1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Make authorization plugins use pluginv2.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
This commit is contained in:
Anusha Ragunathan 2016-10-07 14:53:17 -07:00
parent 1845f506e4
commit c5393ee147
6 changed files with 35 additions and 11 deletions

View file

@ -275,10 +275,12 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
"graphdriver": d.GraphDriverName(),
}).Info("Docker daemon")
cli.d = d
// initMiddlewares needs cli.d to be populated. Dont change this init order.
cli.initMiddlewares(api, serverConfig)
initRouter(api, d, c)
cli.d = d
cli.setupConfigReloadTrap()
// The serve API routine never exits unless an error occurs
@ -438,6 +440,6 @@ func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config
u := middleware.NewUserAgentMiddleware(v)
s.UseMiddleware(u)
cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins)
cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, cli.d.PluginStore)
s.UseMiddleware(cli.authzMiddleware)
}

View file

@ -96,7 +96,7 @@ type Daemon struct {
gidMaps []idtools.IDMap
layerStore layer.Store
imageStore image.Store
pluginStore *pluginstore.Store
PluginStore *pluginstore.Store
nameIndex *registrar.Registrar
linkIndex *linkIndex
containerd libcontainerd.Client
@ -559,7 +559,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
driverName = config.GraphDriver
}
d.pluginStore = pluginstore.NewStore(config.Root)
d.PluginStore = pluginstore.NewStore(config.Root)
d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{
StorePath: config.Root,
@ -568,7 +568,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
GraphDriverOptions: config.GraphOptions,
UIDMaps: uidMaps,
GIDMaps: gidMaps,
PluginGetter: d.pluginStore,
PluginGetter: d.PluginStore,
})
if err != nil {
return nil, err
@ -926,7 +926,7 @@ func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore
return nil, err
}
volumedrivers.RegisterPluginGetter(daemon.pluginStore)
volumedrivers.RegisterPluginGetter(daemon.PluginStore)
if !volumedrivers.Register(volumesDriver, volumesDriver.Name()) {
return nil, fmt.Errorf("local volume driver could not be registered")
@ -1102,7 +1102,7 @@ func (daemon *Daemon) reloadClusterDiscovery(config *Config) error {
if daemon.netController == nil {
return nil
}
netOptions, err := daemon.networkOptions(daemon.configStore, daemon.pluginStore, nil)
netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
if err != nil {
logrus.WithError(err).Warnf("failed to get options with network controller")
return nil

View file

@ -13,7 +13,7 @@ func (daemon *Daemon) verifyExperimentalContainerSettings(hostConfig *container.
}
func pluginInit(d *Daemon, cfg *Config, remote libcontainerd.Remote) error {
return plugin.Init(cfg.Root, d.pluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
return plugin.Init(cfg.Root, d.PluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
}
func pluginShutdown() {

View file

@ -613,7 +613,7 @@ func configureKernelSecuritySupport(config *Config, driverName string) error {
}
func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
netOptions, err := daemon.networkOptions(config, daemon.pluginStore, activeSandboxes)
netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
if err != nil {
return nil, err
}

View file

@ -4,6 +4,7 @@ import (
"net/http"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/pkg/plugingetter"
"golang.org/x/net/context"
)
@ -15,7 +16,8 @@ type Middleware struct {
// NewMiddleware creates a new Middleware
// with a slice of plugins names.
func NewMiddleware(names []string) *Middleware {
func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
SetPluginGetter(pg)
return &Middleware{
plugins: newPlugins(names),
}

View file

@ -3,6 +3,7 @@ package authorization
import (
"sync"
"github.com/docker/docker/pkg/plugingetter"
"github.com/docker/docker/pkg/plugins"
)
@ -33,6 +34,18 @@ func newPlugins(names []string) []Plugin {
return plugins
}
var getter plugingetter.PluginGetter
// SetPluginGetter sets the plugingetter
func SetPluginGetter(pg plugingetter.PluginGetter) {
getter = pg
}
// GetPluginGetter gets the plugingetter
func GetPluginGetter() plugingetter.PluginGetter {
return getter
}
// authorizationPlugin is an internal adapter to docker plugin system
type authorizationPlugin struct {
plugin *plugins.Client
@ -80,7 +93,14 @@ func (a *authorizationPlugin) initPlugin() error {
var err error
a.once.Do(func() {
if a.plugin == nil {
plugin, e := plugins.Get(a.name, AuthZApiImplements)
var plugin plugingetter.CompatPlugin
var e error
if pg := GetPluginGetter(); pg != nil {
plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.LOOKUP)
} else {
plugin, e = plugins.Get(a.name, AuthZApiImplements)
}
if e != nil {
err = e
return