cli/flags/options.go - external/github.com/docker/cli - Git at Google

 package flags

 import (
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"

 	"github.com/docker/cli/cli/config"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )

 const (
 	// EnvEnableTLS is the name of the environment variable that can be used
 	// to enable TLS for client connections. When set to a non-empty value, TLS
 	// is enabled for API connections using TCP. For backward-compatibility, this
 	// environment-variable can only be used to enable TLS, not to disable.
 	//
 	// Note that TLS is always enabled implicitly if the "--tls-verify" option
 	// or "DOCKER_TLS_VERIFY" ([github.com/docker/docker/client.EnvTLSVerify])
 	// env var is set to, which could be to either enable or disable TLS certification
 	// validation. In both cases, TLS is enabled but, depending on the setting,
 	// with verification disabled.
 	EnvEnableTLS = "DOCKER_TLS"

 	// DefaultCaFile is the default filename for the CA pem file
 	DefaultCaFile = "ca.pem"
 	// DefaultKeyFile is the default filename for the key pem file
 	DefaultKeyFile = "key.pem"
 	// DefaultCertFile is the default filename for the cert pem file
 	DefaultCertFile = "cert.pem"
 	// FlagTLSVerify is the flag name for the TLS verification option
 	FlagTLSVerify = "tlsverify"
 	// FormatHelp describes the --format flag behavior for list commands
 	FormatHelp = `Format output using a custom template:
 'table':            Print output in table format with column headers (default)
 'table TEMPLATE':   Print output in table format using the given Go template
 'json':             Print in JSON format
 'TEMPLATE':         Print output using the given Go template.
 Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates`
 	// InspectFormatHelp describes the --format flag behavior for inspect commands
 	InspectFormatHelp = `Format output using a custom template:
 'json':             Print in JSON format
 'TEMPLATE':         Print output using the given Go template.
 Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates`
 )

 var (
 	dockerCertPath  = os.Getenv(client.EnvOverrideCertPath)
 	dockerTLSVerify = os.Getenv(client.EnvTLSVerify) != ""
 	dockerTLS       = os.Getenv(EnvEnableTLS) != ""
 )

 // hostVar is used for the '--host' / '-H' flag to set [ClientOptions.Hosts].
 // The [ClientOptions.Hosts] field is a slice because it was originally shared
 // with the daemon config. However, the CLI only allows for a single host to
 // be specified.
 //
 // hostVar presents itself as a "string", but stores the value in a string
 // slice. It produces an error when trying to set multiple values, matching
 // the check in [getServerHost].
 //
 // [getServerHost]: https://github.com/docker/cli/blob/7eab668982645def1cd46fe1b60894cba6fd17a4/cli/command/cli.go#L542-L551
 type hostVar struct {
 	dst *[]string
 	set bool
 }

 func (h *hostVar) String() string {
 	if h.dst == nil || len(*h.dst) == 0 {
 		return ""
 	}
 	return (*h.dst)[0]
 }

 func (h *hostVar) Set(s string) error {
 	if h.set {
 		return errors.New("specify only one -H")
 	}
 	*h.dst = []string{s}
 	h.set = true
 	return nil
 }

 func (*hostVar) Type() string { return "string" }

 // ClientOptions are the options used to configure the client cli.
 type ClientOptions struct {
 	Debug      bool
 	Hosts      []string
 	LogLevel   string
 	TLS        bool
 	TLSVerify  bool
 	TLSOptions *tlsconfig.Options
 	Context    string
 	ConfigDir  string
 }

 // NewClientOptions returns a new ClientOptions.
 func NewClientOptions() *ClientOptions {
 	return &ClientOptions{}
 }

 // InstallFlags adds flags for the common options on the FlagSet
 func (o *ClientOptions) InstallFlags(flags *pflag.FlagSet) {
 	configDir := config.Dir()
 	if dockerCertPath == "" {
 		dockerCertPath = configDir
 	}

 	flags.StringVar(&o.ConfigDir, "config", configDir, "Location of client config files")
 	flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode")
 	flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug", "info", "warn", "error", "fatal")`)
 	flags.BoolVar(&o.TLS, "tls", dockerTLS, "Use TLS; implied by --tlsverify")
 	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")

 	o.TLSOptions = &tlsconfig.Options{
 		CAFile:   filepath.Join(dockerCertPath, DefaultCaFile),
 		CertFile: filepath.Join(dockerCertPath, DefaultCertFile),
 		KeyFile:  filepath.Join(dockerCertPath, DefaultKeyFile),
 	}
 	tlsOptions := o.TLSOptions
 	flags.Var(&quotedString{&tlsOptions.CAFile}, "tlscacert", "Trust certs signed only by this CA")
 	flags.Var(&quotedString{&tlsOptions.CertFile}, "tlscert", "Path to TLS certificate file")
 	flags.Var(&quotedString{&tlsOptions.KeyFile}, "tlskey", "Path to TLS key file")

 	// TODO(thaJeztah): show the default host.
 	// TODO(thaJeztah): this should be a string, not an "array" as we only allow a single host.
 	flags.VarP(&hostVar{dst: &o.Hosts}, "host", "H", "Daemon socket to connect to")
 	flags.StringVarP(&o.Context, "context", "c", "",
 		`Name of the context to use to connect to the daemon (overrides `+client.EnvOverrideHost+` env var and default context set with "docker context use")`)
 }

 // SetDefaultOptions sets default values for options after flag parsing is
 // complete
 func (o *ClientOptions) SetDefaultOptions(flags *pflag.FlagSet) {
 	// Regardless of whether the user sets it to true or false, if they
 	// specify --tlsverify at all then we need to turn on TLS
 	// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need
 	// to check that here as well
 	if flags.Changed(FlagTLSVerify) || o.TLSVerify {
 		o.TLS = true
 	}

 	if !o.TLS {
 		o.TLSOptions = nil
 	} else {
 		tlsOptions := o.TLSOptions
 		tlsOptions.InsecureSkipVerify = !o.TLSVerify

 		// Reset CertFile and KeyFile to empty string if the user did not specify
 		// the respective flags and the respective default files were not found.
 		if !flags.Changed("tlscert") {
 			if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {
 				tlsOptions.CertFile = ""
 			}
 		}
 		if !flags.Changed("tlskey") {
 			if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {
 				tlsOptions.KeyFile = ""
 			}
 		}
 	}
 }

 // SetLogLevel sets the logrus logging level
 func SetLogLevel(logLevel string) {
 	if logLevel != "" {
 		lvl, err := logrus.ParseLevel(logLevel)
 		if err != nil {
 			_, _ = fmt.Fprintln(os.Stderr, "Unable to parse logging level:", logLevel)
 			os.Exit(1)
 		}
 		logrus.SetLevel(lvl)
 	} else {
 		logrus.SetLevel(logrus.InfoLevel)
 	}
 }

 type quotedString struct {
 	value *string
 }

 func (s *quotedString) Set(val string) error {
 	*s.value = trimQuotes(val)
 	return nil
 }

 func (*quotedString) Type() string {
 	return "string"
 }

 func (s *quotedString) String() string {
 	return *s.value
 }

 func trimQuotes(value string) string {
 	if len(value) < 2 {
 		return value
 	}
 	lastIndex := len(value) - 1
 	for _, char := range []byte{'\'', '"'} {
 		if value[0] == char && value[lastIndex] == char {
 			return value[1:lastIndex]
 		}
 	}
 	return value
 }
	package flags

	import (
	"errors"
	"fmt"
	"os"
	"path/filepath"

	"github.com/docker/cli/cli/config"
	"github.com/docker/docker/client"
	"github.com/docker/go-connections/tlsconfig"
	"github.com/sirupsen/logrus"
	"github.com/spf13/pflag"
	)

	const (
	// EnvEnableTLS is the name of the environment variable that can be used
	// to enable TLS for client connections. When set to a non-empty value, TLS
	// is enabled for API connections using TCP. For backward-compatibility, this
	// environment-variable can only be used to enable TLS, not to disable.
	//
	// Note that TLS is always enabled implicitly if the "--tls-verify" option
	// or "DOCKER_TLS_VERIFY" ([github.com/docker/docker/client.EnvTLSVerify])
	// env var is set to, which could be to either enable or disable TLS certification
	// validation. In both cases, TLS is enabled but, depending on the setting,
	// with verification disabled.
	EnvEnableTLS = "DOCKER_TLS"

	// DefaultCaFile is the default filename for the CA pem file
	DefaultCaFile = "ca.pem"
	// DefaultKeyFile is the default filename for the key pem file
	DefaultKeyFile = "key.pem"
	// DefaultCertFile is the default filename for the cert pem file
	DefaultCertFile = "cert.pem"
	// FlagTLSVerify is the flag name for the TLS verification option
	FlagTLSVerify = "tlsverify"
	// FormatHelp describes the --format flag behavior for list commands
	FormatHelp = `Format output using a custom template:
	'table': Print output in table format with column headers (default)
	'table TEMPLATE': Print output in table format using the given Go template
	'json': Print in JSON format
	'TEMPLATE': Print output using the given Go template.
	Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates`
	// InspectFormatHelp describes the --format flag behavior for inspect commands
	InspectFormatHelp = `Format output using a custom template:
	'json': Print in JSON format
	'TEMPLATE': Print output using the given Go template.
	Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates`
	)

	var (
	dockerCertPath = os.Getenv(client.EnvOverrideCertPath)
	dockerTLSVerify = os.Getenv(client.EnvTLSVerify) != ""
	dockerTLS = os.Getenv(EnvEnableTLS) != ""
	)

	// hostVar is used for the '--host' / '-H' flag to set [ClientOptions.Hosts].
	// The [ClientOptions.Hosts] field is a slice because it was originally shared
	// with the daemon config. However, the CLI only allows for a single host to
	// be specified.
	//
	// hostVar presents itself as a "string", but stores the value in a string
	// slice. It produces an error when trying to set multiple values, matching
	// the check in [getServerHost].
	//
	// [getServerHost]: https://github.com/docker/cli/blob/7eab668982645def1cd46fe1b60894cba6fd17a4/cli/command/cli.go#L542-L551
	type hostVar struct {
	dst *[]string
	set bool
	}

	func (h *hostVar) String() string {
	if h.dst == nil \|\| len(*h.dst) == 0 {
	return ""
	}
	return (*h.dst)[0]
	}

	func (h *hostVar) Set(s string) error {
	if h.set {
	return errors.New("specify only one -H")
	}
	*h.dst = []string{s}
	h.set = true
	return nil
	}

	func (*hostVar) Type() string { return "string" }

	// ClientOptions are the options used to configure the client cli.
	type ClientOptions struct {
	Debug bool
	Hosts []string
	LogLevel string
	TLS bool
	TLSVerify bool
	TLSOptions *tlsconfig.Options
	Context string
	ConfigDir string
	}

	// NewClientOptions returns a new ClientOptions.
	func NewClientOptions() *ClientOptions {
	return &ClientOptions{}
	}

	// InstallFlags adds flags for the common options on the FlagSet
	func (o ClientOptions) InstallFlags(flags pflag.FlagSet) {
	configDir := config.Dir()
	if dockerCertPath == "" {
	dockerCertPath = configDir
	}

	flags.StringVar(&o.ConfigDir, "config", configDir, "Location of client config files")
	flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode")
	flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug", "info", "warn", "error", "fatal")`)
	flags.BoolVar(&o.TLS, "tls", dockerTLS, "Use TLS; implied by --tlsverify")
	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")

	o.TLSOptions = &tlsconfig.Options{
	CAFile: filepath.Join(dockerCertPath, DefaultCaFile),
	CertFile: filepath.Join(dockerCertPath, DefaultCertFile),
	KeyFile: filepath.Join(dockerCertPath, DefaultKeyFile),
	}
	tlsOptions := o.TLSOptions
	flags.Var(&quotedString{&tlsOptions.CAFile}, "tlscacert", "Trust certs signed only by this CA")
	flags.Var(&quotedString{&tlsOptions.CertFile}, "tlscert", "Path to TLS certificate file")
	flags.Var(&quotedString{&tlsOptions.KeyFile}, "tlskey", "Path to TLS key file")

	// TODO(thaJeztah): show the default host.
	// TODO(thaJeztah): this should be a string, not an "array" as we only allow a single host.
	flags.VarP(&hostVar{dst: &o.Hosts}, "host", "H", "Daemon socket to connect to")
	flags.StringVarP(&o.Context, "context", "c", "",
	`Name of the context to use to connect to the daemon (overrides `+client.EnvOverrideHost+` env var and default context set with "docker context use")`)
	}

	// SetDefaultOptions sets default values for options after flag parsing is
	// complete
	func (o ClientOptions) SetDefaultOptions(flags pflag.FlagSet) {
	// Regardless of whether the user sets it to true or false, if they
	// specify --tlsverify at all then we need to turn on TLS
	// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need
	// to check that here as well
	if flags.Changed(FlagTLSVerify) \|\| o.TLSVerify {
	o.TLS = true
	}

	if !o.TLS {
	o.TLSOptions = nil
	} else {
	tlsOptions := o.TLSOptions
	tlsOptions.InsecureSkipVerify = !o.TLSVerify

	// Reset CertFile and KeyFile to empty string if the user did not specify
	// the respective flags and the respective default files were not found.
	if !flags.Changed("tlscert") {
	if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {
	tlsOptions.CertFile = ""
	}
	}
	if !flags.Changed("tlskey") {
	if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {
	tlsOptions.KeyFile = ""
	}
	}
	}
	}

	// SetLogLevel sets the logrus logging level
	func SetLogLevel(logLevel string) {
	if logLevel != "" {
	lvl, err := logrus.ParseLevel(logLevel)
	if err != nil {
	_, _ = fmt.Fprintln(os.Stderr, "Unable to parse logging level:", logLevel)
	os.Exit(1)
	}
	logrus.SetLevel(lvl)
	} else {
	logrus.SetLevel(logrus.InfoLevel)
	}
	}

	type quotedString struct {
	value *string
	}

	func (s *quotedString) Set(val string) error {
	*s.value = trimQuotes(val)
	return nil
	}

	func (*quotedString) Type() string {
	return "string"
	}

	func (s *quotedString) String() string {
	return *s.value
	}

	func trimQuotes(value string) string {
	if len(value) < 2 {
	return value
	}
	lastIndex := len(value) - 1
	for _, char := range []byte{'\'', '"'} {
	if value[0] == char && value[lastIndex] == char {
	return value[1:lastIndex]
	}
	}
	return value
	}