github.com/docker/docker@v299999999.0.0-20200612211812-aaf470eca7b5+incompatible/daemon/cluster/convert/swarm.go (about) 1 package convert // import "github.com/docker/docker/daemon/cluster/convert" 2 3 import ( 4 "fmt" 5 "strings" 6 7 types "github.com/docker/docker/api/types/swarm" 8 swarmapi "github.com/docker/swarmkit/api" 9 "github.com/docker/swarmkit/ca" 10 gogotypes "github.com/gogo/protobuf/types" 11 ) 12 13 // SwarmFromGRPC converts a grpc Cluster to a Swarm. 14 func SwarmFromGRPC(c swarmapi.Cluster) types.Swarm { 15 swarm := types.Swarm{ 16 ClusterInfo: types.ClusterInfo{ 17 ID: c.ID, 18 Spec: types.Spec{ 19 Orchestration: types.OrchestrationConfig{ 20 TaskHistoryRetentionLimit: &c.Spec.Orchestration.TaskHistoryRetentionLimit, 21 }, 22 Raft: types.RaftConfig{ 23 SnapshotInterval: c.Spec.Raft.SnapshotInterval, 24 KeepOldSnapshots: &c.Spec.Raft.KeepOldSnapshots, 25 LogEntriesForSlowFollowers: c.Spec.Raft.LogEntriesForSlowFollowers, 26 HeartbeatTick: int(c.Spec.Raft.HeartbeatTick), 27 ElectionTick: int(c.Spec.Raft.ElectionTick), 28 }, 29 EncryptionConfig: types.EncryptionConfig{ 30 AutoLockManagers: c.Spec.EncryptionConfig.AutoLockManagers, 31 }, 32 CAConfig: types.CAConfig{ 33 // do not include the signing CA cert or key (it should already be redacted via the swarm APIs) - 34 // the key because it's secret, and the cert because otherwise doing a get + update on the spec 35 // can cause issues because the key would be missing and the cert wouldn't 36 ForceRotate: c.Spec.CAConfig.ForceRotate, 37 }, 38 }, 39 TLSInfo: types.TLSInfo{ 40 TrustRoot: string(c.RootCA.CACert), 41 }, 42 RootRotationInProgress: c.RootCA.RootRotation != nil, 43 DefaultAddrPool: c.DefaultAddressPool, 44 SubnetSize: c.SubnetSize, 45 DataPathPort: c.VXLANUDPPort, 46 }, 47 JoinTokens: types.JoinTokens{ 48 Worker: c.RootCA.JoinTokens.Worker, 49 Manager: c.RootCA.JoinTokens.Manager, 50 }, 51 } 52 53 issuerInfo, err := ca.IssuerFromAPIRootCA(&c.RootCA) 54 if err == nil && issuerInfo != nil { 55 swarm.TLSInfo.CertIssuerSubject = issuerInfo.Subject 56 swarm.TLSInfo.CertIssuerPublicKey = issuerInfo.PublicKey 57 } 58 59 heartbeatPeriod, _ := gogotypes.DurationFromProto(c.Spec.Dispatcher.HeartbeatPeriod) 60 swarm.Spec.Dispatcher.HeartbeatPeriod = heartbeatPeriod 61 62 swarm.Spec.CAConfig.NodeCertExpiry, _ = gogotypes.DurationFromProto(c.Spec.CAConfig.NodeCertExpiry) 63 64 for _, ca := range c.Spec.CAConfig.ExternalCAs { 65 swarm.Spec.CAConfig.ExternalCAs = append(swarm.Spec.CAConfig.ExternalCAs, &types.ExternalCA{ 66 Protocol: types.ExternalCAProtocol(strings.ToLower(ca.Protocol.String())), 67 URL: ca.URL, 68 Options: ca.Options, 69 CACert: string(ca.CACert), 70 }) 71 } 72 73 // Meta 74 swarm.Version.Index = c.Meta.Version.Index 75 swarm.CreatedAt, _ = gogotypes.TimestampFromProto(c.Meta.CreatedAt) 76 swarm.UpdatedAt, _ = gogotypes.TimestampFromProto(c.Meta.UpdatedAt) 77 78 // Annotations 79 swarm.Spec.Annotations = annotationsFromGRPC(c.Spec.Annotations) 80 81 return swarm 82 } 83 84 // SwarmSpecToGRPC converts a Spec to a grpc ClusterSpec. 85 func SwarmSpecToGRPC(s types.Spec) (swarmapi.ClusterSpec, error) { 86 return MergeSwarmSpecToGRPC(s, swarmapi.ClusterSpec{}) 87 } 88 89 // MergeSwarmSpecToGRPC merges a Spec with an initial grpc ClusterSpec 90 func MergeSwarmSpecToGRPC(s types.Spec, spec swarmapi.ClusterSpec) (swarmapi.ClusterSpec, error) { 91 // We take the initSpec (either created from scratch, or returned by swarmkit), 92 // and will only change the value if the one taken from types.Spec is not nil or 0. 93 // In other words, if the value taken from types.Spec is nil or 0, we will maintain the status quo. 94 if s.Annotations.Name != "" { 95 spec.Annotations.Name = s.Annotations.Name 96 } 97 if len(s.Annotations.Labels) != 0 { 98 spec.Annotations.Labels = s.Annotations.Labels 99 } 100 101 if s.Orchestration.TaskHistoryRetentionLimit != nil { 102 spec.Orchestration.TaskHistoryRetentionLimit = *s.Orchestration.TaskHistoryRetentionLimit 103 } 104 if s.Raft.SnapshotInterval != 0 { 105 spec.Raft.SnapshotInterval = s.Raft.SnapshotInterval 106 } 107 if s.Raft.KeepOldSnapshots != nil { 108 spec.Raft.KeepOldSnapshots = *s.Raft.KeepOldSnapshots 109 } 110 if s.Raft.LogEntriesForSlowFollowers != 0 { 111 spec.Raft.LogEntriesForSlowFollowers = s.Raft.LogEntriesForSlowFollowers 112 } 113 if s.Raft.HeartbeatTick != 0 { 114 spec.Raft.HeartbeatTick = uint32(s.Raft.HeartbeatTick) 115 } 116 if s.Raft.ElectionTick != 0 { 117 spec.Raft.ElectionTick = uint32(s.Raft.ElectionTick) 118 } 119 if s.Dispatcher.HeartbeatPeriod != 0 { 120 spec.Dispatcher.HeartbeatPeriod = gogotypes.DurationProto(s.Dispatcher.HeartbeatPeriod) 121 } 122 if s.CAConfig.NodeCertExpiry != 0 { 123 spec.CAConfig.NodeCertExpiry = gogotypes.DurationProto(s.CAConfig.NodeCertExpiry) 124 } 125 if s.CAConfig.SigningCACert != "" { 126 spec.CAConfig.SigningCACert = []byte(s.CAConfig.SigningCACert) 127 } 128 if s.CAConfig.SigningCAKey != "" { 129 // do propagate the signing CA key here because we want to provide it TO the swarm APIs 130 spec.CAConfig.SigningCAKey = []byte(s.CAConfig.SigningCAKey) 131 } 132 spec.CAConfig.ForceRotate = s.CAConfig.ForceRotate 133 134 for _, ca := range s.CAConfig.ExternalCAs { 135 protocol, ok := swarmapi.ExternalCA_CAProtocol_value[strings.ToUpper(string(ca.Protocol))] 136 if !ok { 137 return swarmapi.ClusterSpec{}, fmt.Errorf("invalid protocol: %q", ca.Protocol) 138 } 139 spec.CAConfig.ExternalCAs = append(spec.CAConfig.ExternalCAs, &swarmapi.ExternalCA{ 140 Protocol: swarmapi.ExternalCA_CAProtocol(protocol), 141 URL: ca.URL, 142 Options: ca.Options, 143 CACert: []byte(ca.CACert), 144 }) 145 } 146 147 spec.EncryptionConfig.AutoLockManagers = s.EncryptionConfig.AutoLockManagers 148 149 return spec, nil 150 }