From c5393ee147e981ded8fdf12c8da790abd1130175 Mon Sep 17 00:00:00 2001
From: Anusha Ragunathan <anusha@docker.com>
Date: Fri, 7 Oct 2016 14:53:17 -0700
Subject: [PATCH] Make authorization plugins use pluginv2.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
---
 cmd/dockerd/daemon.go           |  6 ++++--
 daemon/daemon.go                | 10 +++++-----
 daemon/daemon_experimental.go   |  2 +-
 daemon/daemon_unix.go           |  2 +-
 pkg/authorization/middleware.go |  4 +++-
 pkg/authorization/plugin.go     | 22 +++++++++++++++++++++-
 6 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
index e860c34d8e..dd7b830392 100644
--- a/cmd/dockerd/daemon.go
+++ b/cmd/dockerd/daemon.go
@@ -275,10 +275,12 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 		"graphdriver": d.GraphDriverName(),
 	}).Info("Docker daemon")
 
+	cli.d = d
+
+	// initMiddlewares needs cli.d to be populated. Dont change this init order.
 	cli.initMiddlewares(api, serverConfig)
 	initRouter(api, d, c)
 
-	cli.d = d
 	cli.setupConfigReloadTrap()
 
 	// The serve API routine never exits unless an error occurs
@@ -438,6 +440,6 @@ func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config
 	u := middleware.NewUserAgentMiddleware(v)
 	s.UseMiddleware(u)
 
-	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins)
+	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, cli.d.PluginStore)
 	s.UseMiddleware(cli.authzMiddleware)
 }
diff --git a/daemon/daemon.go b/daemon/daemon.go
index 0ea72975a9..e3ba0f8aed 100644
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -96,7 +96,7 @@ type Daemon struct {
 	gidMaps                   []idtools.IDMap
 	layerStore                layer.Store
 	imageStore                image.Store
-	pluginStore               *pluginstore.Store
+	PluginStore               *pluginstore.Store
 	nameIndex                 *registrar.Registrar
 	linkIndex                 *linkIndex
 	containerd                libcontainerd.Client
@@ -559,7 +559,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		driverName = config.GraphDriver
 	}
 
-	d.pluginStore = pluginstore.NewStore(config.Root)
+	d.PluginStore = pluginstore.NewStore(config.Root)
 
 	d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{
 		StorePath:                 config.Root,
@@ -568,7 +568,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		GraphDriverOptions:        config.GraphOptions,
 		UIDMaps:                   uidMaps,
 		GIDMaps:                   gidMaps,
-		PluginGetter:              d.pluginStore,
+		PluginGetter:              d.PluginStore,
 	})
 	if err != nil {
 		return nil, err
@@ -926,7 +926,7 @@ func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore
 		return nil, err
 	}
 
-	volumedrivers.RegisterPluginGetter(daemon.pluginStore)
+	volumedrivers.RegisterPluginGetter(daemon.PluginStore)
 
 	if !volumedrivers.Register(volumesDriver, volumesDriver.Name()) {
 		return nil, fmt.Errorf("local volume driver could not be registered")
@@ -1102,7 +1102,7 @@ func (daemon *Daemon) reloadClusterDiscovery(config *Config) error {
 	if daemon.netController == nil {
 		return nil
 	}
-	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.pluginStore, nil)
+	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
 	if err != nil {
 		logrus.WithError(err).Warnf("failed to get options with network controller")
 		return nil
diff --git a/daemon/daemon_experimental.go b/daemon/daemon_experimental.go
index 22795eec83..6b2bb6c405 100644
--- a/daemon/daemon_experimental.go
+++ b/daemon/daemon_experimental.go
@@ -13,7 +13,7 @@ func (daemon *Daemon) verifyExperimentalContainerSettings(hostConfig *container.
 }
 
 func pluginInit(d *Daemon, cfg *Config, remote libcontainerd.Remote) error {
-	return plugin.Init(cfg.Root, d.pluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
+	return plugin.Init(cfg.Root, d.PluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
 }
 
 func pluginShutdown() {
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 2244209102..f2ae8c551a 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -613,7 +613,7 @@ func configureKernelSecuritySupport(config *Config, driverName string) error {
 }
 
 func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
-	netOptions, err := daemon.networkOptions(config, daemon.pluginStore, activeSandboxes)
+	netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/authorization/middleware.go b/pkg/authorization/middleware.go
index 58734ec496..879272dc57 100644
--- a/pkg/authorization/middleware.go
+++ b/pkg/authorization/middleware.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/plugingetter"
 	"golang.org/x/net/context"
 )
 
@@ -15,7 +16,8 @@ type Middleware struct {
 
 // NewMiddleware creates a new Middleware
 // with a slice of plugins names.
-func NewMiddleware(names []string) *Middleware {
+func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
+	SetPluginGetter(pg)
 	return &Middleware{
 		plugins: newPlugins(names),
 	}
diff --git a/pkg/authorization/plugin.go b/pkg/authorization/plugin.go
index 39dcedea2f..4b1c71bd4b 100644
--- a/pkg/authorization/plugin.go
+++ b/pkg/authorization/plugin.go
@@ -3,6 +3,7 @@ package authorization
 import (
 	"sync"
 
+	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
 )
 
@@ -33,6 +34,18 @@ func newPlugins(names []string) []Plugin {
 	return plugins
 }
 
+var getter plugingetter.PluginGetter
+
+// SetPluginGetter sets the plugingetter
+func SetPluginGetter(pg plugingetter.PluginGetter) {
+	getter = pg
+}
+
+// GetPluginGetter gets the plugingetter
+func GetPluginGetter() plugingetter.PluginGetter {
+	return getter
+}
+
 // authorizationPlugin is an internal adapter to docker plugin system
 type authorizationPlugin struct {
 	plugin *plugins.Client
@@ -80,7 +93,14 @@ func (a *authorizationPlugin) initPlugin() error {
 	var err error
 	a.once.Do(func() {
 		if a.plugin == nil {
-			plugin, e := plugins.Get(a.name, AuthZApiImplements)
+			var plugin plugingetter.CompatPlugin
+			var e error
+
+			if pg := GetPluginGetter(); pg != nil {
+				plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.LOOKUP)
+			} else {
+				plugin, e = plugins.Get(a.name, AuthZApiImplements)
+			}
 			if e != nil {
 				err = e
 				return