Commit graph

15 commits

Author SHA1 Message Date
Kir Kolyshkin
7d62e40f7e Switch from x/net/context -> context
Since Go 1.7, context is a standard package. Since Go 1.9, everything
that is provided by "x/net/context" is a couple of type aliases to
types in "context".

Many vendored packages still use x/net/context, so vendor entry remains
for now.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-04-23 13:52:44 -07:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Derek McGowan
1009e6a40b
Update logrus to v1.0.1
Fixes case sensitivity issue

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-07-31 13:16:46 -07:00
David Sheets
24264697c5 authz: remove and hide unused and local-only methods respectively
Signed-off-by: David Sheets <dsheets@docker.com>
2017-06-13 13:51:11 +01:00
David Sheets
7da3986297 authz: eliminate race during plugin removal from middleware
Also, this removes the use of a questionable golang range feature which
corrects for mutation of a slice during iteration over that slice. This
makes the filter operation easier to read and reason about.

Signed-off-by: David Sheets <dsheets@docker.com>
2017-06-13 13:51:07 +01:00
Anusha Ragunathan
38de272bd4 When authz plugin is disabled, remove from authz middleware chain.
When the daemon is configured to run with an authorization-plugin and if
the plugin is disabled, the daemon continues to send API requests to the
plugin and expect it to respond. But the plugin has been disabled. As a
result, all API requests are blocked. Fix this behavior by removing the
disabled plugin from the authz middleware chain.

Tested using riyaz/authz-no-volume-plugin and observed that after
disabling the plugin, API request/response is functional.

Fixes #31836

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
2017-03-22 12:07:39 -07:00
Riyaz Faizullabhoy
a64fc8eea3 Revert "Update authz plugin list on failure."
This reverts commit fae904af02.

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-11-03 15:49:21 -07:00
Anusha Ragunathan
fae904af02 Update authz plugin list on failure.
When daemon fails to load an authz plugin, it should be removed from
the plugin list. Else the plugin is retried on every request and
response, resulting in undesired behavior (eg. daemon panic)

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-28 11:16:06 -07:00
Sebastiaan van Stijn
194f04bbbe Merge pull request #27267 from ezrasilvera/plugin_fix
Call the AuthZRes function also when the daemon  returns error
2016-10-18 21:53:43 -07:00
Tibor Vass
8658748ef7 Merge pull request #27293 from anusha-ragunathan/use-pluginv2-authz
Make authz use pluginv2
2016-10-13 00:28:43 +02:00
Alexander Morozov
a616cf3b88 pkg/authorization: make it goroutine-safe
It was racy on config reload

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-10-11 16:31:45 -07:00
Anusha Ragunathan
c5393ee147 Make authorization plugins use pluginv2.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-11 13:09:28 -07:00
Ezra Silvera
5a8ff40254 Call the AuthZRes function also when the daemon returns error
Signed-off-by: Ezra Silvera <ezra@il.ibm.com>
2016-10-11 09:53:30 +03:00
Liron Levin
4192fe9c06 Enable to dynamically reload authorization plugins via daemon.config
Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file

Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-07-30 14:59:07 +03:00
David Calavera
8d3467626e
Move middleware to interfaces.
This makes separating middlewares from the core api easier.
As an example, the authorization middleware is moved to
it's own package.

Initialize all static middlewares when the server is created, reducing
allocations every time a route is wrapper with the middlewares.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-04-11 09:19:27 -07:00