mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Make authorization plugins use pluginv2.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
This commit is contained in:
parent
1845f506e4
commit
c5393ee147
6 changed files with 35 additions and 11 deletions
|
@ -275,10 +275,12 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
|
|||
"graphdriver": d.GraphDriverName(),
|
||||
}).Info("Docker daemon")
|
||||
|
||||
cli.d = d
|
||||
|
||||
// initMiddlewares needs cli.d to be populated. Dont change this init order.
|
||||
cli.initMiddlewares(api, serverConfig)
|
||||
initRouter(api, d, c)
|
||||
|
||||
cli.d = d
|
||||
cli.setupConfigReloadTrap()
|
||||
|
||||
// The serve API routine never exits unless an error occurs
|
||||
|
@ -438,6 +440,6 @@ func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config
|
|||
u := middleware.NewUserAgentMiddleware(v)
|
||||
s.UseMiddleware(u)
|
||||
|
||||
cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins)
|
||||
cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, cli.d.PluginStore)
|
||||
s.UseMiddleware(cli.authzMiddleware)
|
||||
}
|
||||
|
|
|
@ -96,7 +96,7 @@ type Daemon struct {
|
|||
gidMaps []idtools.IDMap
|
||||
layerStore layer.Store
|
||||
imageStore image.Store
|
||||
pluginStore *pluginstore.Store
|
||||
PluginStore *pluginstore.Store
|
||||
nameIndex *registrar.Registrar
|
||||
linkIndex *linkIndex
|
||||
containerd libcontainerd.Client
|
||||
|
@ -559,7 +559,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
|
|||
driverName = config.GraphDriver
|
||||
}
|
||||
|
||||
d.pluginStore = pluginstore.NewStore(config.Root)
|
||||
d.PluginStore = pluginstore.NewStore(config.Root)
|
||||
|
||||
d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{
|
||||
StorePath: config.Root,
|
||||
|
@ -568,7 +568,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
|
|||
GraphDriverOptions: config.GraphOptions,
|
||||
UIDMaps: uidMaps,
|
||||
GIDMaps: gidMaps,
|
||||
PluginGetter: d.pluginStore,
|
||||
PluginGetter: d.PluginStore,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -926,7 +926,7 @@ func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore
|
|||
return nil, err
|
||||
}
|
||||
|
||||
volumedrivers.RegisterPluginGetter(daemon.pluginStore)
|
||||
volumedrivers.RegisterPluginGetter(daemon.PluginStore)
|
||||
|
||||
if !volumedrivers.Register(volumesDriver, volumesDriver.Name()) {
|
||||
return nil, fmt.Errorf("local volume driver could not be registered")
|
||||
|
@ -1102,7 +1102,7 @@ func (daemon *Daemon) reloadClusterDiscovery(config *Config) error {
|
|||
if daemon.netController == nil {
|
||||
return nil
|
||||
}
|
||||
netOptions, err := daemon.networkOptions(daemon.configStore, daemon.pluginStore, nil)
|
||||
netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
|
||||
if err != nil {
|
||||
logrus.WithError(err).Warnf("failed to get options with network controller")
|
||||
return nil
|
||||
|
|
|
@ -13,7 +13,7 @@ func (daemon *Daemon) verifyExperimentalContainerSettings(hostConfig *container.
|
|||
}
|
||||
|
||||
func pluginInit(d *Daemon, cfg *Config, remote libcontainerd.Remote) error {
|
||||
return plugin.Init(cfg.Root, d.pluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
|
||||
return plugin.Init(cfg.Root, d.PluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
|
||||
}
|
||||
|
||||
func pluginShutdown() {
|
||||
|
|
|
@ -613,7 +613,7 @@ func configureKernelSecuritySupport(config *Config, driverName string) error {
|
|||
}
|
||||
|
||||
func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
|
||||
netOptions, err := daemon.networkOptions(config, daemon.pluginStore, activeSandboxes)
|
||||
netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/docker/docker/pkg/plugingetter"
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
|
@ -15,7 +16,8 @@ type Middleware struct {
|
|||
|
||||
// NewMiddleware creates a new Middleware
|
||||
// with a slice of plugins names.
|
||||
func NewMiddleware(names []string) *Middleware {
|
||||
func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
|
||||
SetPluginGetter(pg)
|
||||
return &Middleware{
|
||||
plugins: newPlugins(names),
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package authorization
|
|||
import (
|
||||
"sync"
|
||||
|
||||
"github.com/docker/docker/pkg/plugingetter"
|
||||
"github.com/docker/docker/pkg/plugins"
|
||||
)
|
||||
|
||||
|
@ -33,6 +34,18 @@ func newPlugins(names []string) []Plugin {
|
|||
return plugins
|
||||
}
|
||||
|
||||
var getter plugingetter.PluginGetter
|
||||
|
||||
// SetPluginGetter sets the plugingetter
|
||||
func SetPluginGetter(pg plugingetter.PluginGetter) {
|
||||
getter = pg
|
||||
}
|
||||
|
||||
// GetPluginGetter gets the plugingetter
|
||||
func GetPluginGetter() plugingetter.PluginGetter {
|
||||
return getter
|
||||
}
|
||||
|
||||
// authorizationPlugin is an internal adapter to docker plugin system
|
||||
type authorizationPlugin struct {
|
||||
plugin *plugins.Client
|
||||
|
@ -80,7 +93,14 @@ func (a *authorizationPlugin) initPlugin() error {
|
|||
var err error
|
||||
a.once.Do(func() {
|
||||
if a.plugin == nil {
|
||||
plugin, e := plugins.Get(a.name, AuthZApiImplements)
|
||||
var plugin plugingetter.CompatPlugin
|
||||
var e error
|
||||
|
||||
if pg := GetPluginGetter(); pg != nil {
|
||||
plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.LOOKUP)
|
||||
} else {
|
||||
plugin, e = plugins.Get(a.name, AuthZApiImplements)
|
||||
}
|
||||
if e != nil {
|
||||
err = e
|
||||
return
|
||||
|
|
Loading…
Add table
Reference in a new issue