authZ: more fixes

- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2015-12-18 12:34:19 +01:00 committed by Tibor Vass
parent 752b902123
commit d00b518979
1 changed files with 9 additions and 14 deletions

View File

@ -104,9 +104,6 @@ Docker's authorization subsystem supports multiple `--authz-plugin` parameters.
### Calling authorized command (allow) ### Calling authorized command (allow)
Your plugin must support calling the `allow` command to authorize a command.
This call does not impact Docker's command line.
```bash ```bash
$ docker pull centos $ docker pull centos
... ...
@ -116,22 +113,20 @@ f1b10cd84249: Pull complete
### Calling unauthorized command (deny) ### Calling unauthorized command (deny)
Your plugin must support calling the `deny` command to report on the outcome of ```bash
a plugin interaction. This call returns messages to Docker's command line informing $ docker pull centos
the user of the outcome of each call. ...
docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed.
```
### Error from plugins
```bash ```bash
$ docker pull centos $ docker pull centos
...
Authorization failed. Pull command for user 'john_doe' is docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
denied by authorization plugin 'ACME' with message
[ACME] User 'john_doe' is not allowed to perform the pull
command
``` ```
Where multiple authorization plugins are installed, multiple messages are expected.
## API schema and implementation ## API schema and implementation
In addition to Docker's standard plugin registration method, each plugin In addition to Docker's standard plugin registration method, each plugin