
Thanks to mtrmac (Miloslav Trmač) for spotting this mistake!
Suggested-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This reverts commit f596202125, and reapplies
79141ce5eb.
> cli/command: remove uses of GetAuthConfigKey, ParseRepositoryInfo
>
> Re-implement locally, based on the code in github.com/docker/docker/registry,
> but leaving out bits that are not used on the client-side, such as
> configuration of Mirrors, and configurable insecure-registry, which
> are not used on the client side.
This commit contains a regression due to a typo in `authConfigKey`;
const authConfigKey = "https:/index.docker.io/v1/"
Which is missing a `/` after the scheme.
Which currently fails the TestRetrieveAuthTokenFromImage test.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's currently slower because it calls registry.ParseRepositoryInfo,
which does a DNS lookup for hostnames to determine if they're a loopback
address (and marked "insecure");
go test -v -run TestRetrieveAuthTokenFromImage
=== RUN TestRetrieveAuthTokenFromImage
=== RUN TestRetrieveAuthTokenFromImage/no-prefix
=== RUN TestRetrieveAuthTokenFromImage/docker.io
=== RUN TestRetrieveAuthTokenFromImage/index.docker.io
=== RUN TestRetrieveAuthTokenFromImage/registry-1.docker.io
=== RUN TestRetrieveAuthTokenFromImage/registry.hub.docker.com
=== RUN TestRetrieveAuthTokenFromImage/[::1]
=== RUN TestRetrieveAuthTokenFromImage/[::1]:5000
=== RUN TestRetrieveAuthTokenFromImage/127.0.0.1
=== RUN TestRetrieveAuthTokenFromImage/localhost
=== RUN TestRetrieveAuthTokenFromImage/localhost:5000
=== RUN TestRetrieveAuthTokenFromImage/no-auth.example.com
--- PASS: TestRetrieveAuthTokenFromImage (0.35s)
--- PASS: TestRetrieveAuthTokenFromImage/no-prefix (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/docker.io (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/index.docker.io (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/registry-1.docker.io (0.08s)
--- PASS: TestRetrieveAuthTokenFromImage/registry.hub.docker.com (0.12s)
--- PASS: TestRetrieveAuthTokenFromImage/[::1] (0.13s)
--- PASS: TestRetrieveAuthTokenFromImage/[::1]:5000 (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/127.0.0.1 (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/localhost (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/localhost:5000 (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/no-auth.example.com (0.01s)
PASS
ok github.com/docker/cli/cli/command 1.367s
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "Service.Auth" pretended to return a message from the registry,
but the message returned is hard-coded in the registry package.
Remove its use to make this more transparent, and not to pretend
this is anything returned by the registry.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Restore part of the code removed by 966b44183f
that closed the stream. It's required now because the Run command won't
finish before the output stream was processed by the caller.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Fix a regression introduced by 30c4637f03
which made the `docker run` command produce potentially truncated
stdout/stderr output.
Previous implementation stopped the content streaming as soon as the
container exited which would potentially truncate a long outputs.
This change fixes the issue by only canceling the IO stream immediately
if neither stdout nor stderr is attached.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Cobra now defines a CompletionFunc for the same, so we can alias
it to that, and stop using our own definition.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- remove pruneFilters.Contains for checks, as this is already
handled by pruneFilters.ExactMatch.
- Update GoDoc to better describe the function's functionality
- Use a swtich instead of if/else.
This function should be moved to a separate package; possibly splitting
it out to a "Merge" function that accepts two filter.Args as argument.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used internally, and has no known external consumers.
It was deprecated in e37d814ce96b01393a400c081666ea1cca2eb8bd; this commit
removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used internally, and has no known external consumers.
It was deprecated in d80436021c21c26b492f0014511f13f41d8b42d9; this commit
removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used by "docker trust sign", and has no known external
consumers. It was deprecated in c6f456bc90574f4180f3b990e8a4e216485e35b7;
this commit removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method was a shallow wrapper around registryclient.NewRegistryClient but
due to its signature resulted in various dependencies becoming a dependency
of the "command" package. Consequence of this was that cli-plugins, which
need the cli/command package, would also get those dependencies. It is no
longer used, and was deprecated in 8ad07217dc.
This patch removes the RegistryClient method from the interface
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
