vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev)

full diff: 032797ea4b...06499c52e2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor/github.com/docker/docker/client/client.go

@@ -56,6 +56,8 @@ import (
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/go-connections/sockets"
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+	"go.opentelemetry.io/otel/trace"
 )
 
 // DummyHost is a hostname used for local communication.
@@ -123,6 +125,12 @@ type Client struct {
 
 	// negotiated indicates that API version negotiation took place
 	negotiated bool
+
+	tp trace.TracerProvider
+
+	// When the client transport is an *http.Transport (default) we need to do some extra things (like closing idle connections).
+	// Store the original transport as the http.Client transport will be wrapped with tracing libs.
+	baseTransport *http.Transport
 }
 
 // ErrRedirect is the error returned by checkRedirect when the request is non-GET.
@@ -188,6 +196,12 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 		}
 	}
 
+	if tr, ok := c.client.Transport.(*http.Transport); ok {
+		// Store the base transport before we wrap it in tracing libs below
+		// This is used, as an example, to close idle connections when the client is closed
+		c.baseTransport = tr
+	}
+
 	if c.scheme == "" {
 		// TODO(stevvooe): This isn't really the right way to write clients in Go.
 		// `NewClient` should probably only take an `*http.Client` and work from there.
@@ -201,9 +215,24 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 		}
 	}
 
+	c.client.Transport = otelhttp.NewTransport(
+		c.client.Transport,
+		otelhttp.WithTracerProvider(c.tp),
+		otelhttp.WithSpanNameFormatter(func(_ string, req *http.Request) string {
+			return req.Method + " " + req.URL.Path
+		}),
+	)
+
 	return c, nil
 }
 
+func (cli *Client) tlsConfig() *tls.Config {
+	if cli.baseTransport == nil {
+		return nil
+	}
+	return cli.baseTransport.TLSClientConfig
+}
+
 func defaultHTTPClient(hostURL *url.URL) (*http.Client, error) {
 	transport := &http.Transport{}
 	err := sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
@@ -216,20 +245,11 @@ func defaultHTTPClient(hostURL *url.URL) (*http.Client, error) {
 	}, nil
 }
 
-// tlsConfig returns the TLS configuration from the client's transport.
-// It returns nil if the transport is not a [http.Transport], or if no
-// TLSClientConfig is set.
-func (cli *Client) tlsConfig() *tls.Config {
-	if tr, ok := cli.client.Transport.(*http.Transport); ok {
-		return tr.TLSClientConfig
-	}
-	return nil
-}
-
 // Close the transport used by the client
 func (cli *Client) Close() error {
-	if t, ok := cli.client.Transport.(*http.Transport); ok {
-		t.CloseIdleConnections()
+	if cli.baseTransport != nil {
+		cli.baseTransport.CloseIdleConnections()
+		return nil
 	}
 	return nil
 }
@@ -356,6 +376,20 @@ func ParseHostURL(host string) (*url.URL, error) {
 	}, nil
 }
 
+func (cli *Client) dialerFromTransport() func(context.Context, string, string) (net.Conn, error) {
+	if cli.baseTransport == nil || cli.baseTransport.DialContext == nil {
+		return nil
+	}
+
+	if cli.baseTransport.TLSClientConfig != nil {
+		// When using a tls config we don't use the configured dialer but instead a fallback dialer...
+		// Note: It seems like this should use the normal dialer and wrap the returned net.Conn in a tls.Conn
+		// I honestly don't know why it doesn't do that, but it doesn't and such a change is entirely unrelated to the change in this commit.
+		return nil
+	}
+	return cli.baseTransport.DialContext
+}
+
 // Dialer returns a dialer for a raw stream connection, with an HTTP/1.1 header,
 // that can be used for proxying the daemon connection. It is used by
 // ["docker dial-stdio"].
@@ -363,10 +397,8 @@ func ParseHostURL(host string) (*url.URL, error) {
 // ["docker dial-stdio"]: https://github.com/docker/cli/pull/1014
 func (cli *Client) Dialer() func(context.Context) (net.Conn, error) {
 	return func(ctx context.Context) (net.Conn, error) {
-		if transport, ok := cli.client.Transport.(*http.Transport); ok {
-			if transport.DialContext != nil && transport.TLSClientConfig == nil {
-				return transport.DialContext(ctx, cli.proto, cli.addr)
-			}
+		if dialFn := cli.dialerFromTransport(); dialFn != nil {
+			return dialFn(ctx, cli.proto, cli.addr)
 		}
 		switch cli.proto {
 		case "unix":

vendor/github.com/docker/docker/client/hijack.go

@@ -13,6 +13,11 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/propagation"
+	semconv "go.opentelemetry.io/otel/semconv/v1.7.0"
+	"go.opentelemetry.io/otel/trace"
 )
 
 // postHijacked sends a POST request and hijacks the connection.
@@ -45,11 +50,32 @@ func (cli *Client) DialHijack(ctx context.Context, url, proto string, meta map[s
 	return conn, err
 }
 
-func (cli *Client) setupHijackConn(req *http.Request, proto string) (net.Conn, string, error) {
+func (cli *Client) setupHijackConn(req *http.Request, proto string) (_ net.Conn, _ string, retErr error) {
 	ctx := req.Context()
 	req.Header.Set("Connection", "Upgrade")
 	req.Header.Set("Upgrade", proto)
 
+	// We aren't using the configured RoundTripper here so manually inject the trace context
+	tp := cli.tp
+	if tp == nil {
+		if span := trace.SpanFromContext(ctx); span.SpanContext().IsValid() {
+			tp = span.TracerProvider()
+		} else {
+			tp = otel.GetTracerProvider()
+		}
+	}
+
+	ctx, span := tp.Tracer("").Start(ctx, req.Method+" "+req.URL.Path)
+	span.SetAttributes(semconv.HTTPClientAttributesFromHTTPRequest(req)...)
+	defer func() {
+		if retErr != nil {
+			span.RecordError(retErr)
+			span.SetStatus(codes.Error, retErr.Error())
+		}
+		span.End()
+	}()
+	otel.GetTextMapPropagator().Inject(ctx, propagation.HeaderCarrier(req.Header))
+
 	dialer := cli.Dialer()
 	conn, err := dialer(ctx)
 	if err != nil {
@@ -71,6 +97,9 @@ func (cli *Client) setupHijackConn(req *http.Request, proto string) (net.Conn, s
 
 	// Server hijacks the connection, error 'connection closed' expected
 	resp, err := clientconn.Do(req)
+	if resp != nil {
+		span.SetStatus(semconv.SpanStatusFromHTTPStatusCode(resp.StatusCode))
+	}
 
 	//nolint:staticcheck // ignore SA1019 for connecting to old (pre go1.8) daemons
 	if err != httputil.ErrPersistEOF {

vendor/github.com/docker/docker/client/options.go

@@ -11,6 +11,7 @@ import (
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/otel/trace"
 )
 
 // Opt is a configuration option to initialize a [Client].
@@ -221,3 +222,12 @@ func WithAPIVersionNegotiation() Opt {
 		return nil
 	}
 }
+
+// WithTraceProvider sets the trace provider for the client.
+// If this is not set then the global trace provider will be used.
+func WithTraceProvider(provider trace.TracerProvider) Opt {
+	return func(c *Client) error {
+		c.tp = provider
+		return nil
+	}
+}

vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go

@@ -10,17 +10,11 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strconv"
-	"sync"
 	"syscall"
 
 	"github.com/opencontainers/runc/libcontainer/user"
 )
 
-var (
-	entOnce   sync.Once
-	getentCmd string
-)
-
 func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting bool) error {
 	path, err := filepath.Abs(path)
 	if err != nil {
@@ -161,10 +155,10 @@ func getentGroup(name string) (user.Group, error) {
 }
 
 func callGetent(database, key string) (io.Reader, error) {
-	entOnce.Do(func() { getentCmd, _ = resolveBinary("getent") })
-	// if no `getent` command on host, can't do anything else
-	if getentCmd == "" {
-		return nil, fmt.Errorf("unable to find getent command")
+	getentCmd, err := resolveBinary("getent")
+	// if no `getent` command within the execution environment, can't do anything else
+	if err != nil {
+		return nil, fmt.Errorf("unable to find getent command: %w", err)
 	}
 	command := exec.Command(getentCmd, database, key)
 	// we run getent within container filesystem, but without /dev so /dev/null is not available for exec to mock stdin

vendor/github.com/docker/docker/pkg/system/errors.go

@@ -1,13 +1,6 @@
 package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"errors"
-)
+import "errors"
 
-var (
-	// ErrNotSupportedPlatform means the platform is not supported.
-	ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
-
-	// ErrNotSupportedOperatingSystem means the operating system is not supported.
-	ErrNotSupportedOperatingSystem = errors.New("operating system is not supported")
-)
+// ErrNotSupportedPlatform means the platform is not supported.
+var ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")

vendor/github.com/docker/docker/pkg/system/image_os.go

@@ -1,10 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-import (
-	"runtime"
-	"strings"
-)
-
-// IsOSSupported determines if an operating system is supported by the host.
-func IsOSSupported(os string) bool {
-	return strings.EqualFold(runtime.GOOS, os)
-}

vendor/github.com/docker/docker/pkg/system/image_os_deprecated.go

@@ -0,0 +1,19 @@
+package system
+
+import (
+	"errors"
+	"runtime"
+	"strings"
+)
+
+// ErrNotSupportedOperatingSystem means the operating system is not supported.
+//
+// Deprecated: use [github.com/docker/docker/image.CheckOS] and check the error returned.
+var ErrNotSupportedOperatingSystem = errors.New("operating system is not supported")
+
+// IsOSSupported determines if an operating system is supported by the host.
+//
+// Deprecated: use [github.com/docker/docker/image.CheckOS] and check the error returned.
+func IsOSSupported(os string) bool {
+	return strings.EqualFold(runtime.GOOS, os)
+}