prune commands : make sure label filters are considered#21
Conversation
| pruneFilters.Add(parts[0], parts[1]) | ||
| } | ||
|
|
||
| // Server APIs older than 1.29 will just ignore label filters. |
There was a problem hiding this comment.
I feel we should do that server side though (the cli should be as dumb as possible)
cc @thaJeztah @dnephin
There was a problem hiding this comment.
Yes, that would be more correct, but the problem is that the issue is with old servers, so it's hard to fix now.
The server should actually already error with it receives invalid filters. I'm not sure why it isn't.
We already do something like this on the client to hide flags based on version. This is just a little more fine grained. If we do need this we should find a way to do that is easily extend as more fields are added to labels.
There was a problem hiding this comment.
@vdemeester @dnephin is right. This client-side fix fixes it for older daemons. I have a moby/moby PR that is almost ready, fixing it server side (returning error for unknown prune filters).
It is gonna be part of 17.06 as 17.05 is about to get released, and we still have to design and discuss a part of this server-side fix. I am having troubles with docker system prune --filter ... as the CLI, for system prune, calls container prune, volume prune, image prune and network prune passing the same filters to all of them... so my to-be PR is currently braking because of this.
Thanks for reading.
There was a problem hiding this comment.
@gdevillele yep, I did mis-understand the fix at first 😅.
We might (or should have) validates filters by version (for any api endpoint that supports them) in docker/moby 😓
|
|
||
| import ( | ||
| "bufio" | ||
| "context" |
There was a problem hiding this comment.
I think we are still using golang.org/x/net/context
There was a problem hiding this comment.
Depending on if we support go 1.6 for docker/cli or not, it's no big deal in the usage of it (as the interface is the same)
| // would just remove all stopped containers without considering the label | ||
| // The remote API should reject requests using unknown filters. | ||
| if pruneFilters.Get("label") != nil { | ||
| serverVersion, err := dockerCli.Client().ServerVersion(context.Background()) |
There was a problem hiding this comment.
The API version should already be available as dockerCli.Client().ClientVersion() which is set by querying the server API version.
There was a problem hiding this comment.
// ClientVersion returns the version string associated with this instance of the Client
Are you sure? What's important is to detect the version server side.
There was a problem hiding this comment.
Yup,
Lines 200 to 203 in 0a61397
There was a problem hiding this comment.
@dnephin oh! good to know! thanks, I'll update this part
|
Do we still want this change? Daemon side validation was added in moby/moby#33023. "label" filtering was added in docker 17.05 through moby/moby#30740 (which is an edge release, so not supported after 17.06 is released), and the |
That happens to me sometimes, I still have a few older daemons here and there... I guess it won't happen very often, and I would be ok to drop this if the command was not |
|
Actually (we were discussing on slack); it looks like the Hold on, I'll add an example |
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
left an example (double check, but I think docker 17.04 was API version 1.28)
| flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation") | ||
| flags.BoolVarP(&opts.all, "all", "a", false, "Remove all unused images not just dangling ones") | ||
| flags.Var(&opts.filter, "filter", "Provide filter values (e.g. 'until=<timestamp>')") | ||
| flags.Var(&opts.filter, "filter", "Provide filter values (e.g. 'label=<key>=<value>')") |
There was a problem hiding this comment.
This should have an annotation (like in cli/command/stack/deploy.go#L46)
flags.SetAnnotation("filter", "version", []string{"1.28"})Same for the other prune --filter flags
There was a problem hiding this comment.
Oh! I did't know about this!
I'll update the PR then, it's much simpler this way.
There was a problem hiding this comment.
Also see see moby/moby#30187 and moby/moby#30186 for some more info about that :)
|
ping @aduermael looks like this needs a rebase (also can you address my comment, so that we can get this in for 17.06?) |
gdevillele
force-pushed
the
prune-security
branch
2 times, most recently
from
dfa4003 to
86d9eac
Compare
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
changes LGTM; can you squash the commits?
…i v1.28) and newer Signed-off-by: Gaetan de Villele <gdevillele@gmail.com>
gdevillele
force-pushed
the
prune-security
branch
from
86d9eac to
1cc1f54
Compare
|
LGTM |
Vendoring libnetwork b54433f6459b84eae77892d0d359c1bafb133529
* Prefixes documentation files per component Signed-off-by: Eli Uriegas <eli.uriegas@docker.com> * Remove reliance on basename Signed-off-by: Eli Uriegas <eli.uriegas@docker.com> (cherry picked from commit 24e443c109ae5e133f1b20e6c4f9a17126767c71) Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
6 participants
Fixes #17
Related to moby/moby#33023
Checking server API version is at least 1.29 to accept prune commands with label filters.
Signed-off-by: Adrien Duermael adrien@duermael.com