core

package
v0.0.0-...-2fa4df2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package core consist of common authorization building block required for implementing concrete authorization logic. For example, route parsing and plugin service interface.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ActionContainerArchive describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#get-an-archive-of-a-filesystem-resource-in-a-container
	ActionContainerArchive = "container_archive"
	// ActionContainerArchiveExtract describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#extract-an-archive-of-files-or-folders-to-a-directory-in-a-container
	ActionContainerArchiveExtract = "container_archive_extract"
	// ActionContainerArchiveInfo describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#retrieving-information-about-files-and-folders-in-a-container
	ActionContainerArchiveInfo = "container_archive_info"
	// ActionContainerAttach describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#attach-to-a-container
	ActionContainerAttach = "container_attach"
	// ActionContainerAttachWs describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#attach-to-a-container-websocket
	ActionContainerAttachWs = "container_attach_websocket"
	// ActionContainerChanges describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#inspect-changes-on-a-container-s-filesystem
	ActionContainerChanges = "container_changes"
	// ActionContainerCommit describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#create-a-new-image-from-a-container-s-changes
	ActionContainerCommit = "container_commit"
	// ActionContainerCopyFiles describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#copy-files-or-folders-from-a-container
	ActionContainerCopyFiles = "container_copyfiles"
	// ActionContainerCreate describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#create-a-container
	ActionContainerCreate = "container_create"
	// ActionContainerDelete describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#remove-a-container
	ActionContainerDelete = "container_delete"
	// ActionContainerExecCreate describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#exec-create
	ActionContainerExecCreate = "container_exec_create"
	// ActionContainerExecInspect describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#exec-inspect
	ActionContainerExecInspect = "container_exec_inspect"
	// ActionContainerExecStart describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#exec-start
	ActionContainerExecStart = "container_exec_start"
	// ActionContainerExport describes http://docs.docker.com/reference/api/docker_remote_api_v1.21/#export-a-container
	ActionContainerExport = "container_export"
	// ActionContainerInspect describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#inspect-a-container
	ActionContainerInspect = "container_inspect"
	// ActionContainerKill describes http://docs.docker.com/reference/api/docker_remote_api_v1.21/#kill-a-container
	ActionContainerKill = "container_kill"
	// ActionContainerList describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#list-containers
	ActionContainerList = "container_list"
	// ActionContainerLogs describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#get-container-logs
	ActionContainerLogs = "container_logs"
	// ActionContainerPause describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#pause-a-container
	ActionContainerPause = "container_pause"
	// ActionContainerRename describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#rename-a-container
	ActionContainerRename = "container_rename"
	// ActionContainerResize describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#resize-a-container-tty
	ActionContainerResize = "container_resize"
	// ActionContainerRestart describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#restart-a-container
	ActionContainerRestart = "container_restart"
	// ActionContainerStart describes http://docs.docker.com/reference/api/docker_remote_api_v1.21/#start-a-container
	ActionContainerStart = "container_start"
	// ActionContainerStats describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#get-container-stats-based-on-resource-usage
	ActionContainerStats = "container_stats"
	// ActionContainerStop describes http://docs.docker.com/reference/api/docker_remote_api_v1.21/#export-a-container
	ActionContainerStop = "container_stop"
	// ActionContainerTop describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#list-processes-running-inside-a-container
	ActionContainerTop = "container_top"
	// ActionContainerUnpause describes http://docs.docker.com/reference/api/docker_remote_api_v1.21/#unpause-a-container
	ActionContainerUnpause = "container_unpause"
	// ActionContainerWait describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#wait-a-container
	ActionContainerWait = "container_wait"
	// ActionDockerCheckAuth describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#check-auth-configuration
	ActionDockerCheckAuth = "docker_auth"
	// ActionDockerEvents describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#monitor-docker-s-events
	ActionDockerEvents = "docker_events"
	// ActionDockerInfo describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#display-system-wide-information
	ActionDockerInfo = "docker_info"
	// ActionDockerPing describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#ping-the-docker-server
	ActionDockerPing = "docker_ping"
	// ActionDockerVersion describes https://docs.docker.com/reference/api/docker_remote_api_v1.20/#show-the-docker-version-information
	ActionDockerVersion = "docker_version"
	// ActionImageArchive describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#get-a-tarball-containing-all-images
	ActionImageArchive = "images_archive"
	// ActionImageBuild describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#build-image-from-a-dockerfile
	ActionImageBuild = "image_build"
	// ActionImageCreate describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#create-an-image
	ActionImageCreate = "image_create"
	// ActionImageDelete describes https://docs.docker.com/reference/api/docker_remote_api_v1.18/#inspect-an-image
	ActionImageDelete = "image_delete"
	// ActionImageHistory describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#get-the-history-of-an-image
	ActionImageHistory = "image_history"
	// ActionImageInspect describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#inspect-an-image
	ActionImageInspect = "image_inspect"
	// ActionImageList describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#list-images
	ActionImageList = "image_list"
	// ActionImageLoad describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#load-a-tarball-with-a-set-of-images-and-tags-into-docker
	ActionImageLoad = "images_load"
	// ActionImagePrune describes https://docs.docker.com/engine/api/v1.37/#operation/ImagePrune
	ActionImagePrune = "image_prune"
	// ActionImagePush describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#push-an-image-on-the-registry
	ActionImagePush = "image_push"
	// ActionImagesSearch describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#search-images
	ActionImagesSearch = "images_search"
	// ActionImageTag describes https://docs.docker.com/reference/api/docker_remote_api_v1.21/#tag-an-image-into-a-repository
	ActionImageTag = "image_tag"
	// ActionVolumeList describes  https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#list-volumes
	ActionVolumeList = "volume_list"
	// ActionVolumeCreate describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#create-a-volume
	ActionVolumeCreate = "volume_create"
	// ActionVolumeInspect describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#inspect-a-volume
	ActionVolumeInspect = "volume_inspect"
	// ActionVolumeRemove describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#remove-a-volume
	ActionVolumeRemove = "volume_remove"
	// ActionNetworkList describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#list-networks
	ActionNetworkList = "network_list"
	// ActionNetworkInspect describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#inspect-network
	ActionNetworkInspect = "network_inspect"
	// ActionNetworkCreate describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#create-a-network
	ActionNetworkCreate = "network_create"
	// ActionNetworkConnect describes
	// https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#connect-a-container-to-a-network
	ActionNetworkConnect = "network_connect"
	// ActionNetworkDisconnect describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#disconnect-a-container-from-a-network
	ActionNetworkDisconnect = "network_disconnect"
	// ActionNetworkRemove describes https://docs.docker.com/engine/reference/api/docker_remote_api_v1.21/#remove-a-network
	ActionNetworkRemove = "network_remove"
	// ActionSwarmInspect describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmInspect
	ActionSwarmInspect = "swarm_inspect"
	// ActionSwarmInit describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmInit
	ActionSwarmInit = "swarm_init"
	// ActionSwarmJoin describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmJoin
	ActionSwarmJoin = "swarm_join"
	// ActionSwarmLeave describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmLeave
	ActionSwarmLeave = "swarm_leave"
	// ActionSwarmUpdate describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmUpdate
	ActionSwarmUpdate = "swarm_update"
	// ActionSwarmUnlockKey describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmUnlockkey
	ActionSwarmUnlockKey = "swarm_unlock_key"
	// ActionSwarmUnlock describes https://docs.docker.com/engine/api/v1.37/#operation/SwarmUnlock
	ActionSwarmUnlock = "swarm_unlock"
	// ActionNodeList describes https://docs.docker.com/engine/api/v1.39/#operation/NodeList
	ActionNodeList = "node_list"
	// ActionNodeInspect describes https://docs.docker.com/engine/api/v1.39/#operation/NodeInspect
	ActionNodeInspect = "node_inspect"
	// ActionNodeDelete describes https://docs.docker.com/engine/api/v1.39/#operation/NodeDelete
	ActionNodeDelete = "node_delete"
	// ActionNodeUpdate describes https://docs.docker.com/engine/api/v1.39/#operation/NodeUpdate
	ActionNodeUpdate = "node_update"
	// ActionServiceList describes https://docs.docker.com/engine/api/v1.39/#operation/ServiceList
	ActionServiceList = "service_list"
	// ActionServiceCreate describes https://docs.docker.com/engine/api/v1.39/#operation/ServiceCreate
	ActionServiceCreate = "service_create"
	// ActionServiceInspect describes https://docs.docker.com/engine/api/v1.39/#operation/ServiceInspect
	ActionServiceInspect = "service_inspect"
	// ActionServiceDelete describes https://docs.docker.com/engine/api/v1.39/#operation/ServiceDelete
	ActionServiceDelete = "service_delete"
	// ActionServiceUpdate describes https://docs.docker.com/engine/api/v1.39/#operation/ServiceUpdate
	ActionServiceUpdate = "service_update"
	// ActionServiceLogs describes https://docs.docker.com/engine/api/v1.39/#operation/ServiceLogs
	ActionServiceLogs = "service_logs"
	// ActionTaskList describes https://docs.docker.com/engine/api/v1.39/#operation/TaskList
	ActionTaskList = "task_list"
	// ActionTaskInspect describes https://docs.docker.com/engine/api/v1.39/#operation/TaskInspect
	ActionTaskInspect = "task_inspect"
	// ActionSecretList describes https://docs.docker.com/engine/api/v1.39/#operation/SecretList
	ActionSecretList = "secret_list"
	// ActionSecretCreate describes https://docs.docker.com/engine/api/v1.39/#operation/SecretCreate
	ActionSecretCreate = "secret_create"
	// ActionSecretInspect describes https://docs.docker.com/engine/api/v1.39/#operation/SecretInspect
	ActionSecretInspect = "secret_inspect"
	// ActionSecretDelete describes https://docs.docker.com/engine/api/v1.39/#operation/SecretDelete
	ActionSecretDelete = "secret_delete"
	// ActionSecretUpdate describes https://docs.docker.com/engine/api/v1.39/#operation/SecretUpdate
	ActionSecretUpdate = "secret_update"
	// ActionConfigList describes https://docs.docker.com/engine/api/v1.39/#operation/ConfigList
	ActionConfigList = "config_list"
	// ActionConfigCreate describes https://docs.docker.com/engine/api/v1.39/#operation/ConfigCreate
	ActionConfigCreate = "config_create"
	// ActionConfigInspect describes https://docs.docker.com/engine/api/v1.39/#operation/ConfigInspect
	ActionConfigInspect = "config_inspect"
	// ActionConfigDelete describes https://docs.docker.com/engine/api/v1.39/#operation/ConfigDelete
	ActionConfigDelete = "config_delete"
	// ActionConfigUpdate describes https://docs.docker.com/engine/api/v1.39/#operation/ConfigUpdate
	ActionConfigUpdate = "config_update"
	// ActionDistributionInspect describes https://docs.docker.com/engine/api/v1.39/#operation/DistributionInspect
	ActionDistributionInspect = "distribution_inspect"
	// ActionNone indicates no action matched the given method URL combination
	ActionNone = ""
)

Functions

func ParseRoute 

func ParseRoute(method, url string) string

ParseRoute convert a method/url pattern to corresponding docker action

Types

type Auditor 

type Auditor interface {
	// AuditRequest audit the request sent from docker client and the associated authorization response
	// Docker client -> authorization -> audit -> Docker daemon
	AuditRequest(req *authorization.Request, pluginRes *authorization.Response) error
	// AuditRequest audit the response sent from docker daemon and the associated authorization response
	// Docker daemon -> authorization  -> audit -> Docker client
	AuditResponse(req *authorization.Request, pluginRes *authorization.Response) error
}

Auditor audits the request and response sent from/to docker daemon

type AuthZSrv 

type AuthZSrv struct {
	// contains filtered or unexported fields
}

AuthZSrv implements the authz plugin specification on top of unix sockets the authZSrv uses two core components to manage the flow, the authorizer, which is used to perform the actual authorization and the auditor, which is used to audit the authorization flow

func NewAuthZSrv 

func NewAuthZSrv(plugin Authorizer, auditor Auditor) *AuthZSrv

NewAuthZSrv creates a new authorization server

func (*AuthZSrv) Start 

func (a *AuthZSrv) Start() error

Start starts the authorization server

func (*AuthZSrv) Stop 

func (a *AuthZSrv) Stop()

Stop stops the authorization server

type Authorizer 

type Authorizer interface {
	// Init initialize the authorizer
	Init() error                                                 // Init initialize the handler
	AuthZReq(req *authorization.Request) *authorization.Response // AuthZReq handles the request from docker client
	// to docker daemon
	AuthZRes(req *authorization.Request) *authorization.Response // AuthZRes handles the response from docker daemon to docker client
}

Authorizer handles the authorization of docker requests and responses

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.