This makes separating middlewares from the core api easier.
As an example, the authorization middleware is moved to
it's own package.
Initialize all static middlewares when the server is created, reducing
allocations every time a route is wrapper with the middlewares.
Signed-off-by: David Calavera <david.calavera@gmail.com>
The server configuration already keeps the current version
if the daemon. This patch changes the middleware logic
to use it rather than using the global value.
This removes the dockerversion package dependency from the api.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Ideally I would love to just remove this check entirely because its
seems pretty useless. An old client talking to a new server isn't
an error condition, nor is it something to even worry about - its a normal
part of life. Flooding my screen (and logs) with a warning that isn't
something I (as an admin) need to be concerned about is silly and a
distraction when I need to look for real issues. If anything this should
be printed on the cli not the daemon since its the cli that needs to be
concerned, not the daemon.
However, since when you debug an issue it might be interesting to know the
client is old I decided to pull back a little and just change it from
a Warning to a Debug logrus call instead.
If others want it removed I still do that though :-)
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes an issue where a client can send a large body but specifiy
application/json as the content-type, and cause Docker to consume lots
of RAM while trying to buffer the body so it can be dumped to the debug
log.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.
The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].
This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674
(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.
Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
We can remove one function from the stack by injecting the middleware
only when logging in enabled and the level is debug.
Signed-off-by: David Calavera <david.calavera@gmail.com>
When tools like kubernetes and cockpit are talking to the docker daemon
actively, we are seeing large number of log messages that look like debug
information.
For example
docker info adds the following line to journald.
Nov 26 07:09:23 dhcp-10-19-62-196.boston.devel.redhat.com docker[32686]: time="2015-11-26T07:09:23.124503455-05:00" level=info msg="GET /v1.22/info"
We think this should be Debug level not Info level.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This reverts commit d5cd032a86.
Commit caused issues on systems with case-insensitive filesystems.
Revert for now
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
- Move autogen/dockerversion to version
- Update autogen and "builds" to use this package and a build flag
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Uses a new middleware which calls httputils.DumpRequest which is output
to `logrus.Debug`.
This is implemented in a separate middleare so that we only have to
check the logging level when the router is instantiated rather than at
every request.
If this was just `logrus.Debug(httputil.DumpRequest(...))`, the
DumpRequest would be called on each request requardless of logging
level set on the daemon.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Implement basic interfaces to write custom routers that can be plugged
to the server. Remove server coupling with the daemon.
Signed-off-by: David Calavera <david.calavera@gmail.com>
It defines global middlewares for every request.
This makes the server slightly more composable.
Signed-off-by: David Calavera <david.calavera@gmail.com>
