f3711704 |
package plugin
import ( |
3d86b0c7 |
"archive/tar"
"compress/gzip" |
b47711ae |
"encoding/json" |
5b6e1bc9 |
"io" |
b47711ae |
"io/ioutil" |
f3711704 |
"net/http"
"os" |
3d86b0c7 |
"path" |
f3711704 |
"path/filepath" |
afd305c4 |
"runtime" |
3d86b0c7 |
"strings" |
f3711704 |
|
3d86b0c7 |
"github.com/docker/distribution/manifest/schema2" |
3a127939 |
"github.com/docker/distribution/reference" |
91e197d6 |
"github.com/docker/docker/api/types" |
a66e0dc3 |
"github.com/docker/docker/api/types/filters" |
3d86b0c7 |
"github.com/docker/docker/distribution"
progressutils "github.com/docker/docker/distribution/utils"
"github.com/docker/docker/distribution/xfer" |
342ed107 |
"github.com/docker/docker/dockerversion" |
d453fe35 |
"github.com/docker/docker/errdefs" |
3d86b0c7 |
"github.com/docker/docker/image"
"github.com/docker/docker/layer" |
38de272b |
"github.com/docker/docker/pkg/authorization" |
5b6e1bc9 |
"github.com/docker/docker/pkg/chrootarchive" |
e8307b86 |
"github.com/docker/docker/pkg/mount" |
3d86b0c7 |
"github.com/docker/docker/pkg/pools"
"github.com/docker/docker/pkg/progress" |
11cf394e |
"github.com/docker/docker/pkg/system" |
27a55fba |
"github.com/docker/docker/plugin/v2" |
3a127939 |
refstore "github.com/docker/docker/reference" |
62c1f0ef |
digest "github.com/opencontainers/go-digest" |
fb11164c |
"github.com/pkg/errors" |
1009e6a4 |
"github.com/sirupsen/logrus" |
5b6e1bc9 |
"golang.org/x/net/context" |
f3711704 |
)
|
a66e0dc3 |
var acceptedPluginFilterTags = map[string]bool{ |
99d91ada |
"enabled": true,
"capability": true, |
a66e0dc3 |
}
|
8cb2229c |
// Disable deactivates a plugin. This means resources (volumes, networks) cant use them. |
3d86b0c7 |
func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) error {
p, err := pm.config.Store.GetV2Plugin(refOrID) |
f3711704 |
if err != nil {
return err
} |
b35490a8 |
pm.mu.RLock()
c := pm.cMap[p]
pm.mu.RUnlock()
|
8cb2229c |
if !config.ForceDisable && p.GetRefCount() > 0 { |
ebcb7d6b |
return errors.WithStack(inUseError(p.Name())) |
8cb2229c |
}
|
38de272b |
for _, typ := range p.GetTypes() {
if typ.Capability == authorization.AuthZApiImplements { |
7da39862 |
pm.config.AuthzMiddleware.RemovePlugin(p.Name()) |
38de272b |
}
}
|
b35490a8 |
if err := pm.disable(p, c); err != nil { |
42abccb8 |
return err
} |
72c3bcf2 |
pm.publisher.Publish(EventDisable{Plugin: p.PluginObj}) |
3d86b0c7 |
pm.config.LogPluginEvent(p.GetID(), refOrID, "disable") |
42abccb8 |
return nil |
f3711704 |
}
// Enable activates a plugin, which implies that they are ready to be used by containers. |
3d86b0c7 |
func (pm *Manager) Enable(refOrID string, config *types.PluginEnableConfig) error {
p, err := pm.config.Store.GetV2Plugin(refOrID) |
f3711704 |
if err != nil {
return err
} |
83ca993c |
|
b35490a8 |
c := &controller{timeoutInSecs: config.Timeout}
if err := pm.enable(p, c, false); err != nil { |
42abccb8 |
return err
} |
72c3bcf2 |
pm.publisher.Publish(EventEnable{Plugin: p.PluginObj}) |
3d86b0c7 |
pm.config.LogPluginEvent(p.GetID(), refOrID, "enable") |
42abccb8 |
return nil |
f3711704 |
}
|
49ca91fb |
// Inspect examines a plugin config |
3d86b0c7 |
func (pm *Manager) Inspect(refOrID string) (tp *types.Plugin, err error) {
p, err := pm.config.Store.GetV2Plugin(refOrID)
if err != nil {
return nil, err |
0ce6e070 |
}
|
3d86b0c7 |
return &p.PluginObj, nil
} |
0ce6e070 |
|
3d86b0c7 |
func (pm *Manager) pull(ctx context.Context, ref reference.Named, config *distribution.ImagePullConfig, outStream io.Writer) error {
if outStream != nil {
// Include a buffer so that slow client connections don't affect
// transfer performance.
progressChan := make(chan progress.Progress, 100)
writesDone := make(chan struct{})
defer func() {
close(progressChan)
<-writesDone
}()
var cancelFunc context.CancelFunc
ctx, cancelFunc = context.WithCancel(ctx)
go func() {
progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
close(writesDone)
}()
config.ProgressOutput = progress.ChanOutput(progressChan)
} else {
config.ProgressOutput = progress.DiscardOutput() |
f3711704 |
} |
3d86b0c7 |
return distribution.Pull(ctx, ref, config)
} |
0ce6e070 |
|
3d86b0c7 |
type tempConfigStore struct {
config []byte
configDigest digest.Digest |
f3711704 |
}
|
3d86b0c7 |
func (s *tempConfigStore) Put(c []byte) (digest.Digest, error) {
dgst := digest.FromBytes(c) |
fa3b61a2 |
|
3d86b0c7 |
s.config = c
s.configDigest = dgst |
fa3b61a2 |
|
3d86b0c7 |
return dgst, nil |
fa3b61a2 |
} |
9e423426 |
|
3d86b0c7 |
func (s *tempConfigStore) Get(d digest.Digest) ([]byte, error) {
if d != s.configDigest { |
ebcb7d6b |
return nil, errNotFound("digest not found") |
9e423426 |
} |
3d86b0c7 |
return s.config, nil
} |
9e423426 |
|
ce8e529e |
func (s *tempConfigStore) RootFSAndOSFromConfig(c []byte) (*image.RootFS, string, error) { |
3d86b0c7 |
return configToRootFS(c)
} |
9e423426 |
|
ebcb7d6b |
func computePrivileges(c types.PluginConfig) types.PluginPrivileges { |
fa3b61a2 |
var privileges types.PluginPrivileges |
04e35a01 |
if c.Network.Type != "null" && c.Network.Type != "bridge" && c.Network.Type != "" { |
fa3b61a2 |
privileges = append(privileges, types.PluginPrivilege{
Name: "network",
Description: "permissions to access a network",
Value: []string{c.Network.Type},
})
} |
6d6185c2 |
if c.IpcHost {
privileges = append(privileges, types.PluginPrivilege{
Name: "host ipc namespace",
Description: "allow access to host ipc namespace",
Value: []string{"true"},
})
} |
4d1edcb2 |
if c.PidHost {
privileges = append(privileges, types.PluginPrivilege{
Name: "host pid namespace",
Description: "allow access to host pid namespace",
Value: []string{"true"},
})
} |
fa3b61a2 |
for _, mount := range c.Mounts {
if mount.Source != nil {
privileges = append(privileges, types.PluginPrivilege{
Name: "mount",
Description: "host path to mount",
Value: []string{*mount.Source},
})
}
}
for _, device := range c.Linux.Devices {
if device.Path != nil {
privileges = append(privileges, types.PluginPrivilege{
Name: "device",
Description: "host device to access",
Value: []string{*device.Path},
})
}
} |
f265727b |
if c.Linux.AllowAllDevices { |
fa3b61a2 |
privileges = append(privileges, types.PluginPrivilege{ |
f265727b |
Name: "allow-all-devices",
Description: "allow 'rwm' access to all devices", |
fa3b61a2 |
Value: []string{"true"},
})
}
if len(c.Linux.Capabilities) > 0 {
privileges = append(privileges, types.PluginPrivilege{
Name: "capabilities",
Description: "list of additional capabilities required",
Value: c.Linux.Capabilities,
})
}
|
ebcb7d6b |
return privileges |
9e423426 |
}
|
fa3b61a2 |
// Privileges pulls a plugin config and computes the privileges required to install it. |
3d86b0c7 |
func (pm *Manager) Privileges(ctx context.Context, ref reference.Named, metaHeader http.Header, authConfig *types.AuthConfig) (types.PluginPrivileges, error) {
// create image store instance
cs := &tempConfigStore{}
// DownloadManager not defined because only pulling configuration.
pluginPullConfig := &distribution.ImagePullConfig{
Config: distribution.Config{
MetaHeaders: metaHeader,
AuthConfig: authConfig,
RegistryService: pm.config.RegistryService,
ImageEventLogger: func(string, string, string) {},
ImageStore: cs,
},
Schema2Types: distribution.PluginTypes,
}
if err := pm.pull(ctx, ref, pluginPullConfig, nil); err != nil { |
f3711704 |
return nil, err
} |
3d86b0c7 |
if cs.config == nil {
return nil, errors.New("no configuration pulled")
}
var config types.PluginConfig
if err := json.Unmarshal(cs.config, &config); err != nil { |
87a12421 |
return nil, errdefs.System(err) |
3d86b0c7 |
}
|
ebcb7d6b |
return computePrivileges(config), nil |
fa3b61a2 |
} |
f3711704 |
|
03c69497 |
// Upgrade upgrades a plugin
func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) (err error) {
p, err := pm.config.Store.GetV2Plugin(name)
if err != nil { |
ebcb7d6b |
return err |
03c69497 |
}
if p.IsEnabled() { |
ebcb7d6b |
return errors.Wrap(enabledError(p.Name()), "plugin must be disabled before upgrading") |
03c69497 |
}
pm.muGC.RLock()
defer pm.muGC.RUnlock()
// revalidate because Pull is public |
145dfd92 |
if _, err := reference.ParseNormalizedNamed(name); err != nil { |
87a12421 |
return errors.Wrapf(errdefs.InvalidParameter(err), "failed to parse %q", name) |
03c69497 |
}
tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs") |
3716dd22 |
if err != nil { |
87a12421 |
return errors.Wrap(errdefs.System(err), "error preparing upgrade") |
3716dd22 |
} |
03c69497 |
defer os.RemoveAll(tmpRootFSDir)
dm := &downloadManager{
tmpDir: tmpRootFSDir,
blobStore: pm.blobStore,
}
pluginPullConfig := &distribution.ImagePullConfig{
Config: distribution.Config{
MetaHeaders: metaHeader,
AuthConfig: authConfig,
RegistryService: pm.config.RegistryService,
ImageEventLogger: pm.config.LogPluginEvent,
ImageStore: dm,
},
DownloadManager: dm, // todo: reevaluate if possible to substitute distribution/xfer dependencies instead
Schema2Types: distribution.PluginTypes,
}
err = pm.pull(ctx, ref, pluginPullConfig, outStream)
if err != nil {
go pm.GC()
return err
}
if err := pm.upgradePlugin(p, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges); err != nil {
return err
}
p.PluginObj.PluginReference = ref.String()
return nil
}
|
fa3b61a2 |
// Pull pulls a plugin, check if the correct privileges are provided and install the plugin. |
72c3bcf2 |
func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...CreateOpt) (err error) { |
3d86b0c7 |
pm.muGC.RLock()
defer pm.muGC.RUnlock()
// revalidate because Pull is public |
3a127939 |
nameref, err := reference.ParseNormalizedNamed(name) |
fa3b61a2 |
if err != nil { |
87a12421 |
return errors.Wrapf(errdefs.InvalidParameter(err), "failed to parse %q", name) |
fa3b61a2 |
} |
3a127939 |
name = reference.FamiliarString(reference.TagNameOnly(nameref)) |
fa3b61a2 |
|
3d86b0c7 |
if err := pm.config.Store.validateName(name); err != nil { |
87a12421 |
return errdefs.InvalidParameter(err) |
fa3b61a2 |
}
|
3d86b0c7 |
tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs") |
3716dd22 |
if err != nil { |
87a12421 |
return errors.Wrap(errdefs.System(err), "error preparing pull") |
3716dd22 |
} |
3d86b0c7 |
defer os.RemoveAll(tmpRootFSDir) |
f3711704 |
|
3d86b0c7 |
dm := &downloadManager{
tmpDir: tmpRootFSDir,
blobStore: pm.blobStore, |
f3711704 |
}
|
3d86b0c7 |
pluginPullConfig := &distribution.ImagePullConfig{
Config: distribution.Config{
MetaHeaders: metaHeader,
AuthConfig: authConfig,
RegistryService: pm.config.RegistryService,
ImageEventLogger: pm.config.LogPluginEvent,
ImageStore: dm,
},
DownloadManager: dm, // todo: reevaluate if possible to substitute distribution/xfer dependencies instead
Schema2Types: distribution.PluginTypes,
} |
fa3b61a2 |
|
3d86b0c7 |
err = pm.pull(ctx, ref, pluginPullConfig, outStream) |
fa3b61a2 |
if err != nil { |
3d86b0c7 |
go pm.GC() |
fa3b61a2 |
return err
}
|
72c3bcf2 |
refOpt := func(p *v2.Plugin) {
p.PluginObj.PluginReference = ref.String()
}
optsList := make([]CreateOpt, 0, len(opts)+1)
optsList = append(optsList, opts...)
optsList = append(optsList, refOpt)
p, err := pm.createPlugin(name, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges, optsList...) |
03c69497 |
if err != nil { |
fa3b61a2 |
return err |
f3711704 |
} |
fa3b61a2 |
|
72c3bcf2 |
pm.publisher.Publish(EventCreate{Plugin: p.PluginObj}) |
fa3b61a2 |
return nil |
f3711704 |
}
// List displays the list of plugins and associated metadata. |
a66e0dc3 |
func (pm *Manager) List(pluginFilters filters.Args) ([]types.Plugin, error) {
if err := pluginFilters.Validate(acceptedPluginFilterTags); err != nil {
return nil, err
}
enabledOnly := false
disabledOnly := false |
97c5ae25 |
if pluginFilters.Contains("enabled") { |
a66e0dc3 |
if pluginFilters.ExactMatch("enabled", "true") {
enabledOnly = true
} else if pluginFilters.ExactMatch("enabled", "false") {
disabledOnly = true
} else { |
ebcb7d6b |
return nil, invalidFilter{"enabled", pluginFilters.Get("enabled")} |
a66e0dc3 |
}
}
|
3d86b0c7 |
plugins := pm.config.Store.GetAll() |
27a55fba |
out := make([]types.Plugin, 0, len(plugins)) |
a66e0dc3 |
|
99d91ada |
next: |
27a55fba |
for _, p := range plugins { |
a66e0dc3 |
if enabledOnly && !p.PluginObj.Enabled {
continue
}
if disabledOnly && p.PluginObj.Enabled {
continue
} |
97c5ae25 |
if pluginFilters.Contains("capability") { |
99d91ada |
for _, f := range p.GetTypes() {
if !pluginFilters.Match("capability", f.Capability) {
continue next
}
}
} |
42abccb8 |
out = append(out, p.PluginObj) |
f3711704 |
}
return out, nil
}
// Push pushes a plugin to the store. |
3d86b0c7 |
func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header, authConfig *types.AuthConfig, outStream io.Writer) error {
p, err := pm.config.Store.GetV2Plugin(name) |
2281ce7e |
if err != nil {
return err
} |
3d86b0c7 |
|
3a127939 |
ref, err := reference.ParseNormalizedNamed(p.Name()) |
b47711ae |
if err != nil { |
3d86b0c7 |
return errors.Wrapf(err, "plugin has invalid name %v for push", p.Name()) |
b47711ae |
}
|
3d86b0c7 |
var po progress.Output
if outStream != nil {
// Include a buffer so that slow client connections don't affect
// transfer performance.
progressChan := make(chan progress.Progress, 100)
writesDone := make(chan struct{})
defer func() {
close(progressChan)
<-writesDone
}()
var cancelFunc context.CancelFunc
ctx, cancelFunc = context.WithCancel(ctx)
go func() {
progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
close(writesDone)
}()
po = progress.ChanOutput(progressChan)
} else {
po = progress.DiscardOutput()
}
// TODO: replace these with manager
is := &pluginConfigStore{
pm: pm,
plugin: p,
} |
afd305c4 |
lss := make(map[string]distribution.PushLayerProvider)
lss[runtime.GOOS] = &pluginLayerProvider{ |
3d86b0c7 |
pm: pm,
plugin: p,
}
rs := &pluginReference{
name: ref,
pluginID: p.Config, |
f3711704 |
} |
2281ce7e |
|
3d86b0c7 |
uploadManager := xfer.NewLayerUploadManager(3)
imagePushConfig := &distribution.ImagePushConfig{
Config: distribution.Config{
MetaHeaders: metaHeader,
AuthConfig: authConfig,
ProgressOutput: po,
RegistryService: pm.config.RegistryService,
ReferenceStore: rs,
ImageEventLogger: pm.config.LogPluginEvent,
ImageStore: is,
RequireSchema2: true,
},
ConfigMediaType: schema2.MediaTypePluginConfig, |
afd305c4 |
LayerStores: lss, |
3d86b0c7 |
UploadManager: uploadManager,
}
return distribution.Push(ctx, ref, imagePushConfig)
}
type pluginReference struct {
name reference.Named
pluginID digest.Digest
}
func (r *pluginReference) References(id digest.Digest) []reference.Named {
if r.pluginID != id {
return nil
}
return []reference.Named{r.name}
}
|
3a127939 |
func (r *pluginReference) ReferencesByName(ref reference.Named) []refstore.Association {
return []refstore.Association{ |
3d86b0c7 |
{
Ref: r.name,
ID: r.pluginID,
},
}
}
func (r *pluginReference) Get(ref reference.Named) (digest.Digest, error) {
if r.name.String() != ref.String() { |
3a127939 |
return digest.Digest(""), refstore.ErrDoesNotExist |
3d86b0c7 |
}
return r.pluginID, nil
}
func (r *pluginReference) AddTag(ref reference.Named, id digest.Digest, force bool) error {
// Read only, ignore
return nil
}
func (r *pluginReference) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
// Read only, ignore
return nil
}
func (r *pluginReference) Delete(ref reference.Named) (bool, error) {
// Read only, ignore
return false, nil
}
type pluginConfigStore struct {
pm *Manager
plugin *v2.Plugin
}
func (s *pluginConfigStore) Put([]byte) (digest.Digest, error) {
return digest.Digest(""), errors.New("cannot store config on push")
}
func (s *pluginConfigStore) Get(d digest.Digest) ([]byte, error) {
if s.plugin.Config != d {
return nil, errors.New("plugin not found")
}
rwc, err := s.pm.blobStore.Get(d) |
f3711704 |
if err != nil { |
3d86b0c7 |
return nil, err
}
defer rwc.Close()
return ioutil.ReadAll(rwc)
}
|
ce8e529e |
func (s *pluginConfigStore) RootFSAndOSFromConfig(c []byte) (*image.RootFS, string, error) { |
3d86b0c7 |
return configToRootFS(c)
}
type pluginLayerProvider struct {
pm *Manager
plugin *v2.Plugin
}
func (p *pluginLayerProvider) Get(id layer.ChainID) (distribution.PushLayer, error) {
rootFS := rootFSFromPlugin(p.plugin.PluginObj.Config.Rootfs)
var i int
for i = 1; i <= len(rootFS.DiffIDs); i++ {
if layer.CreateChainID(rootFS.DiffIDs[:i]) == id {
break
}
}
if i > len(rootFS.DiffIDs) {
return nil, errors.New("layer not found")
}
return &pluginLayer{
pm: p.pm,
diffIDs: rootFS.DiffIDs[:i],
blobs: p.plugin.Blobsums[:i],
}, nil
}
type pluginLayer struct {
pm *Manager
diffIDs []layer.DiffID
blobs []digest.Digest
}
func (l *pluginLayer) ChainID() layer.ChainID {
return layer.CreateChainID(l.diffIDs)
}
func (l *pluginLayer) DiffID() layer.DiffID {
return l.diffIDs[len(l.diffIDs)-1]
}
func (l *pluginLayer) Parent() distribution.PushLayer {
if len(l.diffIDs) == 1 {
return nil
}
return &pluginLayer{
pm: l.pm,
diffIDs: l.diffIDs[:len(l.diffIDs)-1],
blobs: l.blobs[:len(l.diffIDs)-1], |
f3711704 |
} |
3d86b0c7 |
} |
0ead6244 |
|
3d86b0c7 |
func (l *pluginLayer) Open() (io.ReadCloser, error) {
return l.pm.blobStore.Get(l.blobs[len(l.diffIDs)-1])
}
func (l *pluginLayer) Size() (int64, error) {
return l.pm.blobStore.Size(l.blobs[len(l.diffIDs)-1])
}
func (l *pluginLayer) MediaType() string {
return schema2.MediaTypeLayer
}
func (l *pluginLayer) Release() {
// Nothing needs to be release, no references held |
f3711704 |
}
// Remove deletes plugin's root directory. |
3d86b0c7 |
func (pm *Manager) Remove(name string, config *types.PluginRmConfig) error {
p, err := pm.config.Store.GetV2Plugin(name) |
b35490a8 |
pm.mu.RLock()
c := pm.cMap[p]
pm.mu.RUnlock()
|
f3711704 |
if err != nil {
return err
} |
b22d07f5 |
if !config.ForceRemove { |
b35490a8 |
if p.GetRefCount() > 0 { |
ebcb7d6b |
return inUseError(p.Name()) |
b22d07f5 |
}
if p.IsEnabled() { |
ebcb7d6b |
return enabledError(p.Name()) |
27a55fba |
} |
b22d07f5 |
}
if p.IsEnabled() { |
b35490a8 |
if err := pm.disable(p, c); err != nil { |
27a55fba |
logrus.Errorf("failed to disable plugin '%s': %s", p.Name(), err)
} |
42abccb8 |
} |
b22d07f5 |
|
fb11164c |
defer func() { |
3d86b0c7 |
go pm.GC() |
fb11164c |
}()
|
3d86b0c7 |
id := p.GetID()
pluginDir := filepath.Join(pm.config.Root, id) |
11cf394e |
if err := mount.RecursiveUnmount(pluginDir); err != nil {
return errors.Wrap(err, "error unmounting plugin data") |
e8307b86 |
} |
11cf394e |
|
4bf263c1 |
removeDir := pluginDir + "-removing"
if err := os.Rename(pluginDir, removeDir); err != nil { |
11cf394e |
return errors.Wrap(err, "error performing atomic remove of plugin dir")
}
|
4bf263c1 |
if err := system.EnsureRemoveAll(removeDir); err != nil { |
11cf394e |
return errors.Wrap(err, "error removing plugin dir") |
c54b717c |
} |
11cf394e |
pm.config.Store.Remove(p) |
3d86b0c7 |
pm.config.LogPluginEvent(id, name, "remove") |
72c3bcf2 |
pm.publisher.Publish(EventRemove{Plugin: p.PluginObj}) |
42abccb8 |
return nil |
f3711704 |
}
// Set sets plugin args
func (pm *Manager) Set(name string, args []string) error { |
3d86b0c7 |
p, err := pm.config.Store.GetV2Plugin(name) |
f3711704 |
if err != nil {
return err
} |
3d86b0c7 |
if err := p.Set(args); err != nil {
return err
}
return pm.save(p) |
f3711704 |
} |
5b6e1bc9 |
// CreateFromContext creates a plugin from the given pluginDir which contains |
49ca91fb |
// both the rootfs and the config.json and a repoName with optional tag. |
3d86b0c7 |
func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *types.PluginCreateOptions) (err error) {
pm.muGC.RLock()
defer pm.muGC.RUnlock()
|
3a127939 |
ref, err := reference.ParseNormalizedNamed(options.RepoName) |
52405a9b |
if err != nil { |
3d86b0c7 |
return errors.Wrapf(err, "failed to parse reference %v", options.RepoName)
}
if _, ok := ref.(reference.Canonical); ok {
return errors.Errorf("canonical references are not permitted") |
52405a9b |
} |
3a127939 |
name := reference.FamiliarString(reference.TagNameOnly(ref)) |
52405a9b |
|
3d86b0c7 |
if err := pm.config.Store.validateName(name); err != nil { // fast check, real check is in createPlugin()
return err
} |
5b6e1bc9 |
|
3d86b0c7 |
tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
if err != nil {
return errors.Wrap(err, "failed to create temp directory")
} |
3716dd22 |
defer os.RemoveAll(tmpRootFSDir)
|
3d86b0c7 |
var configJSON []byte
rootFS := splitConfigRootFSFromTar(tarCtx, &configJSON) |
52405a9b |
|
3d86b0c7 |
rootFSBlob, err := pm.blobStore.New()
if err != nil {
return err |
52405a9b |
} |
3d86b0c7 |
defer rootFSBlob.Close()
gzw := gzip.NewWriter(rootFSBlob) |
7a855799 |
layerDigester := digest.Canonical.Digester() |
3d86b0c7 |
rootFSReader := io.TeeReader(rootFS, io.MultiWriter(gzw, layerDigester.Hash())) |
52405a9b |
|
3d86b0c7 |
if err := chrootarchive.Untar(rootFSReader, tmpRootFSDir, nil); err != nil {
return err
}
if err := rootFS.Close(); err != nil { |
5b6e1bc9 |
return err
}
|
3d86b0c7 |
if configJSON == nil {
return errors.New("config not found")
}
if err := gzw.Close(); err != nil {
return errors.Wrap(err, "error closing gzip writer")
}
var config types.PluginConfig
if err := json.Unmarshal(configJSON, &config); err != nil {
return errors.Wrap(err, "failed to parse config")
}
if err := pm.validateConfig(config); err != nil { |
662d4569 |
return err
}
|
3d86b0c7 |
pm.mu.Lock()
defer pm.mu.Unlock() |
662d4569 |
|
3d86b0c7 |
rootFSBlobsum, err := rootFSBlob.Commit()
if err != nil { |
5b6e1bc9 |
return err
} |
3d86b0c7 |
defer func() {
if err != nil {
go pm.GC()
}
}()
config.Rootfs = &types.PluginConfigRootfs{
Type: "layers",
DiffIds: []string{layerDigester.Digest().String()},
} |
5b6e1bc9 |
|
342ed107 |
config.DockerVersion = dockerversion.Version
|
3d86b0c7 |
configBlob, err := pm.blobStore.New()
if err != nil {
return err
}
defer configBlob.Close()
if err := json.NewEncoder(configBlob).Encode(config); err != nil {
return errors.Wrap(err, "error encoding json config")
}
configBlobsum, err := configBlob.Commit()
if err != nil { |
5b6e1bc9 |
return err
}
|
3d86b0c7 |
p, err := pm.createPlugin(name, configBlobsum, []digest.Digest{rootFSBlobsum}, tmpRootFSDir, nil)
if err != nil { |
662d4569 |
return err
} |
3a127939 |
p.PluginObj.PluginReference = name |
5b6e1bc9 |
|
72c3bcf2 |
pm.publisher.Publish(EventCreate{Plugin: p.PluginObj}) |
3d86b0c7 |
pm.config.LogPluginEvent(p.PluginObj.ID, name, "create") |
5b6e1bc9 |
return nil
} |
0ce6e070 |
|
3d86b0c7 |
func (pm *Manager) validateConfig(config types.PluginConfig) error {
return nil // TODO:
}
func splitConfigRootFSFromTar(in io.ReadCloser, config *[]byte) io.ReadCloser {
pr, pw := io.Pipe()
go func() {
tarReader := tar.NewReader(in)
tarWriter := tar.NewWriter(pw)
defer in.Close()
hasRootFS := false
for {
hdr, err := tarReader.Next()
if err == io.EOF {
if !hasRootFS {
pw.CloseWithError(errors.Wrap(err, "no rootfs found"))
return
}
// Signals end of archive.
tarWriter.Close()
pw.Close()
return
}
if err != nil {
pw.CloseWithError(errors.Wrap(err, "failed to read from tar"))
return
}
content := io.Reader(tarReader)
name := path.Clean(hdr.Name)
if path.IsAbs(name) {
name = name[1:]
}
if name == configFileName {
dt, err := ioutil.ReadAll(content)
if err != nil {
pw.CloseWithError(errors.Wrapf(err, "failed to read %s", configFileName))
return
}
*config = dt
}
if parts := strings.Split(name, "/"); len(parts) != 0 && parts[0] == rootFSFileName {
hdr.Name = path.Clean(path.Join(parts[1:]...))
if hdr.Typeflag == tar.TypeLink && strings.HasPrefix(strings.ToLower(hdr.Linkname), rootFSFileName+"/") {
hdr.Linkname = hdr.Linkname[len(rootFSFileName)+1:]
}
if err := tarWriter.WriteHeader(hdr); err != nil {
pw.CloseWithError(errors.Wrap(err, "error writing tar header"))
return
}
if _, err := pools.Copy(tarWriter, content); err != nil {
pw.CloseWithError(errors.Wrap(err, "error copying tar data"))
return
}
hasRootFS = true
} else {
io.Copy(ioutil.Discard, content)
}
}
}()
return pr |
0ce6e070 |
} |