Commit Graph

1141 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
cb3ec99b16 Merge pull request #40491 from thaJeztah/remove_deprecated_filters_opt
API: remove deprecated "filter" parameter for API v1.41 and up
2020-02-11 11:22:44 +01:00
Sebastiaan van Stijn
9f0b3f5609 bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Sebastiaan van Stijn
4a1900915a API: remove deprecated "filter" parameter for API v1.41 and up
This query-parameter was deprecated in docker 1.13 in commit
820b809e70, and scheduled for
removal in docker 17.12, so we should remove it for the next
API version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 17:21:01 +01:00
Drew Erny
30d9fe30b1 Add swarm jobs
Adds support for ReplicatedJob and GlobalJob service modes. These modes
allow running service which execute tasks that exit upon success,
instead of daemon-type tasks.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2020-01-13 13:21:12 -06:00
Sebastiaan van Stijn
954d729ab8 Merge pull request #40079 from thaJeztah/cleanup_build
API: cleanup build endpoint code
2020-01-09 21:05:19 +01:00
Tibor Vass
a9416c67da Merge pull request #40259 from thaJeztah/more_constants
api/server/router: use consts for HTTP methods
2019-12-19 17:57:47 +01:00
Sebastiaan van Stijn
04203d13fb api/server: build: refactor for better readability
- construct the initial options as a literal
- move validation for windows up, and fail early
- move all API-version handling together

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-04 16:19:01 +01:00
Sebastiaan van Stijn
9709f6b95e api/server: build: use locally scoped variables
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-04 16:18:59 +01:00
Sebastiaan van Stijn
20e3b5ba2c api/types: minor BuilderVersion refactor
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-04 16:18:51 +01:00
Sebastiaan van Stijn
c9b2a3cff5 api: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:37:30 +01:00
Sebastiaan van Stijn
90aa0901da api/server/router: use consts for HTTP methods
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-26 21:55:29 +01:00
Justin Cormack
f681590a25 Merge pull request #40081 from thaJeztah/http_constants
Use http constants for HTTP methods and status codes
2019-10-17 11:30:26 -07:00
Drew Erny
f36042d259 Add support for sending down service Running and Desired task counts
Adds a new ServiceStatus field to the Service object, which includes the
running and desired task counts. This new field is gated behind a
"status" query parameter.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-10-14 10:43:00 -05:00
Sebastiaan van Stijn
93100adb69 api/server: use constants for http methods
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-13 17:30:19 +02:00
Tibor Vass
6ca3ec88ae builder: remove legacy build's session handling
This feature was used by docker build --stream and it was kept experimental.

Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-10-02 20:29:15 +00:00
Sebastiaan van Stijn
4e621a34ac api/server: explicitly ignore unhandled errors (errcheck)
```
api/server/router/build/build_routes.go:309:41: Error return value of `(*encoding/json.Decoder).Decode` is not checked (errcheck)
api/server/router/build/build_routes.go:431:11: Error return value of `io.Copy` is not checked (errcheck)
api/server/router/container/container_routes.go:582:13: Error return value of `conn.Write` is not checked (errcheck)
api/server/router/grpc/grpc_routes.go:38:12: Error return value of `conn.Write` is not checked (errcheck)
api/server/router/grpc/grpc_routes.go:39:12: Error return value of `resp.Write` is not checked (errcheck)
api/server/router/image/image_routes.go:94:15: Error return value of `output.Write` is not checked (errcheck)
api/server/router/image/image_routes.go:139:15: Error return value of `output.Write` is not checked (errcheck)
api/server/router/image/image_routes.go:164:15: Error return value of `output.Write` is not checked (errcheck)
api/server/router/image/image_routes.go:180:15: Error return value of `output.Write` is not checked (errcheck)
api/server/router/plugin/plugin_routes.go:126:15: Error return value of `output.Write` is not checked (errcheck)
api/server/router/plugin/plugin_routes.go:165:15: Error return value of `output.Write` is not checked (errcheck)
api/server/router/plugin/plugin_routes.go:273:15: Error return value of `output.Write` is not checked (errcheck)
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:57:46 +02:00
Sebastiaan van Stijn
0507c358d9 API: explicitely ignore unhandled errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:57:13 +02:00
Sebastiaan van Stijn
07ff4f1de8 goimports: fix imports
Format the source according to latest goimports.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:56:54 +02:00
Derek McGowan
2816ec7b00 Remove unused router swapper
The router swapper was previously used to toggle
a debug mode, that code has since been removed.
Now this router is unnecessary.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2019-09-04 13:50:03 -07:00
Sebastiaan van Stijn
f8a0f26843 DebugRequestMiddleware: Remove path handling
Path-specific rules were removed, so this is no longer used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 530e63c1a61b105a6f7fc143c5acb9b5cd87f958)
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-07-09 21:42:12 +00:00
Sebastiaan van Stijn
73db8c77bf DebugRequestMiddleware: unconditionally scrub data field
Commit 77b8465d7e added a secret update
endpoint to allow updating labels on existing secrets. However, when
implementing the endpoint, the DebugRequestMiddleware was not updated
to scrub the Data field (as is being done when creating a secret).

When updating a secret (to set labels), the Data field should be either
`nil` (not set), or contain the same value as the existing secret. In
situations where the Data field is set, and the `dockerd` daemon is
running with debugging enabled / log-level debug, the base64-encoded
value of the secret is printed to the daemon logs.

The docker cli does not have a `docker secret update` command, but
when using `docker stack deploy`, the docker cli sends the secret
data both when _creating_ a stack, and when _updating_ a stack, thus
leaking the secret data if the daemon runs with debug enabled:

1. Start the daemon in debug-mode

        dockerd --debug

2. Initialize swarm

        docker swarm init

3. Create a file containing a secret

        echo secret > my_secret.txt

4. Create a docker-compose file using that secret

        cat > docker-compose.yml <<'EOF'
        version: "3.3"
        services:
          web:
            image: nginx:alpine
            secrets:
              - my_secret
        secrets:
          my_secret:
            file: ./my_secret.txt
        EOF

5. Deploy the stack

        docker stack deploy -c docker-compose.yml test

6. Verify that the secret is scrubbed in the daemon logs

        DEBU[2019-07-01T22:36:08.170617400Z] Calling POST /v1.30/secrets/create
        DEBU[2019-07-01T22:36:08.171364900Z] form data: {"Data":"*****","Labels":{"com.docker.stack.namespace":"test"},"Name":"test_my_secret"}

7. Re-deploy the stack to trigger an "update"

        docker stack deploy -c docker-compose.yml test

8. Notice that this time, the Data field is not scrubbed, and the base64-encoded secret is logged

        DEBU[2019-07-01T22:37:35.828819400Z] Calling POST /v1.30/secrets/w3hgvwpzl8yooq5ctnyp71v52/update?version=34
        DEBU[2019-07-01T22:37:35.829993700Z] form data: {"Data":"c2VjcmV0Cg==","Labels":{"com.docker.stack.namespace":"test"},"Name":"test_my_secret"}

This patch modifies `maskSecretKeys` to unconditionally scrub `Data` fields.
Currently, only the `secrets` and `configs` endpoints use a field with this
name, and no other POST API endpoints use a data field, so scrubbing this
field unconditionally will only scrub requests for those endpoints.

If a new endpoint is added in future where this field should not be scrubbed,
we can re-introduce more fine-grained (path-specific) handling.

This patch introduces some change in behavior:

- In addition to secrets, requests to create or update _configs_ will
  now have their `Data` field scrubbed. Generally, the actual data should
  not be interesting for debugging, so likely will not be problematic.
  In addition, scrubbing this data for configs may actually be desirable,
  because (even though they are not explicitely designed for this purpose)
  configs may contain sensitive data (credentials inside a configuration
  file, e.g.).
- Requests that send key/value pairs as a "map" and that contain a
  key named "data", will see the value of that field scrubbed. This
  means that (e.g.) setting a `label` named `data` on a config, will
  scrub/mask the value of that label.
- Note that this is already the case for any label named `jointoken`,
  `password`, `secret`, `signingcakey`, or `unlockkey`.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c7ce4be93ae8edd2da62a588e01c67313a4aba0c)
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-07-09 21:42:12 +00:00
Sebastiaan van Stijn
ebb542b3f8 TestMaskSecretKeys: use subtests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 32d70c7e21631224674cd60021d3ec908c2d888c)
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-07-09 21:42:12 +00:00
Sebastiaan van Stijn
18dac2cf32 TestMaskSecretKeys: add more test-cases
Add tests for

- case-insensitive matching of fields
- recursive masking

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit db5f811216e70bcb4a10e477c1558d6c68f618c5)
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-07-09 21:42:12 +00:00
Sebastiaan van Stijn
c85fe2d224 Merge pull request #38522 from cpuguy83/fix_timers
Make sure timers are stopped after use.
2019-06-07 13:16:46 +02:00
Kirill Kolyshkin
1d5748d975 Merge pull request #39173 from olljanat/25885-capabilities-swarm
Add support for capabilities options in services
2019-06-06 15:03:46 -07:00
Tibor Vass
6104eb1ae2 build: fix panic when exporting to tar
Fixes a panic on `docker build -t foo -o - . >/dev/null`

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-03 22:34:15 +00:00
Olli Janatuinen
f787b235de Add support capabilities list on services
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2019-05-28 19:52:36 +03:00
Sebastiaan van Stijn
7bacd1d6dc Move CgroupnsMode feature to API v1.41
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 15:04:28 -07:00
Rob Gulewich
072400fc4b Make cgroup namespaces configurable
This adds both a daemon-wide flag and a container creation property:
- Set the `CgroupnsMode: "host|private"` HostConfig property at
  container creation time to control what cgroup namespace the container
  is created in
- Set the `--default-cgroupns-mode=host|private` daemon flag to control
  what cgroup namespace containers are created in by default
- Set the default if the daemon flag is unset to "host", for backward
  compatibility
- Default to CgroupnsMode: "host" for client versions < 1.40

Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-05-07 10:22:16 -07:00
Xiao YongBiao
372b9f769e Remove the "err == nil" because is always equal nil.
Signed-off-by: Xiao YongBiao <xyb4638@gmail.com>
2019-04-08 12:28:43 +08:00
Tibor Vass
05c5d20a2c grpc: register BuildKit controller to /grpc
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-02 19:57:59 +00:00
Tibor Vass
e8382ece65 api: add undocumented /grpc endpoint to talk to GRPC services
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-02 19:57:59 +00:00
Tõnis Tiigi
25661a3a04 Merge pull request #38793 from thaJeztah/pids_limit_improvements
Some refactoring on PidsLimit
2019-03-21 13:44:05 -07:00
Akihiro Suda
7fc0f820ea builder-next: fix squash
Tagger was not called for BuildKit-mode.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-21 01:08:55 +09:00
Sebastiaan van Stijn
e7b5f7dbe9 Merge pull request #38891 from thaJeztah/warn_manager_count
Return a warning when running in a two-manager setup
2019-03-19 22:54:53 +01:00
Tonis Tiigi
768c6d7b29 builder-next: allow outputs configuration
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-19 10:28:30 -07:00
Sebastiaan van Stijn
81eef17e38 Return a warning when running in a two-manager setup
Running a cluster in a two-manager configuration effectively *doubles*
the chance of loosing control over the cluster (compared to running
in a single-manager setup). Users may have the assumption that having
two managers provides fault tolerance, so it's best to warn them if
they're using this configuration.

This patch adds a warning to the `info` response if Swarm is configured
with two managers:

    WARNING: Running Swarm in a two-manager configuration. This configuration provides
             no fault tolerance, and poses a high risk to loose control over the cluster.
             Refer to https://docs.docker.com/engine/swarm/admin_guide/ to configure the
             Swarm for fault-tolerance.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-18 14:36:00 +01:00
Sebastiaan van Stijn
2a9c987e5a Move httputils error helpers to errdefs package
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-16 00:42:23 +01:00
Sebastiaan van Stijn
1af30c50ca Add httputils.FromStatusCode()
This utility allows a client to convert an API response
back to a typed error; allowing the client to perform
different actions based on the type of error, without
having to resort to string-matching the error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-16 00:39:48 +01:00
Sebastiaan van Stijn
ca0b64ee3b Merge pull request #35621 from kolyshkin/ipc-private
daemon: use 'private' ipc mode by default
2019-03-14 19:27:30 +01:00
Sebastiaan van Stijn
f73dd5fdad Revert "Adding builder version"
This reverts commit f821f002e5.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-14 00:18:46 +01:00
Vincent Demeester
46036c2308 Merge pull request #37534 from thaJeztah/fix-distribution-500
Fix error 500 on distribution endpoint
2019-03-13 08:29:16 +01:00
Sebastiaan van Stijn
ffa1728d4b Normalize values for pids-limit
- Don't set `PidsLimit` when creating a container and
  no limit was set (or the limit was set to "unlimited")
- Don't set `PidsLimit` if the host does not have pids-limit
  support (previously "unlimited" was set).
- Do not generate a warning if the host does not have pids-limit
  support, but pids-limit was set to unlimited (having no
  limit set, or the limit set to "unlimited" is equivalent,
  so no warning is nescessary in that case).
- When updating a container, convert `0`, and `-1` to
  "unlimited" (`0`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-13 00:27:05 +01:00
Kir Kolyshkin
596ca142e0 daemon: use 'private' ipc mode by default
This changes the default ipc mode of daemon/engine to be private,
meaning the containers will not have their /dev/shm bind-mounted
from the host by default. The benefits of doing this are:

 1. No leaked mounts. Eliminate a possibility to leak mounts into
    other namespaces (and therefore unfortunate errors like "Unable to
    remove filesystem for <ID>: remove /var/lib/docker/containers/<ID>/shm:
    device or resource busy").

 2. Working checkpoint/restore. Make `docker checkpoint`
    not lose the contents of `/dev/shm`, but save it to
    the dump, and be restored back upon `docker start --checkpoint`
    (currently it is lost -- while CRIU handles tmpfs mounts,
    the "shareable" mount is seen as external to container,
    and thus rightfully ignored).

3. Better security. Currently any container is opened to share
   its /dev/shm with any other container.

Obviously, this change will break the following usage scenario:

 $ docker run -d --name donor busybox top
 $ docker run --rm -it --ipc container:donor busybox sh
 Error response from daemon: linux spec namespaces: can't join IPC
 of container <ID>: non-shareable IPC (hint: use IpcMode:shareable
 for the donor container)

The soution, as hinted by the (amended) error message, is to
explicitly enable donor sharing by using --ipc shareable:

 $ docker run -d --name donor --ipc shareable busybox top

Compatibility notes:

1. This only applies to containers created _after_ this change.
   Existing containers are not affected and will work fine
   as their ipc mode is stored in HostConfig.

2. Old backward compatible behavior ("shareable" containers
   by default) can be enabled by either using
   `--default-ipc-mode shareable` daemon command line option,
   or by adding a `"default-ipc-mode": "shareable"`
   line in `/etc/docker/daemon.json` configuration file.

3. If an older client (API < 1.40) is used, a "shareable" container
   is created. A test to check that is added.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-03-09 18:57:42 -08:00
Kir Kolyshkin
ce7528ebdf postContainersCreate: minor nitpick
There are two if statements checking for exactly same conditions:

> if hostConfig != nil && versions.LessThan(version, "1.40")

Merge these.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-03-09 18:57:42 -08:00
Sebastiaan van Stijn
5861a0db22 Fix container update resetting pidslimit on older API clients
Older API clients did not use a pointer for `PidsLimit`, so
API requests would always send `0`, resulting in any previous
value to be reset after an update:

Before this patch:

(using a 17.06 Docker CLI):

```bash
docker run -dit --name test --pids-limit=16 busybox
docker container inspect --format '{{json .HostConfig.PidsLimit}}' test
16

docker container update --memory=100M --memory-swap=200M test

docker container inspect --format '{{json .HostConfig.PidsLimit}}' test
0

docker container exec test cat /sys/fs/cgroup/pids/pids.max
max
```

With this patch applied:

(using a 17.06 Docker CLI):

```bash
docker run -dit --name test --pids-limit=16 busybox
docker container inspect --format '{{json .HostConfig.PidsLimit}}' test
16

docker container update --memory=100M --memory-swap=200M test

docker container inspect --format '{{json .HostConfig.PidsLimit}}' test
16

docker container exec test cat /sys/fs/cgroup/pids/pids.max
16
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-24 16:32:32 +01:00
Drew Erny
6f1d7ddfa4 Use Runtime target
The Swarmkit api specifies a target for configs called called "Runtime"
which indicates that the config is not mounted into the container but
has some other use. This commit updates the Docker api to reflect this.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-02-19 13:14:17 -06:00
Sebastiaan van Stijn
cdcea6f492 Handle correct status codes for distribution errors
This assists to address a regression where distribution errors were not properly
handled, resulting in a generic 500 (internal server error) to be returned for
`/distribution/name/json` if you weren't authenticated, whereas it should return
a 40x (401).

This patch attempts to extract the HTTP status-code that was returned by the
distribution code, and falls back to returning a 500 status if unable to match.

Before this change:

    curl -v --unix-socket /var/run/docker.sock http://localhost/distribution/name/json
    *   Trying /var/run/docker.sock...
    * Connected to localhost (/var/run/docker.sock) port 80 (#0)
    > GET /distribution/name/json HTTP/1.1
    > Host: localhost
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 500 Internal Server Error
    < Api-Version: 1.37
    < Content-Type: application/json
    < Docker-Experimental: false
    < Ostype: linux
    < Server: Docker/dev (linux)
    < Date: Tue, 03 Jul 2018 15:52:53 GMT
    < Content-Length: 115
    <
    {"message":"errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"}
    * Curl_http_done: called premature == 0
    * Connection #0 to host localhost left intact

daemon logs:

    DEBU[2018-07-03T15:52:51.424950601Z] Calling GET /distribution/name/json
    DEBU[2018-07-03T15:52:53.179895572Z] FIXME: Got an API for which error does not match any expected type!!!: errors:
    denied: requested access to the resource is denied
    unauthorized: authentication required
      error_type=errcode.Errors module=api
    ERRO[2018-07-03T15:52:53.179942783Z] Handler for GET /distribution/name/json returned error: errors:
    denied: requested access to the resource is denied
    unauthorized: authentication required

With this patch applied:

    curl -v --unix-socket /var/run/docker.sock http://localhost/distribution/name/json
    *   Trying /var/run/docker.sock...
    * Connected to localhost (/var/run/docker.sock) port 80 (#0)
    > GET /distribution/name/json HTTP/1.1
    > Host: localhost
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 403 Forbidden
    < Api-Version: 1.38
    < Content-Type: application/json
    < Docker-Experimental: false
    < Ostype: linux
    < Server: Docker/dev (linux)
    < Date: Fri, 03 Aug 2018 14:58:09 GMT
    < Content-Length: 115
    <
    {"message":"errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"}
    * Curl_http_done: called premature == 0
    * Connection #0 to host localhost left intact

daemon logs:

    DEBU[2018-08-03T14:58:08.018726228Z] Calling GET /distribution/name/json

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-08 10:35:36 +01:00
Sebastiaan van Stijn
d71ed3d326 Return "invalid parameter" (4xx) errors for distribution
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-08 10:35:26 +01:00
Sebastiaan van Stijn
20383d504b Add support for using Configs as CredentialSpecs in services
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-04 15:29:33 -06:00