This augments the CreateContainer call to detect the AuthConfig header
and use any supplied auth for pull operations. This will allow pulling
of protected image on to specific node during the create operation.
CLI usage example using username/password:
# Calculate the header
REPO_USER=yourusername
read -s PASSWORD
HEADER=$(echo "{\"username\":\"${REPO_USER}\",\"password\":\"${PASSWORD}\"}"|base64 -w 0 )
unset PASSWORD
echo HEADER=$HEADER
# Then add the following to your ~/.docker/config.json
"HttpHeaders": {
"X-Registry-Auth": "<HEADER string from above>"
}
# Now run a private image against swarm:
docker run --rm -it yourprivateimage:latest
CLI usage example using registry tokens: (Required engine 1.10 with new auth token support)
REPO=yourrepo/yourimage
REPO_USER=yourusername
read -s PASSWORD
AUTH_URL=https://auth.docker.io/token
TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" |
jq -r ".token")
HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"|base64 -w 0 )
echo HEADER=$HEADER
# Update the docker config as above, but the token will expire quickly...
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
- pulled out router setup into separate method for testing
- unit test without cors
- unit test for cors + OPTIONS
- resolves#1442
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Golang's `*tls.Conn` does not support `CloseWrite`, this means that
connections using TLS will not be able to properly close on hijacked
connections.
This copies Go's tls.Dial and instead returns an internal
`tlsClientConn` type that does store the raw net.Conn and implements
`CloseWrite`.
Implementation is mostly copied from
`github.com/docker/docker/api/client/hijack.go`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
- docker server has a newline separating individual json entries
- create const string for format
- resolves#1367
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
When building an image (POST /build), swarm will extract filters from
buildargs. This is similar to how container creation (POST
/containers/create) extracts filters from environment variables.
Signed-off-by: Victor Costan <costan@gmail.com>
This was hard to repro, but found out it seems to only happen with TLS
connections.
When `docker run -i` was set, the client gets stuck waiting for sdin on
exit, and requires hitting return twice.
This fix ensures that:
1. When stdin is done, wait for stdout always
2. When stdout is done, close the stream and wait for stdin to finish
On 2, stdin copy should return immediately now since the out stream is closed.
Note that we probably don't actually even need to wait here.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Victor Vieux
Dong Chen
Victor Vieux
Andrea Luzzardi
Dongsheng Yang
Daniel Hiltgen
Morgan Bauer
Alexandre Beslic
Brian Goff
Xian Chaobo
Shijiang Wei
Daniel Nephin
Victor Costan
Chanwit Kaewkasi
Patrick Devine