package convert // import "github.com/docker/docker/daemon/cluster/convert" import ( "fmt" "strings" types "github.com/docker/docker/api/types/swarm" gogotypes "github.com/gogo/protobuf/types" swarmapi "github.com/moby/swarmkit/v2/api" "github.com/moby/swarmkit/v2/ca" ) // SwarmFromGRPC converts a grpc Cluster to a Swarm. func SwarmFromGRPC(c swarmapi.Cluster) types.Swarm { swarm := types.Swarm{ ClusterInfo: types.ClusterInfo{ ID: c.ID, Spec: types.Spec{ Orchestration: types.OrchestrationConfig{ TaskHistoryRetentionLimit: &c.Spec.Orchestration.TaskHistoryRetentionLimit, }, Raft: types.RaftConfig{ SnapshotInterval: c.Spec.Raft.SnapshotInterval, KeepOldSnapshots: &c.Spec.Raft.KeepOldSnapshots, LogEntriesForSlowFollowers: c.Spec.Raft.LogEntriesForSlowFollowers, HeartbeatTick: int(c.Spec.Raft.HeartbeatTick), ElectionTick: int(c.Spec.Raft.ElectionTick), }, EncryptionConfig: types.EncryptionConfig{ AutoLockManagers: c.Spec.EncryptionConfig.AutoLockManagers, }, CAConfig: types.CAConfig{ // do not include the signing CA cert or key (it should already be redacted via the swarm APIs) - // the key because it's secret, and the cert because otherwise doing a get + update on the spec // can cause issues because the key would be missing and the cert wouldn't ForceRotate: c.Spec.CAConfig.ForceRotate, }, }, TLSInfo: types.TLSInfo{ TrustRoot: string(c.RootCA.CACert), }, RootRotationInProgress: c.RootCA.RootRotation != nil, DefaultAddrPool: c.DefaultAddressPool, SubnetSize: c.SubnetSize, DataPathPort: c.VXLANUDPPort, }, JoinTokens: types.JoinTokens{ Worker: c.RootCA.JoinTokens.Worker, Manager: c.RootCA.JoinTokens.Manager, }, } issuerInfo, err := ca.IssuerFromAPIRootCA(&c.RootCA) if err == nil && issuerInfo != nil { swarm.TLSInfo.CertIssuerSubject = issuerInfo.Subject swarm.TLSInfo.CertIssuerPublicKey = issuerInfo.PublicKey } heartbeatPeriod, _ := gogotypes.DurationFromProto(c.Spec.Dispatcher.HeartbeatPeriod) swarm.Spec.Dispatcher.HeartbeatPeriod = heartbeatPeriod swarm.Spec.CAConfig.NodeCertExpiry, _ = gogotypes.DurationFromProto(c.Spec.CAConfig.NodeCertExpiry) for _, ca := range c.Spec.CAConfig.ExternalCAs { swarm.Spec.CAConfig.ExternalCAs = append(swarm.Spec.CAConfig.ExternalCAs, &types.ExternalCA{ Protocol: types.ExternalCAProtocol(strings.ToLower(ca.Protocol.String())), URL: ca.URL, Options: ca.Options, CACert: string(ca.CACert), }) } // Meta swarm.Version.Index = c.Meta.Version.Index swarm.CreatedAt, _ = gogotypes.TimestampFromProto(c.Meta.CreatedAt) swarm.UpdatedAt, _ = gogotypes.TimestampFromProto(c.Meta.UpdatedAt) // Annotations swarm.Spec.Annotations = annotationsFromGRPC(c.Spec.Annotations) return swarm } // SwarmSpecToGRPC converts a Spec to a grpc ClusterSpec. func SwarmSpecToGRPC(s types.Spec) (swarmapi.ClusterSpec, error) { return MergeSwarmSpecToGRPC(s, swarmapi.ClusterSpec{}) } // MergeSwarmSpecToGRPC merges a Spec with an initial grpc ClusterSpec func MergeSwarmSpecToGRPC(s types.Spec, spec swarmapi.ClusterSpec) (swarmapi.ClusterSpec, error) { // We take the initSpec (either created from scratch, or returned by swarmkit), // and will only change the value if the one taken from types.Spec is not nil or 0. // In other words, if the value taken from types.Spec is nil or 0, we will maintain the status quo. if s.Annotations.Name != "" { spec.Annotations.Name = s.Annotations.Name } if len(s.Annotations.Labels) != 0 { spec.Annotations.Labels = s.Annotations.Labels } if s.Orchestration.TaskHistoryRetentionLimit != nil { spec.Orchestration.TaskHistoryRetentionLimit = *s.Orchestration.TaskHistoryRetentionLimit } if s.Raft.SnapshotInterval != 0 { spec.Raft.SnapshotInterval = s.Raft.SnapshotInterval } if s.Raft.KeepOldSnapshots != nil { spec.Raft.KeepOldSnapshots = *s.Raft.KeepOldSnapshots } if s.Raft.LogEntriesForSlowFollowers != 0 { spec.Raft.LogEntriesForSlowFollowers = s.Raft.LogEntriesForSlowFollowers } if s.Raft.HeartbeatTick != 0 { spec.Raft.HeartbeatTick = uint32(s.Raft.HeartbeatTick) } if s.Raft.ElectionTick != 0 { spec.Raft.ElectionTick = uint32(s.Raft.ElectionTick) } if s.Dispatcher.HeartbeatPeriod != 0 { spec.Dispatcher.HeartbeatPeriod = gogotypes.DurationProto(s.Dispatcher.HeartbeatPeriod) } if s.CAConfig.NodeCertExpiry != 0 { spec.CAConfig.NodeCertExpiry = gogotypes.DurationProto(s.CAConfig.NodeCertExpiry) } if s.CAConfig.SigningCACert != "" { spec.CAConfig.SigningCACert = []byte(s.CAConfig.SigningCACert) } if s.CAConfig.SigningCAKey != "" { // do propagate the signing CA key here because we want to provide it TO the swarm APIs spec.CAConfig.SigningCAKey = []byte(s.CAConfig.SigningCAKey) } spec.CAConfig.ForceRotate = s.CAConfig.ForceRotate for _, ca := range s.CAConfig.ExternalCAs { protocol, ok := swarmapi.ExternalCA_CAProtocol_value[strings.ToUpper(string(ca.Protocol))] if !ok { return swarmapi.ClusterSpec{}, fmt.Errorf("invalid protocol: %q", ca.Protocol) } spec.CAConfig.ExternalCAs = append(spec.CAConfig.ExternalCAs, &swarmapi.ExternalCA{ Protocol: swarmapi.ExternalCA_CAProtocol(protocol), URL: ca.URL, Options: ca.Options, CACert: []byte(ca.CACert), }) } spec.EncryptionConfig.AutoLockManagers = s.EncryptionConfig.AutoLockManagers return spec, nil }