daemon/list.go
package daemon // import "github.com/docker/docker/daemon"
import (
"context"
"fmt"
"sort"
"strconv"
"strings"
"github.com/containerd/log"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
"github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/image"
"github.com/docker/go-connections/nat"
"github.com/pkg/errors"
)
var acceptedPsFilterTags = map[string]bool{
"ancestor": true,
"before": true,
"exited": true,
"id": true,
"isolation": true,
"label": true,
"name": true,
"status": true,
"health": true,
"since": true,
"volume": true,
"network": true,
"is-task": true,
"publish": true,
"expose": true,
}
// iterationAction represents possible outcomes happening during the container iteration.
type iterationAction int
const (
// includeContainer is the action to include a container.
includeContainer iterationAction = iota
// excludeContainer is the action to exclude a container.
excludeContainer
// stopIteration is the action to stop iterating over the list of containers.
stopIteration
)
// List returns an array of all containers registered in the daemon.
func (daemon *Daemon) List() []*container.Container {
return daemon.containers.List()
}
// listContext is the daemon generated filtering to iterate over containers.
// This is created based on the user specification from [containertypes.ListOptions].
type listContext struct {
// idx is the container iteration index for this context
idx int
// ancestorFilter tells whether it should check ancestors or not
ancestorFilter bool
// names is a list of container names to filter with
names map[string][]string
// images is a list of images to filter with
images map[image.ID]bool
// filters is a collection of arguments to filter with, specified by the user
filters filters.Args
// exitAllowed is a list of exit codes allowed to filter with
exitAllowed []int
// beforeFilter is a filter to ignore containers that appear before the one given
beforeFilter *container.Snapshot
// sinceFilter is a filter to stop the filtering when the iterator arrives to the given container
sinceFilter *container.Snapshot
// taskFilter tells if we should filter based on whether a container is part of a task
taskFilter bool
// isTask tells us if we should filter container that is a task (true) or not (false)
isTask bool
// publish is a list of published ports to filter with
publish map[nat.Port]bool
// expose is a list of exposed ports to filter with
expose map[nat.Port]bool
// ListOptions is the filters set by the user
*containertypes.ListOptions
}
// byCreatedDescending is a temporary type used to sort a list of containers by creation time.
type byCreatedDescending []container.Snapshot
func (r byCreatedDescending) Len() int { return len(r) }
func (r byCreatedDescending) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
func (r byCreatedDescending) Less(i, j int) bool {
return r[j].CreatedAt.UnixNano() < r[i].CreatedAt.UnixNano()
}
// Containers returns the list of containers to show given the user's filtering.
func (daemon *Daemon) Containers(ctx context.Context, config *containertypes.ListOptions) ([]*types.Container, error) {
if err := config.Filters.Validate(acceptedPsFilterTags); err != nil {
return nil, err
}
var (
view = daemon.containersReplica.Snapshot()
containers = []*types.Container{}
)
filter, err := daemon.foldFilter(ctx, view, config)
if err != nil {
return nil, err
}
// fastpath to only look at a subset of containers if specific name
// or ID matches were provided by the user--otherwise we potentially
// end up querying many more containers than intended
containerList, err := daemon.filterByNameIDMatches(view, filter)
if err != nil {
return nil, err
}
for i := range containerList {
currentContainer := &containerList[i]
switch includeContainerInList(currentContainer, filter) {
case excludeContainer:
continue
case stopIteration:
return containers, nil
}
// transform internal container struct into api structs
newC, err := daemon.refreshImage(ctx, currentContainer)
if err != nil {
return nil, err
}
// release lock because size calculation is slow
if filter.Size {
sizeRw, sizeRootFs, err := daemon.imageService.GetContainerLayerSize(ctx, newC.ID)
if err != nil {
return nil, err
}
newC.SizeRw = sizeRw
newC.SizeRootFs = sizeRootFs
}
if newC != nil {
containers = append(containers, newC)
filter.idx++
}
}
return containers, nil
}
func (daemon *Daemon) filterByNameIDMatches(view *container.View, filter *listContext) ([]container.Snapshot, error) {
idSearch := false
names := filter.filters.Get("name")
ids := filter.filters.Get("id")
if len(names)+len(ids) == 0 {
// if name or ID filters are not in use, return to
// standard behavior of walking the entire container
// list from the daemon's in-memory store
all, err := view.All()
if err != nil {
return nil, err
}
sort.Sort(byCreatedDescending(all))
return all, nil
}
// idSearch will determine if we limit name matching to the IDs
// matched from any IDs which were specified as filters
if len(ids) > 0 {
idSearch = true
}
matches := make(map[string]bool)
// find ID matches; errors represent "not found" and can be ignored
for _, id := range ids {
if fullID, err := daemon.containersReplica.GetByPrefix(id); err == nil {
matches[fullID] = true
}
}
// look for name matches; if ID filtering was used, then limit the
// search space to the matches map only; errors represent "not found"
// and can be ignored
if len(names) > 0 {
for id, idNames := range filter.names {
// if ID filters were used and no matches on that ID were
// found, continue to next ID in the list
if idSearch && !matches[id] {
continue
}
for _, eachName := range idNames {
// match both on container name with, and without slash-prefix
if filter.filters.Match("name", eachName) || filter.filters.Match("name", strings.TrimPrefix(eachName, "/")) {
matches[id] = true
}
}
}
}
cntrs := make([]container.Snapshot, 0, len(matches))
for id := range matches {
c, err := view.Get(id)
if err != nil {
if errdefs.IsNotFound(err) {
// ignore error
continue
}
return nil, err
}
cntrs = append(cntrs, *c)
}
// Restore sort-order after filtering
// Created gives us nanosec resolution for sorting
sort.Sort(byCreatedDescending(cntrs))
return cntrs, nil
}
// foldFilter generates the container filter based on the user's filtering options.
func (daemon *Daemon) foldFilter(ctx context.Context, view *container.View, config *containertypes.ListOptions) (*listContext, error) {
psFilters := config.Filters
var filtExited []int
err := psFilters.WalkValues("exited", func(value string) error {
code, err := strconv.Atoi(value)
if err != nil {
return errdefs.InvalidParameter(errors.Wrapf(err, "invalid filter 'exited=%s'", value))
}
filtExited = append(filtExited, code)
return nil
})
if err != nil {
return nil, err
}
err = psFilters.WalkValues("status", func(value string) error {
if !container.IsValidStateString(value) {
return errdefs.InvalidParameter(fmt.Errorf("invalid filter 'status=%s'", value))
}
config.All = true
return nil
})
if err != nil {
return nil, err
}
taskFilter := psFilters.Contains("is-task")
isTask, err := psFilters.GetBoolOrDefault("is-task", false)
if err != nil {
return nil, err
}
err = psFilters.WalkValues("health", func(value string) error {
if !container.IsValidHealthString(value) {
return errdefs.InvalidParameter(fmt.Errorf("unrecognized filter value for health: %s", value))
}
return nil
})
if err != nil {
return nil, err
}
var beforeContFilter, sinceContFilter *container.Snapshot
err = psFilters.WalkValues("before", func(value string) error {
beforeContFilter, err = idOrNameFilter(view, value)
return err
})
if err != nil {
return nil, err
}
err = psFilters.WalkValues("since", func(value string) error {
sinceContFilter, err = idOrNameFilter(view, value)
return err
})
if err != nil {
return nil, err
}
imagesFilter := map[image.ID]bool{}
var ancestorFilter bool
if psFilters.Contains("ancestor") {
ancestorFilter = true
err := psFilters.WalkValues("ancestor", func(ancestor string) error {
img, err := daemon.imageService.GetImage(ctx, ancestor, backend.GetImageOpts{})
if err != nil {
log.G(ctx).Warnf("Error while looking up for image %v", ancestor)
return nil
}
if imagesFilter[img.ID()] {
// Already seen this ancestor, skip it
return nil
}
// Then walk down the graph and put the imageIds in imagesFilter
return populateImageFilterByParents(ctx, imagesFilter, img.ID(), daemon.imageService.Children)
})
if err != nil {
return nil, err
}
}
publishFilter := map[nat.Port]bool{}
err = psFilters.WalkValues("publish", portOp("publish", publishFilter))
if err != nil {
return nil, err
}
exposeFilter := map[nat.Port]bool{}
err = psFilters.WalkValues("expose", portOp("expose", exposeFilter))
if err != nil {
return nil, err
}
return &listContext{
filters: psFilters,
ancestorFilter: ancestorFilter,
images: imagesFilter,
exitAllowed: filtExited,
beforeFilter: beforeContFilter,
sinceFilter: sinceContFilter,
taskFilter: taskFilter,
isTask: isTask,
publish: publishFilter,
expose: exposeFilter,
ListOptions: config,
names: view.GetAllNames(),
}, nil
}
func idOrNameFilter(view *container.View, value string) (*container.Snapshot, error) {
filter, err := view.Get(value)
if err != nil && errdefs.IsNotFound(err) {
// Try name search instead
found := ""
for id, idNames := range view.GetAllNames() {
for _, eachName := range idNames {
if strings.TrimPrefix(value, "/") == strings.TrimPrefix(eachName, "/") {
if found != "" && found != id {
return nil, err
}
found = id
}
}
}
if found != "" {
filter, err = view.Get(found)
}
}
return filter, err
}
func portOp(key string, filter map[nat.Port]bool) func(value string) error {
return func(value string) error {
if strings.Contains(value, ":") {
return fmt.Errorf("filter for '%s' should not contain ':': %s", key, value)
}
// support two formats, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
proto, port := nat.SplitProtoPort(value)
start, end, err := nat.ParsePortRange(port)
if err != nil {
return fmt.Errorf("error while looking up for %s %s: %s", key, value, err)
}
for i := start; i <= end; i++ {
p, err := nat.NewPort(proto, strconv.FormatUint(i, 10))
if err != nil {
return fmt.Errorf("error while looking up for %s %s: %s", key, value, err)
}
filter[p] = true
}
return nil
}
}
// includeContainerInList decides whether a container should be included in the output or not based in the filter.
// It also decides if the iteration should be stopped or not.
func includeContainerInList(container *container.Snapshot, filter *listContext) iterationAction {
// Do not include container if it's in the list before the filter container.
// Set the filter container to nil to include the rest of containers after this one.
if filter.beforeFilter != nil {
if container.ID == filter.beforeFilter.ID {
filter.beforeFilter = nil
}
return excludeContainer
}
// Stop iteration when the container arrives to the filter container
if filter.sinceFilter != nil {
if container.ID == filter.sinceFilter.ID {
return stopIteration
}
}
// Do not include container if it's stopped and we're not filters
if !container.Running && !filter.All && filter.Limit <= 0 {
return excludeContainer
}
// Do not include container if the name doesn't match
if !filter.filters.Match("name", container.Name) && !filter.filters.Match("name", strings.TrimPrefix(container.Name, "/")) {
return excludeContainer
}
// Do not include container if the id doesn't match
if !filter.filters.Match("id", container.ID) {
return excludeContainer
}
if filter.taskFilter {
if filter.isTask != container.Managed {
return excludeContainer
}
}
// Do not include container if any of the labels don't match
if !filter.filters.MatchKVList("label", container.Labels) {
return excludeContainer
}
// Do not include container if isolation doesn't match
if excludeContainer == excludeByIsolation(container, filter) {
return excludeContainer
}
// Stop iteration when the index is over the limit
if filter.Limit > 0 && filter.idx == filter.Limit {
return stopIteration
}
// Do not include container if its exit code is not in the filter
if len(filter.exitAllowed) > 0 {
shouldSkip := true
for _, code := range filter.exitAllowed {
if code == container.ExitCode && !container.Running && !container.StartedAt.IsZero() {
shouldSkip = false
break
}
}
if shouldSkip {
return excludeContainer
}
}
// Do not include container if its status doesn't match the filter
if !filter.filters.Match("status", container.State) {
return excludeContainer
}
// Do not include container if its health doesn't match the filter
if !filter.filters.ExactMatch("health", container.Health) {
return excludeContainer
}
if filter.filters.Contains("volume") {
volumesByName := make(map[string]types.MountPoint)
for _, m := range container.Mounts {
if m.Name != "" {
volumesByName[m.Name] = m
} else {
volumesByName[m.Source] = m
}
}
volumesByDestination := make(map[string]types.MountPoint)
for _, m := range container.Mounts {
if m.Destination != "" {
volumesByDestination[m.Destination] = m
}
}
volumeExist := fmt.Errorf("volume mounted in container")
err := filter.filters.WalkValues("volume", func(value string) error {
if _, exist := volumesByDestination[value]; exist {
return volumeExist
}
if _, exist := volumesByName[value]; exist {
return volumeExist
}
return nil
})
if err != volumeExist {
return excludeContainer
}
}
if filter.ancestorFilter {
if len(filter.images) == 0 {
return excludeContainer
}
if !filter.images[image.ID(container.ImageID)] {
return excludeContainer
}
}
var (
networkExist = errors.New("container part of network")
noNetworks = errors.New("container is not part of any networks")
)
if filter.filters.Contains("network") {
err := filter.filters.WalkValues("network", func(value string) error {
if container.NetworkSettings == nil {
return noNetworks
}
if _, ok := container.NetworkSettings.Networks[value]; ok {
return networkExist
}
for _, nw := range container.NetworkSettings.Networks {
if nw == nil {
continue
}
if strings.HasPrefix(nw.NetworkID, value) {
return networkExist
}
}
return nil
})
if err != networkExist {
return excludeContainer
}
}
if len(filter.expose) > 0 || len(filter.publish) > 0 {
var (
shouldSkip = true
publishedPort nat.Port
exposedPort nat.Port
)
for _, port := range container.Ports {
publishedPort = nat.Port(fmt.Sprintf("%d/%s", port.PublicPort, port.Type))
exposedPort = nat.Port(fmt.Sprintf("%d/%s", port.PrivatePort, port.Type))
if ok := filter.publish[publishedPort]; ok {
shouldSkip = false
break
} else if ok := filter.expose[exposedPort]; ok {
shouldSkip = false
break
}
}
if shouldSkip {
return excludeContainer
}
}
return includeContainer
}
// refreshImage checks if the Image ref still points to the correct ID, and
// updates the ref to the actual ID when it doesn't.
// This happens when the image with a reference that was used to create
// container was deleted or updated and now resolves to a different ID.
//
// For example:
// $ docker run -d busybox:latest
// $ docker ps -a
// CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
// b0318bca5aef busybox "sh" 4 seconds ago Exited (0) 3 seconds ago ecstatic_beaver
//
// After some time, busybox image got updated on the Docker Hub:
// $ docker pull busybox:latest
//
// So now busybox:latest points to a different digest, but that doesn't impact
// the ecstatic_beaver container which was still created under an older
// version. In this case, it should still point to the original image ID it was
// created from.
//
// $ docker ps -a
// CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
// b0318bca5aef 3fbc63216742 "sh" 3 years ago Exited (0) 3 years ago ecstatic_beaver
func (daemon *Daemon) refreshImage(ctx context.Context, s *container.Snapshot) (*types.Container, error) {
c := s.Container
// s.Image is the image reference passed by the user to create an image
// can be a:
// - name (like nginx, ubuntu:latest, docker.io/library/busybox:latest),
// - truncated ID (abcdef),
// - full digest (sha256:abcdef...)
//
// s.ImageID is the ID of the image that s.Image resolved to at the time
// of the container creation. It's always a full digest.
// If these match, there's nothing to refresh.
if s.Image == s.ImageID {
return &c, nil
}
// Check if the image reference still resolves to the same digest.
img, err := daemon.imageService.GetImage(ctx, s.Image, backend.GetImageOpts{})
// If the image is no longer found or can't be resolved for some other
// reason. Update the Image to the specific ID of the original image it
// resolved to when the container was created.
if err != nil {
if !errdefs.IsNotFound(err) {
log.G(ctx).WithFields(log.Fields{
"error": err,
"containerID": c.ID,
"image": s.Image,
"imageID": s.ImageID,
}).Warn("failed to resolve container image")
}
c.Image = s.ImageID
return &c, nil
}
// Also update the image to the specific image ID, if the Image now
// resolves to a different ID.
if img.ImageID() != s.ImageID {
c.Image = s.ImageID
}
return &c, nil
}
func populateImageFilterByParents(ctx context.Context, ancestorMap map[image.ID]bool, imageID image.ID, getChildren func(context.Context, image.ID) ([]image.ID, error)) error {
if !ancestorMap[imageID] {
children, err := getChildren(ctx, imageID)
if err != nil {
return err
}
for _, id := range children {
if err := populateImageFilterByParents(ctx, ancestorMap, id, getChildren); err != nil {
return err
}
}
ancestorMap[imageID] = true
}
return nil
}