Merge pull request #18810 from runcom/pkg-authz-fixes

pkg: authorization: do not register the same plugin
2022-11-09 12:21:53 -05:00 · 2015-12-23 15:09:06 -08:00 · 2015-12-23 15:09:06 -08:00 · 914fad8b7d
commit 914fad8b7d
parent 725eef361a c28fc06e00
4 changed files with 25 additions and 7 deletions
--- a/integration-cli/docker_cli_authz_unix_test.go
+++ b/integration-cli/docker_cli_authz_unix_test.go
@ -244,13 +244,27 @@ func (s *DockerAuthzSuite) TestAuthZPluginErrorRequest(c *check.C) {
 	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s\n", testAuthZPlugin, authorization.AuthZApiRequest, errorMessage))
 }

+func (s *DockerAuthzSuite) TestAuthZPluginEnsureNoDuplicatePluginRegistration(c *check.C) {
+	c.Assert(s.d.Start("--authz-plugin="+testAuthZPlugin, "--authz-plugin="+testAuthZPlugin), check.IsNil)
+
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+
+	out, err := s.d.Cmd("ps")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// assert plugin is only called once..
+	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
+	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
+}
+
 // assertURIRecorded verifies that the given URI was sent and recorded in the authz plugin
 func assertURIRecorded(c *check.C, uris []string, uri string) {
-
-	found := false
+	var found bool
 	for _, u := range uris {
 		if strings.Contains(u, uri) {
 			found = true
+			break
 		}
 	}
 	if !found {
--- a/pkg/authorization/plugin.go
+++ b/pkg/authorization/plugin.go
@ -17,9 +17,14 @@ type Plugin interface {

 // NewPlugins constructs and initialize the authorization plugins based on plugin names
 func NewPlugins(names []string) []Plugin {
-	plugins := make([]Plugin, len(names))
-	for i, name := range names {
-		plugins[i] = newAuthorizationPlugin(name)
+	plugins := []Plugin{}
+	pluginsMap := make(map[string]struct{})
+	for _, name := range names {
+		if _, ok := pluginsMap[name]; ok {
+			continue
+		}
+		pluginsMap[name] = struct{}{}
+		plugins = append(plugins, newAuthorizationPlugin(name))
 	}
 	return plugins
 }
--- a/pkg/plugins/discovery.go
+++ b/pkg/plugins/discovery.go
@ -13,7 +13,7 @@ import (

 var (
 	// ErrNotFound plugin not found
-	ErrNotFound = errors.New("Plugin not found")
+	ErrNotFound = errors.New("plugin not found")
 	socketsPath = "/run/docker/plugins"
 	specsPaths  = []string{"/etc/docker/plugins", "/usr/lib/docker/plugins"}
 )
--- a/pkg/plugins/plugins.go
+++ b/pkg/plugins/plugins.go
@ -96,7 +96,6 @@ func (p *Plugin) activateWithLock() error {
 		return err
 	}

-	logrus.Debugf("%s's manifest: %v", p.Name, m)
 	p.Manifest = m

 	for _, iface := range m.Implements {