plugins: install should not automatically accept all permissions
Signed-off-by: Tibor Vass <tibor@docker.com>
This commit is contained in:
Tibor Vass
parent
906c1dc5a0
commit
4b70d4561e
2 changed files with 8 additions and 7 deletions
|
|
@ -25,7 +25,7 @@ type pluginOptions struct {
|
|||
func newInstallCommand(dockerCli *client.DockerCli) *cobra.Command {
|
||||
var options pluginOptions
|
||||
cmd := &cobra.Command{
|
||||
Use: "install",
|
||||
Use: "install PLUGIN",
|
||||
Short: "Install a plugin",
|
||||
Args: cli.RequiresMinArgs(1), // TODO: allow for set args
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
|
|
@ -35,7 +35,7 @@ func newInstallCommand(dockerCli *client.DockerCli) *cobra.Command {
|
|||
}
|
||||
|
||||
flags := cmd.Flags()
|
||||
flags.BoolVar(&options.grantPerms, "grant-all-permissions", true, "grant all permissions necessary to run the plugin")
|
||||
flags.BoolVar(&options.grantPerms, "grant-all-permissions", false, "grant all permissions necessary to run the plugin")
|
||||
flags.BoolVar(&options.disable, "disable", false, "do not enable the plugin on install")
|
||||
|
||||
return cmd
|
||||
|
|
@ -62,14 +62,15 @@ func runInstall(dockerCli *client.DockerCli, opts pluginOptions) error {
|
|||
return err
|
||||
}
|
||||
|
||||
requestPrivilege := dockerCli.RegistryAuthenticationPrivilegedFunc(repoInfo.Index, "plugin install")
|
||||
registryAuthFunc := dockerCli.RegistryAuthenticationPrivilegedFunc(repoInfo.Index, "plugin install")
|
||||
|
||||
options := types.PluginInstallOptions{
|
||||
RegistryAuth: encodedAuth,
|
||||
Disabled: opts.disable,
|
||||
AcceptAllPermissions: opts.grantPerms,
|
||||
AcceptPermissionsFunc: acceptPrivileges(dockerCli, opts.name),
|
||||
PrivilegeFunc: requestPrivilege,
|
||||
// TODO: Rename PrivilegeFunc, it has nothing to do with privileges
|
||||
PrivilegeFunc: registryAuthFunc,
|
||||
}
|
||||
|
||||
return dockerCli.Client().PluginInstall(ctx, ref.String(), options)
|
||||
|
|
@ -77,7 +78,7 @@ func runInstall(dockerCli *client.DockerCli, opts pluginOptions) error {
|
|||
|
||||
func acceptPrivileges(dockerCli *client.DockerCli, name string) func(privileges types.PluginPrivileges) (bool, error) {
|
||||
return func(privileges types.PluginPrivileges) (bool, error) {
|
||||
fmt.Fprintf(dockerCli.Out(), "Plugin %q requested the following privileges:\n", name)
|
||||
fmt.Fprintf(dockerCli.Out(), "Plugin %q is requesting the following privileges:\n", name)
|
||||
for _, privilege := range privileges {
|
||||
fmt.Fprintf(dockerCli.Out(), " - %s: %v\n", privilege.Name, privilege.Value)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ func (s *DockerSuite) TestPluginBasicOps(c *check.C) {
|
|||
tag := "latest"
|
||||
nameWithTag := name + ":" + tag
|
||||
|
||||
_, _, err := dockerCmdWithError("plugin", "install", name)
|
||||
_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", name)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
out, _, err := dockerCmdWithError("plugin", "ls")
|
||||
|
|
@ -41,7 +41,7 @@ func (s *DockerSuite) TestPluginInstallDisable(c *check.C) {
|
|||
tag := "latest"
|
||||
nameWithTag := name + ":" + tag
|
||||
|
||||
_, _, err := dockerCmdWithError("plugin", "install", name, "--disable")
|
||||
_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", "--disable", name)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
out, _, err := dockerCmdWithError("plugin", "ls")
|
||||
|
|
|
|||
Loading…
Reference in a new issue