config.go 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539
  1. package daemon
  2. import (
  3. "bytes"
  4. "encoding/json"
  5. "errors"
  6. "fmt"
  7. "io"
  8. "io/ioutil"
  9. "runtime"
  10. "sort"
  11. "strings"
  12. "sync"
  13. "github.com/Sirupsen/logrus"
  14. "github.com/docker/docker/opts"
  15. "github.com/docker/docker/pkg/discovery"
  16. "github.com/docker/docker/registry"
  17. "github.com/imdario/mergo"
  18. "github.com/spf13/pflag"
  19. )
  20. const (
  21. // defaultMaxConcurrentDownloads is the default value for
  22. // maximum number of downloads that
  23. // may take place at a time for each pull.
  24. defaultMaxConcurrentDownloads = 3
  25. // defaultMaxConcurrentUploads is the default value for
  26. // maximum number of uploads that
  27. // may take place at a time for each push.
  28. defaultMaxConcurrentUploads = 5
  29. // stockRuntimeName is the reserved name/alias used to represent the
  30. // OCI runtime being shipped with the docker daemon package.
  31. stockRuntimeName = "runc"
  32. )
  33. const (
  34. defaultNetworkMtu = 1500
  35. disableNetworkBridge = "none"
  36. )
  37. const (
  38. defaultShutdownTimeout = 15
  39. )
  40. // flatOptions contains configuration keys
  41. // that MUST NOT be parsed as deep structures.
  42. // Use this to differentiate these options
  43. // with others like the ones in CommonTLSOptions.
  44. var flatOptions = map[string]bool{
  45. "cluster-store-opts": true,
  46. "log-opts": true,
  47. "runtimes": true,
  48. "default-ulimits": true,
  49. }
  50. // LogConfig represents the default log configuration.
  51. // It includes json tags to deserialize configuration from a file
  52. // using the same names that the flags in the command line use.
  53. type LogConfig struct {
  54. Type string `json:"log-driver,omitempty"`
  55. Config map[string]string `json:"log-opts,omitempty"`
  56. }
  57. // commonBridgeConfig stores all the platform-common bridge driver specific
  58. // configuration.
  59. type commonBridgeConfig struct {
  60. Iface string `json:"bridge,omitempty"`
  61. FixedCIDR string `json:"fixed-cidr,omitempty"`
  62. }
  63. // CommonTLSOptions defines TLS configuration for the daemon server.
  64. // It includes json tags to deserialize configuration from a file
  65. // using the same names that the flags in the command line use.
  66. type CommonTLSOptions struct {
  67. CAFile string `json:"tlscacert,omitempty"`
  68. CertFile string `json:"tlscert,omitempty"`
  69. KeyFile string `json:"tlskey,omitempty"`
  70. }
  71. // CommonConfig defines the configuration of a docker daemon which is
  72. // common across platforms.
  73. // It includes json tags to deserialize configuration from a file
  74. // using the same names that the flags in the command line use.
  75. type CommonConfig struct {
  76. AuthorizationPlugins []string `json:"authorization-plugins,omitempty"` // AuthorizationPlugins holds list of authorization plugins
  77. AutoRestart bool `json:"-"`
  78. Context map[string][]string `json:"-"`
  79. DisableBridge bool `json:"-"`
  80. DNS []string `json:"dns,omitempty"`
  81. DNSOptions []string `json:"dns-opts,omitempty"`
  82. DNSSearch []string `json:"dns-search,omitempty"`
  83. ExecOptions []string `json:"exec-opts,omitempty"`
  84. GraphDriver string `json:"storage-driver,omitempty"`
  85. GraphOptions []string `json:"storage-opts,omitempty"`
  86. Labels []string `json:"labels,omitempty"`
  87. Mtu int `json:"mtu,omitempty"`
  88. Pidfile string `json:"pidfile,omitempty"`
  89. RawLogs bool `json:"raw-logs,omitempty"`
  90. Root string `json:"graph,omitempty"`
  91. SocketGroup string `json:"group,omitempty"`
  92. TrustKeyPath string `json:"-"`
  93. CorsHeaders string `json:"api-cors-header,omitempty"`
  94. EnableCors bool `json:"api-enable-cors,omitempty"`
  95. // LiveRestoreEnabled determines whether we should keep containers
  96. // alive upon daemon shutdown/start
  97. LiveRestoreEnabled bool `json:"live-restore,omitempty"`
  98. // ClusterStore is the storage backend used for the cluster information. It is used by both
  99. // multihost networking (to store networks and endpoints information) and by the node discovery
  100. // mechanism.
  101. ClusterStore string `json:"cluster-store,omitempty"`
  102. // ClusterOpts is used to pass options to the discovery package for tuning libkv settings, such
  103. // as TLS configuration settings.
  104. ClusterOpts map[string]string `json:"cluster-store-opts,omitempty"`
  105. // ClusterAdvertise is the network endpoint that the Engine advertises for the purpose of node
  106. // discovery. This should be a 'host:port' combination on which that daemon instance is
  107. // reachable by other hosts.
  108. ClusterAdvertise string `json:"cluster-advertise,omitempty"`
  109. // MaxConcurrentDownloads is the maximum number of downloads that
  110. // may take place at a time for each pull.
  111. MaxConcurrentDownloads *int `json:"max-concurrent-downloads,omitempty"`
  112. // MaxConcurrentUploads is the maximum number of uploads that
  113. // may take place at a time for each push.
  114. MaxConcurrentUploads *int `json:"max-concurrent-uploads,omitempty"`
  115. // ShutdownTimeout is the timeout value (in seconds) the daemon will wait for the container
  116. // to stop when daemon is being shutdown
  117. ShutdownTimeout int `json:"shutdown-timeout,omitempty"`
  118. Debug bool `json:"debug,omitempty"`
  119. Hosts []string `json:"hosts,omitempty"`
  120. LogLevel string `json:"log-level,omitempty"`
  121. TLS bool `json:"tls,omitempty"`
  122. TLSVerify bool `json:"tlsverify,omitempty"`
  123. // Embedded structs that allow config
  124. // deserialization without the full struct.
  125. CommonTLSOptions
  126. // SwarmDefaultAdvertiseAddr is the default host/IP or network interface
  127. // to use if a wildcard address is specified in the ListenAddr value
  128. // given to the /swarm/init endpoint and no advertise address is
  129. // specified.
  130. SwarmDefaultAdvertiseAddr string `json:"swarm-default-advertise-addr"`
  131. MetricsAddress string `json:"metrics-addr"`
  132. LogConfig
  133. bridgeConfig // bridgeConfig holds bridge network specific configuration.
  134. registry.ServiceOptions
  135. reloadLock sync.Mutex
  136. valuesSet map[string]interface{}
  137. Experimental bool `json:"experimental"` // Experimental indicates whether experimental features should be exposed or not
  138. }
  139. // InstallCommonFlags adds flags to the pflag.FlagSet to configure the daemon
  140. func (config *Config) InstallCommonFlags(flags *pflag.FlagSet) {
  141. var maxConcurrentDownloads, maxConcurrentUploads int
  142. config.ServiceOptions.InstallCliFlags(flags)
  143. flags.Var(opts.NewNamedListOptsRef("storage-opts", &config.GraphOptions, nil), "storage-opt", "Storage driver options")
  144. flags.Var(opts.NewNamedListOptsRef("authorization-plugins", &config.AuthorizationPlugins, nil), "authorization-plugin", "Authorization plugins to load")
  145. flags.Var(opts.NewNamedListOptsRef("exec-opts", &config.ExecOptions, nil), "exec-opt", "Runtime execution options")
  146. flags.StringVarP(&config.Pidfile, "pidfile", "p", defaultPidFile, "Path to use for daemon PID file")
  147. flags.StringVarP(&config.Root, "graph", "g", defaultGraph, "Root of the Docker runtime")
  148. flags.BoolVarP(&config.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
  149. flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
  150. flags.StringVarP(&config.GraphDriver, "storage-driver", "s", "", "Storage driver to use")
  151. flags.IntVar(&config.Mtu, "mtu", 0, "Set the containers network MTU")
  152. flags.BoolVar(&config.RawLogs, "raw-logs", false, "Full timestamps without ANSI coloring")
  153. // FIXME: why the inconsistency between "hosts" and "sockets"?
  154. flags.Var(opts.NewListOptsRef(&config.DNS, opts.ValidateIPAddress), "dns", "DNS server to use")
  155. flags.Var(opts.NewNamedListOptsRef("dns-opts", &config.DNSOptions, nil), "dns-opt", "DNS options to use")
  156. flags.Var(opts.NewListOptsRef(&config.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")
  157. flags.Var(opts.NewNamedListOptsRef("labels", &config.Labels, opts.ValidateLabel), "label", "Set key=value labels to the daemon")
  158. flags.StringVar(&config.LogConfig.Type, "log-driver", "json-file", "Default driver for container logs")
  159. flags.Var(opts.NewNamedMapOpts("log-opts", config.LogConfig.Config, nil), "log-opt", "Default log driver options for containers")
  160. flags.StringVar(&config.ClusterAdvertise, "cluster-advertise", "", "Address or interface name to advertise")
  161. flags.StringVar(&config.ClusterStore, "cluster-store", "", "URL of the distributed storage backend")
  162. flags.Var(opts.NewNamedMapOpts("cluster-store-opts", config.ClusterOpts, nil), "cluster-store-opt", "Set cluster store options")
  163. flags.StringVar(&config.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API")
  164. flags.IntVar(&maxConcurrentDownloads, "max-concurrent-downloads", defaultMaxConcurrentDownloads, "Set the max concurrent downloads for each pull")
  165. flags.IntVar(&maxConcurrentUploads, "max-concurrent-uploads", defaultMaxConcurrentUploads, "Set the max concurrent uploads for each push")
  166. flags.IntVar(&config.ShutdownTimeout, "shutdown-timeout", defaultShutdownTimeout, "Set the default shutdown timeout")
  167. flags.StringVar(&config.SwarmDefaultAdvertiseAddr, "swarm-default-advertise-addr", "", "Set default address or interface for swarm advertised address")
  168. flags.BoolVar(&config.Experimental, "experimental", false, "Enable experimental features")
  169. flags.StringVar(&config.MetricsAddress, "metrics-addr", "", "Set default address and port to serve the metrics api on")
  170. config.MaxConcurrentDownloads = &maxConcurrentDownloads
  171. config.MaxConcurrentUploads = &maxConcurrentUploads
  172. }
  173. // IsValueSet returns true if a configuration value
  174. // was explicitly set in the configuration file.
  175. func (config *Config) IsValueSet(name string) bool {
  176. if config.valuesSet == nil {
  177. return false
  178. }
  179. _, ok := config.valuesSet[name]
  180. return ok
  181. }
  182. // NewConfig returns a new fully initialized Config struct
  183. func NewConfig() *Config {
  184. config := Config{}
  185. config.LogConfig.Config = make(map[string]string)
  186. config.ClusterOpts = make(map[string]string)
  187. if runtime.GOOS != "linux" {
  188. config.V2Only = true
  189. }
  190. return &config
  191. }
  192. func parseClusterAdvertiseSettings(clusterStore, clusterAdvertise string) (string, error) {
  193. if runtime.GOOS == "solaris" && (clusterAdvertise != "" || clusterStore != "") {
  194. return "", errors.New("Cluster Advertise Settings not supported on Solaris")
  195. }
  196. if clusterAdvertise == "" {
  197. return "", errDiscoveryDisabled
  198. }
  199. if clusterStore == "" {
  200. return "", errors.New("invalid cluster configuration. --cluster-advertise must be accompanied by --cluster-store configuration")
  201. }
  202. advertise, err := discovery.ParseAdvertise(clusterAdvertise)
  203. if err != nil {
  204. return "", fmt.Errorf("discovery advertise parsing failed (%v)", err)
  205. }
  206. return advertise, nil
  207. }
  208. // GetConflictFreeLabels validates Labels for conflict
  209. // In swarm the duplicates for labels are removed
  210. // so we only take same values here, no conflict values
  211. // If the key-value is the same we will only take the last label
  212. func GetConflictFreeLabels(labels []string) ([]string, error) {
  213. labelMap := map[string]string{}
  214. for _, label := range labels {
  215. stringSlice := strings.SplitN(label, "=", 2)
  216. if len(stringSlice) > 1 {
  217. // If there is a conflict we will return an error
  218. if v, ok := labelMap[stringSlice[0]]; ok && v != stringSlice[1] {
  219. return nil, fmt.Errorf("conflict labels for %s=%s and %s=%s", stringSlice[0], stringSlice[1], stringSlice[0], v)
  220. }
  221. labelMap[stringSlice[0]] = stringSlice[1]
  222. }
  223. }
  224. newLabels := []string{}
  225. for k, v := range labelMap {
  226. newLabels = append(newLabels, fmt.Sprintf("%s=%s", k, v))
  227. }
  228. return newLabels, nil
  229. }
  230. // ReloadConfiguration reads the configuration in the host and reloads the daemon and server.
  231. func ReloadConfiguration(configFile string, flags *pflag.FlagSet, reload func(*Config)) error {
  232. logrus.Infof("Got signal to reload configuration, reloading from: %s", configFile)
  233. newConfig, err := getConflictFreeConfiguration(configFile, flags)
  234. if err != nil {
  235. return err
  236. }
  237. if err := ValidateConfiguration(newConfig); err != nil {
  238. return fmt.Errorf("file configuration validation failed (%v)", err)
  239. }
  240. // Labels of the docker engine used to allow multiple values associated with the same key.
  241. // This is deprecated in 1.13, and, be removed after 3 release cycles.
  242. // The following will check the conflict of labels, and report a warning for deprecation.
  243. //
  244. // TODO: After 3 release cycles (1.16) an error will be returned, and labels will be
  245. // sanitized to consolidate duplicate key-value pairs (config.Labels = newLabels):
  246. //
  247. // newLabels, err := GetConflictFreeLabels(newConfig.Labels)
  248. // if err != nil {
  249. // return err
  250. // }
  251. // newConfig.Labels = newLabels
  252. //
  253. if _, err := GetConflictFreeLabels(newConfig.Labels); err != nil {
  254. logrus.Warnf("Engine labels with duplicate keys and conflicting values have been deprecated: %s", err)
  255. }
  256. reload(newConfig)
  257. return nil
  258. }
  259. // boolValue is an interface that boolean value flags implement
  260. // to tell the command line how to make -name equivalent to -name=true.
  261. type boolValue interface {
  262. IsBoolFlag() bool
  263. }
  264. // MergeDaemonConfigurations reads a configuration file,
  265. // loads the file configuration in an isolated structure,
  266. // and merges the configuration provided from flags on top
  267. // if there are no conflicts.
  268. func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, configFile string) (*Config, error) {
  269. fileConfig, err := getConflictFreeConfiguration(configFile, flags)
  270. if err != nil {
  271. return nil, err
  272. }
  273. if err := ValidateConfiguration(fileConfig); err != nil {
  274. return nil, fmt.Errorf("file configuration validation failed (%v)", err)
  275. }
  276. // merge flags configuration on top of the file configuration
  277. if err := mergo.Merge(fileConfig, flagsConfig); err != nil {
  278. return nil, err
  279. }
  280. // We need to validate again once both fileConfig and flagsConfig
  281. // have been merged
  282. if err := ValidateConfiguration(fileConfig); err != nil {
  283. return nil, fmt.Errorf("file configuration validation failed (%v)", err)
  284. }
  285. return fileConfig, nil
  286. }
  287. // getConflictFreeConfiguration loads the configuration from a JSON file.
  288. // It compares that configuration with the one provided by the flags,
  289. // and returns an error if there are conflicts.
  290. func getConflictFreeConfiguration(configFile string, flags *pflag.FlagSet) (*Config, error) {
  291. b, err := ioutil.ReadFile(configFile)
  292. if err != nil {
  293. return nil, err
  294. }
  295. var config Config
  296. var reader io.Reader
  297. if flags != nil {
  298. var jsonConfig map[string]interface{}
  299. reader = bytes.NewReader(b)
  300. if err := json.NewDecoder(reader).Decode(&jsonConfig); err != nil {
  301. return nil, err
  302. }
  303. configSet := configValuesSet(jsonConfig)
  304. if err := findConfigurationConflicts(configSet, flags); err != nil {
  305. return nil, err
  306. }
  307. // Override flag values to make sure the values set in the config file with nullable values, like `false`,
  308. // are not overridden by default truthy values from the flags that were not explicitly set.
  309. // See https://github.com/docker/docker/issues/20289 for an example.
  310. //
  311. // TODO: Rewrite configuration logic to avoid same issue with other nullable values, like numbers.
  312. namedOptions := make(map[string]interface{})
  313. for key, value := range configSet {
  314. f := flags.Lookup(key)
  315. if f == nil { // ignore named flags that don't match
  316. namedOptions[key] = value
  317. continue
  318. }
  319. if _, ok := f.Value.(boolValue); ok {
  320. f.Value.Set(fmt.Sprintf("%v", value))
  321. }
  322. }
  323. if len(namedOptions) > 0 {
  324. // set also default for mergeVal flags that are boolValue at the same time.
  325. flags.VisitAll(func(f *pflag.Flag) {
  326. if opt, named := f.Value.(opts.NamedOption); named {
  327. v, set := namedOptions[opt.Name()]
  328. _, boolean := f.Value.(boolValue)
  329. if set && boolean {
  330. f.Value.Set(fmt.Sprintf("%v", v))
  331. }
  332. }
  333. })
  334. }
  335. config.valuesSet = configSet
  336. }
  337. reader = bytes.NewReader(b)
  338. err = json.NewDecoder(reader).Decode(&config)
  339. return &config, err
  340. }
  341. // configValuesSet returns the configuration values explicitly set in the file.
  342. func configValuesSet(config map[string]interface{}) map[string]interface{} {
  343. flatten := make(map[string]interface{})
  344. for k, v := range config {
  345. if m, isMap := v.(map[string]interface{}); isMap && !flatOptions[k] {
  346. for km, vm := range m {
  347. flatten[km] = vm
  348. }
  349. continue
  350. }
  351. flatten[k] = v
  352. }
  353. return flatten
  354. }
  355. // findConfigurationConflicts iterates over the provided flags searching for
  356. // duplicated configurations and unknown keys. It returns an error with all the conflicts if
  357. // it finds any.
  358. func findConfigurationConflicts(config map[string]interface{}, flags *pflag.FlagSet) error {
  359. // 1. Search keys from the file that we don't recognize as flags.
  360. unknownKeys := make(map[string]interface{})
  361. for key, value := range config {
  362. if flag := flags.Lookup(key); flag == nil {
  363. unknownKeys[key] = value
  364. }
  365. }
  366. // 2. Discard values that implement NamedOption.
  367. // Their configuration name differs from their flag name, like `labels` and `label`.
  368. if len(unknownKeys) > 0 {
  369. unknownNamedConflicts := func(f *pflag.Flag) {
  370. if namedOption, ok := f.Value.(opts.NamedOption); ok {
  371. if _, valid := unknownKeys[namedOption.Name()]; valid {
  372. delete(unknownKeys, namedOption.Name())
  373. }
  374. }
  375. }
  376. flags.VisitAll(unknownNamedConflicts)
  377. }
  378. if len(unknownKeys) > 0 {
  379. var unknown []string
  380. for key := range unknownKeys {
  381. unknown = append(unknown, key)
  382. }
  383. return fmt.Errorf("the following directives don't match any configuration option: %s", strings.Join(unknown, ", "))
  384. }
  385. var conflicts []string
  386. printConflict := func(name string, flagValue, fileValue interface{}) string {
  387. return fmt.Sprintf("%s: (from flag: %v, from file: %v)", name, flagValue, fileValue)
  388. }
  389. // 3. Search keys that are present as a flag and as a file option.
  390. duplicatedConflicts := func(f *pflag.Flag) {
  391. // search option name in the json configuration payload if the value is a named option
  392. if namedOption, ok := f.Value.(opts.NamedOption); ok {
  393. if optsValue, ok := config[namedOption.Name()]; ok {
  394. conflicts = append(conflicts, printConflict(namedOption.Name(), f.Value.String(), optsValue))
  395. }
  396. } else {
  397. // search flag name in the json configuration payload
  398. for _, name := range []string{f.Name, f.Shorthand} {
  399. if value, ok := config[name]; ok {
  400. conflicts = append(conflicts, printConflict(name, f.Value.String(), value))
  401. break
  402. }
  403. }
  404. }
  405. }
  406. flags.Visit(duplicatedConflicts)
  407. if len(conflicts) > 0 {
  408. return fmt.Errorf("the following directives are specified both as a flag and in the configuration file: %s", strings.Join(conflicts, ", "))
  409. }
  410. return nil
  411. }
  412. // ValidateConfiguration validates some specific configs.
  413. // such as config.DNS, config.Labels, config.DNSSearch,
  414. // as well as config.MaxConcurrentDownloads, config.MaxConcurrentUploads.
  415. func ValidateConfiguration(config *Config) error {
  416. // validate DNS
  417. for _, dns := range config.DNS {
  418. if _, err := opts.ValidateIPAddress(dns); err != nil {
  419. return err
  420. }
  421. }
  422. // validate DNSSearch
  423. for _, dnsSearch := range config.DNSSearch {
  424. if _, err := opts.ValidateDNSSearch(dnsSearch); err != nil {
  425. return err
  426. }
  427. }
  428. // validate Labels
  429. for _, label := range config.Labels {
  430. if _, err := opts.ValidateLabel(label); err != nil {
  431. return err
  432. }
  433. }
  434. // validate MaxConcurrentDownloads
  435. if config.IsValueSet("max-concurrent-downloads") && config.MaxConcurrentDownloads != nil && *config.MaxConcurrentDownloads < 0 {
  436. return fmt.Errorf("invalid max concurrent downloads: %d", *config.MaxConcurrentDownloads)
  437. }
  438. // validate MaxConcurrentUploads
  439. if config.IsValueSet("max-concurrent-uploads") && config.MaxConcurrentUploads != nil && *config.MaxConcurrentUploads < 0 {
  440. return fmt.Errorf("invalid max concurrent uploads: %d", *config.MaxConcurrentUploads)
  441. }
  442. // validate that "default" runtime is not reset
  443. if runtimes := config.GetAllRuntimes(); len(runtimes) > 0 {
  444. if _, ok := runtimes[stockRuntimeName]; ok {
  445. return fmt.Errorf("runtime name '%s' is reserved", stockRuntimeName)
  446. }
  447. }
  448. if defaultRuntime := config.GetDefaultRuntimeName(); defaultRuntime != "" && defaultRuntime != stockRuntimeName {
  449. runtimes := config.GetAllRuntimes()
  450. if _, ok := runtimes[defaultRuntime]; !ok {
  451. return fmt.Errorf("specified default runtime '%s' does not exist", defaultRuntime)
  452. }
  453. }
  454. return nil
  455. }
  456. // GetAuthorizationPlugins returns daemon's sorted authorization plugins
  457. func (config *Config) GetAuthorizationPlugins() []string {
  458. config.reloadLock.Lock()
  459. defer config.reloadLock.Unlock()
  460. authPlugins := make([]string, 0, len(config.AuthorizationPlugins))
  461. for _, p := range config.AuthorizationPlugins {
  462. authPlugins = append(authPlugins, p)
  463. }
  464. sort.Strings(authPlugins)
  465. return authPlugins
  466. }