p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33,006 Commits 2 Branches 295 Tags
7aed75f09c30bf5412ce2d290b9e3d60d36282bb
Commit Graph

12 Commits

Author SHA1 Message Date
David Sheets
142f748495 authz: remove and hide unused and local-only methods respectively 
Signed-off-by: David Sheets <dsheets@docker.com>
Upstream-commit: 24264697c54843ea8dbd30ac37652409943e7bf4
Component: engine
 2017-06-13 13:51:11 +01:00
David Sheets
8857822260 authz: eliminate race during plugin removal from middleware 
Also, this removes the use of a questionable golang range feature which
corrects for mutation of a slice during iteration over that slice. This
makes the filter operation easier to read and reason about.

Signed-off-by: David Sheets <dsheets@docker.com>
Upstream-commit: 7da3986297e04b419ce08b19766633dba36b7d30
Component: engine
 2017-06-13 13:51:07 +01:00
Anusha Ragunathan
2034662b7a When authz plugin is disabled, remove from authz middleware chain. 
When the daemon is configured to run with an authorization-plugin and if
the plugin is disabled, the daemon continues to send API requests to the
plugin and expect it to respond. But the plugin has been disabled. As a
result, all API requests are blocked. Fix this behavior by removing the
disabled plugin from the authz middleware chain.

Tested using riyaz/authz-no-volume-plugin and observed that after
disabling the plugin, API request/response is functional.

Fixes #31836

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
Upstream-commit: 38de272bd4dfea945985b7031cd353ac5f6507c5
Component: engine
 2017-03-22 12:07:39 -07:00
Riyaz Faizullabhoy
abdf1bbec3 Revert "Update authz plugin list on failure." 
This reverts commit fae904af02a184833d2cd5ce9fdd61a4083707c7.

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Upstream-commit: a64fc8eea3266968c8e0082dbe6a2f5a8a5bbdc0
Component: engine
 2016-11-03 15:49:21 -07:00
Anusha Ragunathan
78119ce904 Update authz plugin list on failure. 
When daemon fails to load an authz plugin, it should be removed from
the plugin list. Else the plugin is retried on every request and
response, resulting in undesired behavior (eg. daemon panic)

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: fae904af02a184833d2cd5ce9fdd61a4083707c7
Component: engine
 2016-10-28 11:16:06 -07:00
Sebastiaan van Stijn
3643ef102a Merge pull request #27267 from ezrasilvera/plugin_fix 
Call the AuthZRes function also when the daemon  returns error
Upstream-commit: 194f04bbbe5b4de06235bf56b8842cadac0294dc
Component: engine
 2016-10-18 21:53:43 -07:00
Tibor Vass
1f94129ec0 Merge pull request #27293 from anusha-ragunathan/use-pluginv2-authz 
Make authz use pluginv2
Upstream-commit: 8658748ef716e43a5f6d834825d818012ed6e2c4
Component: engine
 2016-10-13 00:28:43 +02:00
Alexander Morozov
2a20bc38c9 pkg/authorization: make it goroutine-safe 
It was racy on config reload

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: a616cf3b88ee264b9a565dc0c25e583444ba64e2
Component: engine
 2016-10-11 16:31:45 -07:00
Anusha Ragunathan
d71f1080b9 Make authorization plugins use pluginv2. 
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: c5393ee147e981ded8fdf12c8da790abd1130175
Component: engine
 2016-10-11 13:09:28 -07:00
Ezra Silvera
8544599d78 Call the AuthZRes function also when the daemon returns error 
Signed-off-by: Ezra Silvera <ezra@il.ibm.com>
Upstream-commit: 5a8ff4025408ed7a30a829008edf509c02f7a258
Component: engine
 2016-10-11 09:53:30 +03:00
Liron Levin
565fab494f Enable to dynamically reload authorization plugins via daemon.config 
Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file

Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.

Signed-off-by: Liron Levin <liron@twistlock.com>
Upstream-commit: 4192fe9c06d150fadfe18f228a6f9c3875227b8a
Component: engine
 2016-07-30 14:59:07 +03:00
David Calavera
8194e834c4 Move middleware to interfaces. 
This makes separating middlewares from the core api easier.
As an example, the authorization middleware is moved to
it's own package.

Initialize all static middlewares when the server is created, reducing
allocations every time a route is wrapper with the middlewares.

Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 8d3467626ee26cad48ad84f2181552dce7afccb6
Component: engine
 2016-04-11 09:19:27 -07:00