Since Go 1.7, context is a standard package. Since Go 1.9, everything
that is provided by "x/net/context" is a couple of type aliases to
types in "context".
Many vendored packages still use x/net/context, so vendor entry remains
for now.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 7d62e40f7e4f3c17d229a7687d6fcca5448de813
Component: engine
When the authz response buffer limit is hit, perform a flush.
This prevents excessive buffer sizes, especially on large responses
(e.g. `/containers/<id>/archive` or `/containers/<id>/export`).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 74f8e47352e71aad4015d8d9dea8f16e7a055863
Component: engine
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: ebcb7d6b406fe50ea9a237c73004d75884184c33
Component: engine
Also, this removes the use of a questionable golang range feature which
corrects for mutation of a slice during iteration over that slice. This
makes the filter operation easier to read and reason about.
Signed-off-by: David Sheets <dsheets@docker.com>
Upstream-commit: 7da3986297e04b419ce08b19766633dba36b7d30
Component: engine
When the daemon is configured to run with an authorization-plugin and if
the plugin is disabled, the daemon continues to send API requests to the
plugin and expect it to respond. But the plugin has been disabled. As a
result, all API requests are blocked. Fix this behavior by removing the
disabled plugin from the authz middleware chain.
Tested using riyaz/authz-no-volume-plugin and observed that after
disabling the plugin, API request/response is functional.
Fixes#31836
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
Upstream-commit: 38de272bd4dfea945985b7031cd353ac5f6507c5
Component: engine
Go style calls for mixed caps instead of all caps:
https://golang.org/doc/effective_go.html#mixed-caps
Change LOOKUP, ACQUIRE, and RELEASE to Lookup, Acquire, and Release.
This vendors a fork of libnetwork for now, to deal with a cyclic
dependency issue. The change will be upstream to libnetwork once this is
merged.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 428600108cce0a11e65ec4ebd9e439e947b55da7
Component: engine
When daemon fails to load an authz plugin, it should be removed from
the plugin list. Else the plugin is retried on every request and
response, resulting in undesired behavior (eg. daemon panic)
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: fae904af02a184833d2cd5ce9fdd61a4083707c7
Component: engine
It was racy on config reload
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: a616cf3b88ee264b9a565dc0c25e583444ba64e2
Component: engine
This fix tries to address the issue raised in 25927 where
the HTTP headers have been chaged when AUthZ plugin is in
place.
This issue is that in `FlushAll` (`pkg/authorization/response.go`),
the headers have been written (with `WriteHeader`) before all the
headers have bee copied.
This fix fixes the issue by placing `WriteHeader` after.
A test has been added to cover the changes.`
This fix fixes 25927
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 9cb8fb6ea03fcd78010ce7dd33585d96cd73e38c
Component: engine
Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file
Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.
Signed-off-by: Liron Levin <liron@twistlock.com>
Upstream-commit: 4192fe9c06d150fadfe18f228a6f9c3875227b8a
Component: engine
This patch introduces a new experimental engine-level plugin management
with a new API and command line. Plugins can be distributed via a Docker
registry, and their lifecycle is managed by the engine.
This makes plugins a first-class construct.
For more background, have a look at issue #20363.
Documentation is in a separate commit. If you want to understand how the
new plugin system works, you can start by reading the documentation.
Note: backwards compatibility with existing plugins is maintained,
albeit they won't benefit from the advantages of the new system.
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: f37117045c5398fd3dca8016ea8ca0cb47e7312b
Component: engine
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.
This fix fixes#23459.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: a72b45dbec3caeb3237d1af5aedd04adeb083571
Component: engine
- do use use log pkg
- do not t.Fatal in goroutine
- cleanups
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 6a96684442a7e9d6e2d00e9b11d23ea6caa88a2a
Component: engine
This makes separating middlewares from the core api easier.
As an example, the authorization middleware is moved to
it's own package.
Initialize all static middlewares when the server is created, reducing
allocations every time a route is wrapper with the middlewares.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 8d3467626ee26cad48ad84f2181552dce7afccb6
Component: engine
Small refactor to be able to use custom transports
to call remote plugins.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 1a630234508bdb12d55425ceebdb0b6523a38578
Component: engine
Fix#20508 - Authz plugin enabled with large text/JSON POST payload corrupts body
Upstream-commit: abbb16d7abd7150a9226252f2544326930ea2baf
Component: engine
Based on the discussion, we have changed the following:
1. Send body only if content-type is application/json (based on the
Docker official daemon REST specification, this is the provided for all
APIs that requires authorization.
2. Correctly verify that the msg body is smaller than max cap (this was
the actual bug). Fix includes UT.
3. Minor: Check content length > 0 (it was -1 for load, altough an
attacker can still modify this)
Signed-off-by: Liron Levin <liron@twistlock.com>
Upstream-commit: ca5c2abecfd12ad22b75c69e0debde7b625c2735
Component: engine
Most of them were found and fixed by codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Upstream-commit: 2eee613326fb59fd168849618d14a9054a40f9f5
Component: engine
