Commit graph

43 commits

Author SHA1 Message Date
Ben Firshman
520e601dc2 Rename Remote API to Engine API
Implementation of https://github.com/docker/docker/issues/28319

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit f0d55cd081)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:49:58 -08:00
Riyaz Faizullabhoy
a64fc8eea3 Revert "Update authz plugin list on failure."
This reverts commit fae904af02.

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-11-03 15:49:21 -07:00
Antonio Murdaca
1452c1cc71
pkg/authorization: send request's TLS peer certificates to plugins
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-31 17:37:19 +01:00
Anusha Ragunathan
fae904af02 Update authz plugin list on failure.
When daemon fails to load an authz plugin, it should be removed from
the plugin list. Else the plugin is retried on every request and
response, resulting in undesired behavior (eg. daemon panic)

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-28 11:16:06 -07:00
YuPengZTE
fa378413f8 Fix the typo of URLs
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
2016-10-19 17:46:27 +08:00
Sebastiaan van Stijn
194f04bbbe Merge pull request #27267 from ezrasilvera/plugin_fix
Call the AuthZRes function also when the daemon  returns error
2016-10-18 21:53:43 -07:00
Tibor Vass
8658748ef7 Merge pull request #27293 from anusha-ragunathan/use-pluginv2-authz
Make authz use pluginv2
2016-10-13 00:28:43 +02:00
Alexander Morozov
a616cf3b88 pkg/authorization: make it goroutine-safe
It was racy on config reload

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-10-11 16:31:45 -07:00
Anusha Ragunathan
c5393ee147 Make authorization plugins use pluginv2.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-11 13:09:28 -07:00
Ezra Silvera
5a8ff40254 Call the AuthZRes function also when the daemon returns error
Signed-off-by: Ezra Silvera <ezra@il.ibm.com>
2016-10-11 09:53:30 +03:00
Yong Tang
9cb8fb6ea0 Fix AuthZ plugins headers change issue
This fix tries to address the issue raised in 25927 where
the HTTP headers have been chaged when AUthZ plugin is in
place.

This issue is that in `FlushAll` (`pkg/authorization/response.go`),
the headers have been written (with `WriteHeader`) before all the
headers have bee copied.

This fix fixes the issue by placing `WriteHeader` after.

A test has been added to cover the changes.`

This fix fixes 25927

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-08-23 21:08:23 -07:00
Liron Levin
4192fe9c06 Enable to dynamically reload authorization plugins via daemon.config
Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file

Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-07-30 14:59:07 +03:00
Vincent Demeester
40044cb18f Merge pull request #24963 from allencloud/fix-typos
fix typos
2016-07-25 09:39:48 +02:00
lixiaobing10051267
d6556a6ef7 Func name wrong in notes of response.go
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-07-23 16:03:27 +08:00
allencloud
4e959ef2f7 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-07-23 11:32:23 +08:00
Doron Podoleanu
6bec735c91 Use const http status code instead of just numbers see #24783
Signed-off-by: Doron Podoleanu <doronp@il.ibm.com>
2016-07-19 10:40:20 +03:00
Tibor Vass
f37117045c plugins: experimental support for new plugin management
This patch introduces a new experimental engine-level plugin management
with a new API and command line. Plugins can be distributed via a Docker
registry, and their lifecycle is managed by the engine.
This makes plugins a first-class construct.

For more background, have a look at issue #20363.

Documentation is in a separate commit. If you want to understand how the
new plugin system works, you can start by reading the documentation.

Note: backwards compatibility with existing plugins is maintained,
albeit they won't benefit from the advantages of the new system.

Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-06-14 14:20:27 -07:00
Vincent Demeester
5338ae7133 Merge pull request #23425 from runcom/authz-race
pkg: authorization: lock when lazy loading
2016-06-13 23:20:37 +02:00
Antonio Murdaca
d1b7e8373b authz: cleanups
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-06-12 17:23:19 +02:00
Antonio Murdaca
ceb9c5a88b pkg: authorization: lock when lazy loading
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-06-12 17:19:43 +02:00
Yong Tang
a72b45dbec Fix logrus formatting
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.

This fix fixes #23459.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-06-11 13:16:55 -07:00
allencloud
c1be45fa38 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-06-02 17:17:22 +08:00
Akihiro Suda
f437e2d148 Fix racy tests in pkg/authorization
Fix #23012

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-06-01 03:25:56 +00:00
Antonio Murdaca
6a96684442 pkg: authorization: cleanup tests
- do use use log pkg
- do not t.Fatal in goroutine
- cleanups

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-05-08 14:18:38 +02:00
allencloud
3f77baf2ce fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-05-06 18:23:11 +08:00
Liron Levin
526abc00b1 Fix authorization issue - when request is denied return forbbiden exist code (403).
- Return 403 (forbidden) when request is denied in authorization flows
(including integration test)
- Fix #22428
- Close #22431

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-05-02 19:14:48 +03:00
David Calavera
8d3467626e
Move middleware to interfaces.
This makes separating middlewares from the core api easier.
As an example, the authorization middleware is moved to
it's own package.

Initialize all static middlewares when the server is created, reducing
allocations every time a route is wrapper with the middlewares.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-04-11 09:19:27 -07:00
Alexander Morozov
07b568cb53 pkg: cleanup some unused code
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-31 11:39:59 -07:00
Jessica Frazelle
0e025b4bb1
fix variables that werent being called
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-17 13:19:55 -07:00
David Calavera
1a63023450 Call plugins with custom transports.
Small refactor to be able to use custom transports
to call remote plugins.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-02 12:54:53 -05:00
Brian Goff
abbb16d7ab Merge pull request #20602 from twistlock/20508_authz_plugin_corrupt_body
Fix #20508 - Authz plugin enabled with large text/JSON POST payload corrupts body
2016-02-29 10:43:02 -05:00
Liron Levin
ca5c2abecf Fix #20508 - Authz plugin enabled with large text/JSON POST payload corrupts body
Based on the discussion, we have changed the following:

1. Send body only if content-type is application/json (based on the
Docker official daemon REST specification, this is the provided for all
APIs that requires authorization.

2. Correctly verify that the msg body is smaller than max cap (this was
the actual bug). Fix includes UT.

3. Minor: Check content length > 0 (it was -1 for load, altough an
attacker can still modify this)

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-02-25 08:11:55 +02:00
Stefan Weil
2eee613326 Fix some typos in comments and strings
Most of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-02-22 20:27:15 +01:00
John Howard
57faef5c71 Windows CI: test-unit turn off pkg\authorisation
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-11 17:42:12 -08:00
Liron Levin
5ffc810df2 Fix 19575: Docker events doesn't work with authorization plugin
To support the requirement of blocking the request after the daemon
responded the authorization plugin use a `response recorder` that replay
the response after the flow ends.

This commit adds support for commands that hijack the connection and
flushes data via the http.Flusher interface. This resolves the error
with the event endpoint.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-02-05 22:30:01 +02:00
Brian Goff
93268d845e Don't dump authz request when body is too large
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-13 17:04:49 -05:00
David Calavera
8e034802b7 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Antonio Murdaca
c28fc06e00 pkg: authorization: do not register the same plugin
This patches avoids registering (and calling) the same plugin more than
once. Using an helper map which indexes by name guarantees this and keeps
the order.
The behavior of overriding the same name in a flag is consistent with,
for instance, the `docker run -v /test -v /test` flag which register
the volume just once.
Adds integration tests.

Without this patch:
```
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.080901676+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081213202+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081268132+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081699788+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081762507+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.082092480+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.628691038+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.629880930+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

With this patch:
```
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376523958+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376715483+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376771230+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.377698897+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.951016441+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

Also removes a somehow duplicate debug statement (leaving only the
second one as it's a loop of plugin's manifest):
```
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544090518+01:00" level=debug
msg="docker-novolume-plugin's manifest: &{[authz]}"
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544170677+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-23 21:08:40 +01:00
Antonio Murdaca
5a64c8027e authZ: more fixes
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-18 16:29:01 +01:00
Antonio Murdaca
46e3a249a1 pkg: authorization: add Err to tweak response status code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:08:47 +01:00
Antonio Murdaca
8435ea5289 pkg: authorization: cleanup
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-16 12:01:04 +01:00
Dima Stopel
8cc0892269 Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2015-12-08 17:34:15 +02:00
Liron Levin
75c353f0ad Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2015-12-08 17:34:15 +02:00