4f0d95fa |
package client // import "github.com/docker/docker/client" |
7c36a1af |
import ( |
7d62e40f |
"context" |
7c36a1af |
"encoding/json" |
3d86b0c7 |
"io" |
7c36a1af |
"net/url"
|
3d86b0c7 |
"github.com/docker/distribution/reference" |
7c36a1af |
"github.com/docker/docker/api/types" |
0cafc84f |
"github.com/docker/docker/errdefs" |
3d86b0c7 |
"github.com/pkg/errors" |
7c36a1af |
)
// PluginInstall installs a plugin |
3d86b0c7 |
func (cli *Client) PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) { |
7c36a1af |
query := url.Values{} |
3a127939 |
if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil { |
3d86b0c7 |
return nil, errors.Wrap(err, "invalid remote reference")
}
query.Set("remote", options.RemoteRef)
|
03c69497 |
privileges, err := cli.checkPluginPermissions(ctx, query, options) |
7c36a1af |
if err != nil { |
3d86b0c7 |
return nil, err |
7c36a1af |
} |
69276fdd |
|
3d86b0c7 |
// set name for plugin pull, if empty should default to remote reference
query.Set("name", name)
|
03c69497 |
resp, err := cli.tryPluginPull(ctx, query, privileges, options.RegistryAuth) |
fa3b61a2 |
if err != nil { |
3d86b0c7 |
return nil, err |
fa3b61a2 |
}
|
3d86b0c7 |
name = resp.header.Get("Docker-Plugin-Name")
pr, pw := io.Pipe()
go func() { // todo: the client should probably be designed more around the actual api
_, err := io.Copy(pw, resp.body) |
fa3b61a2 |
if err != nil { |
3d86b0c7 |
pw.CloseWithError(err)
return |
fa3b61a2 |
} |
3d86b0c7 |
defer func() {
if err != nil {
delResp, _ := cli.delete(ctx, "/plugins/"+name, nil, nil)
ensureReaderClosed(delResp)
}
}()
if len(options.Args) > 0 {
if err := cli.PluginSet(ctx, name, options.Args); err != nil {
pw.CloseWithError(err)
return
} |
69276fdd |
}
|
3d86b0c7 |
if options.Disabled {
pw.Close()
return
} |
69276fdd |
|
1b41b7a4 |
enableErr := cli.PluginEnable(ctx, name, types.PluginEnableOptions{Timeout: 0})
pw.CloseWithError(enableErr) |
3d86b0c7 |
}()
return pr, nil |
7c36a1af |
}
|
fa3b61a2 |
func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
return cli.get(ctx, "/plugins/privileges", query, headers)
}
func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (serverResponse, error) { |
7c36a1af |
headers := map[string][]string{"X-Registry-Auth": {registryAuth}} |
fa3b61a2 |
return cli.post(ctx, "/plugins/pull", query, privileges, headers) |
7c36a1af |
} |
03c69497 |
func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, options types.PluginInstallOptions) (types.PluginPrivileges, error) {
resp, err := cli.tryPluginPrivileges(ctx, query, options.RegistryAuth) |
0cafc84f |
if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil { |
03c69497 |
// todo: do inspect before to check existing name before checking privileges
newAuthHeader, privilegeErr := options.PrivilegeFunc()
if privilegeErr != nil {
ensureReaderClosed(resp)
return nil, privilegeErr
}
options.RegistryAuth = newAuthHeader
resp, err = cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
}
if err != nil {
ensureReaderClosed(resp)
return nil, err
}
var privileges types.PluginPrivileges
if err := json.NewDecoder(resp.body).Decode(&privileges); err != nil {
ensureReaderClosed(resp)
return nil, err
}
ensureReaderClosed(resp)
if !options.AcceptAllPermissions && options.AcceptPermissionsFunc != nil && len(privileges) > 0 {
accept, err := options.AcceptPermissionsFunc(privileges)
if err != nil {
return nil, err
}
if !accept {
return nil, pluginPermissionDenied{options.RemoteRef}
}
}
return privileges, nil
} |