Docker CLI - August Mirror #3
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Based on the security policy in the Moby repository (with the name of the project changed, and a link to to the Moby documentation for maintained branches). Signed-off-by: Sebastiaan van Stijn <[email protected]>
Test "--device-read-bps" "--device-write-bps" will fail. The root cause is that GetList helper return empty as its local variable initialized to zero size. This patch fix it by setting the related slice size to non-zero. Signed-off-by: Jianyong Wu <[email protected]> Fixes: #5321
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.13+label%3ACherryPickApproved - full diff: golang/go@go1.21.12...go1.21.13 go1.21.13 (released 2024-08-06) includes fixes to the go command, the covdata command, and the bytes package. See the [Go 1.21.13 milestone](https://github.com/golang/go/issues?q=milestone%3AGo1.21.13+label%3ACherryPickApproved) on our issue tracker for details. Signed-off-by: Paweł Gronowski <[email protected]>
update to go1.21.13
Signed-off-by: Laura Brehm <[email protected]>
plugins: don't panic on Close if PluginServer nil
full diff: moby/moby@2b1097f...f3cf935 Signed-off-by: Paweł Gronowski <[email protected]>
add security policy
vendor: github.com/docker/docker master (f3cf9359bdf6)
removes (indirect) dependencie on the moby/sys/user/userns package, which was retracted and moved to moby/sys/userns - full diff: moby/moby@f3cf935...2269acc Signed-off-by: Sebastiaan van Stijn <[email protected]>
vendor: github.com/docker/docker 2269acc7a31d (master, v-next)
Signed-off-by: David Karlsson <[email protected]>
docs: fix link to http proxy document
run: fix GetList return empty issue for throttledevice
Signed-off-by: David Karlsson <[email protected]>
docs: update internal links after refactor
avoided the join, also did manual iteration added test, also added reflect for the DeepEqual comparison Signed-off-by: Archimedes Trajano <[email protected]>
disable pseudoterminal creation
…sure The addSSHTimeout and disablePseudoTerminalAllocation were added in commits a5ebe22 and f3c2c26, and called inside the Dialer function, which means they're called every time the Dialer is called. Given that the sshFlags slice is not mutated by the Dialer, we can call these functions once. Signed-off-by: Sebastiaan van Stijn <[email protected]>
cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure
Signed-off-by: David Karlsson <[email protected]>
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow) login flow when authenticating against the official registry. This is achieved by adding `cli/internal/oauth`, which contains code to manage interacting with the Docker OAuth tenant (`login.docker.com`), including launching the device-code flow, refreshing access using the refresh-token, and logging out. The `OAuthManager` introduced here is also made available through the `command.Cli` interface method `OAuthManager()`. In order to maintain compatibility with any clients manually accessing the credentials through `~/.docker/config.json` or via credential helpers, the added `OAuthManager` uses the retrieved access token to automatically generate a PAT with Hub, and store that in the credentials. Signed-off-by: Laura Brehm <[email protected]>
Signed-off-by: Laura Brehm <[email protected]>
Signed-off-by: Laura Brehm <[email protected]>
Signed-off-by: Laura Brehm <[email protected]>
Signed-off-by: Laura Brehm <[email protected]>
auth: add support for oauth device-code login
Signed-off-by: David Karlsson <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
image/list: Add `--tree` flag
Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: Paweł Gronowski <[email protected]>
list/tree: Print <untagged> as dangling image name
Don't output the extra spacing around the images when none of the top-level image entries has any children. This makes the list look better when ran against the graphdrivers image store. Signed-off-by: Paweł Gronowski <[email protected]>
list/tree: No extra spacing for graphdriver
docs: update link to moved build context doc
Signed-off-by: Laura Brehm <[email protected]>
Engine API reference page is moving to /reference/api/engine Signed-off-by: David Karlsson <[email protected]>
Signed-off-by: Laura Brehm <[email protected]>
login: add oauth escape hatch
On `docker ps`, port bindings with an IPv6 HostIP should have their addresses put into brackets when joining them to their ports. RFC 3986 (Section 3.2.2) stipulates that IPv6 addresses should be enclosed within square brackets. This RFC is only about URIs. However, doing so here helps user identifier what's part of the IP address and what's the port. It also makes it easier to copy/paste that '[addr]:port' into other software (including browsers). Signed-off-by: Albin Kerouanton <[email protected]>
cli/formatter: bracket IPv6 addrs prepended to ports
docs: use gh alert syntax for callouts
chore: update link to docker engine api reference
cli/command/system/info.go:375:5: S1009: should omit nil check; len() for []github.com/docker/docker/api/types/system.NetworkAddressPool is defined as zero (gosimple)
if info.DefaultAddressPools != nil && len(info.DefaultAddressPools) > 0 {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
cli/command/utils.go:225:29: printf: non-constant format string in call to github.com/pkg/errors.Wrapf (govet)
return errors.Wrapf(err, fmt.Sprintf("invalid output path: %q must be a directory or a regular file", path))
^
cli/command/manifest/cmd.go:21:33: printf: non-constant format string in call to fmt.Fprintf (govet)
fmt.Fprintf(dockerCli.Err(), "\n"+cmd.UsageString())
^
cli/command/service/remove.go:45:24: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
return errors.Errorf(strings.Join(errs, "\n"))
^
cli/command/service/scale.go:93:23: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
return errors.Errorf(strings.Join(errs, "\n"))
^
cli/command/stack/swarm/remove.go:74:24: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
return errors.Errorf(strings.Join(errs, "\n"))
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
e2e/global/cli_test.go:217:28: printf: non-constant format string in call to gotest.tools/v3/poll.Continue (govet)
return poll.Continue(err.Error())
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
cli/required.go:33:22: param min has same name as predeclared identifier (predeclared)
func RequiresMinArgs(min int) cobra.PositionalArgs {
^
cli/required.go:50:22: param max has same name as predeclared identifier (predeclared)
func RequiresMaxArgs(max int) cobra.PositionalArgs {
^
cli/required.go:67:24: param min has same name as predeclared identifier (predeclared)
func RequiresRangeArgs(min int, max int) cobra.PositionalArgs {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Fix linting issues in preparation of Go and GolangCI-lint update
This reverts commit e662467. Since e662467, during login, we started normalizing `registry-1.docker.io` to `index.docker.io`. This means that if a user logs in with `docker login -u [username] registry-1.docker.io`, the user's credentials get stored in credhelpers/config.json under `https://index.docker.io/v1/`. However, while the registry code normalizes an image reference without registry (`docker pull alpine:latest`) and image references explicitly for `index.docker.io` (`docker pull index.docker.io/library/alpine:latest`) to the official index server (`https://index.docker.io/v1/`), and fetches credentials for that auth key, it does not normalize `registry-1.docker.io`, which means pulling explicitly from there (`docker pull registry-1.docker.io/alpine:latest`) will not use credentials stored under `https://index.docker.io/v1/`. As such, until changes are made to the registry/pull/push code to normalize `registry-1.docker.io` to `https://index.docker.io/v1/`, we should not normalize this during login. Signed-off-by: Laura Brehm <[email protected]>
Revert "login: normalize `registry-1.docker.io`"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)