mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #33655 from dsheets/authz-disable-race
Eliminate authz plugin disable race
This commit is contained in:
Vincent Demeester
GitHub
commit
11293d91f9
2 changed files with 17 additions and 19 deletions
|
|
@ -25,20 +25,12 @@ func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
|
|||
}
|
||||
}
|
||||
|
||||
// GetAuthzPlugins gets authorization plugins
|
||||
func (m *Middleware) GetAuthzPlugins() []Plugin {
|
||||
func (m *Middleware) getAuthzPlugins() []Plugin {
|
||||
m.mu.Lock()
|
||||
defer m.mu.Unlock()
|
||||
return m.plugins
|
||||
}
|
||||
|
||||
// SetAuthzPlugins sets authorization plugins
|
||||
func (m *Middleware) SetAuthzPlugins(plugins []Plugin) {
|
||||
m.mu.Lock()
|
||||
m.plugins = plugins
|
||||
m.mu.Unlock()
|
||||
}
|
||||
|
||||
// SetPlugins sets the plugin used for authorization
|
||||
func (m *Middleware) SetPlugins(names []string) {
|
||||
m.mu.Lock()
|
||||
|
|
@ -46,10 +38,23 @@ func (m *Middleware) SetPlugins(names []string) {
|
|||
m.mu.Unlock()
|
||||
}
|
||||
|
||||
// RemovePlugin removes a single plugin from this authz middleware chain
|
||||
func (m *Middleware) RemovePlugin(name string) {
|
||||
m.mu.Lock()
|
||||
defer m.mu.Unlock()
|
||||
plugins := m.plugins[:0]
|
||||
for _, authPlugin := range m.plugins {
|
||||
if authPlugin.Name() != name {
|
||||
plugins = append(plugins, authPlugin)
|
||||
}
|
||||
}
|
||||
m.plugins = plugins
|
||||
}
|
||||
|
||||
// WrapHandler returns a new handler function wrapping the previous one in the request chain.
|
||||
func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
||||
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
||||
plugins := m.GetAuthzPlugins()
|
||||
plugins := m.getAuthzPlugins()
|
||||
if len(plugins) == 0 {
|
||||
return handler(ctx, w, r, vars)
|
||||
}
|
||||
|
|
@ -83,7 +88,7 @@ func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.Respon
|
|||
|
||||
// There's a chance that the authCtx.plugins was updated. One of the reasons
|
||||
// this can happen is when an authzplugin is disabled.
|
||||
plugins = m.GetAuthzPlugins()
|
||||
plugins = m.getAuthzPlugins()
|
||||
if len(plugins) == 0 {
|
||||
logrus.Debug("There are no authz plugins in the chain")
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -60,14 +60,7 @@ func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) er
|
|||
|
||||
for _, typ := range p.GetTypes() {
|
||||
if typ.Capability == authorization.AuthZApiImplements {
|
||||
authzList := pm.config.AuthzMiddleware.GetAuthzPlugins()
|
||||
for i, authPlugin := range authzList {
|
||||
if authPlugin.Name() == p.Name() {
|
||||
// Remove plugin from authzmiddleware chain
|
||||
authzList = append(authzList[:i], authzList[i+1:]...)
|
||||
pm.config.AuthzMiddleware.SetAuthzPlugins(authzList)
|
||||
}
|
||||
}
|
||||
pm.config.AuthzMiddleware.RemovePlugin(p.Name())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue