Skip to content

Commit ca2f4d5

Browse files
committed
cli/command/plugin: remove DCT
Plugins are not widely used, and there's no known plugins that use content-trust. We're working on updating the authentication stack in the CLI, and the trust implementation hinders us in making changes, so removing parts that are not high-priority (ahead of full deprecation of DCT). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
1 parent f86ad2e commit ca2f4d5

3 files changed

Lines changed: 17 additions & 50 deletions

File tree

cli/command/plugin/install.go

Lines changed: 5 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import (
88
"github.com/distribution/reference"
99
"github.com/docker/cli/cli"
1010
"github.com/docker/cli/cli/command"
11-
"github.com/docker/cli/cli/command/image"
1211
"github.com/docker/cli/internal/jsonstream"
1312
"github.com/docker/cli/internal/prompt"
1413
"github.com/docker/cli/internal/registry"
@@ -17,7 +16,6 @@ import (
1716
"github.com/moby/moby/client"
1817
"github.com/pkg/errors"
1918
"github.com/spf13/cobra"
20-
"github.com/spf13/pflag"
2119
)
2220

2321
type pluginOptions struct {
@@ -27,12 +25,6 @@ type pluginOptions struct {
2725
disable bool
2826
args []string
2927
skipRemoteCheck bool
30-
untrusted bool
31-
}
32-
33-
func loadPullFlags(dockerCli command.Cli, opts *pluginOptions, flags *pflag.FlagSet) {
34-
flags.BoolVar(&opts.grantPerms, "grant-all-permissions", false, "Grant all permissions necessary to run the plugin")
35-
command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
3628
}
3729

3830
func newInstallCommand(dockerCli command.Cli) *cobra.Command {
@@ -51,9 +43,11 @@ func newInstallCommand(dockerCli command.Cli) *cobra.Command {
5143
}
5244

5345
flags := cmd.Flags()
54-
loadPullFlags(dockerCli, &options, flags)
46+
flags.BoolVar(&options.grantPerms, "grant-all-permissions", false, "Grant all permissions necessary to run the plugin")
5547
flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install")
5648
flags.StringVar(&options.localName, "alias", "", "Local name for plugin")
49+
flags.Bool("disable-content-trust", dockerCli.ContentTrustEnabled(), "Skip image verification (deprecated)")
50+
_ = flags.MarkHidden("disable-content-trust")
5751
return cmd
5852
}
5953

@@ -69,37 +63,21 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
6963
repoInfo := registry.ParseRepositoryInfo(ref)
7064
remote := ref.String()
7165

72-
_, isCanonical := ref.(reference.Canonical)
73-
if !opts.untrusted && !isCanonical {
74-
ref = reference.TagNameOnly(ref)
75-
nt, ok := ref.(reference.NamedTagged)
76-
if !ok {
77-
return client.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
78-
}
79-
80-
trusted, err := image.TrustedReference(ctx, dockerCli, nt)
81-
if err != nil {
82-
return client.PluginInstallOptions{}, err
83-
}
84-
remote = reference.FamiliarString(trusted)
85-
}
86-
8766
authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), repoInfo.Index)
8867
encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
8968
if err != nil {
9069
return client.PluginInstallOptions{}, err
9170
}
9271

93-
options := client.PluginInstallOptions{
72+
return client.PluginInstallOptions{
9473
RegistryAuth: encodedAuth,
9574
RemoteRef: remote,
9675
Disabled: opts.disable,
9776
AcceptAllPermissions: opts.grantPerms,
9877
AcceptPermissionsFunc: acceptPrivileges(dockerCli, opts.remote),
9978
PrivilegeFunc: nil,
10079
Args: opts.args,
101-
}
102-
return options, nil
80+
}, nil
10381
}
10482

10583
func runInstall(ctx context.Context, dockerCLI command.Cli, opts pluginOptions) error {

cli/command/plugin/push.go

Lines changed: 9 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -2,49 +2,41 @@ package plugin
22

33
import (
44
"context"
5+
"fmt"
56

67
"github.com/distribution/reference"
78
"github.com/docker/cli/cli"
89
"github.com/docker/cli/cli/command"
9-
"github.com/docker/cli/cli/trust"
1010
"github.com/docker/cli/internal/jsonstream"
1111
"github.com/docker/cli/internal/registry"
1212
registrytypes "github.com/moby/moby/api/types/registry"
13-
"github.com/pkg/errors"
1413
"github.com/spf13/cobra"
1514
)
1615

17-
type pushOptions struct {
18-
name string
19-
untrusted bool
20-
}
21-
22-
func newPushCommand(dockerCli command.Cli) *cobra.Command {
23-
var opts pushOptions
16+
func newPushCommand(dockerCLI command.Cli) *cobra.Command {
2417
cmd := &cobra.Command{
2518
Use: "push [OPTIONS] PLUGIN[:TAG]",
2619
Short: "Push a plugin to a registry",
2720
Args: cli.ExactArgs(1),
2821
RunE: func(cmd *cobra.Command, args []string) error {
29-
opts.name = args[0]
30-
return runPush(cmd.Context(), dockerCli, opts)
22+
name := args[0]
23+
return runPush(cmd.Context(), dockerCLI, name)
3124
},
3225
}
3326

3427
flags := cmd.Flags()
35-
36-
command.AddTrustSigningFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
37-
28+
flags.Bool("disable-content-trust", dockerCLI.ContentTrustEnabled(), "Skip image verification (deprecated)")
29+
_ = flags.MarkHidden("disable-content-trust")
3830
return cmd
3931
}
4032

41-
func runPush(ctx context.Context, dockerCli command.Cli, opts pushOptions) error {
42-
named, err := reference.ParseNormalizedNamed(opts.name)
33+
func runPush(ctx context.Context, dockerCli command.Cli, name string) error {
34+
named, err := reference.ParseNormalizedNamed(name)
4335
if err != nil {
4436
return err
4537
}
4638
if _, ok := named.(reference.Canonical); ok {
47-
return errors.Errorf("invalid name: %s", opts.name)
39+
return fmt.Errorf("invalid name: %s", name)
4840
}
4941

5042
named = reference.TagNameOnly(named)
@@ -63,10 +55,5 @@ func runPush(ctx context.Context, dockerCli command.Cli, opts pushOptions) error
6355
defer func() {
6456
_ = responseBody.Close()
6557
}()
66-
67-
if !opts.untrusted {
68-
return trust.PushTrustedReference(ctx, dockerCli, repoInfo, named, authConfig, responseBody, command.UserAgent())
69-
}
70-
7158
return jsonstream.Display(ctx, responseBody, dockerCli.Out())
7259
}

cli/command/plugin/upgrade.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,9 @@ func newUpgradeCommand(dockerCli command.Cli) *cobra.Command {
3131
}
3232

3333
flags := cmd.Flags()
34-
loadPullFlags(dockerCli, &options, flags)
34+
flags.BoolVar(&options.grantPerms, "grant-all-permissions", false, "Grant all permissions necessary to run the plugin")
35+
flags.Bool("disable-content-trust", dockerCli.ContentTrustEnabled(), "Skip image verification (deprecated)")
36+
_ = flags.MarkHidden("disable-content-trust")
3537
flags.BoolVar(&options.skipRemoteCheck, "skip-remote-check", false, "Do not check if specified remote plugin matches existing plugin image")
3638
return cmd
3739
}

0 commit comments

Comments
 (0)