Merge pull request #15882 from vdemeester/14756-lint-opts-trust

Carry #14813 on linting package opts and trust

daemon/config_unix.go

@@ -70,10 +70,10 @@ func (config *Config) InstallFlags(cmd *flag.FlagSet, usageFn func(string) strin
 	cmd.StringVar(&config.Bridge.Iface, []string{"b", "-bridge"}, "", usageFn("Attach containers to a network bridge"))
 	cmd.StringVar(&config.Bridge.FixedCIDR, []string{"-fixed-cidr"}, "", usageFn("IPv4 subnet for fixed IPs"))
 	cmd.StringVar(&config.Bridge.FixedCIDRv6, []string{"-fixed-cidr-v6"}, "", usageFn("IPv6 subnet for fixed IPs"))
-	cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultGatewayIPv4, ""), []string{"-default-gateway"}, usageFn("Container default gateway IPv4 address"))
-	cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultGatewayIPv6, ""), []string{"-default-gateway-v6"}, usageFn("Container default gateway IPv6 address"))
+	cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultGatewayIPv4, ""), []string{"-default-gateway"}, usageFn("Container default gateway IPv4 address"))
+	cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultGatewayIPv6, ""), []string{"-default-gateway-v6"}, usageFn("Container default gateway IPv6 address"))
 	cmd.BoolVar(&config.Bridge.InterContainerCommunication, []string{"#icc", "-icc"}, true, usageFn("Enable inter-container communication"))
-	cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultIP, "0.0.0.0"), []string{"#ip", "-ip"}, usageFn("Default IP when binding container ports"))
+	cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultIP, "0.0.0.0"), []string{"#ip", "-ip"}, usageFn("Default IP when binding container ports"))
 	cmd.BoolVar(&config.Bridge.EnableUserlandProxy, []string{"-userland-proxy"}, true, usageFn("Use userland proxy for loopback traffic"))
 	cmd.BoolVar(&config.EnableCors, []string{"#api-enable-cors", "#-api-enable-cors"}, false, usageFn("Enable CORS headers in the remote API, this is deprecated by --api-cors-header"))
 	cmd.StringVar(&config.CorsHeaders, []string{"-api-cors-header"}, "", usageFn("Set CORS headers in the remote API"))

daemon/daemon.go

@@ -669,7 +669,7 @@ func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemo
 	if err := system.MkdirAll(trustDir, 0700); err != nil {
 		return nil, err
 	}
-	trustService, err := trust.NewTrustStore(trustDir)
+	trustService, err := trust.NewStore(trustDir)
 	if err != nil {
 		return nil, fmt.Errorf("could not create trust store: %s", err)
 	}

graph/tags.go

@@ -40,7 +40,7 @@ type TagStore struct {
 	pushingPool     map[string]chan struct{}
 	registryService *registry.Service
 	eventsService   *events.Events
-	trustService    *trust.TrustStore
+	trustService    *trust.Store
 }
 
 // Repository maps tags to image IDs.
@@ -77,7 +77,7 @@ type TagStoreConfig struct {
 	// Events is the events service to use for logging.
 	Events *events.Events
 	// Trust is the trust service to use for push and pull operations.
-	Trust *trust.TrustStore
+	Trust *trust.Store
 }
 
 // NewTagStore creates a new TagStore at specified path, using the parameters

graph/tags_unit_test.go

@@ -63,7 +63,7 @@ func mkTestTagStore(root string, t *testing.T) *TagStore {
 		t.Fatal(err)
 	}
 
-	trust, err := trust.NewTrustStore(root + "/trust")
+	trust, err := trust.NewStore(root + "/trust")
 	if err != nil {
 		t.Fatal(err)
 	}

hack/make/validate-lint

@@ -44,6 +44,7 @@ packages=(
 	graph/tags
 	image
 	integration-cli
+	opts
 	pkg/archive
 	pkg/broadcastwriter
 	pkg/chrootarchive
@@ -97,6 +98,7 @@ packages=(
 	pkg/version
 	registry
 	runconfig
+	trust
 	utils
 	volume
 	volume/local

opts/envfile.go

@@ -9,13 +9,13 @@ import (
 )
 
 var (
-	// EnvironmentVariableRegexp A regexp to validate correct environment variables
+	// EnvironmentVariableRegexp is a regexp to validate correct environment variables
 	// Environment variables set by the user must have a name consisting solely of
 	// alphabetics, numerics, and underscores - the first of which must not be numeric.
 	EnvironmentVariableRegexp = regexp.MustCompile("^[[:alpha:]_][[:alpha:][:digit:]_]*$")
 )
 
-// ParseEnvFile Read in a line delimited file with environment variables enumerated
+// ParseEnvFile reads a file with environment variables enumerated by lines
 func ParseEnvFile(filename string) ([]string, error) {
 	fh, err := os.Open(filename)
 	if err != nil {

opts/hosts_unix.go

@@ -4,4 +4,5 @@ package opts
 
 import "fmt"
 
+// DefaultHost constant defines the default host string used by docker on other hosts than Windows
 var DefaultHost = fmt.Sprintf("unix://%s", DefaultUnixSocket)

opts/hosts_windows.go

@@ -4,4 +4,5 @@ package opts
 
 import "fmt"
 
+// DefaultHost constant defines the default host string used by docker on Windows
 var DefaultHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultHTTPPort)

opts/ip.go

@@ -5,20 +5,25 @@ import (
 	"net"
 )
 
-// IpOpt type that hold an IP
-type IpOpt struct {
+// IPOpt holds an IP. It is used to store values from CLI flags.
+type IPOpt struct {
 	*net.IP
 }
 
-func NewIpOpt(ref *net.IP, defaultVal string) *IpOpt {
-	o := &IpOpt{
+// NewIPOpt creates a new IPOpt from a reference net.IP and a
+// string representation of an IP. If the string is not a valid
+// IP it will fallback to the specified reference.
+func NewIPOpt(ref *net.IP, defaultVal string) *IPOpt {
+	o := &IPOpt{
 		IP: ref,
 	}
 	o.Set(defaultVal)
 	return o
 }
 
-func (o *IpOpt) Set(val string) error {
+// Set sets an IPv4 or IPv6 address from a given string. If the given
+// string is not parsable as an IP address it returns an error.
+func (o *IPOpt) Set(val string) error {
 	ip := net.ParseIP(val)
 	if ip == nil {
 		return fmt.Errorf("%s is not an ip address", val)
@@ -27,7 +32,9 @@ func (o *IpOpt) Set(val string) error {
 	return nil
 }
 
-func (o *IpOpt) String() string {
+// String returns the IP address stored in the IPOpt. If stored IP is a
+// nil pointer, it returns an empty string.
+func (o *IPOpt) String() string {
 	if *o.IP == nil {
 		return ""
 	}

opts/ip_test.go

@@ -10,7 +10,7 @@ func TestIpOptString(t *testing.T) {
 	var ip net.IP
 
 	for _, address := range addresses {
-		stringAddress := NewIpOpt(&ip, address).String()
+		stringAddress := NewIPOpt(&ip, address).String()
 		if stringAddress != address {
 			t.Fatalf("IpOpt string should be `%s`, not `%s`", address, stringAddress)
 		}
@@ -21,7 +21,7 @@ func TestNewIpOptInvalidDefaultVal(t *testing.T) {
 	ip := net.IPv4(127, 0, 0, 1)
 	defaultVal := "Not an ip"
 
-	ipOpt := NewIpOpt(&ip, defaultVal)
+	ipOpt := NewIPOpt(&ip, defaultVal)
 
 	expected := "127.0.0.1"
 	if ipOpt.String() != expected {
@@ -33,7 +33,7 @@ func TestNewIpOptValidDefaultVal(t *testing.T) {
 	ip := net.IPv4(127, 0, 0, 1)
 	defaultVal := "192.168.1.1"
 
-	ipOpt := NewIpOpt(&ip, defaultVal)
+	ipOpt := NewIPOpt(&ip, defaultVal)
 
 	expected := "192.168.1.1"
 	if ipOpt.String() != expected {
@@ -43,11 +43,11 @@ func TestNewIpOptValidDefaultVal(t *testing.T) {
 
 func TestIpOptSetInvalidVal(t *testing.T) {
 	ip := net.IPv4(127, 0, 0, 1)
-	ipOpt := &IpOpt{IP: &ip}
+	ipOpt := &IPOpt{IP: &ip}
 
-	invalidIp := "invalid ip"
+	invalidIP := "invalid ip"
 	expectedError := "invalid ip is not an ip address"
-	err := ipOpt.Set(invalidIp)
+	err := ipOpt.Set(invalidIP)
 	if err == nil || err.Error() != expectedError {
 		t.Fatalf("Expected an Error with [%v], got [%v]", expectedError, err.Error())
 	}

opts/opts.go

@@ -27,18 +27,19 @@ var (
 	DefaultUnixSocket = "/var/run/docker.sock"
 )
 
-// ListOpts type that hold a list of values and a validation function.
+// ListOpts holds a list of values and a validation function.
 type ListOpts struct {
 	values    *[]string
 	validator ValidatorFctType
 }
 
-// NewListOpts Create a new ListOpts with the specified validator.
+// NewListOpts creates a new ListOpts with the specified validator.
 func NewListOpts(validator ValidatorFctType) ListOpts {
 	var values []string
 	return *NewListOptsRef(&values, validator)
 }
 
+// NewListOptsRef creates a new ListOpts with the specified values and validator.
 func NewListOptsRef(values *[]string, validator ValidatorFctType) *ListOpts {
 	return &ListOpts{
 		values:    values,
@@ -64,7 +65,7 @@ func (opts *ListOpts) Set(value string) error {
 	return nil
 }
 
-// Delete remove the given element from the slice.
+// Delete removes the specified element from the slice.
 func (opts *ListOpts) Delete(key string) {
 	for i, k := range *opts.values {
 		if k == key {
@@ -85,13 +86,13 @@ func (opts *ListOpts) GetMap() map[string]struct{} {
 	return ret
 }
 
-// GetAll returns the values' slice.
+// GetAll returns the values of slice.
 // FIXME: Can we remove this?
 func (opts *ListOpts) GetAll() []string {
 	return (*opts.values)
 }
 
-// Get checks the existence of the given key.
+// Get checks the existence of the specified key.
 func (opts *ListOpts) Get(key string) bool {
 	for _, k := range *opts.values {
 		if k == key {
@@ -106,7 +107,7 @@ func (opts *ListOpts) Len() int {
 	return len((*opts.values))
 }
 
-//MapOpts type that holds a map of values and a validation function.
+//MapOpts holds a map of values and a validation function.
 type MapOpts struct {
 	values    map[string]string
 	validator ValidatorFctType
@@ -131,6 +132,7 @@ func (opts *MapOpts) Set(value string) error {
 	return nil
 }
 
+// GetAll returns the values of MapOpts as a map.
 func (opts *MapOpts) GetAll() map[string]string {
 	return opts.values
 }
@@ -139,6 +141,7 @@ func (opts *MapOpts) String() string {
 	return fmt.Sprintf("%v", map[string]string((opts.values)))
 }
 
+// NewMapOpts creates a new MapOpts with the specified map of values and a validator.
 func NewMapOpts(values map[string]string, validator ValidatorFctType) *MapOpts {
 	if values == nil {
 		values = make(map[string]string)
@@ -149,13 +152,13 @@ func NewMapOpts(values map[string]string, validator ValidatorFctType) *MapOpts {
 	}
 }
 
-// ValidatorFctType validator that return a validate string and/or an error
+// ValidatorFctType defines a validator function that returns a validated string and/or an error.
 type ValidatorFctType func(val string) (string, error)
 
-// ValidatorFctListType validator that return a validate list of string and/or an error
+// ValidatorFctListType defines a validator function that returns a validated list of string and/or an error
 type ValidatorFctListType func(val string) ([]string, error)
 
-// ValidateAttach Validates that the specified string is a valid attach option.
+// ValidateAttach validates that the specified string is a valid attach option.
 func ValidateAttach(val string) (string, error) {
 	s := strings.ToLower(val)
 	for _, str := range []string{"stdin", "stdout", "stderr"} {
@@ -166,7 +169,7 @@ func ValidateAttach(val string) (string, error) {
 	return val, fmt.Errorf("valid streams are STDIN, STDOUT and STDERR")
 }
 
-// ValidateLink Validates that the specified string has a valid link format (containerName:alias).
+// ValidateLink validates that the specified string has a valid link format (containerName:alias).
 func ValidateLink(val string) (string, error) {
 	if _, _, err := parsers.ParseLink(val); err != nil {
 		return val, err
@@ -194,18 +197,18 @@ func ValidDeviceMode(mode string) bool {
 	return true
 }
 
-// ValidateDevice Validate a path for devices
+// ValidateDevice validates a path for devices
 // It will make sure 'val' is in the form:
 //    [host-dir:]container-path[:mode]
-// It will also validate the device mode.
+// It also validates the device mode.
 func ValidateDevice(val string) (string, error) {
 	return validatePath(val, ValidDeviceMode)
 }
 
-// ValidatePath Validate a path for volumes
+// ValidatePath validates a path for volumes
 // It will make sure 'val' is in the form:
 //    [host-dir:]container-path[:rw|ro]
-// It will also validate the mount mode.
+// It also validates the mount mode.
 func ValidatePath(val string) (string, error) {
 	return validatePath(val, volume.ValidMountMode)
 }
@@ -250,8 +253,8 @@ func validatePath(val string, validator func(string) bool) (string, error) {
 	return val, nil
 }
 
-// ValidateEnv Validate an environment variable and returns it
-// It will use EnvironmentVariableRegexp to ensure the name of the environment variable is valid.
+// ValidateEnv validates an environment variable and returns it.
+// It uses EnvironmentVariableRegexp to ensure the name of the environment variable is valid.
 // If no value is specified, it returns the current value using os.Getenv.
 func ValidateEnv(val string) (string, error) {
 	arr := strings.Split(val, "=")
@@ -267,7 +270,7 @@ func ValidateEnv(val string) (string, error) {
 	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
 }
 
-// ValidateIPAddress Validates an Ip address
+// ValidateIPAddress validates an Ip address.
 func ValidateIPAddress(val string) (string, error) {
 	var ip = net.ParseIP(strings.TrimSpace(val))
 	if ip != nil {
@@ -276,7 +279,7 @@ func ValidateIPAddress(val string) (string, error) {
 	return "", fmt.Errorf("%s is not an ip address", val)
 }
 
-// ValidateMACAddress Validates a MAC address
+// ValidateMACAddress validates a MAC address.
 func ValidateMACAddress(val string) (string, error) {
 	_, err := net.ParseMAC(strings.TrimSpace(val))
 	if err != nil {
@@ -285,8 +288,8 @@ func ValidateMACAddress(val string) (string, error) {
 	return val, nil
 }
 
-// ValidateDNSSearch Validates domain for resolvconf search configuration.
-// A zero length domain is represented by .
+// ValidateDNSSearch validates domain for resolvconf search configuration.
+// A zero length domain is represented by a dot (.).
 func ValidateDNSSearch(val string) (string, error) {
 	if val = strings.Trim(val, " "); val == "." {
 		return val, nil
@@ -305,8 +308,8 @@ func validateDomain(val string) (string, error) {
 	return "", fmt.Errorf("%s is not a valid domain", val)
 }
 
-// ValidateExtraHost Validate that the given string is a valid extrahost and returns it
-// ExtraHost are in the form of name:ip where the ip has to be a valid ip (ipv4 or ipv6)
+// ValidateExtraHost validates that the specified string is a valid extrahost and returns it.
+// ExtraHost are in the form of name:ip where the ip has to be a valid ip (ipv4 or ipv6).
 func ValidateExtraHost(val string) (string, error) {
 	// allow for IPv6 addresses in extra hosts by only splitting on first ":"
 	arr := strings.SplitN(val, ":", 2)
@@ -319,8 +322,8 @@ func ValidateExtraHost(val string) (string, error) {
 	return val, nil
 }
 
-// ValidateLabel Validate that the given string is a valid label, and returns it
-// Labels are in the form on key=value
+// ValidateLabel validates that the specified string is a valid label, and returns it.
+// Labels are in the form on key=value.
 func ValidateLabel(val string) (string, error) {
 	if strings.Count(val, "=") < 1 {
 		return "", fmt.Errorf("bad attribute format: %s", val)
@@ -328,7 +331,7 @@ func ValidateLabel(val string) (string, error) {
 	return val, nil
 }
 
-// ValidateHost Validate that the given string is a valid host and returns it
+// ValidateHost validates that the specified string is a valid host and returns it.
 func ValidateHost(val string) (string, error) {
 	host, err := parsers.ParseHost(DefaultHTTPHost, DefaultUnixSocket, val)
 	if err != nil {

opts/ulimit.go

@@ -6,10 +6,12 @@ import (
 	"github.com/docker/docker/pkg/ulimit"
 )
 
+// UlimitOpt defines a map of Ulimits
 type UlimitOpt struct {
 	values *map[string]*ulimit.Ulimit
 }
 
+// NewUlimitOpt creates a new UlimitOpt
 func NewUlimitOpt(ref *map[string]*ulimit.Ulimit) *UlimitOpt {
 	if ref == nil {
 		ref = &map[string]*ulimit.Ulimit{}
@@ -17,6 +19,7 @@ func NewUlimitOpt(ref *map[string]*ulimit.Ulimit) *UlimitOpt {
 	return &UlimitOpt{ref}
 }
 
+// Set validates a Ulimit and sets its name as a key in UlimitOpt
 func (o *UlimitOpt) Set(val string) error {
 	l, err := ulimit.Parse(val)
 	if err != nil {
@@ -28,6 +31,7 @@ func (o *UlimitOpt) Set(val string) error {
 	return nil
 }
 
+// String returns Ulimit values as a string.
 func (o *UlimitOpt) String() string {
 	var out []string
 	for _, v := range *o.values {
@@ -37,6 +41,7 @@ func (o *UlimitOpt) String() string {
 	return fmt.Sprintf("%v", out)
 }
 
+// GetList returns a slice of pointers to Ulimits.
 func (o *UlimitOpt) GetList() []*ulimit.Ulimit {
 	var ulimits []*ulimit.Ulimit
 	for _, v := range *o.values {

trust/service.go

@@ -8,13 +8,17 @@ import (
 	"github.com/docker/libtrust"
 )
 
+// NotVerifiedError reports a error when doing the key check.
+// For example if the graph is not verified or the key has expired.
 type NotVerifiedError string
 
 func (e NotVerifiedError) Error() string {
 	return string(e)
 }
 
-func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
+// CheckKey verifies that the given public key is allowed to perform
+// the given action on the given node according to the trust graph.
+func (t *Store) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
 	if len(key) == 0 {
 		return false, fmt.Errorf("Missing PublicKey")
 	}
@@ -48,6 +52,8 @@ func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error)
 	return true, nil
 }
 
-func (t *TrustStore) UpdateBase() {
+// UpdateBase retrieves updated base graphs. This function cannot error, it
+// should only log errors.
+func (t *Store) UpdateBase() {
 	t.fetch()
 }

trust/trusts.go

@@ -17,7 +17,10 @@ import (
 	"github.com/docker/libtrust/trustgraph"
 )
 
-type TrustStore struct {
+// Store defines a TrustStore : stores trusted certificates and permissions
+// which are used to verify the signature keys on manifests.
+// Note: This is being deprecated by the notary work.
+type Store struct {
 	path          string
 	caPool        *x509.CertPool
 	graph         trustgraph.TrustGraph
@@ -38,7 +41,9 @@ const defaultFetchtime = 45 * time.Second
 
 var baseEndpoints = map[string]string{"official": "https://dvjy3tqbc323p.cloudfront.net/trust/official.json"}
 
-func NewTrustStore(path string) (*TrustStore, error) {
+// NewStore creates a TrustStore from a given path, if the path is not
+// relative, it will be joined with the working directory.
+func NewStore(path string) (*Store, error) {
 	abspath, err := filepath.Abs(path)
 	if err != nil {
 		return nil, err
@@ -55,7 +60,7 @@ func NewTrustStore(path string) (*TrustStore, error) {
 	}
 
 	// Load grant files
-	t := &TrustStore{
+	t := &Store{
 		path:          abspath,
 		caPool:        nil,
 		httpClient:    &http.Client{},
@@ -70,7 +75,7 @@ func NewTrustStore(path string) (*TrustStore, error) {
 	return t, nil
 }
 
-func (t *TrustStore) reload() error {
+func (t *Store) reload() error {
 	t.Lock()
 	defer t.Unlock()
 
@@ -121,7 +126,7 @@ func (t *TrustStore) reload() error {
 	return nil
 }
 
-func (t *TrustStore) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {
+func (t *Store) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {
 	req := &http.Request{
 		Method:     "GET",
 		URL:        u,
@@ -146,9 +151,9 @@ func (t *TrustStore) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {
 	return trustgraph.LoadStatement(resp.Body, t.caPool)
 }
 
-// fetch retrieves updated base graphs.  This function cannot error, it
+// fetch retrieves updated base graphs. This function cannot error, it
 // should only log errors
-func (t *TrustStore) fetch() {
+func (t *Store) fetch() {
 	t.Lock()
 	defer t.Unlock()