Add a new Engine API endpoint that returns the in-toto attestation
statements attached to an image for a given platform. The endpoint
locates the attestation manifest(s) referencing the requested platform's
image manifest, enumerates the statement layers, and returns each
layer's OCI descriptor (including media type, digest, size, and
annotations) together with its in-toto predicate type.
Query parameters:
- platform: JSON-encoded OCI platform; defaults to the daemon's host
platform if omitted.
- type: comma-separated list of in-toto predicate type URIs; if
omitted, all statements are returned.
- statement: boolean, defaults to false. When true, the daemon reads
each matching statement blob and includes the verbatim in-toto JSON
in the response. When false (or omitted), statement blobs are not
read and the Statement field is absent from each entry.
The manifest-chain walk (locating the platform image manifest and its
associated attestation manifest) is delegated to policy-helpers'
image.ResolveSignatureChain so that moby and BuildKit agree on how to
interpret the attestation storage format. The statement-layer iteration
and blob reading is inlined: when statement bodies are requested it
fails fast on the first unreadable blob and reads matching blobs
eagerly into memory; otherwise statement-layer blobs are never read
from the content store.
The endpoint is implemented for the containerd image store. The legacy
graphdriver store returns errdefs.NotImplemented (HTTP 501).
Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>
commit 4c24542e95 changed `PortRange.All()`
to omit zero values for ports, but this caused a regression; the zero-value
is used in some places to assign an ephemeral port, e.g.: `--port 80` is an
implicit `--port 0:80`, or `--port <ephemeral port>:80`, where the daemon
picks a random port number from the ephemeral port range as host-port.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Call out that users should check if the port/port-range is valid
before consuming the value returned by String().
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This brings back the Port() method that was defined on the nat.Port type,
which was used in many places to (e.g.) do a network.JoinHostPort.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a `MediaType` pseudo-type to help discoverability of mediatypes
we use, and slightly touch up the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a compare function that can be used for slices.SortFunc to have
a canonical definition of sorting.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Pull request 50956 (88adc28731) updated
various types in the API module from a string to a `netip.Prefix` or
`netip.Addr`. A side-effect of this was that zero values would no longer
be omitted, and instead marshaled as an empty string;
package main
import (
"encoding/json"
"fmt"
"net/netip"
)
type Foo struct {
OmitEmpty netip.Prefix `json:",omitempty"`
OmitZero netip.Prefix `json:",omitzero"`
}
func main() {
out, _ := json.Marshal(Foo{})
fmt.Println(string(out))
}
The above produces `{"OmitEmpty":""}`, not omitting the empty address.
This patch;
- updates most types to use `omitzero` instead of `omitempty`.
- adds explicit `json` names to fields.
There's one type remaining that uses `omitzero`, but it's generated by
go-swagger, which currently doesn't support `omitzero`; the `PortSummary.IP`;
335f60509f/api/types/container/port_summary.go (L12-L20)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
types/swarm/task.go:151:2: structtag: struct field tag `json:MemorySwappiness,omitzero"` not compatible with reflect.StructTag.Get: bad syntax for struct tag value (govet)
MemorySwappiness *int64 `json:MemorySwappiness,omitzero"`
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These fields have been removed from the API specification, and the struct
was only needed to produce legacy responses (server), or to unmarshal
legacy responses in the client.
As the API module only provides API definitions for the current API version,
we should remove these legacy structs, and keep them internal to the daemon
and client.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change adds type specific fields to `GET /system/df` endpoint with high level information of disk usage. This change also introduces `verbose` query to the endpoint so that detailed information is by default excluded unless queried to reduce memory consumption. The previous top level `DiskUsage` fields (`Images`, `Containers`, `Volumes` and `BuildCache`) are now deprecated and kept for backwards compatibility.
Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
This type was used as Aux message for docker push, was not documented,
and only present for Docker Content Trust (which is deprecated).
This patch removes it from the API module, and moves the type internal.
We can stop sending this Aux message once DCT is fully phased out.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make invalid states unrepresentable by moving away from stringly-typed
MAC address values in API structs. As go.dev/issue/29678 has not yet
been implemented, provide our own HardwareAddr byte-slice type which
implements TextMarshaler and TextUnmarshaler to retain compatibility
with the API wire format.
When stdlib's net.HardwareAddr type implements TextMarshaler and
TextUnmarshaler and GODEBUG=netmarshal becomes the default, we should be
able to make the type a straight alias for stdlib net.HardwareAddr as a
non-breaking change.
Signed-off-by: Cory Snider <csnider@mirantis.com>
